Code Coverage for /data/phpBB/includes/acp/acp

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 1481	0.00% covered (danger)	0.00%	0 / 4	CRAP	0.00% covered (danger)	0.00%	0 / 1
acp_users	0.00% covered (danger)	0.00%	0 / 1479	0.00% covered (danger)	0.00%	0 / 4	145542	0.00% covered (danger)	0.00%	0 / 1
__construct	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
main	0.00% covered (danger)	0.00%	0 / 1466	0.00% covered (danger)	0.00%	0 / 1	140250
optionset	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	20
optionget	0.00% covered (danger)	0.00%	0 / 3	0.00% covered (danger)	0.00%	0 / 1	6

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17
18	use phpbb\controller\helper;
19
20	if (!defined('IN_PHPBB'))
21	{
22	exit;
23	}
24
25	class acp_users
26	{
27	var $u_action;
28	var $p_master;
29
30	function __construct($p_master)
31	{
32	$this->p_master = $p_master;
33	}
34
35	function main($id, $mode)
36	{
37	global $config, $db, $user, $auth, $template;
38	global $phpbb_root_path, $phpbb_admin_path, $phpEx;
39	global $phpbb_dispatcher, $request;
40	global $phpbb_container, $phpbb_log;
41
42	/** @var helper $controller_helper */
43	$controller_helper = $phpbb_container->get('controller.helper');
44
45	$user->add_lang(array('posting', 'ucp', 'acp/users'));
46	$this->tpl_name = 'acp_users';
47
48	$error = array();
49	$username = $request->variable('username', '', true);
50	$user_id = $request->variable('u', 0);
51	$action = $request->variable('action', '');
52
53	// Get referer to redirect user to the appropriate page after delete action
54	$redirect = $request->variable('redirect', '');
55	$redirect_tag = "redirect=$redirect";
56	$redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect");
57
58	$submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
59
60	$form_name = 'acp_users';
61	add_form_key($form_name);
62
63	// Whois (special case)
64	if ($action == 'whois')
65	{
66	if (!function_exists('user_get_id_name'))
67	{
68	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
69	}
70
71	$this->page_title = 'WHOIS';
72	$this->tpl_name = 'simple_body';
73
74	$user_ip = phpbb_ip_normalise($request->variable('user_ip', ''));
75	$domain = gethostbyaddr($user_ip);
76	$ipwhois = user_ipwhois($user_ip);
77
78	$template->assign_vars(array(
79	'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
80	'MESSAGE_TEXT' => nl2br($ipwhois))
81	);
82
83	return;
84	}
85
86	// Show user selection mask
87	if (!$username && !$user_id)
88	{
89	$this->page_title = 'SELECT_USER';
90
91	$template->assign_vars(array(
92	'U_ACTION' => $this->u_action,
93	'ANONYMOUS_USER_ID' => ANONYMOUS,
94
95	'S_SELECT_USER' => true,
96	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'),
97	));
98
99	return;
100	}
101
102	if (!$user_id)
103	{
104	$sql = 'SELECT user_id
105	FROM ' . USERS_TABLE . "
106	WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
107	$result = $db->sql_query($sql);
108	$user_id = (int) $db->sql_fetchfield('user_id');
109	$db->sql_freeresult($result);
110
111	if (!$user_id)
112	{
113	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
114	}
115	}
116
117	// Generate content for all modes
118	$sql = 'SELECT u., s.
119	FROM ' . USERS_TABLE . ' u
120	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
121	WHERE u.user_id = ' . $user_id . '
122	ORDER BY s.session_time DESC';
123	$result = $db->sql_query_limit($sql, 1);
124	$user_row = $db->sql_fetchrow($result);
125	$db->sql_freeresult($result);
126
127	if (!$user_row)
128	{
129	trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
130	}
131
132	// Generate overall "header" for user admin
133	$s_form_options = '';
134
135	// Build modes dropdown list
136	$sql = 'SELECT module_mode, module_auth
137	FROM ' . MODULES_TABLE . "
138	WHERE module_basename = 'acp_users'
139	AND module_enabled = 1
140	AND module_class = 'acp'
141	ORDER BY left_id, module_mode";
142	$result = $db->sql_query($sql);
143
144	$dropdown_modes = array();
145	while ($row = $db->sql_fetchrow($result))
146	{
147	if (!$this->p_master->module_auth_self($row['module_auth']))
148	{
149	continue;
150	}
151
152	$dropdown_modes[$row['module_mode']] = true;
153	}
154	$db->sql_freeresult($result);
155
156	foreach ($dropdown_modes as $module_mode => $null)
157	{
158	$selected = ($mode == $module_mode) ? ' selected="selected"' : '';
159	$s_form_options .= '<option value="' . $module_mode . '"' . $selected . '>' . $user->lang['ACP_USER_' . strtoupper($module_mode)] . '</option>';
160	}
161
162	$template->assign_vars(array(
163	'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url,
164	'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
165	'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag),
166	'S_FORM_OPTIONS' => $s_form_options,
167	'MANAGED_USERNAME' => $user_row['username'])
168	);
169
170	// Prevent normal users/admins change/view founders if they are not a founder by themselves
171	if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
172	{
173	trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING);
174	}
175
176	$this->page_title = $user_row['username'] . ' :: ' . $user->lang('ACP_USER_' . strtoupper($mode));
177
178	switch ($mode)
179	{
180	case 'overview':
181
182	if (!function_exists('user_get_id_name'))
183	{
184	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
185	}
186
187	$user->add_lang('acp/ban');
188
189	$delete = $request->variable('delete', 0);
190	$delete_type = $request->variable('delete_type', '');
191	$ip = $request->variable('ip', 'ip');
192
193	/**
194	* Run code at beginning of ACP users overview
195	*
196	* @event core.acp_users_overview_before
197	* @var array user_row Current user data
198	* @var string mode Active module
199	* @var string action Module that should be run
200	* @var bool submit Do we display the form only
201	* or did the user press submit
202	* @var array error Array holding error messages
203	* @since 3.1.3-RC1
204	*/
205	$vars = array('user_row', 'mode', 'action', 'submit', 'error');
206	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_before', compact($vars)));
207
208	if ($submit)
209	{
210	if ($delete)
211	{
212	if (!$auth->acl_get('a_userdel'))
213	{
214	send_status_line(403, 'Forbidden');
215	trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
216	}
217
218	// Check if the user wants to remove himself or the guest user account
219	if ($user_id == ANONYMOUS)
220	{
221	trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
222	}
223
224	// Founders can not be deleted.
225	if ($user_row['user_type'] == USER_FOUNDER)
226	{
227	trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
228	}
229
230	if ($user_id == $user->data['user_id'])
231	{
232	trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
233	}
234
235	if ($delete_type)
236	{
237	if (confirm_box(true))
238	{
239	user_delete($delete_type, $user_id, $user_row['username']);
240
241	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DELETED', false, array($user_row['username']));
242	trigger_error($user->lang['USER_DELETED'] . adm_back_link(
243	(empty($redirect)) ? $this->u_action : $redirect_url
244	)
245	);
246	}
247	else
248	{
249	$delete_confirm_hidden_fields = array(
250	'u' => $user_id,
251	'i' => $id,
252	'mode' => $mode,
253	'action' => $action,
254	'update' => true,
255	'delete' => 1,
256	'delete_type' => $delete_type,
257	);
258
259	// Checks if the redirection page is specified
260	if (!empty($redirect))
261	{
262	$delete_confirm_hidden_fields['redirect'] = $redirect;
263	}
264
265	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields));
266	}
267	}
268	else
269	{
270	trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
271	}
272	}
273
274	// Handle quicktool actions
275	switch ($action)
276	{
277	case 'banuser':
278	case 'banemail':
279	case 'banip':
280
281	if ($user_id == $user->data['user_id'])
282	{
283	trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
284	}
285
286	if ($user_id == ANONYMOUS)
287	{
288	trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
289	}
290
291	if ($user_row['user_type'] == USER_FOUNDER)
292	{
293	trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
294	}
295
296	if (!check_form_key($form_name))
297	{
298	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
299	}
300
301	$ban = array();
302
303	switch ($action)
304	{
305	case 'banuser':
306	$ban[] = $user_row['username'];
307	$reason = 'USER_ADMIN_BAN_NAME_REASON';
308	break;
309
310	case 'banemail':
311	$ban[] = $user_row['user_email'];
312	$reason = 'USER_ADMIN_BAN_EMAIL_REASON';
313	break;
314
315	case 'banip':
316	$ban[] = $user_row['user_ip'];
317
318	$sql = 'SELECT DISTINCT poster_ip
319	FROM ' . POSTS_TABLE . "
320	WHERE poster_id = $user_id";
321	$result = $db->sql_query($sql);
322
323	while ($row = $db->sql_fetchrow($result))
324	{
325	$ban[] = $row['poster_ip'];
326	}
327	$db->sql_freeresult($result);
328
329	$reason = 'USER_ADMIN_BAN_IP_REASON';
330	break;
331	}
332
333	$ban_reason = $request->variable('ban_reason', $user->lang[$reason], true);
334	$ban_give_reason = $request->variable('ban_give_reason', '', true);
335
336	// Log not used at the moment, we simply utilize the ban function.
337	$result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
338
339	trigger_error((($result === false) ? $user->lang['BAN_ALREADY_ENTERED'] : $user->lang['BAN_SUCCESSFUL']) . adm_back_link($this->u_action . '&u=' . $user_id));
340
341	break;
342
343	case 'reactivate':
344
345	if ($user_id == $user->data['user_id'])
346	{
347	trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
348	}
349
350	if (!check_form_key($form_name))
351	{
352	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
353	}
354
355	if ($user_row['user_type'] == USER_FOUNDER)
356	{
357	trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
358	}
359
360	if ($user_row['user_type'] == USER_IGNORE)
361	{
362	trigger_error($user->lang['CANNOT_FORCE_REACT_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
363	}
364
365	if ($config['email_enable'])
366	{
367	if (!class_exists('messenger'))
368	{
369	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
370	}
371
372	$server_url = generate_board_url();
373
374	$user_actkey = gen_rand_string(mt_rand(6, 10));
375	$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';
376
377	if ($user_row['user_type'] == USER_NORMAL)
378	{
379	user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
380	}
381	else
382	{
383	// Grabbing the last confirm key - we only send a reminder
384	$sql = 'SELECT user_actkey
385	FROM ' . USERS_TABLE . '
386	WHERE user_id = ' . $user_id;
387	$result = $db->sql_query($sql);
388	$user_activation_key = (string) $db->sql_fetchfield('user_actkey');
389	$db->sql_freeresult($result);
390
391	$user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
392	}
393
394	// Always update actkey even if same and also update actkey expiration to 24 hours from now
395	$sql_ary = [
396	'user_actkey' => $user_actkey,
397	'user_actkey_expiration' => $user::get_token_expiration(),
398	];
399
400	$sql = 'UPDATE ' . USERS_TABLE . '
401	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
402	WHERE user_id = ' . (int) $user_id;
403	$db->sql_query($sql);
404
405	// Start sending email
406	$messenger = new messenger(false);
407
408	$messenger->template($email_template, $user_row['user_lang']);
409
410	$messenger->set_addresses($user_row);
411
412	$messenger->anti_abuse_headers($config, $user);
413
414	$messenger->assign_vars(array(
415	'WELCOME_MSG' => html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
416	'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT),
417	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
418	);
419
420	$messenger->send(NOTIFY_EMAIL);
421
422	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE', false, array($user_row['username']));
423	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_REACTIVATE_USER', false, array(
424	'reportee_id' => $user_id
425	));
426
427	trigger_error($user->lang['FORCE_REACTIVATION_SUCCESS'] . adm_back_link($this->u_action . '&u=' . $user_id));
428	}
429
430	break;
431
432	case 'active':
433
434	if ($user_id == $user->data['user_id'])
435	{
436	// It is only deactivation since the user is already activated (else he would not have reached this page)
437	trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
438	}
439
440	if (!check_form_key($form_name))
441	{
442	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
443	}
444
445	if ($user_row['user_type'] == USER_FOUNDER)
446	{
447	trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
448	}
449
450	if ($user_row['user_type'] == USER_IGNORE)
451	{
452	trigger_error($user->lang['CANNOT_DEACTIVATE_BOT'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
453	}
454
455	user_active_flip('flip', $user_id);
456
457	if ($user_row['user_type'] == USER_INACTIVE)
458	{
459	if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
460	{
461	/* @var $phpbb_notifications \phpbb\notification\manager */
462	$phpbb_notifications = $phpbb_container->get('notification_manager');
463	$phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
464
465	if (!class_exists('messenger'))
466	{
467	include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
468	}
469
470	$messenger = new messenger(false);
471
472	$messenger->template('admin_welcome_activated', $user_row['user_lang']);
473
474	$messenger->set_addresses($user_row);
475
476	$messenger->anti_abuse_headers($config, $user);
477
478	$messenger->assign_vars(array(
479	'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT))
480	);
481
482	$messenger->send(NOTIFY_EMAIL);
483	}
484	}
485
486	$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
487	$log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';
488
489	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($user_row['username']));
490	$phpbb_log->add('user', $user->data['user_id'], $user->ip, $log . '_USER', false, array(
491	'reportee_id' => $user_id
492	));
493
494	trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id));
495
496	break;
497
498	case 'delsig':
499
500	if (!check_form_key($form_name))
501	{
502	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
503	}
504
505	$sql_ary = array(
506	'user_sig' => '',
507	'user_sig_bbcode_uid' => '',
508	'user_sig_bbcode_bitfield' => ''
509	);
510
511	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
512	WHERE user_id = $user_id";
513	$db->sql_query($sql);
514
515	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG', false, array($user_row['username']));
516	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_SIG_USER', false, array(
517	'reportee_id' => $user_id
518	));
519
520	trigger_error($user->lang['USER_ADMIN_SIG_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
521
522	break;
523
524	case 'delavatar':
525
526	if (!check_form_key($form_name))
527	{
528	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
529	}
530
531	// Delete old avatar if present
532	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
533	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
534	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $phpbb_avatar_manager->clean_row($user_row, 'user'), USERS_TABLE, 'user_');
535
536	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR', false, array($user_row['username']));
537	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_AVATAR_USER', false, array(
538	'reportee_id' => $user_id
539	));
540
541	trigger_error($user->lang['USER_ADMIN_AVATAR_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
542	break;
543
544	case 'delposts':
545
546	if (confirm_box(true))
547	{
548	// Delete posts, attachments, etc.
549	delete_posts('poster_id', $user_id);
550
551	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_POSTS', false, array($user_row['username']));
552	trigger_error($user->lang['USER_POSTS_DELETED'] . adm_back_link($this->u_action . '&u=' . $user_id));
553	}
554	else
555	{
556	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
557	'u' => $user_id,
558	'i' => $id,
559	'mode' => $mode,
560	'action' => $action,
561	'update' => true))
562	);
563	}
564
565	break;
566
567	case 'delattach':
568
569	if (confirm_box(true))
570	{
571	/** @var \phpbb\attachment\manager $attachment_manager */
572	$attachment_manager = $phpbb_container->get('attachment.manager');
573	$attachment_manager->delete('user', $user_id);
574	unset($attachment_manager);
575
576	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_ATTACH', false, array($user_row['username']));
577	trigger_error($user->lang['USER_ATTACHMENTS_REMOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
578	}
579	else
580	{
581	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
582	'u' => $user_id,
583	'i' => $id,
584	'mode' => $mode,
585	'action' => $action,
586	'update' => true))
587	);
588	}
589
590	break;
591
592	case 'deloutbox':
593
594	if (confirm_box(true))
595	{
596	$msg_ids = array();
597	$lang = 'EMPTY';
598
599	$sql = 'SELECT msg_id
600	FROM ' . PRIVMSGS_TO_TABLE . "
601	WHERE author_id = $user_id
602	AND folder_id = " . PRIVMSGS_OUTBOX;
603	$result = $db->sql_query($sql);
604
605	if ($row = $db->sql_fetchrow($result))
606	{
607	if (!function_exists('delete_pm'))
608	{
609	include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
610	}
611
612	do
613	{
614	$msg_ids[] = (int) $row['msg_id'];
615	}
616	while ($row = $db->sql_fetchrow($result));
617
618	$db->sql_freeresult($result);
619
620	delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);
621
622	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_DEL_OUTBOX', false, array($user_row['username']));
623
624	$lang = 'EMPTIED';
625	}
626	$db->sql_freeresult($result);
627
628	trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id));
629	}
630	else
631	{
632	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
633	'u' => $user_id,
634	'i' => $id,
635	'mode' => $mode,
636	'action' => $action,
637	'update' => true))
638	);
639	}
640	break;
641
642	case 'moveposts':
643
644	if (!check_form_key($form_name))
645	{
646	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
647	}
648
649	$user->add_lang('acp/forums');
650
651	$new_forum_id = $request->variable('new_f', 0);
652
653	if (!$new_forum_id)
654	{
655	$this->page_title = 'USER_ADMIN_MOVE_POSTS';
656
657	$template->assign_vars(array(
658	'S_SELECT_FORUM' => true,
659	'U_ACTION' => $this->u_action . "&action=$action&u=$user_id",
660	'U_BACK' => $this->u_action . "&u=$user_id",
661	'S_FORUM_OPTIONS' => make_forum_select(false, false, false, true))
662	);
663
664	return;
665	}
666
667	// Is the new forum postable to?
668	$sql = 'SELECT forum_name, forum_type
669	FROM ' . FORUMS_TABLE . "
670	WHERE forum_id = $new_forum_id";
671	$result = $db->sql_query($sql);
672	$forum_info = $db->sql_fetchrow($result);
673	$db->sql_freeresult($result);
674
675	if (!$forum_info)
676	{
677	trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
678	}
679
680	if ($forum_info['forum_type'] != FORUM_POST)
681	{
682	trigger_error($user->lang['MOVE_POSTS_NO_POSTABLE_FORUM'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
683	}
684
685	// Two stage?
686	// Move topics comprising only posts from this user
687	$topic_id_ary = $move_topic_ary = $move_post_ary = $new_topic_id_ary = array();
688	$forum_id_ary = array($new_forum_id);
689
690	$sql = 'SELECT topic_id, post_visibility, COUNT(post_id) AS total_posts
691	FROM ' . POSTS_TABLE . "
692	WHERE poster_id = $user_id
693	AND forum_id <> $new_forum_id
694	GROUP BY topic_id, post_visibility";
695	$result = $db->sql_query($sql);
696
697	while ($row = $db->sql_fetchrow($result))
698	{
699	$topic_id_ary[$row['topic_id']][$row['post_visibility']] = $row['total_posts'];
700	}
701	$db->sql_freeresult($result);
702
703	if (count($topic_id_ary))
704	{
705	$sql = 'SELECT topic_id, forum_id, topic_title, topic_posts_approved, topic_posts_unapproved, topic_posts_softdeleted, topic_attachment
706	FROM ' . TOPICS_TABLE . '
707	WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
708	$result = $db->sql_query($sql);
709
710	while ($row = $db->sql_fetchrow($result))
711	{
712	if ($topic_id_ary[$row['topic_id']][ITEM_APPROVED] == $row['topic_posts_approved']
713	&& $topic_id_ary[$row['topic_id']][ITEM_UNAPPROVED] == $row['topic_posts_unapproved']
714	&& $topic_id_ary[$row['topic_id']][ITEM_REAPPROVE] == $row['topic_posts_unapproved']
715	&& $topic_id_ary[$row['topic_id']][ITEM_DELETED] == $row['topic_posts_softdeleted'])
716	{
717	$move_topic_ary[] = $row['topic_id'];
718	}
719	else
720	{
721	$move_post_ary[$row['topic_id']]['title'] = $row['topic_title'];
722	$move_post_ary[$row['topic_id']]['attach'] = ($row['topic_attachment']) ? 1 : 0;
723	}
724
725	$forum_id_ary[] = $row['forum_id'];
726	}
727	$db->sql_freeresult($result);
728	}
729
730	// Entire topic comprises posts by this user, move these topics
731	if (count($move_topic_ary))
732	{
733	move_topics($move_topic_ary, $new_forum_id, false);
734	}
735
736	if (count($move_post_ary))
737	{
738	// Create new topic
739	// Update post_ids, report_ids, attachment_ids
740	foreach ($move_post_ary as $topic_id => $post_ary)
741	{
742	// Create new topic
743	$sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
744	'topic_poster' => $user_id,
745	'topic_time' => time(),
746	'forum_id' => $new_forum_id,
747	'icon_id' => 0,
748	'topic_visibility' => ITEM_APPROVED,
749	'topic_title' => $post_ary['title'],
750	'topic_first_poster_name' => $user_row['username'],
751	'topic_type' => POST_NORMAL,
752	'topic_time_limit' => 0,
753	'topic_attachment' => $post_ary['attach'])
754	);
755	$db->sql_query($sql);
756
757	$new_topic_id = $db->sql_nextid();
758
759	// Move posts
760	$sql = 'UPDATE ' . POSTS_TABLE . "
761	SET forum_id = $new_forum_id, topic_id = $new_topic_id
762	WHERE topic_id = $topic_id
763	AND poster_id = $user_id";
764	$db->sql_query($sql);
765
766	if ($post_ary['attach'])
767	{
768	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
769	SET topic_id = $new_topic_id
770	WHERE topic_id = $topic_id
771	AND poster_id = $user_id";
772	$db->sql_query($sql);
773	}
774
775	$new_topic_id_ary[] = $new_topic_id;
776	}
777	}
778
779	$forum_id_ary = array_unique($forum_id_ary);
780	$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
781
782	if (count($topic_id_ary))
783	{
784	sync('topic_reported', 'topic_id', $topic_id_ary);
785	sync('topic', 'topic_id', $topic_id_ary);
786	}
787
788	if (count($forum_id_ary))
789	{
790	sync('forum', 'forum_id', $forum_id_ary, false, true);
791	}
792
793	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS', false, array($user_row['username'], $forum_info['forum_name']));
794	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_MOVE_POSTS_USER', false, array(
795	'reportee_id' => $user_id,
796	$forum_info['forum_name']
797	));
798
799	trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));
800
801	break;
802
803	case 'leave_nr':
804
805	if (confirm_box(true))
806	{
807	remove_newly_registered($user_id, $user_row);
808
809	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_REMOVED_NR', false, array($user_row['username']));
810	trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id));
811	}
812	else
813	{
814	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
815	'u' => $user_id,
816	'i' => $id,
817	'mode' => $mode,
818	'action' => $action,
819	'update' => true))
820	);
821	}
822
823	break;
824
825	default:
826	$u_action = $this->u_action;
827
828	/**
829	* Run custom quicktool code
830	*
831	* @event core.acp_users_overview_run_quicktool
832	* @var string action Quick tool that should be run
833	* @var array user_row Current user data
834	* @var string u_action The u_action link
835	* @var int user_id User id of the user to manage
836	* @since 3.1.0-a1
837	* @changed 3.2.2-RC1 Added u_action
838	* @changed 3.2.10-RC1 Added user_id
839	*/
840	$vars = array('action', 'user_row', 'u_action', 'user_id');
841	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
842
843	unset($u_action);
844	break;
845	}
846
847	// Handle registration info updates
848	$data = array(
849	'username' => $request->variable('user', $user_row['username'], true),
850	'user_founder' => $request->variable('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
851	'email' => strtolower($request->variable('user_email', $user_row['user_email'])),
852	'new_password' => $request->variable('new_password', '', true),
853	'password_confirm' => $request->variable('password_confirm', '', true),
854	);
855
856	// Validation data - we do not check the password complexity setting here
857	$check_ary = array(
858	'new_password' => array(
859	array('string', true, $config['min_pass_chars'], 0),
860	array('password')),
861	'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
862	);
863
864	// Check username if altered
865	if ($data['username'] != $user_row['username'])
866	{
867	$check_ary += array(
868	'username' => array(
869	array('string', false, $config['min_name_chars'], $config['max_name_chars']),
870	array('username', $user_row['username'], true)
871	),
872	);
873	}
874
875	// Check email if altered
876	if ($data['email'] != $user_row['user_email'])
877	{
878	$check_ary += array(
879	'email' => array(
880	array('string', false, 6, 60),
881	array('user_email', $user_row['user_email']),
882	),
883	);
884	}
885
886	$error = validate_data($data, $check_ary);
887
888	if ($data['new_password'] && $data['password_confirm'] != $data['new_password'])
889	{
890	$error[] = 'NEW_PASSWORD_ERROR';
891	}
892
893	if (!check_form_key($form_name))
894	{
895	$error[] = 'FORM_INVALID';
896	}
897
898	// Instantiate passwords manager
899	/* @var $passwords_manager \phpbb\passwords\manager */
900	$passwords_manager = $phpbb_container->get('passwords.manager');
901
902	// Which updates do we need to do?
903	$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
904	$update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
905	$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
906
907	if (!count($error))
908	{
909	$sql_ary = array();
910
911	if ($user_row['user_type'] != USER_FOUNDER \|\| $user->data['user_type'] == USER_FOUNDER)
912	{
913	// Only allow founders updating the founder status...
914	if ($user->data['user_type'] == USER_FOUNDER)
915	{
916	// Setting a normal member to be a founder
917	if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
918	{
919	// Make sure the user is not setting an Inactive or ignored user to be a founder
920	if ($user_row['user_type'] == USER_IGNORE)
921	{
922	trigger_error($user->lang['CANNOT_SET_FOUNDER_IGNORED'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
923	}
924
925	if ($user_row['user_type'] == USER_INACTIVE)
926	{
927	trigger_error($user->lang['CANNOT_SET_FOUNDER_INACTIVE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
928	}
929
930	$sql_ary['user_type'] = USER_FOUNDER;
931	}
932	else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
933	{
934	// Check if at least one founder is present
935	$sql = 'SELECT user_id
936	FROM ' . USERS_TABLE . '
937	WHERE user_type = ' . USER_FOUNDER . '
938	AND user_id <> ' . $user_id;
939	$result = $db->sql_query_limit($sql, 1);
940	$row = $db->sql_fetchrow($result);
941	$db->sql_freeresult($result);
942
943	if ($row)
944	{
945	$sql_ary['user_type'] = USER_NORMAL;
946	}
947	else
948	{
949	trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
950	}
951	}
952	}
953	}
954
955	/**
956	* Modify user data before we update it
957	*
958	* @event core.acp_users_overview_modify_data
959	* @var array user_row Current user data
960	* @var array data Submitted user data
961	* @var array sql_ary User data we udpate
962	* @since 3.1.0-a1
963	*/
964	$vars = array('user_row', 'data', 'sql_ary');
965	extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_modify_data', compact($vars)));
966
967	if ($update_username !== false)
968	{
969	$sql_ary['username'] = $update_username;
970	$sql_ary['username_clean'] = utf8_clean_string($update_username);
971
972	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
973	'reportee_id' => $user_id,
974	$user_row['username'],
975	$update_username
976	));
977	}
978
979	if ($update_email !== false)
980	{
981	$sql_ary += ['user_email' => $update_email];
982
983	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
984	'reportee_id' => $user_id,
985	$user_row['username'],
986	$user_row['user_email'],
987	$update_email
988	));
989	}
990
991	if ($update_password)
992	{
993	$sql_ary += array(
994	'user_password' => $passwords_manager->hash($data['new_password']),
995	'user_passchg' => time(),
996	);
997
998	$user->reset_login_keys($user_id);
999
1000	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
1001	'reportee_id' => $user_id,
1002	$user_row['username']
1003	));
1004	}
1005
1006	if (count($sql_ary))
1007	{
1008	$sql = 'UPDATE ' . USERS_TABLE . '
1009	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1010	WHERE user_id = ' . $user_id;
1011	$db->sql_query($sql);
1012	}
1013
1014	if ($update_username)
1015	{
1016	user_update_name($user_row['username'], $update_username);
1017	}
1018
1019	// Let the users permissions being updated
1020	$auth->acl_clear_prefetch($user_id);
1021
1022	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_USER_UPDATE', false, array($data['username']));
1023
1024	trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1025	}
1026
1027	// Replace "error" strings with their real, localised form
1028	$error = array_map(array($user, 'lang'), $error);
1029	}
1030
1031	if ($user_id == $user->data['user_id'])
1032	{
1033	$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1034	if ($user_row['user_new'])
1035	{
1036	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1037	}
1038	}
1039	else
1040	{
1041	$quick_tool_ary = array();
1042
1043	if ($user_row['user_type'] != USER_FOUNDER)
1044	{
1045	$quick_tool_ary += array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP');
1046	}
1047
1048	if ($user_row['user_type'] != USER_FOUNDER && $user_row['user_type'] != USER_IGNORE)
1049	{
1050	$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
1051	}
1052
1053	$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
1054
1055	if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL \|\| $user_row['user_type'] == USER_INACTIVE))
1056	{
1057	$quick_tool_ary['reactivate'] = 'FORCE';
1058	}
1059
1060	if ($user_row['user_new'])
1061	{
1062	$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
1063	}
1064	}
1065
1066	if ($config['load_onlinetrack'])
1067	{
1068	$sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline
1069	FROM ' . SESSIONS_TABLE . "
1070	WHERE session_user_id = $user_id";
1071	$result = $db->sql_query($sql);
1072	$row = $db->sql_fetchrow($result);
1073	$db->sql_freeresult($result);
1074
1075	$user_row['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;
1076	$user_row['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
1077	unset($row);
1078	}
1079
1080	/**
1081	* Add additional quick tool options and overwrite user data
1082	*
1083	* @event core.acp_users_display_overview
1084	* @var array user_row Array with user data
1085	* @var array quick_tool_ary Ouick tool options
1086	* @since 3.1.0-a1
1087	*/
1088	$vars = array('user_row', 'quick_tool_ary');
1089	extract($phpbb_dispatcher->trigger_event('core.acp_users_display_overview', compact($vars)));
1090
1091	$s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
1092	foreach ($quick_tool_ary as $value => $lang)
1093	{
1094	$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
1095	}
1096
1097	$last_active = $user_row['user_last_active'] ?: ($user_row['session_time'] ?? 0);
1098
1099	$inactive_reason = '';
1100	if ($user_row['user_type'] == USER_INACTIVE)
1101	{
1102	$inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];
1103
1104	switch ($user_row['user_inactive_reason'])
1105	{
1106	case INACTIVE_REGISTER:
1107	$inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];
1108	break;
1109
1110	case INACTIVE_PROFILE:
1111	$inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];
1112	break;
1113
1114	case INACTIVE_MANUAL:
1115	$inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];
1116	break;
1117
1118	case INACTIVE_REMIND:
1119	$inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];
1120	break;
1121	}
1122	}
1123
1124	// Posts in Queue
1125	$sql = 'SELECT COUNT(post_id) as posts_in_queue
1126	FROM ' . POSTS_TABLE . '
1127	WHERE poster_id = ' . $user_id . '
1128	AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
1129	$result = $db->sql_query($sql);
1130	$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
1131	$db->sql_freeresult($result);
1132
1133	$sql = 'SELECT post_id
1134	FROM ' . POSTS_TABLE . '
1135	WHERE poster_id = '. $user_id;
1136	$result = $db->sql_query_limit($sql, 1);
1137	$user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
1138	$db->sql_freeresult($result);
1139
1140	$template->assign_vars(array(
1141	'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
1142	'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
1143	'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
1144	'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
1145
1146	'S_OVERVIEW' => true,
1147	'S_USER_IP' => ($user_row['user_ip']) ? true : false,
1148	'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
1149	'S_ACTION_OPTIONS' => $s_action_options,
1150	'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false,
1151	'S_USER_INACTIVE' => ($user_row['user_type'] == USER_INACTIVE) ? true : false,
1152
1153	'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
1154	'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
1155	'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue') : '',
1156	'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
1157
1158	'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
1159
1160	'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
1161	'USER' => $user_row['username'],
1162	'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
1163	'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
1164	'USER_LASTACTIVE' => ($last_active) ? $user->format_date($last_active) : ' - ',
1165	'USER_EMAIL' => $user_row['user_email'],
1166	'USER_WARNINGS' => $user_row['user_warnings'],
1167	'USER_POSTS' => $user_row['user_posts'],
1168	'USER_HAS_POSTS' => $user_row['user_has_posts'],
1169	'USER_INACTIVE_REASON' => $inactive_reason,
1170	));
1171
1172	break;
1173
1174	case 'feedback':
1175
1176	$user->add_lang('mcp');
1177
1178	// Set up general vars
1179	$start = $request->variable('start', 0);
1180	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1181	$deleteall = (isset($_POST['delall'])) ? true : false;
1182	$marked = $request->variable('mark', array(0));
1183	$message = $request->variable('message', '', true);
1184
1185	/* @var $pagination \phpbb\pagination */
1186	$pagination = $phpbb_container->get('pagination');
1187
1188	// Sort keys
1189	$sort_days = $request->variable('st', 0);
1190	$sort_key = $request->variable('sk', 't');
1191	$sort_dir = $request->variable('sd', 'd');
1192
1193	// Delete entries if requested and able
1194	if (($deletemark \|\| $deleteall) && $auth->acl_get('a_clearlogs'))
1195	{
1196	if (!check_form_key($form_name))
1197	{
1198	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1199	}
1200
1201	$where_sql = '';
1202	if ($deletemark && $marked)
1203	{
1204	$sql_in = array();
1205	foreach ($marked as $mark)
1206	{
1207	$sql_in[] = $mark;
1208	}
1209	$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
1210	unset($sql_in);
1211	}
1212
1213	if ($where_sql \|\| $deleteall)
1214	{
1215	$sql = 'DELETE FROM ' . LOG_TABLE . '
1216	WHERE log_type = ' . LOG_USERS . "
1217	AND reportee_id = $user_id
1218	$where_sql";
1219	$db->sql_query($sql);
1220
1221	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CLEAR_USER', false, array($user_row['username']));
1222	}
1223	}
1224
1225	if ($submit && $message)
1226	{
1227	if (!check_form_key($form_name))
1228	{
1229	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1230	}
1231
1232	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array($user_row['username']));
1233	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_FEEDBACK', false, array(
1234	'forum_id' => 0,
1235	'topic_id' => 0,
1236	$user_row['username']
1237	));
1238	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GENERAL', false, array(
1239	'reportee_id' => $user_id,
1240	$message
1241	));
1242
1243	trigger_error($user->lang['USER_FEEDBACK_ADDED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1244	}
1245
1246	// Sorting
1247	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1248	$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
1249	$sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
1250
1251	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1252	gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1253
1254	// Define where and sort sql for use in displaying logs
1255	$sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
1256	$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
1257
1258	// Grab log data
1259	$log_data = array();
1260	$log_count = 0;
1261	$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
1262
1263	$base_url = $this->u_action . "&u=$user_id&$u_sort_param";
1264	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start);
1265
1266	$template->assign_vars(array(
1267	'S_FEEDBACK' => true,
1268
1269	'S_LIMIT_DAYS' => $s_limit_days,
1270	'S_SORT_KEY' => $s_sort_key,
1271	'S_SORT_DIR' => $s_sort_dir,
1272	'S_CLEARLOGS' => $auth->acl_get('a_clearlogs'))
1273	);
1274
1275	foreach ($log_data as $row)
1276	{
1277	$template->assign_block_vars('log', array(
1278	'USERNAME' => $row['username_full'],
1279	'IP' => $row['ip'],
1280	'DATE' => $user->format_date($row['time']),
1281	'ACTION' => nl2br($row['action']),
1282	'ID' => $row['id'])
1283	);
1284	}
1285
1286	break;
1287
1288	case 'warnings':
1289	$user->add_lang('mcp');
1290
1291	// Set up general vars
1292	$deletemark = (isset($_POST['delmarked'])) ? true : false;
1293	$deleteall = (isset($_POST['delall'])) ? true : false;
1294	$confirm = (isset($_POST['confirm'])) ? true : false;
1295	$marked = $request->variable('mark', array(0));
1296
1297	// Delete entries if requested and able
1298	if ($deletemark \|\| $deleteall \|\| $confirm)
1299	{
1300	if (confirm_box(true))
1301	{
1302	$where_sql = '';
1303	$deletemark = $request->variable('delmarked', 0);
1304	$deleteall = $request->variable('delall', 0);
1305	if ($deletemark && $marked)
1306	{
1307	$where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
1308	}
1309
1310	if ($where_sql \|\| $deleteall)
1311	{
1312	$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
1313	WHERE user_id = $user_id
1314	$where_sql";
1315	$db->sql_query($sql);
1316
1317	if ($deleteall)
1318	{
1319	$log_warnings = $deleted_warnings = 0;
1320	}
1321	else
1322	{
1323	$num_warnings = (int) $db->sql_affectedrows();
1324	$deleted_warnings = ' user_warnings - ' . $num_warnings;
1325	$log_warnings = ($num_warnings > 2) ? 2 : $num_warnings;
1326	}
1327
1328	$sql = 'UPDATE ' . USERS_TABLE . "
1329	SET user_warnings = $deleted_warnings
1330	WHERE user_id = $user_id";
1331	$db->sql_query($sql);
1332
1333	if ($log_warnings)
1334	{
1335	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED', false, array($user_row['username'], $num_warnings));
1336	}
1337	else
1338	{
1339	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_WARNINGS_DELETED_ALL', false, array($user_row['username']));
1340	}
1341	}
1342	}
1343	else
1344	{
1345	$s_hidden_fields = array(
1346	'i' => $id,
1347	'mode' => $mode,
1348	'u' => $user_id,
1349	'mark' => $marked,
1350	);
1351	if (isset($_POST['delmarked']))
1352	{
1353	$s_hidden_fields['delmarked'] = 1;
1354	}
1355	if (isset($_POST['delall']))
1356	{
1357	$s_hidden_fields['delall'] = 1;
1358	}
1359	if (isset($_POST['delall']) \|\| (isset($_POST['delmarked']) && count($marked)))
1360	{
1361	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
1362	}
1363	}
1364	}
1365
1366	$sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
1367	FROM ' . WARNINGS_TABLE . ' w
1368	LEFT JOIN ' . LOG_TABLE . ' l
1369	ON (w.log_id = l.log_id)
1370	LEFT JOIN ' . USERS_TABLE . ' m
1371	ON (l.user_id = m.user_id)
1372	WHERE w.user_id = ' . $user_id . '
1373	ORDER BY w.warning_time DESC';
1374	$result = $db->sql_query($sql);
1375
1376	while ($row = $db->sql_fetchrow($result))
1377	{
1378	if (!$row['log_operation'])
1379	{
1380	// We do not have a log-entry anymore, so there is no data available
1381	$row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
1382	}
1383	else
1384	{
1385	$row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
1386	if (!empty($row['log_data']))
1387	{
1388	$log_data_ary = @unserialize($row['log_data']);
1389	$log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary;
1390
1391	if (isset($user->lang[$row['log_operation']]))
1392	{
1393	// Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
1394	// It doesn't matter if we add more arguments than placeholders
1395	if ((substr_count($row['action'], '%') - count($log_data_ary)) > 0)
1396	{
1397	$log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - count($log_data_ary), ''));
1398	}
1399	$row['action'] = vsprintf($row['action'], $log_data_ary);
1400	$row['action'] = bbcode_nl2br(censor_text($row['action']));
1401	}
1402	else if (!empty($log_data_ary))
1403	{
1404	$row['action'] .= '<br />' . implode('', $log_data_ary);
1405	}
1406	}
1407	}
1408
1409	$template->assign_block_vars('warn', array(
1410	'ID' => $row['warning_id'],
1411	'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-',
1412	'ACTION' => make_clickable($row['action']),
1413	'DATE' => $user->format_date($row['warning_time']),
1414	));
1415	}
1416	$db->sql_freeresult($result);
1417
1418	$template->assign_vars(array(
1419	'S_WARNINGS' => true,
1420	));
1421
1422	break;
1423
1424	case 'profile':
1425
1426	if (!function_exists('user_get_id_name'))
1427	{
1428	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1429	}
1430
1431	/* @var $cp \phpbb\profilefields\manager */
1432	$cp = $phpbb_container->get('profilefields.manager');
1433
1434	$cp_data = $cp_error = array();
1435
1436	$sql = 'SELECT lang_id
1437	FROM ' . LANG_TABLE . "
1438	WHERE lang_iso = '" . $db->sql_escape($user->data['user_lang']) . "'";
1439	$result = $db->sql_query($sql);
1440	$row = $db->sql_fetchrow($result);
1441	$db->sql_freeresult($result);
1442
1443	$user_row['iso_lang_id'] = $row['lang_id'];
1444
1445	$data = array(
1446	'jabber' => $request->variable('jabber', $user_row['user_jabber'], true),
1447	'bday_day' => 0,
1448	'bday_month' => 0,
1449	'bday_year' => 0,
1450	);
1451
1452	if ($user_row['user_birthday'])
1453	{
1454	list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user_row['user_birthday']);
1455	}
1456
1457	$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
1458	$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
1459	$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
1460	$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
1461
1462	/**
1463	* Modify user data on editing profile in ACP
1464	*
1465	* @event core.acp_users_modify_profile
1466	* @var array data Array with user profile data
1467	* @var bool submit Flag indicating if submit button has been pressed
1468	* @var int user_id The user id
1469	* @var array user_row Array with the full user data
1470	* @since 3.1.4-RC1
1471	*/
1472	$vars = array('data', 'submit', 'user_id', 'user_row');
1473	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_profile', compact($vars)));
1474
1475	if ($submit)
1476	{
1477	$error = validate_data($data, array(
1478	'jabber' => array(
1479	array('string', true, 5, 255),
1480	array('jabber')),
1481	'bday_day' => array('num', true, 1, 31),
1482	'bday_month' => array('num', true, 1, 12),
1483	'bday_year' => array('num', true, 1901, gmdate('Y', time())),
1484	'user_birthday' => array('date', true),
1485	));
1486
1487	// validate custom profile fields
1488	$cp->submit_cp_field('profile', $user_row['iso_lang_id'], $cp_data, $cp_error);
1489
1490	if (count($cp_error))
1491	{
1492	$error = array_merge($error, $cp_error);
1493	}
1494	if (!check_form_key($form_name))
1495	{
1496	$error[] = 'FORM_INVALID';
1497	}
1498
1499	/**
1500	* Validate profile data in ACP before submitting to the database
1501	*
1502	* @event core.acp_users_profile_validate
1503	* @var array data Array with user profile data
1504	* @var int user_id The user id
1505	* @var array user_row Array with the full user data
1506	* @var array error Array with the form errors
1507	* @since 3.1.4-RC1
1508	* @changed 3.1.12-RC1 Removed submit, added user_id, user_row
1509	*/
1510	$vars = array('data', 'user_id', 'user_row', 'error');
1511	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars)));
1512
1513	if (!count($error))
1514	{
1515	$sql_ary = array(
1516	'user_jabber' => $data['jabber'],
1517	'user_birthday' => $data['user_birthday'],
1518	);
1519
1520	/**
1521	* Modify profile data in ACP before submitting to the database
1522	*
1523	* @event core.acp_users_profile_modify_sql_ary
1524	* @var array cp_data Array with the user custom profile fields data
1525	* @var array data Array with user profile data
1526	* @var int user_id The user id
1527	* @var array user_row Array with the full user data
1528	* @var array sql_ary Array with sql data
1529	* @since 3.1.4-RC1
1530	*/
1531	$vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary');
1532	extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars)));
1533
1534	$sql = 'UPDATE ' . USERS_TABLE . '
1535	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1536	WHERE user_id = $user_id";
1537	$db->sql_query($sql);
1538
1539	// Update Custom Fields
1540	$cp->update_profile_field_data($user_id, $cp_data);
1541
1542	trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1543	}
1544
1545	// Replace "error" strings with their real, localised form
1546	$error = array_map(array($user, 'lang'), $error);
1547	}
1548
1549	$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
1550	for ($i = 1; $i < 32; $i++)
1551	{
1552	$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
1553	$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
1554	}
1555
1556	$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
1557	for ($i = 1; $i < 13; $i++)
1558	{
1559	$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
1560	$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
1561	}
1562
1563	$now = getdate();
1564	$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
1565	for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
1566	{
1567	$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
1568	$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
1569	}
1570	unset($now);
1571
1572	$template->assign_vars(array(
1573	'JABBER' => $data['jabber'],
1574	'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
1575	'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
1576	'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
1577
1578	'S_PROFILE' => true)
1579	);
1580
1581	// Get additional profile fields and assign them to the template block var 'profile_fields'
1582	$user->get_profile_fields($user_id);
1583
1584	$cp->generate_profile_fields('profile', $user_row['iso_lang_id']);
1585
1586	break;
1587
1588	case 'prefs':
1589
1590	if (!function_exists('user_get_id_name'))
1591	{
1592	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1593	}
1594
1595	$data = array(
1596	'dateformat' => $request->variable('dateformat', $user_row['user_dateformat'], true),
1597	'lang' => basename($request->variable('lang', $user_row['user_lang'])),
1598	'tz' => $request->variable('tz', $user_row['user_timezone']),
1599	'style' => $request->variable('style', $user_row['user_style']),
1600	'viewemail' => $request->variable('viewemail', $user_row['user_allow_viewemail']),
1601	'massemail' => $request->variable('massemail', $user_row['user_allow_massemail']),
1602	'hideonline' => $request->variable('hideonline', !$user_row['user_allow_viewonline']),
1603	'notifymethod' => $request->variable('notifymethod', $user_row['user_notify_type']),
1604	'notifypm' => $request->variable('notifypm', $user_row['user_notify_pm']),
1605	'allowpm' => $request->variable('allowpm', $user_row['user_allow_pm']),
1606
1607	'topic_sk' => $request->variable('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
1608	'topic_sd' => $request->variable('topic_sd', ($user_row['user_topic_sortby_dir']) ? $user_row['user_topic_sortby_dir'] : 'd'),
1609	'topic_st' => $request->variable('topic_st', ($user_row['user_topic_show_days']) ? $user_row['user_topic_show_days'] : 0),
1610
1611	'post_sk' => $request->variable('post_sk', ($user_row['user_post_sortby_type']) ? $user_row['user_post_sortby_type'] : 't'),
1612	'post_sd' => $request->variable('post_sd', ($user_row['user_post_sortby_dir']) ? $user_row['user_post_sortby_dir'] : 'a'),
1613	'post_st' => $request->variable('post_st', ($user_row['user_post_show_days']) ? $user_row['user_post_show_days'] : 0),
1614
1615	'view_images' => $request->variable('view_images', $this->optionget($user_row, 'viewimg')),
1616	'view_smilies' => $request->variable('view_smilies', $this->optionget($user_row, 'viewsmilies')),
1617	'view_sigs' => $request->variable('view_sigs', $this->optionget($user_row, 'viewsigs')),
1618	'view_avatars' => $request->variable('view_avatars', $this->optionget($user_row, 'viewavatars')),
1619	'view_wordcensor' => $request->variable('view_wordcensor', $this->optionget($user_row, 'viewcensors')),
1620
1621	'bbcode' => $request->variable('bbcode', $this->optionget($user_row, 'bbcode')),
1622	'smilies' => $request->variable('smilies', $this->optionget($user_row, 'smilies')),
1623	'sig' => $request->variable('sig', $this->optionget($user_row, 'attachsig')),
1624	'notify' => $request->variable('notify', $user_row['user_notify']),
1625	);
1626
1627	/**
1628	* Modify users preferences data
1629	*
1630	* @event core.acp_users_prefs_modify_data
1631	* @var array data Array with users preferences data
1632	* @var array user_row Array with user data
1633	* @since 3.1.0-b3
1634	*/
1635	$vars = array('data', 'user_row');
1636	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_data', compact($vars)));
1637
1638	if ($submit)
1639	{
1640	$error = validate_data($data, array(
1641	'dateformat' => array('string', false, 1, 64),
1642	'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
1643	'tz' => array('timezone'),
1644
1645	'topic_sk' => array('string', false, 1, 1),
1646	'topic_sd' => array('string', false, 1, 1),
1647	'post_sk' => array('string', false, 1, 1),
1648	'post_sd' => array('string', false, 1, 1),
1649	));
1650
1651	if (!check_form_key($form_name))
1652	{
1653	$error[] = 'FORM_INVALID';
1654	}
1655
1656	if (!count($error))
1657	{
1658	$this->optionset($user_row, 'viewimg', $data['view_images']);
1659	$this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
1660	$this->optionset($user_row, 'viewsigs', $data['view_sigs']);
1661	$this->optionset($user_row, 'viewavatars', $data['view_avatars']);
1662	$this->optionset($user_row, 'viewcensors', $data['view_wordcensor']);
1663	$this->optionset($user_row, 'bbcode', $data['bbcode']);
1664	$this->optionset($user_row, 'smilies', $data['smilies']);
1665	$this->optionset($user_row, 'attachsig', $data['sig']);
1666
1667	$sql_ary = array(
1668	'user_options' => $user_row['user_options'],
1669
1670	'user_allow_pm' => $data['allowpm'],
1671	'user_allow_viewemail' => $data['viewemail'],
1672	'user_allow_massemail' => $data['massemail'],
1673	'user_allow_viewonline' => !$data['hideonline'],
1674	'user_notify_type' => $data['notifymethod'],
1675	'user_notify_pm' => $data['notifypm'],
1676
1677	'user_dateformat' => $data['dateformat'],
1678	'user_lang' => $data['lang'],
1679	'user_timezone' => $data['tz'],
1680	'user_style' => $data['style'],
1681
1682	'user_topic_sortby_type' => $data['topic_sk'],
1683	'user_post_sortby_type' => $data['post_sk'],
1684	'user_topic_sortby_dir' => $data['topic_sd'],
1685	'user_post_sortby_dir' => $data['post_sd'],
1686
1687	'user_topic_show_days' => $data['topic_st'],
1688	'user_post_show_days' => $data['post_st'],
1689
1690	'user_notify' => $data['notify'],
1691	);
1692
1693	/**
1694	* Modify SQL query before users preferences are updated
1695	*
1696	* @event core.acp_users_prefs_modify_sql
1697	* @var array data Array with users preferences data
1698	* @var array user_row Array with user data
1699	* @var array sql_ary SQL array with users preferences data to update
1700	* @var array error Array with errors data
1701	* @since 3.1.0-b3
1702	*/
1703	$vars = array('data', 'user_row', 'sql_ary', 'error');
1704	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_sql', compact($vars)));
1705
1706	if (!count($error))
1707	{
1708	$sql = 'UPDATE ' . USERS_TABLE . '
1709	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
1710	WHERE user_id = $user_id";
1711	$db->sql_query($sql);
1712
1713	// Check if user has an active session
1714	if ($user_row['session_id'])
1715	{
1716	// We'll update the session if user_allow_viewonline has changed and the user is a bot
1717	// Or if it's a regular user and the admin set it to hide the session
1718	if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
1719	\|\| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
1720	{
1721	// We also need to check if the user has the permission to cloak.
1722	$user_auth = new \phpbb\auth\auth();
1723	$user_auth->acl($user_row);
1724
1725	$session_sql_ary = array(
1726	'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
1727	);
1728
1729	$sql = 'UPDATE ' . SESSIONS_TABLE . '
1730	SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
1731	WHERE session_user_id = $user_id";
1732	$db->sql_query($sql);
1733
1734	unset($user_auth);
1735	}
1736	}
1737
1738	trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1739	}
1740	}
1741
1742	// Replace "error" strings with their real, localised form
1743	$error = array_map(array($user, 'lang'), $error);
1744	}
1745
1746	$dateformat_options = '';
1747	foreach ($user->lang['dateformats'] as $format => $null)
1748	{
1749	$dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
1750	$dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '\|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
1751	$dateformat_options .= '</option>';
1752	}
1753
1754	$s_custom = false;
1755
1756	$dateformat_options .= '<option value="custom"';
1757	if (!isset($user->lang['dateformats'][$data['dateformat']]))
1758	{
1759	$dateformat_options .= ' selected="selected"';
1760	$s_custom = true;
1761	}
1762	$dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
1763
1764	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
1765
1766	// Topic ordering options
1767	$limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1768	$sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
1769
1770	// Post ordering options
1771	$limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1772	$sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
1773
1774	$_options = array('topic', 'post');
1775	foreach ($_options as $sort_option)
1776	{
1777	${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
1778	foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
1779	{
1780	$selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
1781	${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
1782	}
1783	${'s_limit_' . $sort_option . '_days'} .= '</select>';
1784
1785	${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
1786	foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
1787	{
1788	$selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
1789	${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
1790	}
1791	${'s_sort_' . $sort_option . '_key'} .= '</select>';
1792
1793	${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
1794	foreach ($sort_dir_text as $key => $value)
1795	{
1796	$selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
1797	${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
1798	}
1799	${'s_sort_' . $sort_option . '_dir'} .= '</select>';
1800	}
1801
1802	$timezone_select = phpbb_timezone_select($user, $data['tz'], true);
1803	$lang_options = phpbb_language_select($db, $data['lang']);
1804
1805	$user_prefs_data = array(
1806	'S_PREFS' => true,
1807	'S_JABBER_DISABLED' => ($config['jab_enable'] && $user_row['user_jabber'] && @extension_loaded('xml')) ? false : true,
1808
1809	'VIEW_EMAIL' => $data['viewemail'],
1810	'MASS_EMAIL' => $data['massemail'],
1811	'ALLOW_PM' => $data['allowpm'],
1812	'HIDE_ONLINE' => $data['hideonline'],
1813	'NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
1814	'NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false,
1815	'NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
1816	'NOTIFY_PM' => $data['notifypm'],
1817	'BBCODE' => $data['bbcode'],
1818	'SMILIES' => $data['smilies'],
1819	'ATTACH_SIG' => $data['sig'],
1820	'NOTIFY' => $data['notify'],
1821	'VIEW_IMAGES' => $data['view_images'],
1822	'VIEW_SMILIES' => $data['view_smilies'],
1823	'VIEW_SIGS' => $data['view_sigs'],
1824	'VIEW_AVATARS' => $data['view_avatars'],
1825	'VIEW_WORDCENSOR' => $data['view_wordcensor'],
1826
1827	'S_TOPIC_SORT_DAYS' => $s_limit_topic_days,
1828	'S_TOPIC_SORT_KEY' => $s_sort_topic_key,
1829	'S_TOPIC_SORT_DIR' => $s_sort_topic_dir,
1830	'S_POST_SORT_DAYS' => $s_limit_post_days,
1831	'S_POST_SORT_KEY' => $s_sort_post_key,
1832	'S_POST_SORT_DIR' => $s_sort_post_dir,
1833
1834	'DATE_FORMAT' => $data['dateformat'],
1835	'S_DATEFORMAT_OPTIONS' => $dateformat_options,
1836	'S_CUSTOM_DATEFORMAT' => $s_custom,
1837	'DEFAULT_DATEFORMAT' => $config['default_dateformat'],
1838	'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']),
1839
1840	'LANG_OPTIONS' => [
1841	'id' => 'lang',
1842	'name' => 'lang',
1843	'options' => $lang_options,
1844	],
1845	'S_STYLE_OPTIONS' => [
1846	'id' => 'style',
1847	'name' => 'style',
1848	'options' => style_select($data['style'])
1849	],
1850	'TIMEZONE_OPTIONS' => [
1851	'tag' => 'select',
1852	'name' => 'tz',
1853	'options' => $timezone_select,
1854	],
1855	);
1856
1857	/**
1858	* Modify users preferences data before assigning it to the template
1859	*
1860	* @event core.acp_users_prefs_modify_template_data
1861	* @var array data Array with users preferences data
1862	* @var array user_row Array with user data
1863	* @var array user_prefs_data Array with users preferences data to be assigned to the template
1864	* @since 3.1.0-b3
1865	*/
1866	$vars = array('data', 'user_row', 'user_prefs_data');
1867	extract($phpbb_dispatcher->trigger_event('core.acp_users_prefs_modify_template_data', compact($vars)));
1868
1869	$template->assign_vars($user_prefs_data);
1870
1871	break;
1872
1873	case 'avatar':
1874
1875	$avatars_enabled = false;
1876	/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
1877	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
1878
1879	if ($config['allow_avatar'])
1880	{
1881	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
1882
1883	// This is normalised data, without the user_ prefix
1884	$avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
1885
1886	if ($submit)
1887	{
1888	if (check_form_key($form_name))
1889	{
1890	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
1891
1892	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
1893	{
1894	$driver = $phpbb_avatar_manager->get_driver($driver_name);
1895	$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
1896
1897	if ($result && empty($error))
1898	{
1899	// Success! Lets save the result in the database
1900	$result = array(
1901	'user_avatar_type' => $driver_name,
1902	'user_avatar' => $result['avatar'],
1903	'user_avatar_width' => $result['avatar_width'],
1904	'user_avatar_height' => $result['avatar_height'],
1905	);
1906
1907	/**
1908	* Modify users preferences data before assigning it to the template
1909	*
1910	* @event core.acp_users_avatar_sql
1911	* @var array user_row Array with user data
1912	* @var array result Array with user avatar data to be updated in the DB
1913	* @since 3.2.4-RC1
1914	*/
1915	$vars = array('user_row', 'result');
1916	extract($phpbb_dispatcher->trigger_event('core.acp_users_avatar_sql', compact($vars)));
1917
1918	$sql = 'UPDATE ' . USERS_TABLE . '
1919	SET ' . $db->sql_build_array('UPDATE', $result) . '
1920	WHERE user_id = ' . (int) $user_id;
1921
1922	$db->sql_query($sql);
1923	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1924	}
1925	}
1926	}
1927	else
1928	{
1929	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
1930	}
1931	}
1932
1933	// Handle deletion of avatars
1934	if ($request->is_set_post('avatar_delete'))
1935	{
1936	if (!confirm_box(true))
1937	{
1938	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
1939	'avatar_delete' => true))
1940	);
1941	}
1942	else
1943	{
1944	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
1945
1946	trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
1947	}
1948	}
1949
1950	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
1951
1952	// Assign min and max values before generating avatar driver html
1953	$template->assign_vars(array(
1954	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
1955	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
1956	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
1957	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
1958	));
1959
1960	foreach ($avatar_drivers as $current_driver)
1961	{
1962	$driver = $phpbb_avatar_manager->get_driver($current_driver);
1963
1964	$avatars_enabled = true;
1965	$template->set_filenames(array(
1966	'avatar' => $driver->get_acp_template_name(),
1967	));
1968
1969	if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
1970	{
1971	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
1972	$driver_upper = strtoupper($driver_name);
1973
1974	$template->assign_block_vars('avatar_drivers', array(
1975	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
1976	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
1977
1978	'DRIVER' => $driver_name,
1979	'SELECTED' => $current_driver == $selected_driver,
1980	'OUTPUT' => $template->assign_display('avatar'),
1981	));
1982	}
1983	}
1984	}
1985
1986	// Avatar manager is not initialized if avatars are disabled
1987	if (isset($phpbb_avatar_manager))
1988	{
1989	// Replace "error" strings with their real, localised form
1990	$error = $phpbb_avatar_manager->localize_errors($user, $error);
1991	}
1992
1993	/** @var \phpbb\avatar\helper $avatar_helper */
1994	$avatar_helper = $phpbb_container->get('avatar.helper');
1995
1996	$avatar = $avatar_helper->get_user_avatar($user_row, 'USER_AVATAR', true);
1997	$template->assign_vars($avatar_helper->get_template_vars($avatar));
1998
1999	$template->assign_vars(array(
2000	'S_AVATAR' => true,
2001	'ERROR' => !empty($error) ? implode('<br />', $error) : '',
2002
2003	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
2004
2005	'L_AVATAR_EXPLAIN' => $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
2006
2007	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
2008	));
2009
2010	break;
2011
2012	case 'rank':
2013
2014	if ($submit)
2015	{
2016	if (!check_form_key($form_name))
2017	{
2018	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2019	}
2020
2021	$rank_id = $request->variable('user_rank', 0);
2022
2023	$sql = 'UPDATE ' . USERS_TABLE . "
2024	SET user_rank = $rank_id
2025	WHERE user_id = $user_id";
2026	$db->sql_query($sql);
2027
2028	trigger_error($user->lang['USER_RANK_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2029	}
2030
2031	$sql = 'SELECT *
2032	FROM ' . RANKS_TABLE . '
2033	WHERE rank_special = 1
2034	ORDER BY rank_title';
2035	$result = $db->sql_query($sql);
2036
2037	$s_rank_options = '<option value="0"' . ((!$user_row['user_rank']) ? ' selected="selected"' : '') . '>' . $user->lang['NO_SPECIAL_RANK'] . '</option>';
2038
2039	while ($row = $db->sql_fetchrow($result))
2040	{
2041	$selected = ($user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank']) ? ' selected="selected"' : '';
2042	$s_rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
2043	}
2044	$db->sql_freeresult($result);
2045
2046	$template->assign_vars(array(
2047	'S_RANK' => true,
2048	'S_RANK_OPTIONS' => $s_rank_options)
2049	);
2050
2051	break;
2052
2053	case 'sig':
2054
2055	if (!function_exists('display_custom_bbcodes'))
2056	{
2057	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
2058	}
2059
2060	$enable_bbcode = ($config['allow_sig_bbcode']) ? $this->optionget($user_row, 'sig_bbcode') : false;
2061	$enable_smilies = ($config['allow_sig_smilies']) ? $this->optionget($user_row, 'sig_smilies') : false;
2062	$enable_urls = ($config['allow_sig_links']) ? $this->optionget($user_row, 'sig_links') : false;
2063
2064	$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
2065
2066	$decoded_message = generate_text_for_edit($user_row['user_sig'], $user_row['user_sig_bbcode_uid'], $bbcode_flags);
2067	$signature = $request->variable('signature', $decoded_message['text'], true);
2068	$signature_preview = '';
2069
2070	if ($submit \|\| $request->is_set_post('preview'))
2071	{
2072	$enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
2073	$enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
2074	$enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
2075
2076	if (!check_form_key($form_name))
2077	{
2078	$error[] = 'FORM_INVALID';
2079	}
2080	}
2081
2082	$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
2083	$warn_msg = generate_text_for_storage(
2084	$signature,
2085	$bbcode_uid,
2086	$bbcode_bitfield,
2087	$bbcode_flags,
2088	$enable_bbcode,
2089	$enable_urls,
2090	$enable_smilies,
2091	$config['allow_sig_img'],
2092	true,
2093	$config['allow_sig_links'],
2094	'sig'
2095	);
2096
2097	if (count($warn_msg))
2098	{
2099	$error += $warn_msg;
2100	}
2101
2102	if (!$submit)
2103	{
2104	// Parse it for displaying
2105	$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
2106	}
2107	else
2108	{
2109	if (!count($error))
2110	{
2111	$this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
2112	$this->optionset($user_row, 'sig_smilies', $enable_smilies);
2113	$this->optionset($user_row, 'sig_links', $enable_urls);
2114
2115	$sql_ary = array(
2116	'user_sig' => $signature,
2117	'user_options' => $user_row['user_options'],
2118	'user_sig_bbcode_uid' => $bbcode_uid,
2119	'user_sig_bbcode_bitfield' => $bbcode_bitfield,
2120	);
2121
2122	/**
2123	* Modify user signature before it is stored in the DB
2124	*
2125	* @event core.acp_users_modify_signature_sql_ary
2126	* @var array user_row Array with user data
2127	* @var array sql_ary Array with user signature data to be updated in the DB
2128	* @since 3.2.4-RC1
2129	*/
2130	$vars = array('user_row', 'sql_ary');
2131	extract($phpbb_dispatcher->trigger_event('core.acp_users_modify_signature_sql_ary', compact($vars)));
2132
2133	$sql = 'UPDATE ' . USERS_TABLE . '
2134	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2135	WHERE user_id = ' . $user_id;
2136	$db->sql_query($sql);
2137
2138	trigger_error($user->lang['USER_SIG_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));
2139	}
2140	}
2141
2142	// Replace "error" strings with their real, localised form
2143	$error = array_map(array($user, 'lang'), $error);
2144
2145	if ($request->is_set_post('preview'))
2146	{
2147	$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
2148	}
2149
2150	$template->assign_vars(array(
2151	'S_SIGNATURE' => true,
2152
2153	'SIGNATURE' => $decoded_message['text'],
2154	'SIGNATURE_PREVIEW' => $signature_preview,
2155
2156	'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
2157	'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
2158	'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
2159
2160	'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
2161	'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
2162	'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
2163	'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
2164
2165	'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
2166
2167	'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
2168	'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
2169	'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
2170	'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
2171	);
2172
2173	// Assigning custom bbcodes
2174	display_custom_bbcodes();
2175
2176	break;
2177
2178	case 'attach':
2179	/* @var $pagination \phpbb\pagination */
2180	$pagination = $phpbb_container->get('pagination');
2181
2182	$start = $request->variable('start', 0);
2183	$deletemark = (isset($_POST['delmarked'])) ? true : false;
2184	$marked = $request->variable('mark', array(0));
2185
2186	// Sort keys
2187	$sort_key = $request->variable('sk', 'a');
2188	$sort_dir = $request->variable('sd', 'd');
2189
2190	if ($deletemark && count($marked))
2191	{
2192	$sql = 'SELECT attach_id
2193	FROM ' . ATTACHMENTS_TABLE . '
2194	WHERE poster_id = ' . $user_id . '
2195	AND is_orphan = 0
2196	AND ' . $db->sql_in_set('attach_id', $marked);
2197	$result = $db->sql_query($sql);
2198
2199	$marked = array();
2200	while ($row = $db->sql_fetchrow($result))
2201	{
2202	$marked[] = $row['attach_id'];
2203	}
2204	$db->sql_freeresult($result);
2205	}
2206
2207	if ($deletemark && count($marked))
2208	{
2209	if (confirm_box(true))
2210	{
2211	$sql = 'SELECT real_filename
2212	FROM ' . ATTACHMENTS_TABLE . '
2213	WHERE ' . $db->sql_in_set('attach_id', $marked);
2214	$result = $db->sql_query($sql);
2215
2216	$log_attachments = array();
2217	while ($row = $db->sql_fetchrow($result))
2218	{
2219	$log_attachments[] = $row['real_filename'];
2220	}
2221	$db->sql_freeresult($result);
2222
2223	/** @var \phpbb\attachment\manager $attachment_manager */
2224	$attachment_manager = $phpbb_container->get('attachment.manager');
2225	$attachment_manager->delete('attach', $marked);
2226	unset($attachment_manager);
2227
2228	$message = (count($log_attachments) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED'];
2229
2230	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode($user->lang['COMMA_SEPARATOR'], $log_attachments)));
2231	trigger_error($message . adm_back_link($this->u_action . '&u=' . $user_id));
2232	}
2233	else
2234	{
2235	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2236	'u' => $user_id,
2237	'i' => $id,
2238	'mode' => $mode,
2239	'action' => $action,
2240	'delmarked' => true,
2241	'mark' => $marked))
2242	);
2243	}
2244	}
2245
2246	$sk_text = array('a' => $user->lang['SORT_FILENAME'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
2247	$sk_sql = array('a' => 'a.real_filename', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
2248
2249	$sd_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
2250
2251	$s_sort_key = '';
2252	foreach ($sk_text as $key => $value)
2253	{
2254	$selected = ($sort_key == $key) ? ' selected="selected"' : '';
2255	$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2256	}
2257
2258	$s_sort_dir = '';
2259	foreach ($sd_text as $key => $value)
2260	{
2261	$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
2262	$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
2263	}
2264
2265	if (!isset($sk_sql[$sort_key]))
2266	{
2267	$sort_key = 'a';
2268	}
2269
2270	$order_by = $sk_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
2271
2272	$sql = 'SELECT COUNT(attach_id) as num_attachments
2273	FROM ' . ATTACHMENTS_TABLE . "
2274	WHERE poster_id = $user_id
2275	AND is_orphan = 0";
2276	$result = $db->sql_query_limit($sql, 1);
2277	$num_attachments = (int) $db->sql_fetchfield('num_attachments');
2278	$db->sql_freeresult($result);
2279
2280	$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
2281	FROM ' . ATTACHMENTS_TABLE . ' a
2282	LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id
2283	AND a.in_message = 0)
2284	LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id
2285	AND a.in_message = 1)
2286	WHERE a.poster_id = ' . $user_id . "
2287	AND a.is_orphan = 0
2288	ORDER BY $order_by";
2289	$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
2290
2291	while ($row = $db->sql_fetchrow($result))
2292	{
2293	if ($row['in_message'])
2294	{
2295	$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}");
2296	}
2297	else
2298	{
2299	$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
2300	}
2301
2302	$template->assign_block_vars('attach', array(
2303	'REAL_FILENAME' => $row['real_filename'],
2304	'COMMENT' => nl2br($row['attach_comment']),
2305	'EXTENSION' => $row['extension'],
2306	'SIZE' => get_formatted_filesize($row['filesize']),
2307	'DOWNLOAD_COUNT' => $row['download_count'],
2308	'POST_TIME' => $user->format_date($row['filetime']),
2309	'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
2310
2311	'ATTACH_ID' => $row['attach_id'],
2312	'POST_ID' => $row['post_msg_id'],
2313	'TOPIC_ID' => $row['topic_id'],
2314
2315	'S_IN_MESSAGE' => $row['in_message'],
2316
2317	'U_DOWNLOAD' => $controller_helper->route(
2318	'phpbb_storage_attachment',
2319	[
2320	'id' => (int) $row['attach_id'],
2321	'filename' => $row['real_filename'],
2322	]
2323	),
2324	'U_VIEW_TOPIC' => $view_topic)
2325	);
2326	}
2327	$db->sql_freeresult($result);
2328
2329	$base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir";
2330	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
2331
2332	$template->assign_vars(array(
2333	'S_ATTACHMENTS' => true,
2334	'S_SORT_KEY' => $s_sort_key,
2335	'S_SORT_DIR' => $s_sort_dir,
2336	));
2337
2338	break;
2339
2340	case 'groups':
2341
2342	if (!function_exists('group_user_attributes'))
2343	{
2344	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2345	}
2346
2347	$user->add_lang(array('groups', 'acp/groups'));
2348	$group_id = $request->variable('g', 0);
2349
2350	if ($group_id)
2351	{
2352	// Check the founder only entry for this group to make sure everything is well
2353	$sql = 'SELECT group_founder_manage
2354	FROM ' . GROUPS_TABLE . '
2355	WHERE group_id = ' . $group_id;
2356	$result = $db->sql_query($sql);
2357	$founder_manage = (int) $db->sql_fetchfield('group_founder_manage');
2358	$db->sql_freeresult($result);
2359
2360	if ($user->data['user_type'] != USER_FOUNDER && $founder_manage)
2361	{
2362	trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2363	}
2364	}
2365
2366	switch ($action)
2367	{
2368	case 'demote':
2369	case 'promote':
2370	case 'default':
2371	if (!$group_id)
2372	{
2373	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2374	}
2375
2376	if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
2377	{
2378	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
2379	}
2380
2381	group_user_attributes($action, $group_id, $user_id);
2382
2383	if ($action == 'default')
2384	{
2385	$user_row['group_id'] = $group_id;
2386	}
2387	break;
2388
2389	case 'delete':
2390
2391	if (confirm_box(true))
2392	{
2393	if (!$group_id)
2394	{
2395	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2396	}
2397
2398	if ($error = group_user_del($group_id, $user_id))
2399	{
2400	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2401	}
2402
2403	$error = array();
2404
2405	// The delete action was successful - therefore update the user row...
2406	$sql = 'SELECT u., s.
2407	FROM ' . USERS_TABLE . ' u
2408	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
2409	WHERE u.user_id = ' . $user_id . '
2410	ORDER BY s.session_time DESC';
2411	$result = $db->sql_query_limit($sql, 1);
2412	$user_row = $db->sql_fetchrow($result);
2413	$db->sql_freeresult($result);
2414	}
2415	else
2416	{
2417	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2418	'u' => $user_id,
2419	'i' => $id,
2420	'mode' => $mode,
2421	'action' => $action,
2422	'g' => $group_id))
2423	);
2424	}
2425
2426	break;
2427
2428	case 'approve':
2429
2430	if (confirm_box(true))
2431	{
2432	if (!$group_id)
2433	{
2434	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2435	}
2436	group_user_attributes($action, $group_id, $user_id);
2437	}
2438	else
2439	{
2440	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
2441	'u' => $user_id,
2442	'i' => $id,
2443	'mode' => $mode,
2444	'action' => $action,
2445	'g' => $group_id))
2446	);
2447	}
2448
2449	break;
2450	}
2451
2452	// Add user to group?
2453	if ($submit)
2454	{
2455
2456	if (!check_form_key($form_name))
2457	{
2458	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2459	}
2460
2461	if (!$group_id)
2462	{
2463	trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2464	}
2465
2466	// Add user/s to group
2467	if ($error = group_user_add($group_id, $user_id))
2468	{
2469	trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
2470	}
2471
2472	$error = array();
2473	}
2474
2475	/** @var \phpbb\group\helper $group_helper */
2476	$group_helper = $phpbb_container->get('group_helper');
2477
2478	$sql = 'SELECT ug., g.
2479	FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
2480	WHERE ug.user_id = $user_id
2481	AND g.group_id = ug.group_id
2482	ORDER BY g.group_type DESC, ug.user_pending ASC, g.group_name";
2483	$result = $db->sql_query($sql);
2484
2485	$i = 0;
2486	$group_data = $id_ary = array();
2487	while ($row = $db->sql_fetchrow($result))
2488	{
2489	$type = ($row['group_type'] == GROUP_SPECIAL) ? 'special' : (($row['user_pending']) ? 'pending' : 'normal');
2490
2491	$group_data[$type][$i]['group_id'] = $row['group_id'];
2492	$group_data[$type][$i]['group_name'] = $row['group_name'];
2493	$group_data[$type][$i]['group_leader'] = ($row['group_leader']) ? 1 : 0;
2494
2495	$id_ary[] = $row['group_id'];
2496
2497	$i++;
2498	}
2499	$db->sql_freeresult($result);
2500
2501	// Select box for other groups
2502	$sql = 'SELECT group_id, group_name, group_type, group_founder_manage
2503	FROM ' . GROUPS_TABLE . '
2504	' . ((count($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
2505	ORDER BY group_type DESC, group_name ASC';
2506	$result = $db->sql_query($sql);
2507
2508	$s_group_options = '';
2509	while ($row = $db->sql_fetchrow($result))
2510	{
2511	if (!$config['coppa_enable'] && $row['group_name'] == 'REGISTERED_COPPA')
2512	{
2513	continue;
2514	}
2515
2516	// Do not display those groups not allowed to be managed
2517	if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage'])
2518	{
2519	continue;
2520	}
2521
2522	$s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>';
2523	}
2524	$db->sql_freeresult($result);
2525
2526	$current_type = '';
2527	foreach ($group_data as $group_type => $data_ary)
2528	{
2529	if ($current_type != $group_type)
2530	{
2531	$template->assign_block_vars('group', array(
2532	'S_NEW_GROUP_TYPE' => true,
2533	'GROUP_TYPE' => $user->lang['USER_GROUP_' . strtoupper($group_type)])
2534	);
2535	}
2536
2537	foreach ($data_ary as $data)
2538	{
2539	$template->assign_block_vars('group', array(
2540	'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
2541	'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2542	'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
2543	'U_DELETE' => count($id_ary) > 1 ? $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'] : '',
2544	'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
2545
2546	'GROUP_NAME' => $group_helper->get_name($data['group_name']),
2547	'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],
2548
2549	'S_IS_MEMBER' => ($group_type != 'pending') ? true : false,
2550	'S_NO_DEFAULT' => ($user_row['group_id'] != $data['group_id']) ? true : false,
2551	'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
2552	)
2553	);
2554	}
2555	}
2556
2557	$template->assign_vars(array(
2558	'S_GROUPS' => true,
2559	'S_GROUP_OPTIONS' => $s_group_options)
2560	);
2561
2562	break;
2563
2564	case 'perm':
2565
2566	if (!class_exists('auth_admin'))
2567	{
2568	include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
2569	}
2570
2571	$auth_admin = new auth_admin();
2572
2573	$user->add_lang('acp/permissions');
2574	add_permission_language();
2575
2576	$forum_id = $request->variable('f', 0);
2577
2578	// Global Permissions
2579	if (!$forum_id)
2580	{
2581	// Select auth options
2582	$sql = 'SELECT auth_option, is_local, is_global
2583	FROM ' . ACL_OPTIONS_TABLE . '
2584	WHERE auth_option ' . $db->sql_like_expression($db->get_any_char() . '_') . '
2585	AND is_global = 1
2586	ORDER BY auth_option';
2587	$result = $db->sql_query($sql);
2588
2589	$hold_ary = array();
2590
2591	while ($row = $db->sql_fetchrow($result))
2592	{
2593	$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
2594	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
2595	}
2596	$db->sql_freeresult($result);
2597
2598	unset($hold_ary);
2599	}
2600	else
2601	{
2602	$sql = 'SELECT auth_option, is_local, is_global
2603	FROM ' . ACL_OPTIONS_TABLE . "
2604	WHERE auth_option " . $db->sql_like_expression($db->get_any_char() . '_') . "
2605	AND is_local = 1
2606	ORDER BY is_global DESC, auth_option";
2607	$result = $db->sql_query($sql);
2608
2609	while ($row = $db->sql_fetchrow($result))
2610	{
2611	$hold_ary = $auth_admin->get_mask('view', $user_id, false, $forum_id, $row['auth_option'], 'local', ACL_NEVER);
2612	$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
2613	}
2614	$db->sql_freeresult($result);
2615	}
2616
2617	$s_forum_options = '<option value="0"' . ((!$forum_id) ? ' selected="selected"' : '') . '>' . $user->lang['VIEW_GLOBAL_PERMS'] . '</option>';
2618	$s_forum_options .= make_forum_select($forum_id, false, true, false, false, false);
2619
2620	$template->assign_vars(array(
2621	'S_PERMISSIONS' => true,
2622
2623	'S_GLOBAL' => (!$forum_id) ? true : false,
2624	'S_FORUM_OPTIONS' => $s_forum_options,
2625
2626	'U_ACTION' => $this->u_action . '&u=' . $user_id,
2627	'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id),
2628	'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id))
2629	);
2630
2631	break;
2632
2633	default:
2634	$u_action = $this->u_action;
2635
2636	/**
2637	* Additional modes provided by extensions
2638	*
2639	* @event core.acp_users_mode_add
2640	* @var string mode New mode
2641	* @var int user_id User id of the user to manage
2642	* @var array user_row Array with user data
2643	* @var array error Array with errors data
2644	* @var string u_action The u_action link
2645	* @since 3.2.2-RC1
2646	* @changed 3.2.10-RC1 Added u_action
2647	*/
2648	$vars = array('mode', 'user_id', 'user_row', 'error', 'u_action');
2649	extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars)));
2650
2651	unset($u_action);
2652	break;
2653	}
2654
2655	// Assign general variables
2656	$template->assign_vars(array(
2657	'S_ERROR' => (count($error)) ? true : false,
2658	'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '')
2659	);
2660	}
2661
2662	/**
2663	* Set option bit field for user options in a user row array.
2664	*
2665	* Optionset replacement for this module based on $user->optionset.
2666	*
2667	* @param array $user_row Row from the users table.
2668	* @param int $key Option key, as defined in $user->keyoptions property.
2669	* @param bool $value True to set the option, false to clear the option.
2670	* @param int $data Current bit field value, or false to use $user_row['user_options']
2671	* @return int\|bool If $data is false, the bit field is modified and
2672	* written back to $user_row['user_options'], and
2673	* return value is true if the bit field changed and
2674	* false otherwise. If $data is not false, the new
2675	* bitfield value is returned.
2676	*/
2677	function optionset(&$user_row, $key, $value, $data = false)
2678	{
2679	global $user;
2680
2681	$var = ($data !== false) ? $data : $user_row['user_options'];
2682
2683	$new_var = phpbb_optionset($user->keyoptions[$key], $value, $var);
2684
2685	if ($data === false)
2686	{
2687	if ($new_var != $var)
2688	{
2689	$user_row['user_options'] = $new_var;
2690	return true;
2691	}
2692	else
2693	{
2694	return false;
2695	}
2696	}
2697	else
2698	{
2699	return $new_var;
2700	}
2701	}
2702
2703	/**
2704	* Get option bit field from user options in a user row array.
2705	*
2706	* Optionget replacement for this module based on $user->optionget.
2707	*
2708	* @param array $user_row Row from the users table.
2709	* @param int $key option key, as defined in $user->keyoptions property.
2710	* @param int $data bit field value to use, or false to use $user_row['user_options']
2711	* @return bool true if the option is set in the bit field, false otherwise
2712	*/
2713	function optionget(&$user_row, $key, $data = false)
2714	{
2715	global $user;
2716
2717	$var = ($data !== false) ? $data : $user_row['user_options'];
2718	return phpbb_optionget($user->keyoptions[$key], $var);
2719	}
2720	}