Code Coverage for /data/phpBB/includes/ucp/ucp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	CRAP	0.00% covered (danger)	0.00%	0 / 205
ucp_zebra	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	1482.00	0.00% covered (danger)	0.00%	0 / 201
main				0.00% covered (danger)	0.00%	0 / 1	1482.00	0.00% covered (danger)	0.00%	0 / 201

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	class ucp_zebra
23	{
24	var $u_action;
25
26	function main($id, $mode)
27	{
28	global $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher;
29
30	$submit = (isset($_POST['submit']) \|\| isset($_GET['add']) \|\| isset($_GET['remove'])) ? true : false;
31	$s_hidden_fields = '';
32
33	$l_mode = strtoupper($mode);
34
35	if ($submit)
36	{
37	$data = $error = array();
38	$updated = false;
39
40	$var_ary = array(
41	'usernames' => array(0),
42	'add' => '',
43	);
44
45	foreach ($var_ary as $var => $default)
46	{
47	$data[$var] = $request->variable($var, $default, true);
48	}
49
50	if (!empty($data['add']) \|\| count($data['usernames']))
51	{
52	if (confirm_box(true))
53	{
54	// Remove users
55	if (!empty($data['usernames']))
56	{
57	$user_ids = $data['usernames'];
58
59	/**
60	* Remove users from friends/foes
61	*
62	* @event core.ucp_remove_zebra
63	* @var string mode Zebra type: friends\|foes
64	* @var array user_ids User ids we remove
65	* @since 3.1.0-a1
66	*/
67	$vars = array('mode', 'user_ids');
68	extract($phpbb_dispatcher->trigger_event('core.ucp_remove_zebra', compact($vars)));
69
70	$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
71	WHERE user_id = ' . $user->data['user_id'] . '
72	AND ' . $db->sql_in_set('zebra_id', $user_ids);
73	$db->sql_query($sql);
74
75	$updated = true;
76	}
77
78	// Add users
79	if ($data['add'])
80	{
81	$data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add'])));
82
83	// Do these name/s exist on a list already? If so, ignore ... we could be
84	// 'nice' and automatically handle names added to one list present on
85	// the other (by removing the existing one) ... but I have a feeling this
86	// may lead to complaints
87	$sql = 'SELECT z.*, u.username, u.username_clean
88	FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u
89	WHERE z.user_id = ' . $user->data['user_id'] . '
90	AND u.user_id = z.zebra_id';
91	$result = $db->sql_query($sql);
92
93	$friends = $foes = array();
94	while ($row = $db->sql_fetchrow($result))
95	{
96	if ($row['friend'])
97	{
98	$friends[] = utf8_clean_string($row['username']);
99	}
100	else
101	{
102	$foes[] = utf8_clean_string($row['username']);
103	}
104	}
105	$db->sql_freeresult($result);
106
107	// remove friends from the username array
108	$n = count($data['add']);
109	$data['add'] = array_diff($data['add'], $friends);
110
111	if (count($data['add']) < $n && $mode == 'foes')
112	{
113	$error[] = $user->lang['NOT_ADDED_FOES_FRIENDS'];
114	}
115
116	// remove foes from the username array
117	$n = count($data['add']);
118	$data['add'] = array_diff($data['add'], $foes);
119
120	if (count($data['add']) < $n && $mode == 'friends')
121	{
122	$error[] = $user->lang['NOT_ADDED_FRIENDS_FOES'];
123	}
124
125	// remove the user himself from the username array
126	$n = count($data['add']);
127	$data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username'])));
128
129	if (count($data['add']) < $n)
130	{
131	$error[] = $user->lang['NOT_ADDED_' . $l_mode . '_SELF'];
132	}
133
134	unset($friends, $foes, $n);
135
136	if (count($data['add']))
137	{
138	$sql = 'SELECT user_id, user_type
139	FROM ' . USERS_TABLE . '
140	WHERE ' . $db->sql_in_set('username_clean', $data['add']) . '
141	AND user_type <> ' . USER_INACTIVE;
142	$result = $db->sql_query($sql);
143
144	$user_id_ary = array();
145	while ($row = $db->sql_fetchrow($result))
146	{
147	if ($row['user_id'] != ANONYMOUS && $row['user_type'] != USER_IGNORE)
148	{
149	$user_id_ary[] = $row['user_id'];
150	}
151	else if ($row['user_id'] != ANONYMOUS)
152	{
153	$error[] = $user->lang['NOT_ADDED_' . $l_mode . '_BOTS'];
154	}
155	else
156	{
157	$error[] = $user->lang['NOT_ADDED_' . $l_mode . '_ANONYMOUS'];
158	}
159	}
160	$db->sql_freeresult($result);
161
162	if (count($user_id_ary))
163	{
164	// Remove users from foe list if they are admins or moderators
165	if ($mode == 'foes')
166	{
167	$perms = array();
168	foreach ($auth->acl_get_list($user_id_ary, array('a_', 'm_')) as $forum_id => $forum_ary)
169	{
170	foreach ($forum_ary as $auth_option => $user_ary)
171	{
172	$perms = array_merge($perms, $user_ary);
173	}
174	}
175
176	$perms = array_unique($perms);
177
178	if (count($perms))
179	{
180	$error[] = $user->lang['NOT_ADDED_FOES_MOD_ADMIN'];
181	}
182
183	// This may not be right ... it may yield true when perms equate to deny
184	$user_id_ary = array_diff($user_id_ary, $perms);
185	unset($perms);
186	}
187
188	if (count($user_id_ary))
189	{
190	$sql_mode = ($mode == 'friends') ? 'friend' : 'foe';
191
192	$sql_ary = array();
193	foreach ($user_id_ary as $zebra_id)
194	{
195	$sql_ary[] = array(
196	'user_id' => (int) $user->data['user_id'],
197	'zebra_id' => (int) $zebra_id,
198	$sql_mode => 1
199	);
200	}
201
202	/**
203	* Add users to friends/foes
204	*
205	* @event core.ucp_add_zebra
206	* @var string mode Zebra type:
207	* friends\|foes
208	* @var array sql_ary Array of
209	* entries we add
210	* @since 3.1.0-a1
211	*/
212	$vars = array('mode', 'sql_ary');
213	extract($phpbb_dispatcher->trigger_event('core.ucp_add_zebra', compact($vars)));
214
215	$db->sql_multi_insert(ZEBRA_TABLE, $sql_ary);
216
217	$updated = true;
218	}
219	unset($user_id_ary);
220	}
221	else if (!count($error))
222	{
223	$error[] = $user->lang['USER_NOT_FOUND_OR_INACTIVE'];
224	}
225	}
226	}
227
228	if ($request->is_ajax())
229	{
230	$message = ($updated) ? $user->lang[$l_mode . '_UPDATED'] : implode('<br />', $error);
231
232	$json_response = new \phpbb\json_response;
233	$json_response->send(array(
234	'success' => $updated,
235
236	'MESSAGE_TITLE' => $user->lang['INFORMATION'],
237	'MESSAGE_TEXT' => $message,
238	'REFRESH_DATA' => array(
239	'time' => 3,
240	'url' => $this->u_action
241	)
242	));
243	}
244	else if ($updated)
245	{
246	meta_refresh(3, $this->u_action);
247	$message = $user->lang[$l_mode . '_UPDATED'] . '<br />' . implode('<br />', $error) . ((count($error)) ? '<br />' : '') . '<br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
248	trigger_error($message);
249	}
250	else
251	{
252	$template->assign_var('ERROR', implode('<br />', $error));
253	}
254	}
255	else
256	{
257	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
258	'mode' => $mode,
259	'submit' => true,
260	'usernames' => $data['usernames'],
261	'add' => $data['add']))
262	);
263	}
264	}
265	}
266
267	$sql_and = ($mode == 'friends') ? 'z.friend = 1' : 'z.foe = 1';
268	$sql = 'SELECT z.*, u.username, u.username_clean
269	FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u
270	WHERE z.user_id = ' . $user->data['user_id'] . "
271	AND $sql_and
272	AND u.user_id = z.zebra_id
273	ORDER BY u.username_clean ASC";
274	$result = $db->sql_query($sql);
275
276	$s_username_options = '';
277	while ($row = $db->sql_fetchrow($result))
278	{
279	$s_username_options .= '<option value="' . $row['zebra_id'] . '">' . $row['username'] . '</option>';
280	}
281	$db->sql_freeresult($result);
282
283	$template->assign_vars(array(
284	'L_TITLE' => $user->lang['UCP_ZEBRA_' . $l_mode],
285
286	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=add'),
287
288	'S_USERNAME_OPTIONS' => $s_username_options,
289	'S_HIDDEN_FIELDS' => $s_hidden_fields,
290	'S_UCP_ACTION' => $this->u_action)
291	);
292
293	$this->tpl_name = 'ucp_zebra_' . $mode;
294	$this->page_title = 'UCP_ZEBRA_' . $l_mode;
295	}
296	}