Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 136
0.00% covered (danger)
0.00%
0 / 1
CRAP
0.00% covered (danger)
0.00%
0 / 1
ucp_zebra
0.00% covered (danger)
0.00%
0 / 134
0.00% covered (danger)
0.00%
0 / 1
1482
0.00% covered (danger)
0.00%
0 / 1
 main
0.00% covered (danger)
0.00%
0 / 134
0.00% covered (danger)
0.00%
0 / 1
1482
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14/**
15* @ignore
16*/
17if (!defined('IN_PHPBB'))
18{
19    exit;
20}
21
22class ucp_zebra
23{
24    var $u_action;
25
26    function main($id, $mode)
27    {
28        global $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher;
29
30        $submit    = (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false;
31        $s_hidden_fields = '';
32
33        $l_mode = strtoupper($mode);
34
35        if ($submit)
36        {
37            $data = $error = array();
38            $updated = false;
39
40            $var_ary = array(
41                'usernames'    => array(0),
42                'add'        => '',
43            );
44
45            foreach ($var_ary as $var => $default)
46            {
47                $data[$var] = $request->variable($var, $default, true);
48            }
49
50            if (!empty($data['add']) || count($data['usernames']))
51            {
52                if (confirm_box(true))
53                {
54                    // Remove users
55                    if (!empty($data['usernames']))
56                    {
57                        $user_ids = $data['usernames'];
58
59                        /**
60                        * Remove users from friends/foes
61                        *
62                        * @event core.ucp_remove_zebra
63                        * @var    string    mode        Zebra type: friends|foes
64                        * @var    array    user_ids    User ids we remove
65                        * @since 3.1.0-a1
66                        */
67                        $vars = array('mode', 'user_ids');
68                        extract($phpbb_dispatcher->trigger_event('core.ucp_remove_zebra', compact($vars)));
69
70                        $sql = 'DELETE FROM ' . ZEBRA_TABLE . '
71                            WHERE user_id = ' . $user->data['user_id'] . '
72                                AND ' . $db->sql_in_set('zebra_id', $user_ids);
73                        $db->sql_query($sql);
74
75                        $updated = true;
76                    }
77
78                    // Add users
79                    if ($data['add'])
80                    {
81                        $data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add'])));
82
83                        // Do these name/s exist on a list already? If so, ignore ... we could be
84                        // 'nice' and automatically handle names added to one list present on
85                        // the other (by removing the existing one) ... but I have a feeling this
86                        // may lead to complaints
87                        $sql = 'SELECT z.*, u.username, u.username_clean
88                            FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u
89                            WHERE z.user_id = ' . $user->data['user_id'] . '
90                                AND u.user_id = z.zebra_id';
91                        $result = $db->sql_query($sql);
92
93                        $friends = $foes = array();
94                        while ($row = $db->sql_fetchrow($result))
95                        {
96                            if ($row['friend'])
97                            {
98                                $friends[] = utf8_clean_string($row['username']);
99                            }
100                            else
101                            {
102                                $foes[] = utf8_clean_string($row['username']);
103                            }
104                        }
105                        $db->sql_freeresult($result);
106
107                        // remove friends from the username array
108                        $n = count($data['add']);
109                        $data['add'] = array_diff($data['add'], $friends);
110
111                        if (count($data['add']) < $n && $mode == 'foes')
112                        {
113                            $error[] = $user->lang['NOT_ADDED_FOES_FRIENDS'];
114                        }
115
116                        // remove foes from the username array
117                        $n = count($data['add']);
118                        $data['add'] = array_diff($data['add'], $foes);
119
120                        if (count($data['add']) < $n && $mode == 'friends')
121                        {
122                            $error[] = $user->lang['NOT_ADDED_FRIENDS_FOES'];
123                        }
124
125                        // remove the user himself from the username array
126                        $n = count($data['add']);
127                        $data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username'])));
128
129                        if (count($data['add']) < $n)
130                        {
131                            $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_SELF'];
132                        }
133
134                        unset($friends, $foes, $n);
135
136                        if (count($data['add']))
137                        {
138                            $sql = 'SELECT user_id, user_type
139                                FROM ' . USERS_TABLE . '
140                                WHERE ' . $db->sql_in_set('username_clean', $data['add']) . '
141                                    AND user_type <> ' . USER_INACTIVE;
142                            $result = $db->sql_query($sql);
143
144                            $user_id_ary = array();
145                            while ($row = $db->sql_fetchrow($result))
146                            {
147                                if ($row['user_id'] != ANONYMOUS && $row['user_type'] != USER_IGNORE)
148                                {
149                                    $user_id_ary[] = $row['user_id'];
150                                }
151                                else if ($row['user_id'] != ANONYMOUS)
152                                {
153                                    $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_BOTS'];
154                                }
155                                else
156                                {
157                                    $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_ANONYMOUS'];
158                                }
159                            }
160                            $db->sql_freeresult($result);
161
162                            if (count($user_id_ary))
163                            {
164                                // Remove users from foe list if they are admins or moderators
165                                if ($mode == 'foes')
166                                {
167                                    $perms = array();
168                                    foreach ($auth->acl_get_list($user_id_ary, array('a_', 'm_')) as $forum_id => $forum_ary)
169                                    {
170                                        foreach ($forum_ary as $auth_option => $user_ary)
171                                        {
172                                            $perms = array_merge($perms, $user_ary);
173                                        }
174                                    }
175
176                                    $perms = array_unique($perms);
177
178                                    if (count($perms))
179                                    {
180                                        $error[] = $user->lang['NOT_ADDED_FOES_MOD_ADMIN'];
181                                    }
182
183                                    // This may not be right ... it may yield true when perms equate to deny
184                                    $user_id_ary = array_diff($user_id_ary, $perms);
185                                    unset($perms);
186                                }
187
188                                if (count($user_id_ary))
189                                {
190                                    $sql_mode = ($mode == 'friends') ? 'friend' : 'foe';
191
192                                    $sql_ary = array();
193                                    foreach ($user_id_ary as $zebra_id)
194                                    {
195                                        $sql_ary[] = array(
196                                            'user_id'        => (int) $user->data['user_id'],
197                                            'zebra_id'        => (int) $zebra_id,
198                                            $sql_mode        => 1
199                                        );
200                                    }
201
202                                    /**
203                                    * Add users to friends/foes
204                                    *
205                                    * @event core.ucp_add_zebra
206                                    * @var    string    mode        Zebra type:
207                                    *                            friends|foes
208                                    * @var    array    sql_ary        Array of
209                                    *                            entries we add
210                                    * @since 3.1.0-a1
211                                    */
212                                    $vars = array('mode', 'sql_ary');
213                                    extract($phpbb_dispatcher->trigger_event('core.ucp_add_zebra', compact($vars)));
214
215                                    $db->sql_multi_insert(ZEBRA_TABLE, $sql_ary);
216
217                                    $updated = true;
218                                }
219                                unset($user_id_ary);
220                            }
221                            else if (!count($error))
222                            {
223                                $error[] = $user->lang['USER_NOT_FOUND_OR_INACTIVE'];
224                            }
225                        }
226                    }
227
228                    if ($request->is_ajax())
229                    {
230                        $message = ($updated) ? $user->lang[$l_mode . '_UPDATED'] : implode('<br />', $error);
231
232                        $json_response = new \phpbb\json_response;
233                        $json_response->send(array(
234                            'success' => $updated,
235
236                            'MESSAGE_TITLE'    => $user->lang['INFORMATION'],
237                            'MESSAGE_TEXT'    => $message,
238                            'REFRESH_DATA'    => array(
239                                'time'    => 3,
240                                'url'        => $this->u_action
241                            )
242                        ));
243                    }
244                    else if ($updated)
245                    {
246                        meta_refresh(3, $this->u_action);
247                        $message = $user->lang[$l_mode . '_UPDATED'] . '<br />' . implode('<br />', $error) . ((count($error)) ? '<br />' : '') . '<br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
248                        trigger_error($message);
249                    }
250                    else
251                    {
252                        $template->assign_var('ERROR', implode('<br />', $error));
253                    }
254                }
255                else
256                {
257                    confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
258                        'mode'        => $mode,
259                        'submit'    => true,
260                        'usernames'    => $data['usernames'],
261                        'add'        => $data['add']))
262                    );
263                }
264            }
265        }
266
267        $sql_and = ($mode == 'friends') ? 'z.friend = 1' : 'z.foe = 1';
268        $sql = 'SELECT z.*, u.username, u.username_clean
269            FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u
270            WHERE z.user_id = ' . $user->data['user_id'] . "
271                AND $sql_and
272                AND u.user_id = z.zebra_id
273            ORDER BY u.username_clean ASC";
274        $result = $db->sql_query($sql);
275
276        $s_username_options = '';
277        while ($row = $db->sql_fetchrow($result))
278        {
279            $s_username_options .= '<option value="' . $row['zebra_id'] . '">' . $row['username'] . '</option>';
280        }
281        $db->sql_freeresult($result);
282
283        $template->assign_vars(array(
284            'L_TITLE'            => $user->lang['UCP_ZEBRA_' . $l_mode],
285
286            'U_FIND_USERNAME'    => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=add'),
287
288            'S_USERNAME_OPTIONS'    => $s_username_options,
289            'S_HIDDEN_FIELDS'        => $s_hidden_fields,
290            'S_UCP_ACTION'            => $this->u_action)
291        );
292
293        $this->tpl_name = 'ucp_zebra_' . $mode;
294        $this->page_title = 'UCP_ZEBRA_' . $l_mode;
295    }
296}