Code Coverage for /data/phpBB/includes/acp/acp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 4	CRAP	0.00% covered (danger)	0.00%	0 / 1959
acp_users	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 4	148610.00	0.00% covered (danger)	0.00%	0 / 1955
__construct				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 3
main				0.00% covered (danger)	0.00%	0 / 1	143262.00	0.00% covered (danger)	0.00%	0 / 1926
optionset				0.00% covered (danger)	0.00%	0 / 1	20.00	0.00% covered (danger)	0.00%	0 / 21
optionget				0.00% covered (danger)	0.00%	0 / 1	6.00	0.00% covered (danger)	0.00%	0 / 5

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	class acp_users
23	{
24	var $u_action;
25	var $p_master;
26
27	function __construct($p_master)
28	{
29	$this->p_master = $p_master;
30	}
31
32	function main($id, $mode)
33	{
34	global $config, $db, $user, $auth, $template;
35	global $phpbb_root_path, $phpbb_admin_path, $phpEx;
36	global $phpbb_dispatcher, $request;
37	global $phpbb_container, $phpbb_log;
38
39	$user->add_lang(array('posting', 'ucp', 'acp/users'));
40	$this->tpl_name = 'acp_users';
41
42	$error = array();
43	$username = $request->variable('username', '', true);
44	$user_id = $request->variable('u', 0);
45	$action = $request->variable('action', '');
46
47	// Get referer to redirect user to the appropriate page after delete action
48	$redirect = $request->variable('redirect', '');
49	$redirect_tag = "redirect=$redirect";
50	$redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect");
51
52	$submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
53
54	$form_name = 'acp_users';
55	add_form_key($form_name);
56
57	// Whois (special case)
58	if ($action == 'whois')
59	{
60	if (!function_exists('user_get_id_name'))
61	{
62	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
63	}
64
65	$this->page_title = 'WHOIS';
66	$this->tpl_name = 'simple_body';
67
68	$user_ip = phpbb_ip_normalise($request->variable('user_ip', ''));
69	$domain = gethostbyaddr($user_ip);
70	$ipwhois = user_ipwhois($user_ip);
71
72	$template->assign_vars(array(
73	'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
74	'MESSAGE_TEXT' => nl2br($ipwhois))
75	);
76
77	return;
78	}
79
80	// Show user selection mask
81	if (!$username && !$user_id)
82	{
83	$this->page_title = 'SELECT_USER';
84
85	$template->assign_vars(array(
86	'U_ACTION' => $this->u_action,
87	'ANONYMOUS_USER_ID' => ANONYMOUS,
88
89	'S_SELECT_USER' => true,
90	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'),
91	));
92
93	return;
94	}
95
96	if (!$user_id)
97	{
98	$sql = 'SELECT user_id
99	FROM ' . USERS_TABLE . "
100	WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
101	$result = $db->sql_query($sql);
102	$user_id = (int) $db->sql_fetchfield('user_id');
103	$db->sql_freeresult($result);
104
105	if (!$user_id)
106	{
107	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
108	}
109	}
110
111	// Generate content for all modes
112	$sql = 'SELECT u., s.
113	FROM ' . USERS_TABLE . ' u
114	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
115	WHERE u.user_id = ' . $user_id . '
116	ORDER BY s.session_time DESC';
117	$result = $db->sql_query_limit($sql, 1);
118	$user_row = $db->sql_fetchrow($result);
119	$db->sql_freeresult($result);
120
121	if (!$user_row)
122	{
123	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
124	}
125
126	// Generate overall "header" for user admin
127	$s_form_options = '';
128
129	// Build modes dropdown list
130	$sql = 'SELECT module_mode, module_auth
131	FROM ' . MODULES_TABLE . "
132	WHERE module_basename = 'acp_users'
133	AND module_enabled = 1
134	AND module_class = 'acp'
135	ORDER BY left_id, module_mode";
136	$result = $db->sql_query($sql);
137
138	$dropdown_modes = array();
139	while ($row = $db->sql_fetchrow($result))
140	{
141	if (!$this->p_master->module_auth_self($row['module_auth']))
142	{
143	continue;
144	}
145
146	$dropdown_modes[$row['module_mode']] = true;
147	}
148	$db->sql_freeresult($result);
149
150	foreach ($dropdown_modes as $module_mode => $null)
151	{
152	$selected = ($mode == $module_mode) ? ' selected="selected"' : '';
153	$s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>';
154	}
155
156	$template->assign_vars(array(
157	'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url,
158	'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
159	'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag),
160	'S_FORM_OPTIONS' => $s_form_options,
161	'MANAGED_USERNAME' => $user_row['username'])
162	);
163
164	// Prevent normal users/admins change/view founders if they are not a founder by themselves
165	if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
166	{
167	trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING);
168	}
169
170	$this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode));
171
172	switch ($mode)
173	{
174	case 'overview':
175
176	if (!function_exists('user_get_id_name'))
177	{
178	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
179	}
180
181	$user->add_lang('acp/ban');
182
183	$delete = $request->variable('delete', 0);
184	$delete_type = $request->variable('delete_type', '');
185	$ip = $request->variable('ip', 'ip');
186
187	/**
188	* Run code at beginning of ACP users overview
189	*
190	* @event core.acp_users_overview_before
191	* @var array user_row Current user data
192	* @var string mode Active module
193	* @var string action Module that should be run
194	* @var bool submit Do we display the form only
195	* or did the user press submit
196	* @var array error Array holding error messages
197	* @since 3.1.3-RC1
198	*/
199	$vars = array('user_row', 'mode', 'action', 'submit', 'error');
200	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars)));
201
202	if ($submit)
203	{
204	if ($delete)
205	{
206	if (!$auth->acl_get('a_userdel'))
207	{
208	send_status_line(403, 'Forbidden');
209	trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
210	}
211
212	// Check if the user wants to remove himself or the guest user account
213	if ($user_id == ANONYMOUS)
214	{
215	trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
216	}
217
218	// Founders can not be deleted.
219	if ($user_row['user_type'] == USER_FOUNDER)
220	{
221	trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
222	}
223
224	if ($user_id == $user->data['user_id'])
225	{
226	trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
227	}
228
229	if ($delete_type)
230	{
231	if (confirm_box(true))
232	{
233	user_delete($delete_type, $user_id, $user_row['username']);
234
235	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username']));
236	trigger_error($user->lang['USER_DELETED'] . adm_back_link(
237	(empty($redirect)) ? $this->u_action : $redirect_url
238	)
239	);
240	}
241	else
242	{
243	$delete_confirm_hidden_fields = array(
244	'u' => $user_id,
245	'i' => $id,
246	'mode' => $mode,
247	'action' => $action,
248	'update' => true,
249	'delete' => 1,
250	'delete_type' => $delete_type,
251	);
252
253	// Checks if the redirection page is specified
254	if (!empty($redirect))
255	{
256	$delete_confirm_hidden_fields['redirect'] = $redirect;
257	}
258
259	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields));
260	}
261	}
262	else
263	{
264	trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
265	}
266	}
267
268	// Handle quicktool actions
269	switch ($action)
270	{
271	case 'banuser':
272	case 'banemail':
273	case 'banip':
274
275	if ($user_id == $user->data['user_id'])
276	{
277	trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
278	}
279
280	if ($user_id == ANONYMOUS)
281	{
282	trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
283	}
284
285	if ($user_row['user_type'] == USER_FOUNDER)
286	{
287	trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
288	}
289
290	if (!check_form_key($form_name))
291	{
292	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
293	}
294
295	$ban = array();
296
297	switch ($action)
298	{
299	case 'banuser':
300	$ban[] = $user_row['username'];
301	$reason = 'USER_ADMIN_BAN_NAME_REASON';
302	break;
303
304	case 'banemail':
305	$ban[] = $user_row['user_email'];
306	$reason = 'USER_ADMIN_BAN_EMAIL_REASON';
307	break;
308
309	case 'banip':
310	$ban[] = $user_row['user_ip'];
311
312	$sql = 'SELECT DISTINCT poster_ip
313	FROM ' . POSTS_TABLE . "
314	WHERE poster_id = $user_id";
315	$result = $db->sql_query($sql);
316
317	while ($row = $db->sql_fetchrow($result))
318	{
319	$ban[] = $row['poster_ip'];
320	}
321	$db->sql_freeresult($result);
322
323	$reason = 'USER_ADMIN_BAN_IP_REASON';
324	break;
325	}
326
327	$ban_reason = $request->variable('ban_reason', $user->lang[$reason], true);
328	$ban_give_reason = $request->variable('ban_give_reason', '', true);
329
330	// Log not used at the moment, we simply utilize the ban function.
331	$result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
332
333	trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id));
334
335	break;
336
337	case 'reactivate':
338
339	if ($user_id == $user->data['user_id'])
340	{
341	trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
342	}
343
344	if (!check_form_key($form_name))
345	{
346	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
347	}
348
349	if ($user_row['user_type'] == USER_FOUNDER)
350	{
351	trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
352	}
353
354	if ($user_row['user_type'] == USER_IGNORE)
355	{
356	trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
357	}
358
359	if ($config['email_enable'])
360	{
361	if (!class_exists('messenger'))
362	{
363	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
364	}
365
366	$server_url = generate_board_url();
367
368	$user_actkey = gen_rand_string(mt_rand(6, 10));
369	$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
370
371	if ($user_row['user_type'] == USER_NORMAL)
372	{
373	user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
374	}
375	else
376	{
377	// Grabbing the last confirm key - we only send a reminder
378	$sql = 'SELECT user_actkey
379	FROM ' . USERS_TABLE . '
380	WHERE user_id = ' . $user_id;
381	$result = $db->sql_query($sql);
382	$user_activation_key = (string) $db->sql_fetchfield('user_actkey');
383	$db->sql_freeresult($result);
384
385	$user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
386	}
387
388	if ($user_row['user_type'] == USER_NORMAL \|\| empty($user_activation_key))
389	{
390	$sql = 'UPDATE ' . USERS_TABLE . "
391	SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
392	WHERE user_id = $user_id";
393	$db->sql_query($sql);
394	}
395
396	$messenger = new messenger(false);
397
398	$messenger->template($email_template, $user_row['user_lang']);
399
400	$messenger->set_addresses($user_row);
401
402	$messenger->anti_abuse_headers($config, $user);
403
404	$messenger->assign_vars(array(
405	'WELCOME_MSG' => html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
406	'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT),
407	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
408	);
409
410	$messenger->send(NOTIFY_EMAIL);
411
412	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username']));
413	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array(
414	'reportee_id' => $user_id
415	));
416
417	trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id));
418	}
419
420	break;
421
422	case 'active':
423
424	if ($user_id == $user->data['user_id'])
425	{
426	// It is only deactivation since the user is already activated (else he would not have reached this page)
427	trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
428	}
429
430	if (!check_form_key($form_name))
431	{
432	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
433	}
434
435	if ($user_row['user_type'] == USER_FOUNDER)
436	{
437	trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
438	}
439
440	if ($user_row['user_type'] == USER_IGNORE)
441	{
442	trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
443	}
444
445	user_active_flip('flip', $user_id);
446
447	if ($user_row['user_type'] == USER_INACTIVE)
448	{
449	if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
450	{
451	/* @var $phpbb_notifications \phpbb\notification\manager */
452	$phpbb_notifications = $phpbb_container->get('notification_manager');
453	$phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
454
455	if (!class_exists('messenger'))
456	{
457	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
458	}
459
460	$messenger = new messenger(false);
461
462	$messenger->template('admin_welcome_activated', $user_row['user_lang']);
463
464	$messenger->set_addresses($user_row);
465
466	$messenger->anti_abuse_headers($config, $user);
467
468	$messenger->assign_vars(array(
469	'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT))
470	);
471
472	$messenger->send(NOTIFY_EMAIL);
473	}
474	}
475
476	$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
477	$log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
478
479	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username']));
480	$phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array(
481	'reportee_id' => $user_id
482	));
483
484	trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id));
485
486	break;
487
488	case 'delsig':
489
490	if (!check_form_key($form_name))
491	{
492	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
493	}
494
495	$sql_ary = array(
496	'user_sig' => '',
497	'user_sig_bbcode_uid' => '',
498	'user_sig_bbcode_bitfield' => ''
499	);
500
501	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
502	WHERE user_id = $user_id";
503	$db->sql_query($sql);
504
505	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username']));
506	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array(
507	'reportee_id' => $user_id
508	));
509
510	trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
511
512	break;
513
514	case 'delavatar':
515
516	if (!check_form_key($form_name))
517	{
518	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
519	}
520
521	// Delete old avatar if present
522	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
523	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
524	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_');
525
526	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username']));
527	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array(
528	'reportee_id' => $user_id
529	));
530
531	trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
532	break;
533
534	case 'delposts':
535
536	if (confirm_box(true))
537	{
538	// Delete posts, attachments, etc.
539	delete_posts('poster_id', $user_id);
540
541	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username']));
542	trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id));
543	}
544	else
545	{
546	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
547	'u' => $user_id,
548	'i' => $id,
549	'mode' => $mode,
550	'action' => $action,
551	'update' => true))
552	);
553	}
554
555	break;
556
557	case 'delattach':
558
559	if (confirm_box(true))
560	{
561	/** @var \phpbb\attachment\manager $attachment_manager */
562	$attachment_manager = $phpbb_container->get('attachment.manager');
563	$attachment_manager->delete('user', $user_id);
564	unset($attachment_manager);
565
566	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username']));
567	trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
568	}
569	else
570	{
571	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
572	'u' => $user_id,
573	'i' => $id,
574	'mode' => $mode,
575	'action' => $action,
576	'update' => true))
577	);
578	}
579
580	break;
581
582	case 'deloutbox':
583
584	if (confirm_box(true))
585	{
586	$msg_ids = array();
587	$lang = 'EMPTY';
588
589	$sql = 'SELECT msg_id
590	FROM ' . PRIVMSGS_TO_TABLE . "
591	WHERE author_id = $user_id
592	AND folder_id = " . PRIVMSGS_OUTBOX;
593	$result = $db->sql_query($sql);
594
595	if ($row = $db->sql_fetchrow($result))
596	{
597	if (!function_exists('delete_pm'))
598	{
599	include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
600	}
601
602	do
603	{
604	$msg_ids[] = (int) $row['msg_id'];
605	}
606	while ($row = $db->sql_fetchrow($result));
607
608	$db->sql_freeresult($result);
609
610	delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);
611
612	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username']));
613
614	$lang = 'EMPTIED';
615	}
616	$db->sql_freeresult($result);
617
618	trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id));
619	}
620	else
621	{
622	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
623	'u' => $user_id,
624	'i' => $id,
625	'mode' => $mode,
626	'action' => $action,
627	'update' => true))
628	);
629	}
630	break;
631
632	case 'moveposts':
633
634	if (!check_form_key($form_name))
635	{
636	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
637	}
638
639	$user->add_lang('acp/forums');
640
641	$new_forum_id = $request->variable('new_f', 0);
642
643	if (!$new_forum_id)
644	{
645	$this->page_title = 'USER_ADMIN_MOVE_POSTS';
646
647	$template->assign_vars(array(
648	'S_SELECT_FORUM' => true,
649	'U_ACTION' => $this->u_action . "&action=$action&u=$user_id",
650	'U_BACK' => $this->u_action . "&u=$user_id",
651	'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))
652	);
653
654	return;
655	}
656
657	// Is the new forum postable to?
658	$sql = 'SELECT forum_name, forum_type
659	FROM ' . FORUMS_TABLE . "
660	WHERE forum_id = $new_forum_id";
661	$result = $db->sql_query($sql);
662	$forum_info = $db->sql_fetchrow($result);
663	$db->sql_freeresult($result);
664
665	if (!$forum_info)
666	{
667	trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
668	}
669
670	if ($forum_info['forum_type'] != FORUM_POST)
671	{
672	trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
673	}
674
675	// Two stage?
676	// Move topics comprising only posts from this user
677	$topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
678	$forum_id_ary = array($new_forum_id);
679
680	$sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts
681	FROM ' . POSTS_TABLE . "
682	WHERE poster_id = $user_id
683	AND forum_id <> $new_forum_id
684	GROUP BY topic_id, post_visibility";
685	$result = $db->sql_query($sql);
686
687	while ($row = $db->sql_fetchrow($result))
688	{
689	$topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts'];
690	}
691	$db->sql_freeresult($result);
692
693	if (count($topic_id_ary))
694	{
695	$sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment
696	FROM ' . TOPICS_TABLE . '
697	WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
698	$result = $db->sql_query($sql);
699
700	while ($row = $db->sql_fetchrow($result))
701	{
702	if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved']
703	&& $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved']
704	&& $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved']
705	&& $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted'])
706	{
707	$move_topic_ary[] = $row['topic_id'];
708	}
709	else
710	{
711	$move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
712	$move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0;
713	}
714
715	$forum_id_ary[] = $row['forum_id'];
716	}
717	$db->sql_freeresult($result);
718	}
719
720	// Entire topic comprises posts by this user, move these topics
721	if (count($move_topic_ary))
722	{
723	move_topics($move_topic_ary, $new_forum_id, false);
724	}
725
726	if (count($move_post_ary))
727	{
728	// Create new topic
729	// Update post_ids, report_ids, attachment_ids
730	foreach ($move_post_ary as $topic_id => $post_ary)
731	{
732	// Create new topic
733	$sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
734	'topic_poster' => $user_id,
735	'topic_time' => time(),
736	'forum_id' => $new_forum_id,
737	'icon_id' => 0,
738	'topic_visibility' => ITEM_APPROVED,
739	'topic_title' => $post_ary['title'],
740	'topic_first_poster_name' => $user_row['username'],
741	'topic_type' => POST_NORMAL,
742	'topic_time_limit' => 0,
743	'topic_attachment' => $post_ary['attach'])
744	);
745	$db->sql_query($sql);
746
747	$new_topic_id = $db->sql_nextid();
748
749	// Move posts
750	$sql = 'UPDATE ' . POSTS_TABLE . "
751	SET forum_id = $new_forum_id, topic_id = $new_topic_id
752	WHERE topic_id = $topic_id
753	AND poster_id = $user_id";
754	$db->sql_query($sql);
755
756	if ($post_ary['attach'])
757	{
758	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
759	SET topic_id = $new_topic_id
760	WHERE topic_id = $topic_id
761	AND poster_id = $user_id";
762	$db->sql_query($sql);
763	}
764
765	$new_topic_id_ary[] = $new_topic_id;
766	}
767	}
768
769	$forum_id_ary = array_unique($forum_id_ary);
770	$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
771
772	if (count($topic_id_ary))
773	{
774	sync('topic_reported', 'topic_id', $topic_id_ary);
775	sync('topic', 'topic_id', $topic_id_ary);
776	}
777
778	if (count($forum_id_ary))
779	{
780	sync('forum', 'forum_id', $forum_id_ary, false, true);
781	}
782
783	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name']));
784	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array(
785	'reportee_id' => $user_id,
786	$forum_info['forum_name']
787	));
788
789	trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
790
791	break;
792
793	case 'leave_nr':
794
795	if (confirm_box(true))
796	{
797	remove_newly_registered($user_id, $user_row);
798
799	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username']));
800	trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id));
801	}
802	else
803	{
804	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
805	'u' => $user_id,
806	'i' => $id,
807	'mode' => $mode,
808	'action' => $action,
809	'update' => true))
810	);
811	}
812
813	break;
814
815	default:
816	$u_action = $this->u_action;
817
818	/**
819	* Run custom quicktool code
820	*
821	* @event core.acp_users_overview_run_quicktool
822	* @var string action Quick tool that should be run
823	* @var array user_row Current user data
824	* @var string u_action The u_action link
825	* @var int user_id User id of the user to manage
826	* @since 3.1.0-a1
827	* @changed 3.2.2-RC1 Added u_action
828	* @changed 3.2.10-RC1 Added user_id
829	*/
830	$vars = array('action', 'user_row', 'u_action', 'user_id');
831	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
832
833	unset($u_action);
834	break;
835	}
836
837	// Handle registration info updates
838	$data = array(
839	'username' => $request->variable('user', $user_row['username'], true),
840	'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
841	'email' => strtolower($request->variable('user_email', $user_row['user_email'])),
842	'new_password' => $request->variable('new_password', '', true),
843	'password_confirm' => $request->variable('password_confirm', '', true),
844	);
845
846	// Validation data - we do not check the password complexity setting here
847	$check_ary = array(
848	'new_password' => array(
849	array('string', true, $config['min_pass_chars'], 0),
850	array('password')),
851	'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
852	);
853
854	// Check username if altered
855	if ($data['username'] != $user_row['username'])
856	{
857	$check_ary += array(
858	'username' => array(
859	array('string', false, $config['min_name_chars'], $config['max_name_chars']),
860	array('username', $user_row['username'], true)
861	),
862	);
863	}
864
865	// Check email if altered
866	if ($data['email'] != $user_row['user_email'])
867	{
868	$check_ary += array(
869	'email' => array(
870	array('string', false, 6, 60),
871	array('user_email', $user_row['user_email']),
872	),
873	);
874	}
875
876	$error = validate_data($data, $check_ary);
877
878	if ($data['new_password'] && $data['password_confirm'] != $data['new_password'])
879	{
880	$error[] = 'NEW_PASSWORD_ERROR';
881	}
882
883	if (!check_form_key($form_name))
884	{
885	$error[] = 'FORM_INVALID';
886	}
887
888	// Instantiate passwords manager
889	/* @var $passwords_manager \phpbb\passwords\manager */
890	$passwords_manager = $phpbb_container->get('passwords.manager');
891
892	// Which updates do we need to do?
893	$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
894	$update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
895	$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
896
897	if (!count($error))
898	{
899	$sql_ary = array();
900
901	if ($user_row['user_type'] != USER_FOUNDER \|\| $user->data['user_type'] == USER_FOUNDER)
902	{
903	// Only allow founders updating the founder status...
904	if ($user->data['user_type'] == USER_FOUNDER)
905	{
906	// Setting a normal member to be a founder
907	if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
908	{
909	// Make sure the user is not setting an Inactive or ignored user to be a founder
910	if ($user_row['user_type'] == USER_IGNORE)
911	{
912	trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
913	}
914
915	if ($user_row['user_type'] == USER_INACTIVE)
916	{
917	trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
918	}
919
920	$sql_ary['user_type'] = USER_FOUNDER;
921	}
922	else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
923	{
924	// Check if at least one founder is present
925	$sql = 'SELECT user_id
926	FROM ' . USERS_TABLE . '
927	WHERE user_type = ' . USER_FOUNDER . '
928	AND user_id <> ' . $user_id;
929	$result = $db->sql_query_limit($sql, 1);
930	$row = $db->sql_fetchrow($result);
931	$db->sql_freeresult($result);
932
933	if ($row)
934	{
935	$sql_ary['user_type'] = USER_NORMAL;
936	}
937	else
938	{
939	trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
940	}
941	}
942	}
943	}
944
945	/**
946	* Modify user data before we update it
947	*
948	* @event core.acp_users_overview_modify_data
949	* @var array user_row Current user data
950	* @var array data Submitted user data
951	* @var array sql_ary User data we udpate
952	* @since 3.1.0-a1
953	*/
954	$vars = array('user_row', 'data', 'sql_ary');
955	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars)));
956
957	if ($update_username !== false)
958	{
959	$sql_ary['username'] = $update_username;
960	$sql_ary['username_clean'] = utf8_clean_string($update_username);
961
962	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
963	'reportee_id' => $user_id,
964	$user_row['username'],
965	$update_username
966	));
967	}
968
969	if ($update_email !== false)
970	{
971	$sql_ary += ['user_email' => $update_email];
972
973	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
974	'reportee_id' => $user_id,
975	$user_row['username'],
976	$user_row['user_email'],
977	$update_email
978	));
979	}
980
981	if ($update_password)
982	{
983	$sql_ary += array(
984	'user_password' => $passwords_manager->hash($data['new_password']),
985	'user_passchg' => time(),
986	);
987
988	$user->reset_login_keys($user_id);
989
990	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
991	'reportee_id' => $user_id,
992	$user_row['username']
993	));
994	}
995
996	if (count($sql_ary))
997	{
998	$sql = 'UPDATE ' . USERS_TABLE . '
999	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1000	WHERE user_id = ' . $user_id;
1001	$db->sql_query($sql);
1002	}
1003
1004	if ($update_username)
1005	{
1006	user_update_name($user_row['username'], $update_username);
1007	}
1008
1009	// Let the users permissions being updated
1010	$auth->acl_clear_prefetch($user_id);
1011
1012	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username']));
1013
1014	trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1015	}
1016
1017	// Replace "error" strings with their real, localised form
1018	$error = array_map(array($user, 'lang'), $error);
1019	}
1020
1021	if ($user_id == $user->data['user_id'])
1022	{
1023	$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1024	if ($user_row['user_new'])
1025	{
1026	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1027	}
1028	}
1029	else
1030	{
1031	$quick_tool_ary = array();
1032
1033	if ($user_row['user_type'] != USER_FOUNDER)
1034	{
1035	$quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
1036	}
1037
1038	if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE)
1039	{
1040	$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
1041	}
1042
1043	$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1044
1045	if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL \|\| $user_row['user_type'] == USER_INACTIVE))
1046	{
1047	$quick_tool_ary['reactivate'] = 'FORCE';
1048	}
1049
1050	if ($user_row['user_new'])
1051	{
1052	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1053	}
1054	}
1055
1056	if ($config['load_onlinetrack'])
1057	{
1058	$sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
1059	FROM ' . SESSIONS_TABLE . "
1060	WHERE session_user_id = $user_id";
1061	$result = $db->sql_query($sql);
1062	$row = $db->sql_fetchrow($result);
1063	$db->sql_freeresult($result);
1064
1065	$user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
1066	$user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
1067	unset($row);
1068	}
1069
1070	/**
1071	* Add additional quick tool options and overwrite user data
1072	*
1073	* @event core.acp_users_display_overview
1074	* @var array user_row Array with user data
1075	* @var array quick_tool_ary Ouick tool options
1076	* @since 3.1.0-a1
1077	*/
1078	$vars = array('user_row', 'quick_tool_ary');
1079	extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars)));
1080
1081	$s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
1082	foreach ($quick_tool_ary as $value => $lang)
1083	{
1084	$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
1085	}
1086
1087	$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit'];
1088
1089	$inactive_reason = '';
1090	if ($user_row['user_type'] == USER_INACTIVE)
1091	{
1092	$inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
1093
1094	switch ($user_row['user_inactive_reason'])
1095	{
1096	case INACTIVE_REGISTER:
1097	$inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
1098	break;
1099
1100	case INACTIVE_PROFILE:
1101	$inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
1102	break;
1103
1104	case INACTIVE_MANUAL:
1105	$inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
1106	break;
1107
1108	case INACTIVE_REMIND:
1109	$inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
1110	break;
1111	}
1112	}
1113
1114	// Posts in Queue
1115	$sql = 'SELECT COUNT(post_id) as posts_in_queue
1116	FROM ' . POSTS_TABLE . '
1117	WHERE poster_id = ' . $user_id . '
1118	AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
1119	$result = $db->sql_query($sql);
1120	$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
1121	$db->sql_freeresult($result);
1122
1123	$sql = 'SELECT post_id
1124	FROM ' . POSTS_TABLE . '
1125	WHERE poster_id = '. $user_id;
1126	$result = $db->sql_query_limit($sql, 1);
1127	$user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
1128	$db->sql_freeresult($result);
1129
1130	$template->assign_vars(array(
1131	'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
1132	'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
1133	'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
1134	'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
1135
1136	'S_OVERVIEW' => true,
1137	'S_USER_IP' => ($user_row['user_ip']) ? true : false,
1138	'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
1139	'S_ACTION_OPTIONS' => $s_action_options,
1140	'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false,
1141	'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false,
1142
1143	'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
1144	'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
1145	'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
1146	'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
1147
1148	'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
1149
1150	'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
1151	'USER' => $user_row['username'],
1152	'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
1153	'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
1154	'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ',
1155	'USER_EMAIL' => $user_row['user_email'],
1156	'USER_WARNINGS' => $user_row['user_warnings'],
1157	'USER_POSTS' => $user_row['user_posts'],
1158	'USER_HAS_POSTS' => $user_row['user_has_posts'],
1159	'USER_INACTIVE_REASON' => $inactive_reason,
1160	));
1161
1162	break;
1163
1164	case 'feedback':
1165
1166	$user->add_lang('mcp');
1167
1168	// Set up general vars
1169	$start = $request->variable('start', 0);
1170	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1171	$deleteall = (isset($_POST['delall'])) ? true : false;
1172	$marked = $request->variable('mark', array(0));
1173	$message = $request->variable('message', '', true);
1174
1175	/* @var $pagination \phpbb\pagination */
1176	$pagination = $phpbb_container->get('pagination');
1177
1178	// Sort keys
1179	$sort_days = $request->variable('st', 0);
1180	$sort_key = $request->variable('sk', 't');
1181	$sort_dir = $request->variable('sd', 'd');
1182
1183	// Delete entries if requested and able
1184	if (($deletemark \|\| $deleteall) && $auth->acl_get('a_clearlogs'))
1185	{
1186	if (!check_form_key($form_name))
1187	{
1188	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1189	}
1190
1191	$where_sql = '';
1192	if ($deletemark && $marked)
1193	{
1194	$sql_in = array();
1195	foreach ($marked as $mark)
1196	{
1197	$sql_in[] = $mark;
1198	}
1199	$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
1200	unset($sql_in);
1201	}
1202
1203	if ($where_sql \|\| $deleteall)
1204	{
1205	$sql = 'DELETE FROM ' . LOG_TABLE . '
1206	WHERE log_type = ' . LOG_USERS . "
1207	AND reportee_id = $user_id
1208	$where_sql";
1209	$db->sql_query($sql);
1210
1211	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username']));
1212	}
1213	}
1214
1215	if ($submit && $message)
1216	{
1217	if (!check_form_key($form_name))
1218	{
1219	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1220	}
1221
1222	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username']));
1223	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
1224	'forum_id' => 0,
1225	'topic_id' => 0,
1226	$user_row['username']
1227	));
1228	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
1229	'reportee_id' => $user_id,
1230	$message
1231	));
1232
1233	trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1234	}
1235
1236	// Sorting
1237	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1238	$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
1239	$sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
1240
1241	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1242	gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1243
1244	// Define where and sort sql for use in displaying logs
1245	$sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
1246	$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
1247
1248	// Grab log data
1249	$log_data = array();
1250	$log_count = 0;
1251	$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
1252
1253	$base_url = $this->u_action . "&u=$user_id&$u_sort_param";
1254	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start);
1255
1256	$template->assign_vars(array(
1257	'S_FEEDBACK' => true,
1258
1259	'S_LIMIT_DAYS' => $s_limit_days,
1260	'S_SORT_KEY' => $s_sort_key,
1261	'S_SORT_DIR' => $s_sort_dir,
1262	'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))
1263	);
1264
1265	foreach ($log_data as $row)
1266	{
1267	$template->assign_block_vars('log', array(
1268	'USERNAME' => $row['username_full'],
1269	'IP' => $row['ip'],
1270	'DATE' => $user->format_date($row['time']),
1271	'ACTION' => nl2br($row['action']),
1272	'ID' => $row['id'])
1273	);
1274	}
1275
1276	break;
1277
1278	case 'warnings':
1279	$user->add_lang('mcp');
1280
1281	// Set up general vars
1282	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1283	$deleteall = (isset($_POST['delall'])) ? true : false;
1284	$confirm = (isset($_POST['confirm'])) ? true : false;
1285	$marked = $request->variable('mark', array(0));
1286
1287	// Delete entries if requested and able
1288	if ($deletemark \|\| $deleteall \|\| $confirm)
1289	{
1290	if (confirm_box(true))
1291	{
1292	$where_sql = '';
1293	$deletemark = $request->variable('delmarked', 0);
1294	$deleteall = $request->variable('delall', 0);
1295	if ($deletemark && $marked)
1296	{
1297	$where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
1298	}
1299
1300	if ($where_sql \|\| $deleteall)
1301	{
1302	$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
1303	WHERE user_id = $user_id
1304	$where_sql";
1305	$db->sql_query($sql);
1306
1307	if ($deleteall)
1308	{
1309	$log_warnings = $deleted_warnings = 0;
1310	}
1311	else
1312	{
1313	$num_warnings = (int) $db->sql_affectedrows();
1314	$deleted_warnings = ' user_warnings - ' . $num_warnings;
1315	$log_warnings = ($num_warnings > 2) ? 2 : $num_warnings;
1316	}
1317
1318	$sql = 'UPDATE ' . USERS_TABLE . "
1319	SET user_warnings = $deleted_warnings
1320	WHERE user_id = $user_id";
1321	$db->sql_query($sql);
1322
1323	if ($log_warnings)
1324	{
1325	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings));
1326	}
1327	else
1328	{
1329	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username']));
1330	}
1331	}
1332	}
1333	else
1334	{
1335	$s_hidden_fields = array(
1336	'i' => $id,
1337	'mode' => $mode,
1338	'u' => $user_id,
1339	'mark' => $marked,
1340	);
1341	if (isset($_POST['delmarked']))
1342	{
1343	$s_hidden_fields['delmarked'] = 1;
1344	}
1345	if (isset($_POST['delall']))
1346	{
1347	$s_hidden_fields['delall'] = 1;
1348	}
1349	if (isset($_POST['delall']) \|\| (isset($_POST['delmarked']) && count($marked)))
1350	{
1351	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
1352	}
1353	}
1354	}
1355
1356	$sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
1357	FROM ' . WARNINGS_TABLE . ' w
1358	LEFT JOIN ' . LOG_TABLE . ' l
1359	ON (w.log_id = l.log_id)
1360	LEFT JOIN ' . USERS_TABLE . ' m
1361	ON (l.user_id = m.user_id)
1362	WHERE w.user_id = ' . $user_id . '
1363	ORDER BY w.warning_time DESC';
1364	$result = $db->sql_query($sql);
1365
1366	while ($row = $db->sql_fetchrow($result))
1367	{
1368	if (!$row['log_operation'])
1369	{
1370	// We do not have a log-entry anymore, so there is no data available
1371	$row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
1372	}
1373	else
1374	{
1375	$row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
1376	if (!empty($row['log_data']))
1377	{
1378	$log_data_ary = @unserialize($row['log_data']);
1379	$log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary;
1380
1381	if (isset($user->lang[$row['log_operation']]))
1382	{
1383	// Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
1384	// It doesn't matter if we add more arguments than placeholders
1385	if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0)
1386	{
1387	$log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), ''));
1388	}
1389	$row['action'] = vsprintf($row['action'], $log_data_ary);
1390	$row['action'] = bbcode_nl2br(censor_text($row['action']));
1391	}
1392	else if (!empty($log_data_ary))
1393	{
1394	$row['action'] .= '<br />' . implode('', $log_data_ary);
1395	}
1396	}
1397	}
1398
1399	$template->assign_block_vars('warn', array(
1400	'ID' => $row['warning_id'],
1401	'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-',
1402	'ACTION' => make_clickable($row['action']),
1403	'DATE' => $user->format_date($row['warning_time']),
1404	));
1405	}
1406	$db->sql_freeresult($result);
1407
1408	$template->assign_vars(array(
1409	'S_WARNINGS' => true,
1410	));
1411
1412	break;
1413
1414	case 'profile':
1415
1416	if (!function_exists('user_get_id_name'))
1417	{
1418	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1419	}
1420
1421	/* @var $cp \phpbb\profilefields\manager */
1422	$cp = $phpbb_container->get('profilefields.manager');
1423
1424	$cp_data = $cp_error = array();
1425
1426	$sql = 'SELECT lang_id
1427	FROM ' . LANG_TABLE . "
1428	WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
1429	$result = $db->sql_query($sql);
1430	$row = $db->sql_fetchrow($result);
1431	$db->sql_freeresult($result);
1432
1433	$user_row['iso_lang_id'] = $row['lang_id'];
1434
1435	$data = array(
1436	'jabber' => $request->variable('jabber', $user_row['user_jabber'], true),
1437	'bday_day' => 0,
1438	'bday_month' => 0,
1439	'bday_year' => 0,
1440	);
1441
1442	if ($user_row['user_birthday'])
1443	{
1444	list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
1445	}
1446
1447	$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
1448	$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
1449	$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
1450	$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
1451
1452	/**
1453	* Modify user data on editing profile in ACP
1454	*
1455	* @event core.acp_users_modify_profile
1456	* @var array data Array with user profile data
1457	* @var bool submit Flag indicating if submit button has been pressed
1458	* @var int user_id The user id
1459	* @var array user_row Array with the full user data
1460	* @since 3.1.4-RC1
1461	*/
1462	$vars = array('data', 'submit', 'user_id', 'user_row');
1463	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars)));
1464
1465	if ($submit)
1466	{
1467	$error = validate_data($data, array(
1468	'jabber' => array(
1469	array('string', true, 5, 255),
1470	array('jabber')),
1471	'bday_day' => array('num', true, 1, 31),
1472	'bday_month' => array('num', true, 1, 12),
1473	'bday_year' => array('num', true, 1901, gmdate('Y', time())),
1474	'user_birthday' => array('date', true),
1475	));
1476
1477	// validate custom profile fields
1478	$cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
1479
1480	if (count($cp_error))
1481	{
1482	$error = array_merge($error, $cp_error);
1483	}
1484	if (!check_form_key($form_name))
1485	{
1486	$error[] = 'FORM_INVALID';
1487	}
1488
1489	/**
1490	* Validate profile data in ACP before submitting to the database
1491	*
1492	* @event core.acp_users_profile_validate
1493	* @var array data Array with user profile data
1494	* @var int user_id The user id
1495	* @var array user_row Array with the full user data
1496	* @var array error Array with the form errors
1497	* @since 3.1.4-RC1
1498	* @changed 3.1.12-RC1 Removed submit, added user_id, user_row
1499	*/
1500	$vars = array('data', 'user_id', 'user_row', 'error');
1501	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars)));
1502
1503	if (!count($error))
1504	{
1505	$sql_ary = array(
1506	'user_jabber' => $data['jabber'],
1507	'user_birthday' => $data['user_birthday'],
1508	);
1509
1510	/**
1511	* Modify profile data in ACP before submitting to the database
1512	*
1513	* @event core.acp_users_profile_modify_sql_ary
1514	* @var array cp_data Array with the user custom profile fields data
1515	* @var array data Array with user profile data
1516	* @var int user_id The user id
1517	* @var array user_row Array with the full user data
1518	* @var array sql_ary Array with sql data
1519	* @since 3.1.4-RC1
1520	*/
1521	$vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary');
1522	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars)));
1523
1524	$sql = 'UPDATE ' . USERS_TABLE . '
1525	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1526	WHERE user_id = $user_id";
1527	$db->sql_query($sql);
1528
1529	// Update Custom Fields
1530	$cp->update_profile_field_data($user_id, $cp_data);
1531
1532	trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1533	}
1534
1535	// Replace "error" strings with their real, localised form
1536	$error = array_map(array($user, 'lang'), $error);
1537	}
1538
1539	$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
1540	for ($i = 1; $i < 32; $i++)
1541	{
1542	$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
1543	$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
1544	}
1545
1546	$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
1547	for ($i = 1; $i < 13; $i++)
1548	{
1549	$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
1550	$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
1551	}
1552
1553	$now = getdate();
1554	$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
1555	for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
1556	{
1557	$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
1558	$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
1559	}
1560	unset($now);
1561
1562	$template->assign_vars(array(
1563	'JABBER' => $data['jabber'],
1564	'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
1565	'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
1566	'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
1567
1568	'S_PROFILE' => true)
1569	);
1570
1571	// Get additional profile fields and assign them to the template block var 'profile_fields'
1572	$user->get_profile_fields($user_id);
1573
1574	$cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
1575
1576	break;
1577
1578	case 'prefs':
1579
1580	if (!function_exists('user_get_id_name'))
1581	{
1582	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1583	}
1584
1585	$data = array(
1586	'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true),
1587	'lang' => basename($request->variable('lang', $user_row['user_lang'])),
1588	'tz' => $request->variable('tz', $user_row['user_timezone']),
1589	'style' => $request->variable('style', $user_row['user_style']),
1590	'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']),
1591	'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']),
1592	'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']),
1593	'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']),
1594	'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']),
1595	'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']),
1596
1597	'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
1598	'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'),
1599	'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0),
1600
1601	'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'),
1602	'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'),
1603	'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0),
1604
1605	'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')),
1606	'view_flash' => $request->variable('view_flash', $this->optionget($user_row, 'viewflash')),
1607	'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')),
1608	'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')),
1609	'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')),
1610	'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')),
1611
1612	'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')),
1613	'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')),
1614	'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')),
1615	'notify' => $request->variable('notify', $user_row['user_notify']),
1616	);
1617
1618	/**
1619	* Modify users preferences data
1620	*
1621	* @event core.acp_users_prefs_modify_data
1622	* @var array data Array with users preferences data
1623	* @var array user_row Array with user data
1624	* @since 3.1.0-b3
1625	*/
1626	$vars = array('data', 'user_row');
1627	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars)));
1628
1629	if ($submit)
1630	{
1631	$error = validate_data($data, array(
1632	'dateformat' => array('string', false, 1, 64),
1633	'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
1634	'tz' => array('timezone'),
1635
1636	'topic_sk' => array('string', false, 1, 1),
1637	'topic_sd' => array('string', false, 1, 1),
1638	'post_sk' => array('string', false, 1, 1),
1639	'post_sd' => array('string', false, 1, 1),
1640	));
1641
1642	if (!check_form_key($form_name))
1643	{
1644	$error[] = 'FORM_INVALID';
1645	}
1646
1647	if (!count($error))
1648	{
1649	$this->optionset($user_row, 'viewimg', $data['view_images']);
1650	$this->optionset($user_row, 'viewflash', $data['view_flash']);
1651	$this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
1652	$this->optionset($user_row, 'viewsigs', $data['view_sigs']);
1653	$this->optionset($user_row, 'viewavatars', $data['view_avatars']);
1654	$this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
1655	$this->optionset($user_row, 'bbcode', $data['bbcode']);
1656	$this->optionset($user_row, 'smilies', $data['smilies']);
1657	$this->optionset($user_row, 'attachsig', $data['sig']);
1658
1659	$sql_ary = array(
1660	'user_options' => $user_row['user_options'],
1661
1662	'user_allow_pm' => $data['allowpm'],
1663	'user_allow_viewemail' => $data['viewemail'],
1664	'user_allow_massemail' => $data['massemail'],
1665	'user_allow_viewonline' => !$data['hideonline'],
1666	'user_notify_type' => $data['notifymethod'],
1667	'user_notify_pm' => $data['notifypm'],
1668
1669	'user_dateformat' => $data['dateformat'],
1670	'user_lang' => $data['lang'],
1671	'user_timezone' => $data['tz'],
1672	'user_style' => $data['style'],
1673
1674	'user_topic_sortby_type' => $data['topic_sk'],
1675	'user_post_sortby_type' => $data['post_sk'],
1676	'user_topic_sortby_dir' => $data['topic_sd'],
1677	'user_post_sortby_dir' => $data['post_sd'],
1678
1679	'user_topic_show_days' => $data['topic_st'],
1680	'user_post_show_days' => $data['post_st'],
1681
1682	'user_notify' => $data['notify'],
1683	);
1684
1685	/**
1686	* Modify SQL query before users preferences are updated
1687	*
1688	* @event core.acp_users_prefs_modify_sql
1689	* @var array data Array with users preferences data
1690	* @var array user_row Array with user data
1691	* @var array sql_ary SQL array with users preferences data to update
1692	* @var array error Array with errors data
1693	* @since 3.1.0-b3
1694	*/
1695	$vars = array('data', 'user_row', 'sql_ary', 'error');
1696	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars)));
1697
1698	if (!count($error))
1699	{
1700	$sql = 'UPDATE ' . USERS_TABLE . '
1701	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1702	WHERE user_id = $user_id";
1703	$db->sql_query($sql);
1704
1705	// Check if user has an active session
1706	if ($user_row['session_id'])
1707	{
1708	// We'll update the session if user_allow_viewonline has changed and the user is a bot
1709	// Or if it's a regular user and the admin set it to hide the session
1710	if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
1711	\|\| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
1712	{
1713	// We also need to check if the user has the permission to cloak.
1714	$user_auth = new \phpbb\auth\auth();
1715	$user_auth->acl($user_row);
1716
1717	$session_sql_ary = array(
1718	'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
1719	);
1720
1721	$sql = 'UPDATE ' . SESSIONS_TABLE . '
1722	SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
1723	WHERE session_user_id = $user_id";
1724	$db->sql_query($sql);
1725
1726	unset($user_auth);
1727	}
1728	}
1729
1730	trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1731	}
1732	}
1733
1734	// Replace "error" strings with their real, localised form
1735	$error = array_map(array($user, 'lang'), $error);
1736	}
1737
1738	$dateformat_options = '';
1739	foreach ($user->lang['dateformats'] as $format => $null)
1740	{
1741	$dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
1742	$dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '\|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
1743	$dateformat_options .= '</option>';
1744	}
1745
1746	$s_custom = false;
1747
1748	$dateformat_options .= '<option value="custom"';
1749	if (!isset($user->lang['dateformats'][$data['dateformat']]))
1750	{
1751	$dateformat_options .= ' selected="selected"';
1752	$s_custom = true;
1753	}
1754	$dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
1755
1756	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1757
1758	// Topic ordering options
1759	$limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1760	$sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
1761
1762	// Post ordering options
1763	$limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1764	$sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
1765
1766	$_options = array('topic', 'post');
1767	foreach ($_options as $sort_option)
1768	{
1769	${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
1770	foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
1771	{
1772	$selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
1773	${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
1774	}
1775	${'s_limit_' . $sort_option . '_days'} .= '</select>';
1776
1777	${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
1778	foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
1779	{
1780	$selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
1781	${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
1782	}
1783	${'s_sort_' . $sort_option . '_key'} .= '</select>';
1784
1785	${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
1786	foreach ($sort_dir_text as $key => $value)
1787	{
1788	$selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
1789	${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1790	}
1791	${'s_sort_' . $sort_option . '_dir'} .= '</select>';
1792	}
1793
1794	phpbb_timezone_select($template, $user, $data['tz'], true);
1795	$user_prefs_data = array(
1796	'S_PREFS' => true,
1797	'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
1798
1799	'VIEW_EMAIL' => $data['viewemail'],
1800	'MASS_EMAIL' => $data['massemail'],
1801	'ALLOW_PM' => $data['allowpm'],
1802	'HIDE_ONLINE' => $data['hideonline'],
1803	'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
1804	'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false,
1805	'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
1806	'NOTIFY_PM' => $data['notifypm'],
1807	'BBCODE' => $data['bbcode'],
1808	'SMILIES' => $data['smilies'],
1809	'ATTACH_SIG' => $data['sig'],
1810	'NOTIFY' => $data['notify'],
1811	'VIEW_IMAGES' => $data['view_images'],
1812	'VIEW_FLASH' => $data['view_flash'],
1813	'VIEW_SMILIES' => $data['view_smilies'],
1814	'VIEW_SIGS' => $data['view_sigs'],
1815	'VIEW_AVATARS' => $data['view_avatars'],
1816	'VIEW_WORDCENSOR' => $data['view_wordcensor'],
1817
1818	'S_TOPIC_SORT_DAYS' => $s_limit_topic_days,
1819	'S_TOPIC_SORT_KEY' => $s_sort_topic_key,
1820	'S_TOPIC_SORT_DIR' => $s_sort_topic_dir,
1821	'S_POST_SORT_DAYS' => $s_limit_post_days,
1822	'S_POST_SORT_KEY' => $s_sort_post_key,
1823	'S_POST_SORT_DIR' => $s_sort_post_dir,
1824
1825	'DATE_FORMAT' => $data['dateformat'],
1826	'S_DATEFORMAT_OPTIONS' => $dateformat_options,
1827	'S_CUSTOM_DATEFORMAT' => $s_custom,
1828	'DEFAULT_DATEFORMAT' => $config['default_dateformat'],
1829	'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']),
1830
1831	'S_LANG_OPTIONS' => language_select($data['lang']),
1832	'S_STYLE_OPTIONS' => style_select($data['style']),
1833	);
1834
1835	/**
1836	* Modify users preferences data before assigning it to the template
1837	*
1838	* @event core.acp_users_prefs_modify_template_data
1839	* @var array data Array with users preferences data
1840	* @var array user_row Array with user data
1841	* @var array user_prefs_data Array with users preferences data to be assigned to the template
1842	* @since 3.1.0-b3
1843	*/
1844	$vars = array('data', 'user_row', 'user_prefs_data');
1845	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars)));
1846
1847	$template->assign_vars($user_prefs_data);
1848
1849	break;
1850
1851	case 'avatar':
1852
1853	$avatars_enabled = false;
1854	/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
1855	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
1856
1857	if ($config['allow_avatar'])
1858	{
1859	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
1860
1861	// This is normalised data, without the user_ prefix
1862	$avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
1863
1864	if ($submit)
1865	{
1866	if (check_form_key($form_name))
1867	{
1868	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
1869
1870	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
1871	{
1872	$driver = $phpbb_avatar_manager->get_driver($driver_name);
1873	$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
1874
1875	if ($result && empty($error))
1876	{
1877	// Success! Lets save the result in the database
1878	$result = array(
1879	'user_avatar_type' => $driver_name,
1880	'user_avatar' => $result['avatar'],
1881	'user_avatar_width' => $result['avatar_width'],
1882	'user_avatar_height' => $result['avatar_height'],
1883	);
1884
1885	/**
1886	* Modify users preferences data before assigning it to the template
1887	*
1888	* @event core.acp_users_avatar_sql
1889	* @var array user_row Array with user data
1890	* @var array result Array with user avatar data to be updated in the DB
1891	* @since 3.2.4-RC1
1892	*/
1893	$vars = array('user_row', 'result');
1894	extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars)));
1895
1896	$sql = 'UPDATE ' . USERS_TABLE . '
1897	SET ' . $db->sql_build_array('UPDATE', $result) . '
1898	WHERE user_id = ' . (int) $user_id;
1899
1900	$db->sql_query($sql);
1901	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1902	}
1903	}
1904	}
1905	else
1906	{
1907	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1908	}
1909	}
1910
1911	// Handle deletion of avatars
1912	if ($request->is_set_post('avatar_delete'))
1913	{
1914	if (!confirm_box(true))
1915	{
1916	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
1917	'avatar_delete' => true))
1918	);
1919	}
1920	else
1921	{
1922	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
1923
1924	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1925	}
1926	}
1927
1928	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
1929
1930	// Assign min and max values before generating avatar driver html
1931	$template->assign_vars(array(
1932	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
1933	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
1934	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
1935	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
1936	));
1937
1938	foreach ($avatar_drivers as $current_driver)
1939	{
1940	$driver = $phpbb_avatar_manager->get_driver($current_driver);
1941
1942	$avatars_enabled = true;
1943	$template->set_filenames(array(
1944	'avatar' => $driver->get_acp_template_name(),
1945	));
1946
1947	if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
1948	{
1949	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
1950	$driver_upper = strtoupper($driver_name);
1951
1952	$template->assign_block_vars('avatar_drivers', array(
1953	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
1954	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
1955
1956	'DRIVER' => $driver_name,
1957	'SELECTED' => $current_driver == $selected_driver,
1958	'OUTPUT' => $template->assign_display('avatar'),
1959	));
1960	}
1961	}
1962	}
1963
1964	// Avatar manager is not initialized if avatars are disabled
1965	if (isset($phpbb_avatar_manager))
1966	{
1967	// Replace "error" strings with their real, localised form
1968	$error = $phpbb_avatar_manager->localize_errors($user, $error);
1969	}
1970
1971	$avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true);
1972
1973	$template->assign_vars(array(
1974	'S_AVATAR' => true,
1975	'ERROR' => (!empty($error)) ? implode('<br />', $error) : '',
1976	'AVATAR' => (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
1977
1978	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
1979
1980	'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
1981
1982	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
1983	));
1984
1985	break;
1986
1987	case 'rank':
1988
1989	if ($submit)
1990	{
1991	if (!check_form_key($form_name))
1992	{
1993	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1994	}
1995
1996	$rank_id = $request->variable('user_rank', 0);
1997
1998	$sql = 'UPDATE ' . USERS_TABLE . "
1999	SET user_rank = $rank_id
2000	WHERE user_id = $user_id";
2001	$db->sql_query($sql);
2002
2003	trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2004	}
2005
2006	$sql = 'SELECT *
2007	FROM ' . RANKS_TABLE . '
2008	WHERE rank_special = 1
2009	ORDER BY rank_title';
2010	$result = $db->sql_query($sql);
2011
2012	$s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
2013
2014	while ($row = $db->sql_fetchrow($result))
2015	{
2016	$selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : '';
2017	$s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
2018	}
2019	$db->sql_freeresult($result);
2020
2021	$template->assign_vars(array(
2022	'S_RANK' => true,
2023	'S_RANK_OPTIONS' => $s_rank_options)
2024	);
2025
2026	break;
2027
2028	case 'sig':
2029
2030	if (!function_exists('display_custom_bbcodes'))
2031	{
2032	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
2033	}
2034
2035	$enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false;
2036	$enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false;
2037	$enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false;
2038
2039	$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
2040
2041	$decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags);
2042	$signature = $request->variable('signature', $decoded_message['text'], true);
2043	$signature_preview = '';
2044
2045	if ($submit \|\| $request->is_set_post('preview'))
2046	{
2047	$enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
2048	$enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
2049	$enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
2050
2051	if (!check_form_key($form_name))
2052	{
2053	$error[] = 'FORM_INVALID';
2054	}
2055	}
2056
2057	$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
2058	$warn_msg = generate_text_for_storage(
2059	$signature,
2060	$bbcode_uid,
2061	$bbcode_bitfield,
2062	$bbcode_flags,
2063	$enable_bbcode,
2064	$enable_urls,
2065	$enable_smilies,
2066	$config['allow_sig_img'],
2067	$config['allow_sig_flash'],
2068	true,
2069	$config['allow_sig_links'],
2070	'sig'
2071	);
2072
2073	if (count($warn_msg))
2074	{
2075	$error += $warn_msg;
2076	}
2077
2078	if (!$submit)
2079	{
2080	// Parse it for displaying
2081	$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
2082	}
2083	else
2084	{
2085	if (!count($error))
2086	{
2087	$this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
2088	$this->optionset($user_row, 'sig_smilies', $enable_smilies);
2089	$this->optionset($user_row, 'sig_links', $enable_urls);
2090
2091	$sql_ary = array(
2092	'user_sig' => $signature,
2093	'user_options' => $user_row['user_options'],
2094	'user_sig_bbcode_uid' => $bbcode_uid,
2095	'user_sig_bbcode_bitfield' => $bbcode_bitfield,
2096	);
2097
2098	/**
2099	* Modify user signature before it is stored in the DB
2100	*
2101	* @event core.acp_users_modify_signature_sql_ary
2102	* @var array user_row Array with user data
2103	* @var array sql_ary Array with user signature data to be updated in the DB
2104	* @since 3.2.4-RC1
2105	*/
2106	$vars = array('user_row', 'sql_ary');
2107	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars)));
2108
2109	$sql = 'UPDATE ' . USERS_TABLE . '
2110	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2111	WHERE user_id = ' . $user_id;
2112	$db->sql_query($sql);
2113
2114	trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2115	}
2116	}
2117
2118	// Replace "error" strings with their real, localised form
2119	$error = array_map(array($user, 'lang'), $error);
2120
2121	if ($request->is_set_post('preview'))
2122	{
2123	$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
2124	}
2125
2126	/** @var \phpbb\controller\helper $controller_helper */
2127	$controller_helper = $phpbb_container->get('controller.helper');
2128
2129	$template->assign_vars(array(
2130	'S_SIGNATURE' => true,
2131
2132	'SIGNATURE' => $decoded_message['text'],
2133	'SIGNATURE_PREVIEW' => $signature_preview,
2134
2135	'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
2136	'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
2137	'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
2138
2139	'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
2140	'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
2141	'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
2142	'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
2143	'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
2144
2145	'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
2146
2147	'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
2148	'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
2149	'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
2150	'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
2151	'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
2152	);
2153
2154	// Assigning custom bbcodes
2155	display_custom_bbcodes();
2156
2157	break;
2158
2159	case 'attach':
2160	/* @var $pagination \phpbb\pagination */
2161	$pagination = $phpbb_container->get('pagination');
2162
2163	$start = $request->variable('start', 0);
2164	$deletemark = (isset($_POST['delmarked'])) ? true : false;
2165	$marked = $request->variable('mark', array(0));
2166
2167	// Sort keys
2168	$sort_key = $request->variable('sk', 'a');
2169	$sort_dir = $request->variable('sd', 'd');
2170
2171	if ($deletemark && count($marked))
2172	{
2173	$sql = 'SELECT attach_id
2174	FROM ' . ATTACHMENTS_TABLE . '
2175	WHERE poster_id = ' . $user_id . '
2176	AND is_orphan = 0
2177	AND ' . $db->sql_in_set('attach_id', $marked);
2178	$result = $db->sql_query($sql);
2179
2180	$marked = array();
2181	while ($row = $db->sql_fetchrow($result))
2182	{
2183	$marked[] = $row['attach_id'];
2184	}
2185	$db->sql_freeresult($result);
2186	}
2187
2188	if ($deletemark && count($marked))
2189	{
2190	if (confirm_box(true))
2191	{
2192	$sql = 'SELECT real_filename
2193	FROM ' . ATTACHMENTS_TABLE . '
2194	WHERE ' . $db->sql_in_set('attach_id', $marked);
2195	$result = $db->sql_query($sql);
2196
2197	$log_attachments = array();
2198	while ($row = $db->sql_fetchrow($result))
2199	{
2200	$log_attachments[] = $row['real_filename'];
2201	}
2202	$db->sql_freeresult($result);
2203
2204	/** @var \phpbb\attachment\manager $attachment_manager */
2205	$attachment_manager = $phpbb_container->get('attachment.manager');
2206	$attachment_manager->delete('attach', $marked);
2207	unset($attachment_manager);
2208
2209	$message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
2210
2211	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments)));
2212	trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id));
2213	}
2214	else
2215	{
2216	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2217	'u' => $user_id,
2218	'i' => $id,
2219	'mode' => $mode,
2220	'action' => $action,
2221	'delmarked' => true,
2222	'mark' => $marked))
2223	);
2224	}
2225	}
2226
2227	$sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
2228	$sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
2229
2230	$sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
2231
2232	$s_sort_key = '';
2233	foreach ($sk_text as $key => $value)
2234	{
2235	$selected = ($sort_key == $key) ? ' selected="selected"' : '';
2236	$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2237	}
2238
2239	$s_sort_dir = '';
2240	foreach ($sd_text as $key => $value)
2241	{
2242	$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
2243	$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2244	}
2245
2246	if (!isset($sk_sql[$sort_key]))
2247	{
2248	$sort_key = 'a';
2249	}
2250
2251	$order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
2252
2253	$sql = 'SELECT COUNT(attach_id) as num_attachments
2254	FROM ' . ATTACHMENTS_TABLE . "
2255	WHERE poster_id = $user_id
2256	AND is_orphan = 0";
2257	$result = $db->sql_query_limit($sql, 1);
2258	$num_attachments = (int) $db->sql_fetchfield('num_attachments');
2259	$db->sql_freeresult($result);
2260
2261	$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
2262	FROM ' . ATTACHMENTS_TABLE . ' a
2263	LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
2264	AND a.in_message = 0)
2265	LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
2266	AND a.in_message = 1)
2267	WHERE a.poster_id = ' . $user_id . "
2268	AND a.is_orphan = 0
2269	ORDER BY $order_by";
2270	$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
2271
2272	while ($row = $db->sql_fetchrow($result))
2273	{
2274	if ($row['in_message'])
2275	{
2276	$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}");
2277	}
2278	else
2279	{
2280	$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
2281	}
2282
2283	$template->assign_block_vars('attach', array(
2284	'REAL_FILENAME' => $row['real_filename'],
2285	'COMMENT' => nl2br($row['attach_comment']),
2286	'EXTENSION' => $row['extension'],
2287	'SIZE' => get_formatted_filesize($row['filesize']),
2288	'DOWNLOAD_COUNT' => $row['download_count'],
2289	'POST_TIME' => $user->format_date($row['filetime']),
2290	'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
2291
2292	'ATTACH_ID' => $row['attach_id'],
2293	'POST_ID' => $row['post_msg_id'],
2294	'TOPIC_ID' => $row['topic_id'],
2295
2296	'S_IN_MESSAGE' => $row['in_message'],
2297
2298	'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . $row['attach_id']),
2299	'U_VIEW_TOPIC' => $view_topic)
2300	);
2301	}
2302	$db->sql_freeresult($result);
2303
2304	$base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir";
2305	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
2306
2307	$template->assign_vars(array(
2308	'S_ATTACHMENTS' => true,
2309	'S_SORT_KEY' => $s_sort_key,
2310	'S_SORT_DIR' => $s_sort_dir,
2311	));
2312
2313	break;
2314
2315	case 'groups':
2316
2317	if (!function_exists('group_user_attributes'))
2318	{
2319	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2320	}
2321
2322	$user->add_lang(array('groups', 'acp/groups'));
2323	$group_id = $request->variable('g', 0);
2324
2325	if ($group_id)
2326	{
2327	// Check the founder only entry for this group to make sure everything is well
2328	$sql = 'SELECT group_founder_manage
2329	FROM ' . GROUPS_TABLE . '
2330	WHERE group_id = ' . $group_id;
2331	$result = $db->sql_query($sql);
2332	$founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
2333	$db->sql_freeresult($result);
2334
2335	if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
2336	{
2337	trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2338	}
2339	}
2340
2341	switch ($action)
2342	{
2343	case 'demote':
2344	case 'promote':
2345	case 'default':
2346	if (!$group_id)
2347	{
2348	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2349	}
2350
2351	if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
2352	{
2353	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
2354	}
2355
2356	group_user_attributes($action, $group_id, $user_id);
2357
2358	if ($action == 'default')
2359	{
2360	$user_row['group_id'] = $group_id;
2361	}
2362	break;
2363
2364	case 'delete':
2365
2366	if (confirm_box(true))
2367	{
2368	if (!$group_id)
2369	{
2370	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2371	}
2372
2373	if ($error = group_user_del($group_id, $user_id))
2374	{
2375	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2376	}
2377
2378	$error = array();
2379
2380	// The delete action was successful - therefore update the user row...
2381	$sql = 'SELECT u., s.
2382	FROM ' . USERS_TABLE . ' u
2383	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
2384	WHERE u.user_id = ' . $user_id . '
2385	ORDER BY s.session_time DESC';
2386	$result = $db->sql_query_limit($sql, 1);
2387	$user_row = $db->sql_fetchrow($result);
2388	$db->sql_freeresult($result);
2389	}
2390	else
2391	{
2392	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2393	'u' => $user_id,
2394	'i' => $id,
2395	'mode' => $mode,
2396	'action' => $action,
2397	'g' => $group_id))
2398	);
2399	}
2400
2401	break;
2402
2403	case 'approve':
2404
2405	if (confirm_box(true))
2406	{
2407	if (!$group_id)
2408	{
2409	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2410	}
2411	group_user_attributes($action, $group_id, $user_id);
2412	}
2413	else
2414	{
2415	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2416	'u' => $user_id,
2417	'i' => $id,
2418	'mode' => $mode,
2419	'action' => $action,
2420	'g' => $group_id))
2421	);
2422	}
2423
2424	break;
2425	}
2426
2427	// Add user to group?
2428	if ($submit)
2429	{
2430
2431	if (!check_form_key($form_name))
2432	{
2433	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2434	}
2435
2436	if (!$group_id)
2437	{
2438	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2439	}
2440
2441	// Add user/s to group
2442	if ($error = group_user_add($group_id, $user_id))
2443	{
2444	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2445	}
2446
2447	$error = array();
2448	}
2449
2450	/** @var \phpbb\group\helper $group_helper */
2451	$group_helper = $phpbb_container->get('group_helper');
2452
2453	$sql = 'SELECT ug., g.
2454	FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
2455	WHERE ug.user_id = $user_id
2456	AND g.group_id = ug.group_id
2457	ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
2458	$result = $db->sql_query($sql);
2459
2460	$i = 0;
2461	$group_data = $id_ary = array();
2462	while ($row = $db->sql_fetchrow($result))
2463	{
2464	$type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal');
2465
2466	$group_data[$type][$i]['group_id'] = $row['group_id'];
2467	$group_data[$type][$i]['group_name'] = $row['group_name'];
2468	$group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0;
2469
2470	$id_ary[] = $row['group_id'];
2471
2472	$i++;
2473	}
2474	$db->sql_freeresult($result);
2475
2476	// Select box for other groups
2477	$sql = 'SELECT group_id, group_name, group_type, group_founder_manage
2478	FROM ' . GROUPS_TABLE . '
2479	' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
2480	ORDER BY group_type DESC, group_name ASC';
2481	$result = $db->sql_query($sql);
2482
2483	$s_group_options = '';
2484	while ($row = $db->sql_fetchrow($result))
2485	{
2486	if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA')
2487	{
2488	continue;
2489	}
2490
2491	// Do not display those groups not allowed to be managed
2492	if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage'])
2493	{
2494	continue;
2495	}
2496
2497	$s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>';
2498	}
2499	$db->sql_freeresult($result);
2500
2501	$current_type = '';
2502	foreach ($group_data as $group_type => $data_ary)
2503	{
2504	if ($current_type != $group_type)
2505	{
2506	$template->assign_block_vars('group', array(
2507	'S_NEW_GROUP_TYPE' => true,
2508	'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])
2509	);
2510	}
2511
2512	foreach ($data_ary as $data)
2513	{
2514	$template->assign_block_vars('group', array(
2515	'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
2516	'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2517	'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2518	'U_DELETE' => count($id_ary) > 1 ? $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'] : '',
2519	'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
2520
2521	'GROUP_NAME' => $group_helper->get_name($data['group_name']),
2522	'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],
2523
2524	'S_IS_MEMBER' => ($group_type != 'pending') ? true : false,
2525	'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false,
2526	'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
2527	)
2528	);
2529	}
2530	}
2531
2532	$template->assign_vars(array(
2533	'S_GROUPS' => true,
2534	'S_GROUP_OPTIONS' => $s_group_options)
2535	);
2536
2537	break;
2538
2539	case 'perm':
2540
2541	if (!class_exists('auth_admin'))
2542	{
2543	include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
2544	}
2545
2546	$auth_admin = new auth_admin();
2547
2548	$user->add_lang('acp/permissions');
2549	add_permission_language();
2550
2551	$forum_id = $request->variable('f', 0);
2552
2553	// Global Permissions
2554	if (!$forum_id)
2555	{
2556	// Select auth options
2557	$sql = 'SELECT auth_option, is_local, is_global
2558	FROM ' . ACL_OPTIONS_TABLE . '
2559	WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . '
2560	AND is_global = 1
2561	ORDER BY auth_option';
2562	$result = $db->sql_query($sql);
2563
2564	$hold_ary = array();
2565
2566	while ($row = $db->sql_fetchrow($result))
2567	{
2568	$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
2569	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
2570	}
2571	$db->sql_freeresult($result);
2572
2573	unset($hold_ary);
2574	}
2575	else
2576	{
2577	$sql = 'SELECT auth_option, is_local, is_global
2578	FROM ' . ACL_OPTIONS_TABLE . "
2579	WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "
2580	AND is_local = 1
2581	ORDER BY is_global DESC, auth_option";
2582	$result = $db->sql_query($sql);
2583
2584	while ($row = $db->sql_fetchrow($result))
2585	{
2586	$hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER);
2587	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
2588	}
2589	$db->sql_freeresult($result);
2590	}
2591
2592	$s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>';
2593	$s_forum_options .= make_forum_select($forum_id, false, true, false, false, false);
2594
2595	$template->assign_vars(array(
2596	'S_PERMISSIONS' => true,
2597
2598	'S_GLOBAL' => (!$forum_id) ? true : false,
2599	'S_FORUM_OPTIONS' => $s_forum_options,
2600
2601	'U_ACTION' => $this->u_action . '&u=' . $user_id,
2602	'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id),
2603	'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))
2604	);
2605
2606	break;
2607
2608	default:
2609	$u_action = $this->u_action;
2610
2611	/**
2612	* Additional modes provided by extensions
2613	*
2614	* @event core.acp_users_mode_add
2615	* @var string mode New mode
2616	* @var int user_id User id of the user to manage
2617	* @var array user_row Array with user data
2618	* @var array error Array with errors data
2619	* @var string u_action The u_action link
2620	* @since 3.2.2-RC1
2621	* @changed 3.2.10-RC1 Added u_action
2622	*/
2623	$vars = array('mode', 'user_id', 'user_row', 'error', 'u_action');
2624	extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars)));
2625
2626	unset($u_action);
2627	break;
2628	}
2629
2630	// Assign general variables
2631	$template->assign_vars(array(
2632	'S_ERROR' => (count($error)) ? true : false,
2633	'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '')
2634	);
2635	}
2636
2637	/**
2638	* Set option bit field for user options in a user row array.
2639	*
2640	* Optionset replacement for this module based on $user->optionset.
2641	*
2642	* @param array $user_row Row from the users table.
2643	* @param int $key Option key, as defined in $user->keyoptions property.
2644	* @param bool $value True to set the option, false to clear the option.
2645	* @param int $data Current bit field value, or false to use $user_row['user_options']
2646	* @return int\|bool If $data is false, the bit field is modified and
2647	* written back to $user_row['user_options'], and
2648	* return value is true if the bit field changed and
2649	* false otherwise. If $data is not false, the new
2650	* bitfield value is returned.
2651	*/
2652	function optionset(&$user_row, $key, $value, $data = false)
2653	{
2654	global $user;
2655
2656	$var = ($data !== false) ? $data : $user_row['user_options'];
2657
2658	$new_var = phpbb_optionset($user->keyoptions[$key], $value, $var);
2659
2660	if ($data === false)
2661	{
2662	if ($new_var != $var)
2663	{
2664	$user_row['user_options'] = $new_var;
2665	return true;
2666	}
2667	else
2668	{
2669	return false;
2670	}
2671	}
2672	else
2673	{
2674	return $new_var;
2675	}
2676	}
2677
2678	/**
2679	* Get option bit field from user options in a user row array.
2680	*
2681	* Optionget replacement for this module based on $user->optionget.
2682	*
2683	* @param array $user_row Row from the users table.
2684	* @param int $key option key, as defined in $user->keyoptions property.
2685	* @param int $data bit field value to use, or false to use $user_row['user_options']
2686	* @return bool true if the option is set in the bit field, false otherwise
2687	*/
2688	function optionget(&$user_row, $key, $data = false)
2689	{
2690	global $user;
2691
2692	$var = ($data !== false) ? $data : $user_row['user_options'];
2693	return phpbb_optionget($user->keyoptions[$key], $var);
2694	}
2695	}