Code Coverage for /data/phpBB/includes/acp/acp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 4	CRAP	0.00% covered (danger)	0.00%	0 / 1960
acp_users	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 4	147072.00	0.00% covered (danger)	0.00%	0 / 1956
__construct				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 3
main				0.00% covered (danger)	0.00%	0 / 1	141752.00	0.00% covered (danger)	0.00%	0 / 1927
optionset				0.00% covered (danger)	0.00%	0 / 1	20.00	0.00% covered (danger)	0.00%	0 / 21
optionget				0.00% covered (danger)	0.00%	0 / 1	6.00	0.00% covered (danger)	0.00%	0 / 5

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	class acp_users
23	{
24	var $u_action;
25	var $p_master;
26
27	function __construct($p_master)
28	{
29	$this->p_master = $p_master;
30	}
31
32	function main($id, $mode)
33	{
34	global $config, $db, $user, $auth, $template;
35	global $phpbb_root_path, $phpbb_admin_path, $phpEx;
36	global $phpbb_dispatcher, $request;
37	global $phpbb_container, $phpbb_log;
38
39	$user->add_lang(array('posting', 'ucp', 'acp/users'));
40	$this->tpl_name = 'acp_users';
41
42	$error = array();
43	$username = $request->variable('username', '', true);
44	$user_id = $request->variable('u', 0);
45	$action = $request->variable('action', '');
46
47	// Get referer to redirect user to the appropriate page after delete action
48	$redirect = $request->variable('redirect', '');
49	$redirect_tag = "redirect=$redirect";
50	$redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect");
51
52	$submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
53
54	$form_name = 'acp_users';
55	add_form_key($form_name);
56
57	// Whois (special case)
58	if ($action == 'whois')
59	{
60	if (!function_exists('user_get_id_name'))
61	{
62	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
63	}
64
65	$this->page_title = 'WHOIS';
66	$this->tpl_name = 'simple_body';
67
68	$user_ip = phpbb_ip_normalise($request->variable('user_ip', ''));
69	$domain = gethostbyaddr($user_ip);
70	$ipwhois = user_ipwhois($user_ip);
71
72	$template->assign_vars(array(
73	'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
74	'MESSAGE_TEXT' => nl2br($ipwhois))
75	);
76
77	return;
78	}
79
80	// Show user selection mask
81	if (!$username && !$user_id)
82	{
83	$this->page_title = 'SELECT_USER';
84
85	$template->assign_vars(array(
86	'U_ACTION' => $this->u_action,
87	'ANONYMOUS_USER_ID' => ANONYMOUS,
88
89	'S_SELECT_USER' => true,
90	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'),
91	));
92
93	return;
94	}
95
96	if (!$user_id)
97	{
98	$sql = 'SELECT user_id
99	FROM ' . USERS_TABLE . "
100	WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
101	$result = $db->sql_query($sql);
102	$user_id = (int) $db->sql_fetchfield('user_id');
103	$db->sql_freeresult($result);
104
105	if (!$user_id)
106	{
107	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
108	}
109	}
110
111	// Generate content for all modes
112	$sql = 'SELECT u., s.
113	FROM ' . USERS_TABLE . ' u
114	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
115	WHERE u.user_id = ' . $user_id . '
116	ORDER BY s.session_time DESC';
117	$result = $db->sql_query_limit($sql, 1);
118	$user_row = $db->sql_fetchrow($result);
119	$db->sql_freeresult($result);
120
121	if (!$user_row)
122	{
123	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
124	}
125
126	// Generate overall "header" for user admin
127	$s_form_options = '';
128
129	// Build modes dropdown list
130	$sql = 'SELECT module_mode, module_auth
131	FROM ' . MODULES_TABLE . "
132	WHERE module_basename = 'acp_users'
133	AND module_enabled = 1
134	AND module_class = 'acp'
135	ORDER BY left_id, module_mode";
136	$result = $db->sql_query($sql);
137
138	$dropdown_modes = array();
139	while ($row = $db->sql_fetchrow($result))
140	{
141	if (!$this->p_master->module_auth_self($row['module_auth']))
142	{
143	continue;
144	}
145
146	$dropdown_modes[$row['module_mode']] = true;
147	}
148	$db->sql_freeresult($result);
149
150	foreach ($dropdown_modes as $module_mode => $null)
151	{
152	$selected = ($mode == $module_mode) ? ' selected="selected"' : '';
153	$s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>';
154	}
155
156	$template->assign_vars(array(
157	'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url,
158	'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
159	'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag),
160	'S_FORM_OPTIONS' => $s_form_options,
161	'MANAGED_USERNAME' => $user_row['username'])
162	);
163
164	// Prevent normal users/admins change/view founders if they are not a founder by themselves
165	if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
166	{
167	trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING);
168	}
169
170	$this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode));
171
172	switch ($mode)
173	{
174	case 'overview':
175
176	if (!function_exists('user_get_id_name'))
177	{
178	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
179	}
180
181	$user->add_lang('acp/ban');
182
183	$delete = $request->variable('delete', 0);
184	$delete_type = $request->variable('delete_type', '');
185	$ip = $request->variable('ip', 'ip');
186
187	/**
188	* Run code at beginning of ACP users overview
189	*
190	* @event core.acp_users_overview_before
191	* @var array user_row Current user data
192	* @var string mode Active module
193	* @var string action Module that should be run
194	* @var bool submit Do we display the form only
195	* or did the user press submit
196	* @var array error Array holding error messages
197	* @since 3.1.3-RC1
198	*/
199	$vars = array('user_row', 'mode', 'action', 'submit', 'error');
200	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars)));
201
202	if ($submit)
203	{
204	if ($delete)
205	{
206	if (!$auth->acl_get('a_userdel'))
207	{
208	send_status_line(403, 'Forbidden');
209	trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
210	}
211
212	// Check if the user wants to remove himself or the guest user account
213	if ($user_id == ANONYMOUS)
214	{
215	trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
216	}
217
218	// Founders can not be deleted.
219	if ($user_row['user_type'] == USER_FOUNDER)
220	{
221	trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
222	}
223
224	if ($user_id == $user->data['user_id'])
225	{
226	trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
227	}
228
229	if ($delete_type)
230	{
231	if (confirm_box(true))
232	{
233	user_delete($delete_type, $user_id, $user_row['username']);
234
235	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username']));
236	trigger_error($user->lang['USER_DELETED'] . adm_back_link(
237	(empty($redirect)) ? $this->u_action : $redirect_url
238	)
239	);
240	}
241	else
242	{
243	$delete_confirm_hidden_fields = array(
244	'u' => $user_id,
245	'i' => $id,
246	'mode' => $mode,
247	'action' => $action,
248	'update' => true,
249	'delete' => 1,
250	'delete_type' => $delete_type,
251	);
252
253	// Checks if the redirection page is specified
254	if (!empty($redirect))
255	{
256	$delete_confirm_hidden_fields['redirect'] = $redirect;
257	}
258
259	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields));
260	}
261	}
262	else
263	{
264	trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
265	}
266	}
267
268	// Handle quicktool actions
269	switch ($action)
270	{
271	case 'banuser':
272	case 'banemail':
273	case 'banip':
274
275	if ($user_id == $user->data['user_id'])
276	{
277	trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
278	}
279
280	if ($user_id == ANONYMOUS)
281	{
282	trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
283	}
284
285	if ($user_row['user_type'] == USER_FOUNDER)
286	{
287	trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
288	}
289
290	if (!check_form_key($form_name))
291	{
292	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
293	}
294
295	$ban = array();
296
297	switch ($action)
298	{
299	case 'banuser':
300	$ban[] = $user_row['username'];
301	$reason = 'USER_ADMIN_BAN_NAME_REASON';
302	break;
303
304	case 'banemail':
305	$ban[] = $user_row['user_email'];
306	$reason = 'USER_ADMIN_BAN_EMAIL_REASON';
307	break;
308
309	case 'banip':
310	$ban[] = $user_row['user_ip'];
311
312	$sql = 'SELECT DISTINCT poster_ip
313	FROM ' . POSTS_TABLE . "
314	WHERE poster_id = $user_id";
315	$result = $db->sql_query($sql);
316
317	while ($row = $db->sql_fetchrow($result))
318	{
319	$ban[] = $row['poster_ip'];
320	}
321	$db->sql_freeresult($result);
322
323	$reason = 'USER_ADMIN_BAN_IP_REASON';
324	break;
325	}
326
327	$ban_reason = $request->variable('ban_reason', $user->lang[$reason], true);
328	$ban_give_reason = $request->variable('ban_give_reason', '', true);
329
330	// Log not used at the moment, we simply utilize the ban function.
331	$result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
332
333	trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id));
334
335	break;
336
337	case 'reactivate':
338
339	if ($user_id == $user->data['user_id'])
340	{
341	trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
342	}
343
344	if (!check_form_key($form_name))
345	{
346	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
347	}
348
349	if ($user_row['user_type'] == USER_FOUNDER)
350	{
351	trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
352	}
353
354	if ($user_row['user_type'] == USER_IGNORE)
355	{
356	trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
357	}
358
359	if ($config['email_enable'])
360	{
361	if (!class_exists('messenger'))
362	{
363	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
364	}
365
366	$server_url = generate_board_url();
367
368	$user_actkey = gen_rand_string(mt_rand(6, 10));
369	$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
370
371	if ($user_row['user_type'] == USER_NORMAL)
372	{
373	user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
374	}
375	else
376	{
377	// Grabbing the last confirm key - we only send a reminder
378	$sql = 'SELECT user_actkey
379	FROM ' . USERS_TABLE . '
380	WHERE user_id = ' . $user_id;
381	$result = $db->sql_query($sql);
382	$user_activation_key = (string) $db->sql_fetchfield('user_actkey');
383	$db->sql_freeresult($result);
384
385	$user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
386	}
387
388	// Always update actkey even if same and also update actkey expiration to 24 hours from now
389	$sql_ary = [
390	'user_actkey' => $user_actkey,
391	'user_actkey_expiration' => $user::get_token_expiration(),
392	];
393
394	$sql = 'UPDATE ' . USERS_TABLE . '
395	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
396	WHERE user_id = ' . (int) $user_id;
397	$db->sql_query($sql);
398
399	// Start sending email
400	$messenger = new messenger(false);
401
402	$messenger->template($email_template, $user_row['user_lang']);
403
404	$messenger->set_addresses($user_row);
405
406	$messenger->anti_abuse_headers($config, $user);
407
408	$messenger->assign_vars(array(
409	'WELCOME_MSG' => html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
410	'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT),
411	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
412	);
413
414	$messenger->send(NOTIFY_EMAIL);
415
416	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username']));
417	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array(
418	'reportee_id' => $user_id
419	));
420
421	trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id));
422	}
423
424	break;
425
426	case 'active':
427
428	if ($user_id == $user->data['user_id'])
429	{
430	// It is only deactivation since the user is already activated (else he would not have reached this page)
431	trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
432	}
433
434	if (!check_form_key($form_name))
435	{
436	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
437	}
438
439	if ($user_row['user_type'] == USER_FOUNDER)
440	{
441	trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
442	}
443
444	if ($user_row['user_type'] == USER_IGNORE)
445	{
446	trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
447	}
448
449	user_active_flip('flip', $user_id);
450
451	if ($user_row['user_type'] == USER_INACTIVE)
452	{
453	if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
454	{
455	/* @var $phpbb_notifications \phpbb\notification\manager */
456	$phpbb_notifications = $phpbb_container->get('notification_manager');
457	$phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
458
459	if (!class_exists('messenger'))
460	{
461	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
462	}
463
464	$messenger = new messenger(false);
465
466	$messenger->template('admin_welcome_activated', $user_row['user_lang']);
467
468	$messenger->set_addresses($user_row);
469
470	$messenger->anti_abuse_headers($config, $user);
471
472	$messenger->assign_vars(array(
473	'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT))
474	);
475
476	$messenger->send(NOTIFY_EMAIL);
477	}
478	}
479
480	$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
481	$log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
482
483	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username']));
484	$phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array(
485	'reportee_id' => $user_id
486	));
487
488	trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id));
489
490	break;
491
492	case 'delsig':
493
494	if (!check_form_key($form_name))
495	{
496	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
497	}
498
499	$sql_ary = array(
500	'user_sig' => '',
501	'user_sig_bbcode_uid' => '',
502	'user_sig_bbcode_bitfield' => ''
503	);
504
505	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
506	WHERE user_id = $user_id";
507	$db->sql_query($sql);
508
509	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username']));
510	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array(
511	'reportee_id' => $user_id
512	));
513
514	trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
515
516	break;
517
518	case 'delavatar':
519
520	if (!check_form_key($form_name))
521	{
522	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
523	}
524
525	// Delete old avatar if present
526	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
527	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
528	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_');
529
530	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username']));
531	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array(
532	'reportee_id' => $user_id
533	));
534
535	trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
536	break;
537
538	case 'delposts':
539
540	if (confirm_box(true))
541	{
542	// Delete posts, attachments, etc.
543	delete_posts('poster_id', $user_id);
544
545	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username']));
546	trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id));
547	}
548	else
549	{
550	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
551	'u' => $user_id,
552	'i' => $id,
553	'mode' => $mode,
554	'action' => $action,
555	'update' => true))
556	);
557	}
558
559	break;
560
561	case 'delattach':
562
563	if (confirm_box(true))
564	{
565	/** @var \phpbb\attachment\manager $attachment_manager */
566	$attachment_manager = $phpbb_container->get('attachment.manager');
567	$attachment_manager->delete('user', $user_id);
568	unset($attachment_manager);
569
570	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username']));
571	trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
572	}
573	else
574	{
575	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
576	'u' => $user_id,
577	'i' => $id,
578	'mode' => $mode,
579	'action' => $action,
580	'update' => true))
581	);
582	}
583
584	break;
585
586	case 'deloutbox':
587
588	if (confirm_box(true))
589	{
590	$msg_ids = array();
591	$lang = 'EMPTY';
592
593	$sql = 'SELECT msg_id
594	FROM ' . PRIVMSGS_TO_TABLE . "
595	WHERE author_id = $user_id
596	AND folder_id = " . PRIVMSGS_OUTBOX;
597	$result = $db->sql_query($sql);
598
599	if ($row = $db->sql_fetchrow($result))
600	{
601	if (!function_exists('delete_pm'))
602	{
603	include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
604	}
605
606	do
607	{
608	$msg_ids[] = (int) $row['msg_id'];
609	}
610	while ($row = $db->sql_fetchrow($result));
611
612	$db->sql_freeresult($result);
613
614	delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);
615
616	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username']));
617
618	$lang = 'EMPTIED';
619	}
620	$db->sql_freeresult($result);
621
622	trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id));
623	}
624	else
625	{
626	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
627	'u' => $user_id,
628	'i' => $id,
629	'mode' => $mode,
630	'action' => $action,
631	'update' => true))
632	);
633	}
634	break;
635
636	case 'moveposts':
637
638	if (!check_form_key($form_name))
639	{
640	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
641	}
642
643	$user->add_lang('acp/forums');
644
645	$new_forum_id = $request->variable('new_f', 0);
646
647	if (!$new_forum_id)
648	{
649	$this->page_title = 'USER_ADMIN_MOVE_POSTS';
650
651	$template->assign_vars(array(
652	'S_SELECT_FORUM' => true,
653	'U_ACTION' => $this->u_action . "&action=$action&u=$user_id",
654	'U_BACK' => $this->u_action . "&u=$user_id",
655	'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))
656	);
657
658	return;
659	}
660
661	// Is the new forum postable to?
662	$sql = 'SELECT forum_name, forum_type
663	FROM ' . FORUMS_TABLE . "
664	WHERE forum_id = $new_forum_id";
665	$result = $db->sql_query($sql);
666	$forum_info = $db->sql_fetchrow($result);
667	$db->sql_freeresult($result);
668
669	if (!$forum_info)
670	{
671	trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
672	}
673
674	if ($forum_info['forum_type'] != FORUM_POST)
675	{
676	trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
677	}
678
679	// Two stage?
680	// Move topics comprising only posts from this user
681	$topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
682	$forum_id_ary = array($new_forum_id);
683
684	$sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts
685	FROM ' . POSTS_TABLE . "
686	WHERE poster_id = $user_id
687	AND forum_id <> $new_forum_id
688	GROUP BY topic_id, post_visibility";
689	$result = $db->sql_query($sql);
690
691	while ($row = $db->sql_fetchrow($result))
692	{
693	$topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts'];
694	}
695	$db->sql_freeresult($result);
696
697	if (count($topic_id_ary))
698	{
699	$sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment
700	FROM ' . TOPICS_TABLE . '
701	WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
702	$result = $db->sql_query($sql);
703
704	while ($row = $db->sql_fetchrow($result))
705	{
706	if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved']
707	&& $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved']
708	&& $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved']
709	&& $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted'])
710	{
711	$move_topic_ary[] = $row['topic_id'];
712	}
713	else
714	{
715	$move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
716	$move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0;
717	}
718
719	$forum_id_ary[] = $row['forum_id'];
720	}
721	$db->sql_freeresult($result);
722	}
723
724	// Entire topic comprises posts by this user, move these topics
725	if (count($move_topic_ary))
726	{
727	move_topics($move_topic_ary, $new_forum_id, false);
728	}
729
730	if (count($move_post_ary))
731	{
732	// Create new topic
733	// Update post_ids, report_ids, attachment_ids
734	foreach ($move_post_ary as $topic_id => $post_ary)
735	{
736	// Create new topic
737	$sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
738	'topic_poster' => $user_id,
739	'topic_time' => time(),
740	'forum_id' => $new_forum_id,
741	'icon_id' => 0,
742	'topic_visibility' => ITEM_APPROVED,
743	'topic_title' => $post_ary['title'],
744	'topic_first_poster_name' => $user_row['username'],
745	'topic_type' => POST_NORMAL,
746	'topic_time_limit' => 0,
747	'topic_attachment' => $post_ary['attach'])
748	);
749	$db->sql_query($sql);
750
751	$new_topic_id = $db->sql_nextid();
752
753	// Move posts
754	$sql = 'UPDATE ' . POSTS_TABLE . "
755	SET forum_id = $new_forum_id, topic_id = $new_topic_id
756	WHERE topic_id = $topic_id
757	AND poster_id = $user_id";
758	$db->sql_query($sql);
759
760	if ($post_ary['attach'])
761	{
762	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
763	SET topic_id = $new_topic_id
764	WHERE topic_id = $topic_id
765	AND poster_id = $user_id";
766	$db->sql_query($sql);
767	}
768
769	$new_topic_id_ary[] = $new_topic_id;
770	}
771	}
772
773	$forum_id_ary = array_unique($forum_id_ary);
774	$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
775
776	if (count($topic_id_ary))
777	{
778	sync('topic_reported', 'topic_id', $topic_id_ary);
779	sync('topic', 'topic_id', $topic_id_ary);
780	}
781
782	if (count($forum_id_ary))
783	{
784	sync('forum', 'forum_id', $forum_id_ary, false, true);
785	}
786
787	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name']));
788	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array(
789	'reportee_id' => $user_id,
790	$forum_info['forum_name']
791	));
792
793	trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
794
795	break;
796
797	case 'leave_nr':
798
799	if (confirm_box(true))
800	{
801	remove_newly_registered($user_id, $user_row);
802
803	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username']));
804	trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id));
805	}
806	else
807	{
808	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
809	'u' => $user_id,
810	'i' => $id,
811	'mode' => $mode,
812	'action' => $action,
813	'update' => true))
814	);
815	}
816
817	break;
818
819	default:
820	$u_action = $this->u_action;
821
822	/**
823	* Run custom quicktool code
824	*
825	* @event core.acp_users_overview_run_quicktool
826	* @var string action Quick tool that should be run
827	* @var array user_row Current user data
828	* @var string u_action The u_action link
829	* @var int user_id User id of the user to manage
830	* @since 3.1.0-a1
831	* @changed 3.2.2-RC1 Added u_action
832	* @changed 3.2.10-RC1 Added user_id
833	*/
834	$vars = array('action', 'user_row', 'u_action', 'user_id');
835	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
836
837	unset($u_action);
838	break;
839	}
840
841	// Handle registration info updates
842	$data = array(
843	'username' => $request->variable('user', $user_row['username'], true),
844	'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
845	'email' => strtolower($request->variable('user_email', $user_row['user_email'])),
846	'new_password' => $request->variable('new_password', '', true),
847	'password_confirm' => $request->variable('password_confirm', '', true),
848	);
849
850	// Validation data - we do not check the password complexity setting here
851	$check_ary = array(
852	'new_password' => array(
853	array('string', true, $config['min_pass_chars'], 0),
854	array('password')),
855	'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
856	);
857
858	// Check username if altered
859	if ($data['username'] != $user_row['username'])
860	{
861	$check_ary += array(
862	'username' => array(
863	array('string', false, $config['min_name_chars'], $config['max_name_chars']),
864	array('username', $user_row['username'], true)
865	),
866	);
867	}
868
869	// Check email if altered
870	if ($data['email'] != $user_row['user_email'])
871	{
872	$check_ary += array(
873	'email' => array(
874	array('string', false, 6, 60),
875	array('user_email', $user_row['user_email']),
876	),
877	);
878	}
879
880	$error = validate_data($data, $check_ary);
881
882	if ($data['new_password'] && $data['password_confirm'] != $data['new_password'])
883	{
884	$error[] = 'NEW_PASSWORD_ERROR';
885	}
886
887	if (!check_form_key($form_name))
888	{
889	$error[] = 'FORM_INVALID';
890	}
891
892	// Instantiate passwords manager
893	/* @var $passwords_manager \phpbb\passwords\manager */
894	$passwords_manager = $phpbb_container->get('passwords.manager');
895
896	// Which updates do we need to do?
897	$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
898	$update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
899	$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
900
901	if (!count($error))
902	{
903	$sql_ary = array();
904
905	if ($user_row['user_type'] != USER_FOUNDER \|\| $user->data['user_type'] == USER_FOUNDER)
906	{
907	// Only allow founders updating the founder status...
908	if ($user->data['user_type'] == USER_FOUNDER)
909	{
910	// Setting a normal member to be a founder
911	if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
912	{
913	// Make sure the user is not setting an Inactive or ignored user to be a founder
914	if ($user_row['user_type'] == USER_IGNORE)
915	{
916	trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
917	}
918
919	if ($user_row['user_type'] == USER_INACTIVE)
920	{
921	trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
922	}
923
924	$sql_ary['user_type'] = USER_FOUNDER;
925	}
926	else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
927	{
928	// Check if at least one founder is present
929	$sql = 'SELECT user_id
930	FROM ' . USERS_TABLE . '
931	WHERE user_type = ' . USER_FOUNDER . '
932	AND user_id <> ' . $user_id;
933	$result = $db->sql_query_limit($sql, 1);
934	$row = $db->sql_fetchrow($result);
935	$db->sql_freeresult($result);
936
937	if ($row)
938	{
939	$sql_ary['user_type'] = USER_NORMAL;
940	}
941	else
942	{
943	trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
944	}
945	}
946	}
947	}
948
949	/**
950	* Modify user data before we update it
951	*
952	* @event core.acp_users_overview_modify_data
953	* @var array user_row Current user data
954	* @var array data Submitted user data
955	* @var array sql_ary User data we udpate
956	* @since 3.1.0-a1
957	*/
958	$vars = array('user_row', 'data', 'sql_ary');
959	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars)));
960
961	if ($update_username !== false)
962	{
963	$sql_ary['username'] = $update_username;
964	$sql_ary['username_clean'] = utf8_clean_string($update_username);
965
966	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
967	'reportee_id' => $user_id,
968	$user_row['username'],
969	$update_username
970	));
971	}
972
973	if ($update_email !== false)
974	{
975	$sql_ary += ['user_email' => $update_email];
976
977	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
978	'reportee_id' => $user_id,
979	$user_row['username'],
980	$user_row['user_email'],
981	$update_email
982	));
983	}
984
985	if ($update_password)
986	{
987	$sql_ary += array(
988	'user_password' => $passwords_manager->hash($data['new_password']),
989	'user_passchg' => time(),
990	);
991
992	$user->reset_login_keys($user_id);
993
994	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
995	'reportee_id' => $user_id,
996	$user_row['username']
997	));
998	}
999
1000	if (count($sql_ary))
1001	{
1002	$sql = 'UPDATE ' . USERS_TABLE . '
1003	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1004	WHERE user_id = ' . $user_id;
1005	$db->sql_query($sql);
1006	}
1007
1008	if ($update_username)
1009	{
1010	user_update_name($user_row['username'], $update_username);
1011	}
1012
1013	// Let the users permissions being updated
1014	$auth->acl_clear_prefetch($user_id);
1015
1016	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username']));
1017
1018	trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1019	}
1020
1021	// Replace "error" strings with their real, localised form
1022	$error = array_map(array($user, 'lang'), $error);
1023	}
1024
1025	if ($user_id == $user->data['user_id'])
1026	{
1027	$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1028	if ($user_row['user_new'])
1029	{
1030	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1031	}
1032	}
1033	else
1034	{
1035	$quick_tool_ary = array();
1036
1037	if ($user_row['user_type'] != USER_FOUNDER)
1038	{
1039	$quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
1040	}
1041
1042	if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE)
1043	{
1044	$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
1045	}
1046
1047	$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1048
1049	if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL \|\| $user_row['user_type'] == USER_INACTIVE))
1050	{
1051	$quick_tool_ary['reactivate'] = 'FORCE';
1052	}
1053
1054	if ($user_row['user_new'])
1055	{
1056	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1057	}
1058	}
1059
1060	if ($config['load_onlinetrack'])
1061	{
1062	$sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
1063	FROM ' . SESSIONS_TABLE . "
1064	WHERE session_user_id = $user_id";
1065	$result = $db->sql_query($sql);
1066	$row = $db->sql_fetchrow($result);
1067	$db->sql_freeresult($result);
1068
1069	$user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
1070	$user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
1071	unset($row);
1072	}
1073
1074	/**
1075	* Add additional quick tool options and overwrite user data
1076	*
1077	* @event core.acp_users_display_overview
1078	* @var array user_row Array with user data
1079	* @var array quick_tool_ary Ouick tool options
1080	* @since 3.1.0-a1
1081	*/
1082	$vars = array('user_row', 'quick_tool_ary');
1083	extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars)));
1084
1085	$s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
1086	foreach ($quick_tool_ary as $value => $lang)
1087	{
1088	$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
1089	}
1090
1091	$last_active = $user_row['user_last_active'] ?: ($user_row['session_time'] ?? 0);
1092
1093	$inactive_reason = '';
1094	if ($user_row['user_type'] == USER_INACTIVE)
1095	{
1096	$inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
1097
1098	switch ($user_row['user_inactive_reason'])
1099	{
1100	case INACTIVE_REGISTER:
1101	$inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
1102	break;
1103
1104	case INACTIVE_PROFILE:
1105	$inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
1106	break;
1107
1108	case INACTIVE_MANUAL:
1109	$inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
1110	break;
1111
1112	case INACTIVE_REMIND:
1113	$inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
1114	break;
1115	}
1116	}
1117
1118	// Posts in Queue
1119	$sql = 'SELECT COUNT(post_id) as posts_in_queue
1120	FROM ' . POSTS_TABLE . '
1121	WHERE poster_id = ' . $user_id . '
1122	AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
1123	$result = $db->sql_query($sql);
1124	$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
1125	$db->sql_freeresult($result);
1126
1127	$sql = 'SELECT post_id
1128	FROM ' . POSTS_TABLE . '
1129	WHERE poster_id = '. $user_id;
1130	$result = $db->sql_query_limit($sql, 1);
1131	$user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
1132	$db->sql_freeresult($result);
1133
1134	$template->assign_vars(array(
1135	'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
1136	'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
1137	'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
1138	'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
1139
1140	'S_OVERVIEW' => true,
1141	'S_USER_IP' => ($user_row['user_ip']) ? true : false,
1142	'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
1143	'S_ACTION_OPTIONS' => $s_action_options,
1144	'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false,
1145	'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false,
1146
1147	'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
1148	'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
1149	'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
1150	'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
1151
1152	'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
1153
1154	'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
1155	'USER' => $user_row['username'],
1156	'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
1157	'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
1158	'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ',
1159	'USER_EMAIL' => $user_row['user_email'],
1160	'USER_WARNINGS' => $user_row['user_warnings'],
1161	'USER_POSTS' => $user_row['user_posts'],
1162	'USER_HAS_POSTS' => $user_row['user_has_posts'],
1163	'USER_INACTIVE_REASON' => $inactive_reason,
1164	));
1165
1166	break;
1167
1168	case 'feedback':
1169
1170	$user->add_lang('mcp');
1171
1172	// Set up general vars
1173	$start = $request->variable('start', 0);
1174	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1175	$deleteall = (isset($_POST['delall'])) ? true : false;
1176	$marked = $request->variable('mark', array(0));
1177	$message = $request->variable('message', '', true);
1178
1179	/* @var $pagination \phpbb\pagination */
1180	$pagination = $phpbb_container->get('pagination');
1181
1182	// Sort keys
1183	$sort_days = $request->variable('st', 0);
1184	$sort_key = $request->variable('sk', 't');
1185	$sort_dir = $request->variable('sd', 'd');
1186
1187	// Delete entries if requested and able
1188	if (($deletemark \|\| $deleteall) && $auth->acl_get('a_clearlogs'))
1189	{
1190	if (!check_form_key($form_name))
1191	{
1192	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1193	}
1194
1195	$where_sql = '';
1196	if ($deletemark && $marked)
1197	{
1198	$sql_in = array();
1199	foreach ($marked as $mark)
1200	{
1201	$sql_in[] = $mark;
1202	}
1203	$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
1204	unset($sql_in);
1205	}
1206
1207	if ($where_sql \|\| $deleteall)
1208	{
1209	$sql = 'DELETE FROM ' . LOG_TABLE . '
1210	WHERE log_type = ' . LOG_USERS . "
1211	AND reportee_id = $user_id
1212	$where_sql";
1213	$db->sql_query($sql);
1214
1215	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username']));
1216	}
1217	}
1218
1219	if ($submit && $message)
1220	{
1221	if (!check_form_key($form_name))
1222	{
1223	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1224	}
1225
1226	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username']));
1227	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
1228	'forum_id' => 0,
1229	'topic_id' => 0,
1230	$user_row['username']
1231	));
1232	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
1233	'reportee_id' => $user_id,
1234	$message
1235	));
1236
1237	trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1238	}
1239
1240	// Sorting
1241	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1242	$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
1243	$sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
1244
1245	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1246	gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1247
1248	// Define where and sort sql for use in displaying logs
1249	$sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
1250	$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
1251
1252	// Grab log data
1253	$log_data = array();
1254	$log_count = 0;
1255	$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
1256
1257	$base_url = $this->u_action . "&u=$user_id&$u_sort_param";
1258	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start);
1259
1260	$template->assign_vars(array(
1261	'S_FEEDBACK' => true,
1262
1263	'S_LIMIT_DAYS' => $s_limit_days,
1264	'S_SORT_KEY' => $s_sort_key,
1265	'S_SORT_DIR' => $s_sort_dir,
1266	'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))
1267	);
1268
1269	foreach ($log_data as $row)
1270	{
1271	$template->assign_block_vars('log', array(
1272	'USERNAME' => $row['username_full'],
1273	'IP' => $row['ip'],
1274	'DATE' => $user->format_date($row['time']),
1275	'ACTION' => nl2br($row['action']),
1276	'ID' => $row['id'])
1277	);
1278	}
1279
1280	break;
1281
1282	case 'warnings':
1283	$user->add_lang('mcp');
1284
1285	// Set up general vars
1286	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1287	$deleteall = (isset($_POST['delall'])) ? true : false;
1288	$confirm = (isset($_POST['confirm'])) ? true : false;
1289	$marked = $request->variable('mark', array(0));
1290
1291	// Delete entries if requested and able
1292	if ($deletemark \|\| $deleteall \|\| $confirm)
1293	{
1294	if (confirm_box(true))
1295	{
1296	$where_sql = '';
1297	$deletemark = $request->variable('delmarked', 0);
1298	$deleteall = $request->variable('delall', 0);
1299	if ($deletemark && $marked)
1300	{
1301	$where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
1302	}
1303
1304	if ($where_sql \|\| $deleteall)
1305	{
1306	$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
1307	WHERE user_id = $user_id
1308	$where_sql";
1309	$db->sql_query($sql);
1310
1311	if ($deleteall)
1312	{
1313	$log_warnings = $deleted_warnings = 0;
1314	}
1315	else
1316	{
1317	$num_warnings = (int) $db->sql_affectedrows();
1318	$deleted_warnings = ' user_warnings - ' . $num_warnings;
1319	$log_warnings = ($num_warnings > 2) ? 2 : $num_warnings;
1320	}
1321
1322	$sql = 'UPDATE ' . USERS_TABLE . "
1323	SET user_warnings = $deleted_warnings
1324	WHERE user_id = $user_id";
1325	$db->sql_query($sql);
1326
1327	if ($log_warnings)
1328	{
1329	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings));
1330	}
1331	else
1332	{
1333	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username']));
1334	}
1335	}
1336	}
1337	else
1338	{
1339	$s_hidden_fields = array(
1340	'i' => $id,
1341	'mode' => $mode,
1342	'u' => $user_id,
1343	'mark' => $marked,
1344	);
1345	if (isset($_POST['delmarked']))
1346	{
1347	$s_hidden_fields['delmarked'] = 1;
1348	}
1349	if (isset($_POST['delall']))
1350	{
1351	$s_hidden_fields['delall'] = 1;
1352	}
1353	if (isset($_POST['delall']) \|\| (isset($_POST['delmarked']) && count($marked)))
1354	{
1355	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
1356	}
1357	}
1358	}
1359
1360	$sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
1361	FROM ' . WARNINGS_TABLE . ' w
1362	LEFT JOIN ' . LOG_TABLE . ' l
1363	ON (w.log_id = l.log_id)
1364	LEFT JOIN ' . USERS_TABLE . ' m
1365	ON (l.user_id = m.user_id)
1366	WHERE w.user_id = ' . $user_id . '
1367	ORDER BY w.warning_time DESC';
1368	$result = $db->sql_query($sql);
1369
1370	while ($row = $db->sql_fetchrow($result))
1371	{
1372	if (!$row['log_operation'])
1373	{
1374	// We do not have a log-entry anymore, so there is no data available
1375	$row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
1376	}
1377	else
1378	{
1379	$row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
1380	if (!empty($row['log_data']))
1381	{
1382	$log_data_ary = @unserialize($row['log_data']);
1383	$log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary;
1384
1385	if (isset($user->lang[$row['log_operation']]))
1386	{
1387	// Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
1388	// It doesn't matter if we add more arguments than placeholders
1389	if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0)
1390	{
1391	$log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), ''));
1392	}
1393	$row['action'] = vsprintf($row['action'], $log_data_ary);
1394	$row['action'] = bbcode_nl2br(censor_text($row['action']));
1395	}
1396	else if (!empty($log_data_ary))
1397	{
1398	$row['action'] .= '<br />' . implode('', $log_data_ary);
1399	}
1400	}
1401	}
1402
1403	$template->assign_block_vars('warn', array(
1404	'ID' => $row['warning_id'],
1405	'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-',
1406	'ACTION' => make_clickable($row['action']),
1407	'DATE' => $user->format_date($row['warning_time']),
1408	));
1409	}
1410	$db->sql_freeresult($result);
1411
1412	$template->assign_vars(array(
1413	'S_WARNINGS' => true,
1414	));
1415
1416	break;
1417
1418	case 'profile':
1419
1420	if (!function_exists('user_get_id_name'))
1421	{
1422	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1423	}
1424
1425	/* @var $cp \phpbb\profilefields\manager */
1426	$cp = $phpbb_container->get('profilefields.manager');
1427
1428	$cp_data = $cp_error = array();
1429
1430	$sql = 'SELECT lang_id
1431	FROM ' . LANG_TABLE . "
1432	WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
1433	$result = $db->sql_query($sql);
1434	$row = $db->sql_fetchrow($result);
1435	$db->sql_freeresult($result);
1436
1437	$user_row['iso_lang_id'] = $row['lang_id'];
1438
1439	$data = array(
1440	'jabber' => $request->variable('jabber', $user_row['user_jabber'], true),
1441	'bday_day' => 0,
1442	'bday_month' => 0,
1443	'bday_year' => 0,
1444	);
1445
1446	if ($user_row['user_birthday'])
1447	{
1448	list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
1449	}
1450
1451	$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
1452	$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
1453	$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
1454	$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
1455
1456	/**
1457	* Modify user data on editing profile in ACP
1458	*
1459	* @event core.acp_users_modify_profile
1460	* @var array data Array with user profile data
1461	* @var bool submit Flag indicating if submit button has been pressed
1462	* @var int user_id The user id
1463	* @var array user_row Array with the full user data
1464	* @since 3.1.4-RC1
1465	*/
1466	$vars = array('data', 'submit', 'user_id', 'user_row');
1467	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars)));
1468
1469	if ($submit)
1470	{
1471	$error = validate_data($data, array(
1472	'jabber' => array(
1473	array('string', true, 5, 255),
1474	array('jabber')),
1475	'bday_day' => array('num', true, 1, 31),
1476	'bday_month' => array('num', true, 1, 12),
1477	'bday_year' => array('num', true, 1901, gmdate('Y', time())),
1478	'user_birthday' => array('date', true),
1479	));
1480
1481	// validate custom profile fields
1482	$cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
1483
1484	if (count($cp_error))
1485	{
1486	$error = array_merge($error, $cp_error);
1487	}
1488	if (!check_form_key($form_name))
1489	{
1490	$error[] = 'FORM_INVALID';
1491	}
1492
1493	/**
1494	* Validate profile data in ACP before submitting to the database
1495	*
1496	* @event core.acp_users_profile_validate
1497	* @var array data Array with user profile data
1498	* @var int user_id The user id
1499	* @var array user_row Array with the full user data
1500	* @var array error Array with the form errors
1501	* @since 3.1.4-RC1
1502	* @changed 3.1.12-RC1 Removed submit, added user_id, user_row
1503	*/
1504	$vars = array('data', 'user_id', 'user_row', 'error');
1505	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars)));
1506
1507	if (!count($error))
1508	{
1509	$sql_ary = array(
1510	'user_jabber' => $data['jabber'],
1511	'user_birthday' => $data['user_birthday'],
1512	);
1513
1514	/**
1515	* Modify profile data in ACP before submitting to the database
1516	*
1517	* @event core.acp_users_profile_modify_sql_ary
1518	* @var array cp_data Array with the user custom profile fields data
1519	* @var array data Array with user profile data
1520	* @var int user_id The user id
1521	* @var array user_row Array with the full user data
1522	* @var array sql_ary Array with sql data
1523	* @since 3.1.4-RC1
1524	*/
1525	$vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary');
1526	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars)));
1527
1528	$sql = 'UPDATE ' . USERS_TABLE . '
1529	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1530	WHERE user_id = $user_id";
1531	$db->sql_query($sql);
1532
1533	// Update Custom Fields
1534	$cp->update_profile_field_data($user_id, $cp_data);
1535
1536	trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1537	}
1538
1539	// Replace "error" strings with their real, localised form
1540	$error = array_map(array($user, 'lang'), $error);
1541	}
1542
1543	$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
1544	for ($i = 1; $i < 32; $i++)
1545	{
1546	$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
1547	$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
1548	}
1549
1550	$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
1551	for ($i = 1; $i < 13; $i++)
1552	{
1553	$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
1554	$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
1555	}
1556
1557	$now = getdate();
1558	$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
1559	for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
1560	{
1561	$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
1562	$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
1563	}
1564	unset($now);
1565
1566	$template->assign_vars(array(
1567	'JABBER' => $data['jabber'],
1568	'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
1569	'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
1570	'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
1571
1572	'S_PROFILE' => true)
1573	);
1574
1575	// Get additional profile fields and assign them to the template block var 'profile_fields'
1576	$user->get_profile_fields($user_id);
1577
1578	$cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
1579
1580	break;
1581
1582	case 'prefs':
1583
1584	if (!function_exists('user_get_id_name'))
1585	{
1586	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1587	}
1588
1589	$data = array(
1590	'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true),
1591	'lang' => basename($request->variable('lang', $user_row['user_lang'])),
1592	'tz' => $request->variable('tz', $user_row['user_timezone']),
1593	'style' => $request->variable('style', $user_row['user_style']),
1594	'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']),
1595	'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']),
1596	'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']),
1597	'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']),
1598	'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']),
1599	'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']),
1600
1601	'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
1602	'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'),
1603	'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0),
1604
1605	'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'),
1606	'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'),
1607	'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0),
1608
1609	'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')),
1610	'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')),
1611	'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')),
1612	'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')),
1613	'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')),
1614	'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')),
1615
1616	'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')),
1617	'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')),
1618	'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')),
1619	'notify' => $request->variable('notify', $user_row['user_notify']),
1620	);
1621
1622	/**
1623	* Modify users preferences data
1624	*
1625	* @event core.acp_users_prefs_modify_data
1626	* @var array data Array with users preferences data
1627	* @var array user_row Array with user data
1628	* @since 3.1.0-b3
1629	*/
1630	$vars = array('data', 'user_row');
1631	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars)));
1632
1633	if ($submit)
1634	{
1635	$error = validate_data($data, array(
1636	'dateformat' => array('string', false, 1, 64),
1637	'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
1638	'tz' => array('timezone'),
1639
1640	'topic_sk' => array('string', false, 1, 1),
1641	'topic_sd' => array('string', false, 1, 1),
1642	'post_sk' => array('string', false, 1, 1),
1643	'post_sd' => array('string', false, 1, 1),
1644	));
1645
1646	if (!check_form_key($form_name))
1647	{
1648	$error[] = 'FORM_INVALID';
1649	}
1650
1651	if (!count($error))
1652	{
1653	$this->optionset($user_row, 'viewimg', $data['view_images']);
1654	$this->optionset($user_row, 'viewflash', $data['view_flash']);
1655	$this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
1656	$this->optionset($user_row, 'viewsigs', $data['view_sigs']);
1657	$this->optionset($user_row, 'viewavatars', $data['view_avatars']);
1658	$this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
1659	$this->optionset($user_row, 'bbcode', $data['bbcode']);
1660	$this->optionset($user_row, 'smilies', $data['smilies']);
1661	$this->optionset($user_row, 'attachsig', $data['sig']);
1662
1663	$sql_ary = array(
1664	'user_options' => $user_row['user_options'],
1665
1666	'user_allow_pm' => $data['allowpm'],
1667	'user_allow_viewemail' => $data['viewemail'],
1668	'user_allow_massemail' => $data['massemail'],
1669	'user_allow_viewonline' => !$data['hideonline'],
1670	'user_notify_type' => $data['notifymethod'],
1671	'user_notify_pm' => $data['notifypm'],
1672
1673	'user_dateformat' => $data['dateformat'],
1674	'user_lang' => $data['lang'],
1675	'user_timezone' => $data['tz'],
1676	'user_style' => $data['style'],
1677
1678	'user_topic_sortby_type' => $data['topic_sk'],
1679	'user_post_sortby_type' => $data['post_sk'],
1680	'user_topic_sortby_dir' => $data['topic_sd'],
1681	'user_post_sortby_dir' => $data['post_sd'],
1682
1683	'user_topic_show_days' => $data['topic_st'],
1684	'user_post_show_days' => $data['post_st'],
1685
1686	'user_notify' => $data['notify'],
1687	);
1688
1689	/**
1690	* Modify SQL query before users preferences are updated
1691	*
1692	* @event core.acp_users_prefs_modify_sql
1693	* @var array data Array with users preferences data
1694	* @var array user_row Array with user data
1695	* @var array sql_ary SQL array with users preferences data to update
1696	* @var array error Array with errors data
1697	* @since 3.1.0-b3
1698	*/
1699	$vars = array('data', 'user_row', 'sql_ary', 'error');
1700	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars)));
1701
1702	if (!count($error))
1703	{
1704	$sql = 'UPDATE ' . USERS_TABLE . '
1705	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1706	WHERE user_id = $user_id";
1707	$db->sql_query($sql);
1708
1709	// Check if user has an active session
1710	if ($user_row['session_id'])
1711	{
1712	// We'll update the session if user_allow_viewonline has changed and the user is a bot
1713	// Or if it's a regular user and the admin set it to hide the session
1714	if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
1715	\|\| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
1716	{
1717	// We also need to check if the user has the permission to cloak.
1718	$user_auth = new \phpbb\auth\auth();
1719	$user_auth->acl($user_row);
1720
1721	$session_sql_ary = array(
1722	'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
1723	);
1724
1725	$sql = 'UPDATE ' . SESSIONS_TABLE . '
1726	SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
1727	WHERE session_user_id = $user_id";
1728	$db->sql_query($sql);
1729
1730	unset($user_auth);
1731	}
1732	}
1733
1734	trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1735	}
1736	}
1737
1738	// Replace "error" strings with their real, localised form
1739	$error = array_map(array($user, 'lang'), $error);
1740	}
1741
1742	$dateformat_options = '';
1743	foreach ($user->lang['dateformats'] as $format => $null)
1744	{
1745	$dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
1746	$dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '\|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
1747	$dateformat_options .= '</option>';
1748	}
1749
1750	$s_custom = false;
1751
1752	$dateformat_options .= '<option value="custom"';
1753	if (!isset($user->lang['dateformats'][$data['dateformat']]))
1754	{
1755	$dateformat_options .= ' selected="selected"';
1756	$s_custom = true;
1757	}
1758	$dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
1759
1760	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1761
1762	// Topic ordering options
1763	$limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1764	$sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
1765
1766	// Post ordering options
1767	$limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1768	$sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
1769
1770	$_options = array('topic', 'post');
1771	foreach ($_options as $sort_option)
1772	{
1773	${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
1774	foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
1775	{
1776	$selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
1777	${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
1778	}
1779	${'s_limit_' . $sort_option . '_days'} .= '</select>';
1780
1781	${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
1782	foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
1783	{
1784	$selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
1785	${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
1786	}
1787	${'s_sort_' . $sort_option . '_key'} .= '</select>';
1788
1789	${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
1790	foreach ($sort_dir_text as $key => $value)
1791	{
1792	$selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
1793	${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1794	}
1795	${'s_sort_' . $sort_option . '_dir'} .= '</select>';
1796	}
1797
1798	phpbb_timezone_select($template, $user, $data['tz'], true);
1799	$user_prefs_data = array(
1800	'S_PREFS' => true,
1801	'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
1802
1803	'VIEW_EMAIL' => $data['viewemail'],
1804	'MASS_EMAIL' => $data['massemail'],
1805	'ALLOW_PM' => $data['allowpm'],
1806	'HIDE_ONLINE' => $data['hideonline'],
1807	'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
1808	'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false,
1809	'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
1810	'NOTIFY_PM' => $data['notifypm'],
1811	'BBCODE' => $data['bbcode'],
1812	'SMILIES' => $data['smilies'],
1813	'ATTACH_SIG' => $data['sig'],
1814	'NOTIFY' => $data['notify'],
1815	'VIEW_IMAGES' => $data['view_images'],
1816	'VIEW_FLASH' => $data['view_flash'],
1817	'VIEW_SMILIES' => $data['view_smilies'],
1818	'VIEW_SIGS' => $data['view_sigs'],
1819	'VIEW_AVATARS' => $data['view_avatars'],
1820	'VIEW_WORDCENSOR' => $data['view_wordcensor'],
1821
1822	'S_TOPIC_SORT_DAYS' => $s_limit_topic_days,
1823	'S_TOPIC_SORT_KEY' => $s_sort_topic_key,
1824	'S_TOPIC_SORT_DIR' => $s_sort_topic_dir,
1825	'S_POST_SORT_DAYS' => $s_limit_post_days,
1826	'S_POST_SORT_KEY' => $s_sort_post_key,
1827	'S_POST_SORT_DIR' => $s_sort_post_dir,
1828
1829	'DATE_FORMAT' => $data['dateformat'],
1830	'S_DATEFORMAT_OPTIONS' => $dateformat_options,
1831	'S_CUSTOM_DATEFORMAT' => $s_custom,
1832	'DEFAULT_DATEFORMAT' => $config['default_dateformat'],
1833	'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']),
1834
1835	'S_LANG_OPTIONS' => language_select($data['lang']),
1836	'S_STYLE_OPTIONS' => style_select($data['style']),
1837	);
1838
1839	/**
1840	* Modify users preferences data before assigning it to the template
1841	*
1842	* @event core.acp_users_prefs_modify_template_data
1843	* @var array data Array with users preferences data
1844	* @var array user_row Array with user data
1845	* @var array user_prefs_data Array with users preferences data to be assigned to the template
1846	* @since 3.1.0-b3
1847	*/
1848	$vars = array('data', 'user_row', 'user_prefs_data');
1849	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars)));
1850
1851	$template->assign_vars($user_prefs_data);
1852
1853	break;
1854
1855	case 'avatar':
1856
1857	$avatars_enabled = false;
1858	/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
1859	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
1860
1861	if ($config['allow_avatar'])
1862	{
1863	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
1864
1865	// This is normalised data, without the user_ prefix
1866	$avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
1867
1868	if ($submit)
1869	{
1870	if (check_form_key($form_name))
1871	{
1872	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
1873
1874	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
1875	{
1876	$driver = $phpbb_avatar_manager->get_driver($driver_name);
1877	$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
1878
1879	if ($result && empty($error))
1880	{
1881	// Success! Lets save the result in the database
1882	$result = array(
1883	'user_avatar_type' => $driver_name,
1884	'user_avatar' => $result['avatar'],
1885	'user_avatar_width' => $result['avatar_width'],
1886	'user_avatar_height' => $result['avatar_height'],
1887	);
1888
1889	/**
1890	* Modify users preferences data before assigning it to the template
1891	*
1892	* @event core.acp_users_avatar_sql
1893	* @var array user_row Array with user data
1894	* @var array result Array with user avatar data to be updated in the DB
1895	* @since 3.2.4-RC1
1896	*/
1897	$vars = array('user_row', 'result');
1898	extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars)));
1899
1900	$sql = 'UPDATE ' . USERS_TABLE . '
1901	SET ' . $db->sql_build_array('UPDATE', $result) . '
1902	WHERE user_id = ' . (int) $user_id;
1903
1904	$db->sql_query($sql);
1905	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1906	}
1907	}
1908	}
1909	else
1910	{
1911	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1912	}
1913	}
1914
1915	// Handle deletion of avatars
1916	if ($request->is_set_post('avatar_delete'))
1917	{
1918	if (!confirm_box(true))
1919	{
1920	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
1921	'avatar_delete' => true))
1922	);
1923	}
1924	else
1925	{
1926	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
1927
1928	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1929	}
1930	}
1931
1932	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
1933
1934	// Assign min and max values before generating avatar driver html
1935	$template->assign_vars(array(
1936	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
1937	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
1938	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
1939	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
1940	));
1941
1942	foreach ($avatar_drivers as $current_driver)
1943	{
1944	$driver = $phpbb_avatar_manager->get_driver($current_driver);
1945
1946	$avatars_enabled = true;
1947	$template->set_filenames(array(
1948	'avatar' => $driver->get_acp_template_name(),
1949	));
1950
1951	if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
1952	{
1953	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
1954	$driver_upper = strtoupper($driver_name);
1955
1956	$template->assign_block_vars('avatar_drivers', array(
1957	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
1958	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
1959
1960	'DRIVER' => $driver_name,
1961	'SELECTED' => $current_driver == $selected_driver,
1962	'OUTPUT' => $template->assign_display('avatar'),
1963	));
1964	}
1965	}
1966	}
1967
1968	// Avatar manager is not initialized if avatars are disabled
1969	if (isset($phpbb_avatar_manager))
1970	{
1971	// Replace "error" strings with their real, localised form
1972	$error = $phpbb_avatar_manager->localize_errors($user, $error);
1973	}
1974
1975	$avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true);
1976
1977	$template->assign_vars(array(
1978	'S_AVATAR' => true,
1979	'ERROR' => (!empty($error)) ? implode('<br />', $error) : '',
1980	'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
1981
1982	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
1983
1984	'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
1985
1986	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
1987	));
1988
1989	break;
1990
1991	case 'rank':
1992
1993	if ($submit)
1994	{
1995	if (!check_form_key($form_name))
1996	{
1997	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1998	}
1999
2000	$rank_id = $request->variable('user_rank', 0);
2001
2002	$sql = 'UPDATE ' . USERS_TABLE . "
2003	SET user_rank = $rank_id
2004	WHERE user_id = $user_id";
2005	$db->sql_query($sql);
2006
2007	trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2008	}
2009
2010	$sql = 'SELECT *
2011	FROM ' . RANKS_TABLE . '
2012	WHERE rank_special = 1
2013	ORDER BY rank_title';
2014	$result = $db->sql_query($sql);
2015
2016	$s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
2017
2018	while ($row = $db->sql_fetchrow($result))
2019	{
2020	$selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : '';
2021	$s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
2022	}
2023	$db->sql_freeresult($result);
2024
2025	$template->assign_vars(array(
2026	'S_RANK' => true,
2027	'S_RANK_OPTIONS' => $s_rank_options)
2028	);
2029
2030	break;
2031
2032	case 'sig':
2033
2034	if (!function_exists('display_custom_bbcodes'))
2035	{
2036	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
2037	}
2038
2039	$enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false;
2040	$enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false;
2041	$enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false;
2042
2043	$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
2044
2045	$decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags);
2046	$signature = $request->variable('signature', $decoded_message['text'], true);
2047	$signature_preview = '';
2048
2049	if ($submit \|\| $request->is_set_post('preview'))
2050	{
2051	$enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
2052	$enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
2053	$enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
2054
2055	if (!check_form_key($form_name))
2056	{
2057	$error[] = 'FORM_INVALID';
2058	}
2059	}
2060
2061	$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
2062	$warn_msg = generate_text_for_storage(
2063	$signature,
2064	$bbcode_uid,
2065	$bbcode_bitfield,
2066	$bbcode_flags,
2067	$enable_bbcode,
2068	$enable_urls,
2069	$enable_smilies,
2070	$config['allow_sig_img'],
2071	$config['allow_sig_flash'],
2072	true,
2073	$config['allow_sig_links'],
2074	'sig'
2075	);
2076
2077	if (count($warn_msg))
2078	{
2079	$error += $warn_msg;
2080	}
2081
2082	if (!$submit)
2083	{
2084	// Parse it for displaying
2085	$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
2086	}
2087	else
2088	{
2089	if (!count($error))
2090	{
2091	$this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
2092	$this->optionset($user_row, 'sig_smilies', $enable_smilies);
2093	$this->optionset($user_row, 'sig_links', $enable_urls);
2094
2095	$sql_ary = array(
2096	'user_sig' => $signature,
2097	'user_options' => $user_row['user_options'],
2098	'user_sig_bbcode_uid' => $bbcode_uid,
2099	'user_sig_bbcode_bitfield' => $bbcode_bitfield,
2100	);
2101
2102	/**
2103	* Modify user signature before it is stored in the DB
2104	*
2105	* @event core.acp_users_modify_signature_sql_ary
2106	* @var array user_row Array with user data
2107	* @var array sql_ary Array with user signature data to be updated in the DB
2108	* @since 3.2.4-RC1
2109	*/
2110	$vars = array('user_row', 'sql_ary');
2111	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars)));
2112
2113	$sql = 'UPDATE ' . USERS_TABLE . '
2114	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2115	WHERE user_id = ' . $user_id;
2116	$db->sql_query($sql);
2117
2118	trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2119	}
2120	}
2121
2122	// Replace "error" strings with their real, localised form
2123	$error = array_map(array($user, 'lang'), $error);
2124
2125	if ($request->is_set_post('preview'))
2126	{
2127	$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
2128	}
2129
2130	/** @var \phpbb\controller\helper $controller_helper */
2131	$controller_helper = $phpbb_container->get('controller.helper');
2132
2133	$template->assign_vars(array(
2134	'S_SIGNATURE' => true,
2135
2136	'SIGNATURE' => $decoded_message['text'],
2137	'SIGNATURE_PREVIEW' => $signature_preview,
2138
2139	'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
2140	'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
2141	'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
2142
2143	'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
2144	'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
2145	'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
2146	'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
2147	'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
2148
2149	'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
2150
2151	'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
2152	'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
2153	'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
2154	'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
2155	'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
2156	);
2157
2158	// Assigning custom bbcodes
2159	display_custom_bbcodes();
2160
2161	break;
2162
2163	case 'attach':
2164	/* @var $pagination \phpbb\pagination */
2165	$pagination = $phpbb_container->get('pagination');
2166
2167	$start = $request->variable('start', 0);
2168	$deletemark = (isset($_POST['delmarked'])) ? true : false;
2169	$marked = $request->variable('mark', array(0));
2170
2171	// Sort keys
2172	$sort_key = $request->variable('sk', 'a');
2173	$sort_dir = $request->variable('sd', 'd');
2174
2175	if ($deletemark && count($marked))
2176	{
2177	$sql = 'SELECT attach_id
2178	FROM ' . ATTACHMENTS_TABLE . '
2179	WHERE poster_id = ' . $user_id . '
2180	AND is_orphan = 0
2181	AND ' . $db->sql_in_set('attach_id', $marked);
2182	$result = $db->sql_query($sql);
2183
2184	$marked = array();
2185	while ($row = $db->sql_fetchrow($result))
2186	{
2187	$marked[] = $row['attach_id'];
2188	}
2189	$db->sql_freeresult($result);
2190	}
2191
2192	if ($deletemark && count($marked))
2193	{
2194	if (confirm_box(true))
2195	{
2196	$sql = 'SELECT real_filename
2197	FROM ' . ATTACHMENTS_TABLE . '
2198	WHERE ' . $db->sql_in_set('attach_id', $marked);
2199	$result = $db->sql_query($sql);
2200
2201	$log_attachments = array();
2202	while ($row = $db->sql_fetchrow($result))
2203	{
2204	$log_attachments[] = $row['real_filename'];
2205	}
2206	$db->sql_freeresult($result);
2207
2208	/** @var \phpbb\attachment\manager $attachment_manager */
2209	$attachment_manager = $phpbb_container->get('attachment.manager');
2210	$attachment_manager->delete('attach', $marked);
2211	unset($attachment_manager);
2212
2213	$message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
2214
2215	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments)));
2216	trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id));
2217	}
2218	else
2219	{
2220	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2221	'u' => $user_id,
2222	'i' => $id,
2223	'mode' => $mode,
2224	'action' => $action,
2225	'delmarked' => true,
2226	'mark' => $marked))
2227	);
2228	}
2229	}
2230
2231	$sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
2232	$sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
2233
2234	$sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
2235
2236	$s_sort_key = '';
2237	foreach ($sk_text as $key => $value)
2238	{
2239	$selected = ($sort_key == $key) ? ' selected="selected"' : '';
2240	$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2241	}
2242
2243	$s_sort_dir = '';
2244	foreach ($sd_text as $key => $value)
2245	{
2246	$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
2247	$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2248	}
2249
2250	if (!isset($sk_sql[$sort_key]))
2251	{
2252	$sort_key = 'a';
2253	}
2254
2255	$order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
2256
2257	$sql = 'SELECT COUNT(attach_id) as num_attachments
2258	FROM ' . ATTACHMENTS_TABLE . "
2259	WHERE poster_id = $user_id
2260	AND is_orphan = 0";
2261	$result = $db->sql_query_limit($sql, 1);
2262	$num_attachments = (int) $db->sql_fetchfield('num_attachments');
2263	$db->sql_freeresult($result);
2264
2265	$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
2266	FROM ' . ATTACHMENTS_TABLE . ' a
2267	LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
2268	AND a.in_message = 0)
2269	LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
2270	AND a.in_message = 1)
2271	WHERE a.poster_id = ' . $user_id . "
2272	AND a.is_orphan = 0
2273	ORDER BY $order_by";
2274	$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
2275
2276	while ($row = $db->sql_fetchrow($result))
2277	{
2278	if ($row['in_message'])
2279	{
2280	$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}");
2281	}
2282	else
2283	{
2284	$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
2285	}
2286
2287	$template->assign_block_vars('attach', array(
2288	'REAL_FILENAME' => $row['real_filename'],
2289	'COMMENT' => nl2br($row['attach_comment']),
2290	'EXTENSION' => $row['extension'],
2291	'SIZE' => get_formatted_filesize($row['filesize']),
2292	'DOWNLOAD_COUNT' => $row['download_count'],
2293	'POST_TIME' => $user->format_date($row['filetime']),
2294	'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
2295
2296	'ATTACH_ID' => $row['attach_id'],
2297	'POST_ID' => $row['post_msg_id'],
2298	'TOPIC_ID' => $row['topic_id'],
2299
2300	'S_IN_MESSAGE' => $row['in_message'],
2301
2302	'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']),
2303	'U_VIEW_TOPIC' => $view_topic)
2304	);
2305	}
2306	$db->sql_freeresult($result);
2307
2308	$base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir";
2309	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
2310
2311	$template->assign_vars(array(
2312	'S_ATTACHMENTS' => true,
2313	'S_SORT_KEY' => $s_sort_key,
2314	'S_SORT_DIR' => $s_sort_dir,
2315	));
2316
2317	break;
2318
2319	case 'groups':
2320
2321	if (!function_exists('group_user_attributes'))
2322	{
2323	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2324	}
2325
2326	$user->add_lang(array('groups', 'acp/groups'));
2327	$group_id = $request->variable('g', 0);
2328
2329	if ($group_id)
2330	{
2331	// Check the founder only entry for this group to make sure everything is well
2332	$sql = 'SELECT group_founder_manage
2333	FROM ' . GROUPS_TABLE . '
2334	WHERE group_id = ' . $group_id;
2335	$result = $db->sql_query($sql);
2336	$founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
2337	$db->sql_freeresult($result);
2338
2339	if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
2340	{
2341	trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2342	}
2343	}
2344
2345	switch ($action)
2346	{
2347	case 'demote':
2348	case 'promote':
2349	case 'default':
2350	if (!$group_id)
2351	{
2352	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2353	}
2354
2355	if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
2356	{
2357	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
2358	}
2359
2360	group_user_attributes($action, $group_id, $user_id);
2361
2362	if ($action == 'default')
2363	{
2364	$user_row['group_id'] = $group_id;
2365	}
2366	break;
2367
2368	case 'delete':
2369
2370	if (confirm_box(true))
2371	{
2372	if (!$group_id)
2373	{
2374	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2375	}
2376
2377	if ($error = group_user_del($group_id, $user_id))
2378	{
2379	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2380	}
2381
2382	$error = array();
2383
2384	// The delete action was successful - therefore update the user row...
2385	$sql = 'SELECT u., s.
2386	FROM ' . USERS_TABLE . ' u
2387	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
2388	WHERE u.user_id = ' . $user_id . '
2389	ORDER BY s.session_time DESC';
2390	$result = $db->sql_query_limit($sql, 1);
2391	$user_row = $db->sql_fetchrow($result);
2392	$db->sql_freeresult($result);
2393	}
2394	else
2395	{
2396	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2397	'u' => $user_id,
2398	'i' => $id,
2399	'mode' => $mode,
2400	'action' => $action,
2401	'g' => $group_id))
2402	);
2403	}
2404
2405	break;
2406
2407	case 'approve':
2408
2409	if (confirm_box(true))
2410	{
2411	if (!$group_id)
2412	{
2413	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2414	}
2415	group_user_attributes($action, $group_id, $user_id);
2416	}
2417	else
2418	{
2419	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2420	'u' => $user_id,
2421	'i' => $id,
2422	'mode' => $mode,
2423	'action' => $action,
2424	'g' => $group_id))
2425	);
2426	}
2427
2428	break;
2429	}
2430
2431	// Add user to group?
2432	if ($submit)
2433	{
2434
2435	if (!check_form_key($form_name))
2436	{
2437	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2438	}
2439
2440	if (!$group_id)
2441	{
2442	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2443	}
2444
2445	// Add user/s to group
2446	if ($error = group_user_add($group_id, $user_id))
2447	{
2448	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2449	}
2450
2451	$error = array();
2452	}
2453
2454	/** @var \phpbb\group\helper $group_helper */
2455	$group_helper = $phpbb_container->get('group_helper');
2456
2457	$sql = 'SELECT ug., g.
2458	FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
2459	WHERE ug.user_id = $user_id
2460	AND g.group_id = ug.group_id
2461	ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
2462	$result = $db->sql_query($sql);
2463
2464	$i = 0;
2465	$group_data = $id_ary = array();
2466	while ($row = $db->sql_fetchrow($result))
2467	{
2468	$type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal');
2469
2470	$group_data[$type][$i]['group_id'] = $row['group_id'];
2471	$group_data[$type][$i]['group_name'] = $row['group_name'];
2472	$group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0;
2473
2474	$id_ary[] = $row['group_id'];
2475
2476	$i++;
2477	}
2478	$db->sql_freeresult($result);
2479
2480	// Select box for other groups
2481	$sql = 'SELECT group_id, group_name, group_type, group_founder_manage
2482	FROM ' . GROUPS_TABLE . '
2483	' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
2484	ORDER BY group_type DESC, group_name ASC';
2485	$result = $db->sql_query($sql);
2486
2487	$s_group_options = '';
2488	while ($row = $db->sql_fetchrow($result))
2489	{
2490	if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA')
2491	{
2492	continue;
2493	}
2494
2495	// Do not display those groups not allowed to be managed
2496	if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage'])
2497	{
2498	continue;
2499	}
2500
2501	$s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>';
2502	}
2503	$db->sql_freeresult($result);
2504
2505	$current_type = '';
2506	foreach ($group_data as $group_type => $data_ary)
2507	{
2508	if ($current_type != $group_type)
2509	{
2510	$template->assign_block_vars('group', array(
2511	'S_NEW_GROUP_TYPE' => true,
2512	'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])
2513	);
2514	}
2515
2516	foreach ($data_ary as $data)
2517	{
2518	$template->assign_block_vars('group', array(
2519	'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
2520	'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2521	'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2522	'U_DELETE' => count($id_ary) > 1 ? $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'] : '',
2523	'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
2524
2525	'GROUP_NAME' => $group_helper->get_name($data['group_name']),
2526	'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],
2527
2528	'S_IS_MEMBER' => ($group_type != 'pending') ? true : false,
2529	'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false,
2530	'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
2531	)
2532	);
2533	}
2534	}
2535
2536	$template->assign_vars(array(
2537	'S_GROUPS' => true,
2538	'S_GROUP_OPTIONS' => $s_group_options)
2539	);
2540
2541	break;
2542
2543	case 'perm':
2544
2545	if (!class_exists('auth_admin'))
2546	{
2547	include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
2548	}
2549
2550	$auth_admin = new auth_admin();
2551
2552	$user->add_lang('acp/permissions');
2553	add_permission_language();
2554
2555	$forum_id = $request->variable('f', 0);
2556
2557	// Global Permissions
2558	if (!$forum_id)
2559	{
2560	// Select auth options
2561	$sql = 'SELECT auth_option, is_local, is_global
2562	FROM ' . ACL_OPTIONS_TABLE . '
2563	WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . '
2564	AND is_global = 1
2565	ORDER BY auth_option';
2566	$result = $db->sql_query($sql);
2567
2568	$hold_ary = array();
2569
2570	while ($row = $db->sql_fetchrow($result))
2571	{
2572	$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
2573	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
2574	}
2575	$db->sql_freeresult($result);
2576
2577	unset($hold_ary);
2578	}
2579	else
2580	{
2581	$sql = 'SELECT auth_option, is_local, is_global
2582	FROM ' . ACL_OPTIONS_TABLE . "
2583	WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "
2584	AND is_local = 1
2585	ORDER BY is_global DESC, auth_option";
2586	$result = $db->sql_query($sql);
2587
2588	while ($row = $db->sql_fetchrow($result))
2589	{
2590	$hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER);
2591	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
2592	}
2593	$db->sql_freeresult($result);
2594	}
2595
2596	$s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>';
2597	$s_forum_options .= make_forum_select($forum_id, false, true, false, false, false);
2598
2599	$template->assign_vars(array(
2600	'S_PERMISSIONS' => true,
2601
2602	'S_GLOBAL' => (!$forum_id) ? true : false,
2603	'S_FORUM_OPTIONS' => $s_forum_options,
2604
2605	'U_ACTION' => $this->u_action . '&u=' . $user_id,
2606	'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id),
2607	'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))
2608	);
2609
2610	break;
2611
2612	default:
2613	$u_action = $this->u_action;
2614
2615	/**
2616	* Additional modes provided by extensions
2617	*
2618	* @event core.acp_users_mode_add
2619	* @var string mode New mode
2620	* @var int user_id User id of the user to manage
2621	* @var array user_row Array with user data
2622	* @var array error Array with errors data
2623	* @var string u_action The u_action link
2624	* @since 3.2.2-RC1
2625	* @changed 3.2.10-RC1 Added u_action
2626	*/
2627	$vars = array('mode', 'user_id', 'user_row', 'error', 'u_action');
2628	extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars)));
2629
2630	unset($u_action);
2631	break;
2632	}
2633
2634	// Assign general variables
2635	$template->assign_vars(array(
2636	'S_ERROR' => (count($error)) ? true : false,
2637	'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '')
2638	);
2639	}
2640
2641	/**
2642	* Set option bit field for user options in a user row array.
2643	*
2644	* Optionset replacement for this module based on $user->optionset.
2645	*
2646	* @param array $user_row Row from the users table.
2647	* @param int $key Option key, as defined in $user->keyoptions property.
2648	* @param bool $value True to set the option, false to clear the option.
2649	* @param int $data Current bit field value, or false to use $user_row['user_options']
2650	* @return int\|bool If $data is false, the bit field is modified and
2651	* written back to $user_row['user_options'], and
2652	* return value is true if the bit field changed and
2653	* false otherwise. If $data is not false, the new
2654	* bitfield value is returned.
2655	*/
2656	function optionset(&$user_row, $key, $value, $data = false)
2657	{
2658	global $user;
2659
2660	$var = ($data !== false) ? $data : $user_row['user_options'];
2661
2662	$new_var = phpbb_optionset($user->keyoptions[$key], $value, $var);
2663
2664	if ($data === false)
2665	{
2666	if ($new_var != $var)
2667	{
2668	$user_row['user_options'] = $new_var;
2669	return true;
2670	}
2671	else
2672	{
2673	return false;
2674	}
2675	}
2676	else
2677	{
2678	return $new_var;
2679	}
2680	}
2681
2682	/**
2683	* Get option bit field from user options in a user row array.
2684	*
2685	* Optionget replacement for this module based on $user->optionget.
2686	*
2687	* @param array $user_row Row from the users table.
2688	* @param int $key option key, as defined in $user->keyoptions property.
2689	* @param int $data bit field value to use, or false to use $user_row['user_options']
2690	* @return bool true if the option is set in the bit field, false otherwise
2691	*/
2692	function optionget(&$user_row, $key, $data = false)
2693	{
2694	global $user;
2695
2696	$var = ($data !== false) ? $data : $user_row['user_options'];
2697	return phpbb_optionget($user->keyoptions[$key], $var);
2698	}
2699	}