Code Coverage for /data/phpBB/ucp.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 188		n/a	0 / 0	CRAP		n/a	0 / 0

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	define('IN_PHPBB', true);
18	$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
19	$phpEx = substr(strrchr(__FILE__, '.'), 1);
20	require($phpbb_root_path . 'common.' . $phpEx);
21	require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
22	require($phpbb_root_path . 'includes/functions_module.' . $phpEx);
23
24	// Basic parameter data
25	$id = $request->variable('i', '');
26	$mode = $request->variable('mode', '');
27
28	if (in_array($mode, array('login', 'login_link', 'logout', 'confirm', 'sendpassword', 'activate')))
29	{
30	define('IN_LOGIN', true);
31	}
32
33	if ($mode === 'delete_cookies')
34	{
35	define('SKIP_CHECK_BAN', true);
36	define('SKIP_CHECK_DISABLED', true);
37	}
38
39	// Start session management
40	$user->session_begin();
41	$auth->acl($user->data);
42	$user->setup('ucp');
43
44	// Setting a variable to let the style designer know where he is...
45	$template->assign_var('S_IN_UCP', true);
46
47	$module = new p_master();
48	$default = false;
49
50	// Basic "global" modes
51	switch ($mode)
52	{
53	case 'activate':
54	$module->load('ucp', 'activate');
55	$module->display($user->lang['UCP_ACTIVATE']);
56
57	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
58	break;
59
60	case 'resend_act':
61	$module->load('ucp', 'resend');
62	$module->display($user->lang['UCP_RESEND']);
63	break;
64
65	case 'sendpassword':
66	/** @var \phpbb\controller\helper $controller_helper */
67	$controller_helper = $phpbb_container->get('controller.helper');
68
69	redirect($controller_helper->route('phpbb_ucp_forgot_password_controller'));
70	break;
71
72	case 'register':
73	if ($user->data['is_registered'] \|\| isset($_REQUEST['not_agreed']))
74	{
75	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
76	}
77
78	$module->load('ucp', 'register');
79	$module->display($user->lang['REGISTER']);
80	break;
81
82	case 'confirm':
83	$module->load('ucp', 'confirm');
84	break;
85
86	case 'login':
87	if ($user->data['is_registered'])
88	{
89	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
90	}
91
92	login_box($request->variable('redirect', "index.$phpEx"));
93	break;
94
95	case 'login_link':
96	if ($user->data['is_registered'])
97	{
98	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
99	}
100
101	$module->load('ucp', 'login_link');
102	$module->display($user->lang['UCP_LOGIN_LINK']);
103	break;
104
105	case 'logout':
106	if ($user->data['user_id'] != ANONYMOUS && check_link_hash($request->variable('hash', ''), 'ucp_logout'))
107	{
108	$user->session_kill();
109	}
110	else if ($user->data['user_id'] != ANONYMOUS)
111	{
112	meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
113
114	$message = $user->lang['LOGOUT_FAILED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> ');
115	trigger_error($message);
116	}
117
118	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
119	break;
120
121	case 'terms':
122	case 'privacy':
123
124	$message = ($mode == 'terms') ? 'TERMS_OF_USE_CONTENT' : 'PRIVACY_POLICY';
125	$title = ($mode == 'terms') ? 'TERMS_USE' : 'PRIVACY';
126
127	if (empty($user->lang[$message]))
128	{
129	if ($user->data['is_registered'])
130	{
131	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
132	}
133
134	login_box();
135	}
136
137	$template->set_filenames(array(
138	'body' => 'ucp_agreement.html')
139	);
140
141	// Disable online list
142	page_header($user->lang[$title]);
143
144	$template->assign_vars(array(
145	'S_AGREEMENT' => true,
146	'AGREEMENT_TITLE' => $user->lang[$title],
147	'AGREEMENT_TEXT' => sprintf($user->lang[$message], $config['sitename'], generate_board_url()),
148	'U_BACK' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
149	'L_BACK' => $user->lang['BACK_TO_PREV'],
150	));
151
152	page_footer();
153
154	break;
155
156	case 'delete_cookies':
157	/** @var \phpbb\controller\helper $controller_helper */
158	$controller_helper = $phpbb_container->get('controller.helper');
159
160	// Redirect to controller
161	redirect($controller_helper->route('phpbb_ucp_delete_cookies_controller'));
162	break;
163
164	case 'switch_perm':
165
166	$user_id = $request->variable('u', 0);
167
168	$sql = 'SELECT *
169	FROM ' . USERS_TABLE . '
170	WHERE user_id = ' . (int) $user_id;
171	$result = $db->sql_query($sql);
172	$user_row = $db->sql_fetchrow($result);
173	$db->sql_freeresult($result);
174
175	if (!$auth->acl_get('a_switchperm') \|\| !$user_row \|\| $user_id == $user->data['user_id'] \|\| !check_link_hash($request->variable('hash', ''), 'switchperm'))
176	{
177	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
178	}
179
180	include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
181
182	$auth_admin = new auth_admin();
183	if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id']))
184	{
185	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
186	}
187
188	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ACL_TRANSFER_PERMISSIONS', false, array($user_row['username']));
189
190	$message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
191
192	/**
193	* Event to run code after permissions are switched
194	*
195	* @event core.ucp_switch_permissions
196	* @var int user_id User ID to switch permission to
197	* @var array user_row User data
198	* @var string message Success message
199	* @since 3.1.11-RC1
200	*/
201	$vars = array('user_id', 'user_row', 'message');
202	extract($phpbb_dispatcher->trigger_event('core.ucp_switch_permissions', compact($vars)));
203
204	trigger_error($message);
205
206	break;
207
208	case 'restore_perm':
209
210	if (!$user->data['user_perm_from'] \|\| !$auth->acl_get('a_switchperm'))
211	{
212	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
213	}
214
215	$auth->acl_cache($user->data);
216
217	$sql = 'SELECT username
218	FROM ' . USERS_TABLE . '
219	WHERE user_id = ' . $user->data['user_perm_from'];
220	$result = $db->sql_query($sql);
221	$username = $db->sql_fetchfield('username');
222	$db->sql_freeresult($result);
223
224	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ACL_RESTORE_PERMISSIONS', false, array($username));
225
226	$message = $user->lang['PERMISSIONS_RESTORED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
227
228	/**
229	* Event to run code after permissions are restored
230	*
231	* @event core.ucp_restore_permissions
232	* @var string username User name
233	* @var string message Success message
234	* @since 3.1.11-RC1
235	*/
236	$vars = array('username', 'message');
237	extract($phpbb_dispatcher->trigger_event('core.ucp_restore_permissions', compact($vars)));
238
239	trigger_error($message);
240
241	break;
242
243	default:
244	$default = true;
245	break;
246	}
247
248	// We use this approach because it does not impose large code changes
249	if (!$default)
250	{
251	return true;
252	}
253
254	// Only registered users can go beyond this point
255	if (!$user->data['is_registered'])
256	{
257	if ($user->data['is_bot'])
258	{
259	redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
260	}
261
262	if ($id == 'pm' && $mode == 'view' && isset($_GET['p']))
263	{
264	$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx?i=pm&p=" . $request->variable('p', 0));
265	login_box($redirect_url, $user->lang['LOGIN_EXPLAIN_UCP']);
266	}
267
268	login_box('', $user->lang['LOGIN_EXPLAIN_UCP']);
269	}
270
271	// Instantiate module system and generate list of available modules
272	$module->list_modules('ucp');
273
274	// Check if the zebra module is set
275	if ($module->is_active('zebra', 'friends'))
276	{
277	// Output listing of friends online
278	$update_time = $config['load_online_time'] * 60;
279
280	$sql_ary = array(
281	'SELECT' => 'u.user_id, u.username, u.username_clean, u.user_colour, MAX(s.session_time) as online_time, MIN(s.session_viewonline) AS viewonline',
282
283	'FROM' => array(
284	USERS_TABLE => 'u',
285	ZEBRA_TABLE => 'z',
286	),
287
288	'LEFT_JOIN' => array(
289	array(
290	'FROM' => array(SESSIONS_TABLE => 's'),
291	'ON' => 's.session_user_id = z.zebra_id',
292	),
293	),
294
295	'WHERE' => 'z.user_id = ' . $user->data['user_id'] . '
296	AND z.friend = 1
297	AND u.user_id = z.zebra_id',
298
299	'GROUP_BY' => 'z.zebra_id, u.user_id, u.username_clean, u.user_colour, u.username',
300
301	'ORDER_BY' => 'u.username_clean ASC',
302	);
303
304	/**
305	* Event to modify the SQL query before listing of friends
306	*
307	* @event core.ucp_modify_friends_sql
308	* @var array sql_ary SQL query array for listing of friends
309	*
310	* @since 3.2.10-RC1
311	* @since 3.3.1-RC1
312	*/
313	$vars = [
314	'sql_ary',
315	];
316	extract($phpbb_dispatcher->trigger_event('core.ucp_modify_friends_sql', compact($vars)));
317
318	$sql = $db->sql_build_query('SELECT_DISTINCT', $sql_ary);
319	$result = $db->sql_query($sql);
320
321	while ($row = $db->sql_fetchrow($result))
322	{
323	$which = (time() - $update_time < $row['online_time'] && ($row['viewonline'] \|\| $auth->acl_get('u_viewonline'))) ? 'online' : 'offline';
324
325	$tpl_ary = [
326	'USER_ID' => $row['user_id'],
327	'U_PROFILE' => get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']),
328	'USER_COLOUR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),
329	'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
330	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'])
331	];
332
333	/**
334	* Event to modify the template before listing of friends
335	*
336	* @event core.ucp_modify_friends_template_vars
337	* @var array row friend user row
338	* @var array tpl_ary friend template array
339	* @var string which friend is 'online' or 'offline'
340	*
341	* @since 3.2.10-RC1
342	* @since 3.3.1-RC1
343	*/
344	$vars = [
345	'row',
346	'tpl_ary',
347	'which',
348	];
349	extract($phpbb_dispatcher->trigger_event('core.ucp_modify_friends_template_vars', compact($vars)));
350
351	$template->assign_block_vars("friends_{$which}", $tpl_ary);
352	}
353	$db->sql_freeresult($result);
354	}
355
356	// Do not display subscribed topics/forums if not allowed
357	if (!$config['allow_topic_notify'] && !$config['allow_forum_notify'])
358	{
359	$module->set_display('main', 'subscribed', false);
360	}
361
362	/**
363	* Use this event to enable and disable additional UCP modules
364	*
365	* @event core.ucp_display_module_before
366	* @var p_master module Object holding all modules and their status
367	* @var mixed id Active module category (can be the int or string)
368	* @var string mode Active module
369	* @since 3.1.0-a1
370	*/
371	$vars = array('module', 'id', 'mode');
372	extract($phpbb_dispatcher->trigger_event('core.ucp_display_module_before', compact($vars)));
373
374	$template->assign_block_vars('navlinks', array(
375	'BREADCRUMB_NAME' => $user->lang('UCP'),
376	'U_BREADCRUMB' => append_sid("{$phpbb_root_path}ucp.$phpEx"),
377	));
378
379	// Select the active module
380	$module->set_active($id, $mode);
381
382	// Load and execute the relevant module
383	$module->load_active();
384
385	// Assign data to the template engine for the list of modules
386	$module->assign_tpl_vars(append_sid("{$phpbb_root_path}ucp.$phpEx"));
387
388	// Generate the page, do not display/query online list
389	$module->display($module->get_page_title());