phpBB

Code Changes

File: includes/acp/acp_users.php

  Unmodified   Added   Modified   Removed
Line 105Line 105
				LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
WHERE u.user_id = ' . $user_id . '
ORDER BY s.session_time DESC';

				LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
WHERE u.user_id = ' . $user_id . '
ORDER BY s.session_time DESC';

		$result = $db->sql_query($sql);

		$result = $db->sql_query_limit($sql, 1);

		$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);


		$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);


Line 172Line 172

if ($submit)
{


if ($submit)
{

					// You can't delete the founder
if ($delete && $user_row['user_type'] != USER_FOUNDER)

					if ($delete)


					{
if (!$auth->acl_get('a_userdel'))
{

					{
if (!$auth->acl_get('a_userdel'))
{

Line 184Line 183
						if ($user_id == ANONYMOUS)
{
trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

						if ($user_id == ANONYMOUS)
{
trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

 
						}

// Founders can not be deleted.
if ($user_row['user_type'] == USER_FOUNDER)
{
trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

						}

if ($user_id == $user->data['user_id'])

						}

if ($user_id == $user->data['user_id'])

Line 191Line 196
							trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}


							trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}


 
						if ($delete_type)
{

						if (confirm_box(true))
{
user_delete($delete_type, $user_id, $user_row['username']);

						if (confirm_box(true))
{
user_delete($delete_type, $user_id, $user_row['username']);

Line 209Line 216
								'delete'		=> 1,
'delete_type' => $delete_type))
);

								'delete'		=> 1,
'delete_type' => $delete_type))
);

 
							}
}
else
{
trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

						}
}


						}
}


Line 222Line 234
							if ($user_id == $user->data['user_id'])
{
trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

							if ($user_id == $user->data['user_id'])
{
trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

 
							}

if ($user_id == ANONYMOUS)
{
trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

							}

if ($user_row['user_type'] == USER_FOUNDER)

							}

if ($user_row['user_type'] == USER_FOUNDER)

Line 307Line 324

$server_url = generate_board_url();



$server_url = generate_board_url();


								$user_actkey = gen_rand_string(10);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len > 6) ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);

								$user_actkey = gen_rand_string(mt_rand(6, 10));




								$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';

if ($user_row['user_type'] == USER_NORMAL)

								$email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive';

if ($user_row['user_type'] == USER_NORMAL)

Line 339Line 353

$messenger->to($user_row['user_email'], $user_row['username']);



$messenger->to($user_row['user_email'], $user_row['username']);


								$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

								$messenger->anti_abuse_headers($config, $user);





$messenger->assign_vars(array(
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),


$messenger->assign_vars(array(
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),

Line 384Line 395
							}

user_active_flip('flip', $user_id);

							}

user_active_flip('flip', $user_id);

 

if ($user_row['user_type'] == USER_INACTIVE)
{
if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
{
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

$messenger = new messenger(false);

$messenger->template('admin_welcome_activated', $user_row['user_lang']);

$messenger->to($user_row['user_email'], $user_row['username']);

$messenger->anti_abuse_headers($config, $user);

$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($user_row['username']))
);

$messenger->send(NOTIFY_EMAIL);
}
}


$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
$log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';


$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
$log = ($user_row['user_type'] == USER_INACTIVE) ? 'LOG_USER_ACTIVE' : 'LOG_USER_INACTIVE';

Line 493Line 526
								);
}


								);
}


 
						break;

case 'deloutbox':

if (confirm_box(true))
{
$msg_ids = array();
$lang = 'EMPTY';

$sql = 'SELECT msg_id
FROM ' . PRIVMSGS_TO_TABLE . "
WHERE author_id = $user_id
AND folder_id = " . PRIVMSGS_OUTBOX;
$result = $db->sql_query($sql);

if ($row = $db->sql_fetchrow($result))
{
if (!function_exists('delete_pm'))
{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}

do
{
$msg_ids[] = (int) $row['msg_id'];
}
while ($row = $db->sql_fetchrow($result));

$db->sql_freeresult($result);

delete_pm($user_id, $msg_ids, PRIVMSGS_OUTBOX);

add_log('admin', 'LOG_USER_DEL_OUTBOX', $user_row['username']);

$lang = 'EMPTIED';
}
$db->sql_freeresult($result);

trigger_error($user->lang['USER_OUTBOX_' . $lang] . adm_back_link($this->u_action . '&u=' . $user_id));
}
else
{
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
'u' => $user_id,
'i' => $id,
'mode' => $mode,
'action' => $action,
'update' => true))
);
}

						break;

case 'moveposts':

						break;

case 'moveposts':

Line 648Line 731
							add_log('user', $user_id, 'LOG_USER_MOVE_POSTS_USER', $forum_info['forum_name']);

trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));

							add_log('user', $user_id, 'LOG_USER_MOVE_POSTS_USER', $forum_info['forum_name']);

trigger_error($user->lang['USER_POSTS_MOVED'] . adm_back_link($this->u_action . '&u=' . $user_id));

 

break;

case 'leave_nr':

if (confirm_box(true))
{
remove_newly_registered($user_id, $user_row);

add_log('admin', 'LOG_USER_REMOVED_NR', $user_row['username']);
trigger_error($user->lang['USER_LIFTED_NR'] . adm_back_link($this->u_action . '&u=' . $user_id));
}
else
{
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
'u' => $user_id,
'i' => $id,
'mode' => $mode,
'action' => $action,
'update' => true))
);
}


break;
}


break;
}

Line 712Line 817

// Which updates do we need to do?
$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;


// Which updates do we need to do?
$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;

					$update_password = ($data['new_password'] && !phpbb_check_hash($user_row['user_password'], $data['new_password'])) ? true : false;

					$update_password = ($data['new_password'] && !phpbb_check_hash($data['new_password'], $user_row['user_password'])) ? true : false;

					$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;

if (!sizeof($error))

					$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;

if (!sizeof($error))

Line 775Line 880
						{
$sql_ary += array(
'user_email' => $update_email,

						{
$sql_ary += array(
'user_email' => $update_email,

								'user_email_hash'	=> crc32($update_email) . strlen($update_email)

								'user_email_hash'	=> phpbb_email_hash($update_email),

							);

add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);

							);

add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);

Line 820Line 925

if ($user_id == $user->data['user_id'])
{


if ($user_id == $user->data['user_id'])
{

					$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');





					$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');
if ($user_row['user_new'])
{
$quick_tool_ary['leave_nr'] = 'LEAVE_NR';
}

				}
else
{

				}
else
{

Line 836Line 945
						$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
}


						$quick_tool_ary += array('active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'));
}


					$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');

					$quick_tool_ary += array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH', 'deloutbox' => 'DEL_OUTBOX');


if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE))
{
$quick_tool_ary['reactivate'] = 'FORCE';


if ($config['email_enable'] && ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_INACTIVE))
{
$quick_tool_ary['reactivate'] = 'FORCE';

 
					}

if ($user_row['user_new'])
{
$quick_tool_ary['leave_nr'] = 'LEAVE_NR';

					}
}


					}
}


Line 898Line 1012
						AND post_approved = 0';
$result = $db->sql_query($sql);
$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');

						AND post_approved = 0';
$result = $db->sql_query($sql);
$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');

 
				$db->sql_freeresult($result);

$sql = 'SELECT post_id
FROM ' . POSTS_TABLE . '
WHERE poster_id = '. $user_id;
$result = $db->sql_query_limit($sql, 1);
$user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');

				$db->sql_freeresult($result);

$template->assign_vars(array(

				$db->sql_freeresult($result);

$template->assign_vars(array(

Line 916Line 1037
					'U_SHOW_IP'		=> $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',

					'U_SHOW_IP'		=> $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',

 
					'U_SEARCH_USER'	=> ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',





					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '',

					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',


'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
'USER' => $user_row['username'],


'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
'USER' => $user_row['username'],

Line 927Line 1049
					'USER_EMAIL'		=> $user_row['user_email'],
'USER_WARNINGS' => $user_row['user_warnings'],
'USER_POSTS' => $user_row['user_posts'],

					'USER_EMAIL'		=> $user_row['user_email'],
'USER_WARNINGS' => $user_row['user_warnings'],
'USER_POSTS' => $user_row['user_posts'],

 
					'USER_HAS_POSTS'	=> $user_row['user_has_posts'],

					'USER_INACTIVE_REASON'	=> $inactive_reason,
));


					'USER_INACTIVE_REASON'	=> $inactive_reason,
));


Line 972Line 1095
					{
$sql = 'DELETE FROM ' . LOG_TABLE . '
WHERE log_type = ' . LOG_USERS . "

					{
$sql = 'DELETE FROM ' . LOG_TABLE . '
WHERE log_type = ' . LOG_USERS . "

 
							AND reportee_id = $user_id

							$where_sql";
$db->sql_query($sql);


							$where_sql";
$db->sql_query($sql);


Line 1008Line 1132
				// Grab log data
$log_data = array();
$log_count = 0;

				// Grab log data
$log_data = array();
$log_count = 0;

				view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);

				$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);


$template->assign_vars(array(
'S_FEEDBACK' => true,


$template->assign_vars(array(
'S_FEEDBACK' => true,

Line 1031Line 1155
						'ID'			=> $row['id'])
);
}

						'ID'			=> $row['id'])
);
}

 

break;

case 'warnings':
$user->add_lang('mcp');

// Set up general vars
$start = request_var('start', 0);
$deletemark = (isset($_POST['delmarked'])) ? true : false;
$deleteall = (isset($_POST['delall'])) ? true : false;
$confirm = (isset($_POST['confirm'])) ? true : false;
$marked = request_var('mark', array(0));
$message = utf8_normalize_nfc(request_var('message', '', true));

// Sort keys
$sort_days = request_var('st', 0);
$sort_key = request_var('sk', 't');
$sort_dir = request_var('sd', 'd');

// Delete entries if requested and able
if ($deletemark || $deleteall || $confirm)
{
if (confirm_box(true))
{
$where_sql = '';
$deletemark = request_var('delmarked', 0);
$deleteall = request_var('delall', 0);
if ($deletemark && $marked)
{
$where_sql = ' AND ' . $db->sql_in_set('warning_id', array_values($marked));
}

if ($where_sql || $deleteall)
{
$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
WHERE user_id = $user_id
$where_sql";
$db->sql_query($sql);

if ($deleteall)
{
$log_warnings = $deleted_warnings = 0;
}
else
{
$num_warnings = (int) $db->sql_affectedrows();
$deleted_warnings = ' user_warnings - ' . $num_warnings;
$log_warnings = ($num_warnings > 2) ? 2 : $num_warnings;
}

$sql = 'UPDATE ' . USERS_TABLE . "
SET user_warnings = $deleted_warnings
WHERE user_id = $user_id";
$db->sql_query($sql);

switch ($log_warnings)
{
case 2:
add_log('admin', 'LOG_WARNINGS_DELETED', $user_row['username'], $num_warnings);
break;
case 1:
add_log('admin', 'LOG_WARNING_DELETED', $user_row['username']);
break;
default:
add_log('admin', 'LOG_WARNINGS_DELETED_ALL', $user_row['username']);
break;
}
}
}
else
{
$s_hidden_fields = array(
'i' => $id,
'mode' => $mode,
'u' => $user_id,
'mark' => $marked,
);
if (isset($_POST['delmarked']))
{
$s_hidden_fields['delmarked'] = 1;
}
if (isset($_POST['delall']))
{
$s_hidden_fields['delall'] = 1;
}
if (isset($_POST['delall']) || (isset($_POST['delmarked']) && sizeof($marked)))
{
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
}
}
}

$sql = 'SELECT w.warning_id, w.warning_time, w.post_id, l.log_operation, l.log_data, l.user_id AS mod_user_id, m.username AS mod_username, m.user_colour AS mod_user_colour
FROM ' . WARNINGS_TABLE . ' w
LEFT JOIN ' . LOG_TABLE . ' l
ON (w.log_id = l.log_id)
LEFT JOIN ' . USERS_TABLE . ' m
ON (l.user_id = m.user_id)
WHERE w.user_id = ' . $user_id . '
ORDER BY w.warning_time DESC';
$result = $db->sql_query($sql);

while ($row = $db->sql_fetchrow($result))
{
if (!$row['log_operation'])
{
// We do not have a log-entry anymore, so there is no data available
$row['action'] = $user->lang['USER_WARNING_LOG_DELETED'];
}
else
{
$row['action'] = (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}';
if (!empty($row['log_data']))
{
$log_data_ary = @unserialize($row['log_data']);
$log_data_ary = ($log_data_ary === false) ? array() : $log_data_ary;

if (isset($user->lang[$row['log_operation']]))
{
// Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
// It doesn't matter if we add more arguments than placeholders
if ((substr_count($row['action'], '%') - sizeof($log_data_ary)) > 0)
{
$log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($row['action'], '%') - sizeof($log_data_ary), ''));
}
$row['action'] = vsprintf($row['action'], $log_data_ary);
$row['action'] = bbcode_nl2br(censor_text($row['action']));
}
else if (!empty($log_data_ary))
{
$row['action'] .= '<br />' . implode('', $log_data_ary);
}
}
}


$template->assign_block_vars('warn', array(
'ID' => $row['warning_id'],
'USERNAME' => ($row['log_operation']) ? get_username_string('full', $row['mod_user_id'], $row['mod_username'], $row['mod_user_colour']) : '-',
'ACTION' => make_clickable($row['action']),
'DATE' => $user->format_date($row['warning_time']),
));
}
$db->sql_freeresult($result);

$template->assign_vars(array(
'S_WARNINGS' => true,
));


break;



break;


Line 1135Line 1407
						$db->sql_query($sql);

// Update Custom Fields

						$db->sql_query($sql);

// Update Custom Fields

						if (sizeof($cp_data))
{
switch ($db->sql_layer)
{
case 'oracle':
case 'firebird':
case 'postgres':
$right_delim = $left_delim = '"';
break;

case 'sqlite':
case 'mssql':
case 'mssql_odbc':
$right_delim = ']';
$left_delim = '[';
break;

case 'mysql':
case 'mysql4':
case 'mysqli':
$right_delim = $left_delim = '`';
break;
}

foreach ($cp_data as $key => $value)
{
$cp_data[$left_delim . $key . $right_delim] = $value;
unset($cp_data[$key]);
}

$sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $cp_data) . "
WHERE user_id = $user_id";
$db->sql_query($sql);

if (!$db->sql_affectedrows())
{
$cp_data['user_id'] = (int) $user_id;

$db->sql_return_on_error(true);

$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $cp_data);
$db->sql_query($sql);

$db->sql_return_on_error(false);
}
}

						$cp->update_profile_field_data($user_id, $cp_data);
















































trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}


trigger_error($user->lang['USER_PROFILE_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}

Line 1207Line 1433

$now = getdate();
$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';


$now = getdate();
$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';

				for ($i = $now['year'] - 100; $i < $now['year']; $i++)

				for ($i = $now['year'] - 100; $i <= $now['year']; $i++)

				{
$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";

				{
$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";

Line 1340Line 1566
							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE user_id = $user_id";
$db->sql_query($sql);

							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE user_id = $user_id";
$db->sql_query($sql);

 

// Check if user has an active session
if ($user_row['session_id'])
{
// We'll update the session if user_allow_viewonline has changed and the user is a bot
// Or if it's a regular user and the admin set it to hide the session
if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
|| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
{
// We also need to check if the user has the permission to cloak.
$user_auth = new auth();
$user_auth->acl($user_row);

$session_sql_ary = array(
'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
);

$sql = 'UPDATE ' . SESSIONS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
WHERE session_user_id = $user_id";
$db->sql_query($sql);

unset($user_auth);
}
}


trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}


trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}

Line 1455Line 1706
				include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);


				include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);


				$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;

				$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;


if ($submit)
{


if ($submit)
{

Line 1465Line 1716
							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
}


							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
}


					if (avatar_process_user($error, $user_row))

					if (avatar_process_user($error, $user_row, $can_upload))

					{
trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_row['user_id']));
}

// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

					{
trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_row['user_id']));
}

// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

 
				}

if (!$config['allow_avatar'] && $user_row['user_avatar_type'])
{
$error[] = $user->lang['USER_AVATAR_NOT_ALLOWED'];
}
else if ((($user_row['user_avatar_type'] == AVATAR_UPLOAD) && !$config['allow_avatar_upload']) ||
(($user_row['user_avatar_type'] == AVATAR_REMOTE) && !$config['allow_avatar_remote']) ||
(($user_row['user_avatar_type'] == AVATAR_GALLERY) && !$config['allow_avatar_local']))
{
$error[] = $user->lang['USER_AVATAR_TYPE_NOT_ALLOWED'];

				}

// Generate users avatar

				}

// Generate users avatar

				$avatar_img = ($user_row['user_avatar']) ? get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']) : '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />';

				$avatar_img = ($user_row['user_avatar']) ? get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height'], 'USER_AVATAR', true) : '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />';


$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
$avatar_select = basename(request_var('avatar_select', ''));


$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
$avatar_select = basename(request_var('avatar_select', ''));

Line 1488Line 1750

$template->assign_vars(array(
'S_AVATAR' => true,


$template->assign_vars(array(
'S_AVATAR' => true,

					'S_CAN_UPLOAD'		=> ($can_upload && $config['allow_avatar_upload']) ? true : false,
'S_ALLOW_REMOTE' => ($config['allow_avatar_remote']) ? true : false,
'S_DISPLAY_GALLERY' => ($config['allow_avatar_local'] && !$display_gallery) ? true : false,
'S_IN_GALLERY' => ($config['allow_avatar_local'] && $display_gallery) ? true : false,



					'S_CAN_UPLOAD'		=> $can_upload,
'S_UPLOAD_FILE' => ($config['allow_avatar'] && $can_upload && $config['allow_avatar_upload']) ? true : false,
'S_REMOTE_UPLOAD' => ($config['allow_avatar'] && $can_upload && $config['allow_avatar_remote_upload']) ? true : false,
'S_ALLOW_REMOTE' => ($config['allow_avatar'] && $config['allow_avatar_remote']) ? true : false,
'S_DISPLAY_GALLERY' => ($config['allow_avatar'] && $config['allow_avatar_local'] && !$display_gallery) ? true : false,
'S_IN_GALLERY' => ($config['allow_avatar'] && $config['allow_avatar_local'] && $display_gallery) ? true : false,


'AVATAR_IMAGE' => $avatar_img,
'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'],


'AVATAR_IMAGE' => $avatar_img,
'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'],

Line 1549Line 1813
				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);


				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);


				$enable_bbcode	= ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', !$user->optionget('bbcode'))) ? false : true) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', !$user->optionget('smilies'))) ? false : true) : false;
$enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false;

				$enable_bbcode	= ($config['allow_sig_bbcode']) ? (bool) $this->optionget($user_row, 'sig_bbcode') : false;
$enable_smilies = ($config['allow_sig_smilies']) ? (bool) $this->optionget($user_row, 'sig_smilies') : false;
$enable_urls = ($config['allow_sig_links']) ? (bool) $this->optionget($user_row, 'sig_links') : false;

				$signature		= utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true));

$preview = (isset($_POST['preview'])) ? true : false;

				$signature		= utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true));

$preview = (isset($_POST['preview'])) ? true : false;

Line 1559Line 1823
				if ($submit || $preview)
{
include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);

				if ($submit || $preview)
{
include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);

 

$enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false;
$enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false;


$message_parser = new parse_message($signature);



$message_parser = new parse_message($signature);


Line 1577Line 1845

if (!sizeof($error) && $submit)
{


if (!sizeof($error) && $submit)
{

 
						$this->optionset($user_row, 'sig_bbcode', $enable_bbcode);
$this->optionset($user_row, 'sig_smilies', $enable_smilies);
$this->optionset($user_row, 'sig_links', $enable_urls);


						$sql_ary = array(
'user_sig' => (string) $message_parser->message,

						$sql_ary = array(
'user_sig' => (string) $message_parser->message,

 
							'user_options'				=> $user_row['user_options'],

							'user_sig_bbcode_uid'		=> (string) $message_parser->bbcode_uid,
'user_sig_bbcode_bitfield' => (string) $message_parser->bbcode_bitfield
);

							'user_sig_bbcode_uid'		=> (string) $message_parser->bbcode_uid,
'user_sig_bbcode_bitfield' => (string) $message_parser->bbcode_bitfield
);

Line 1742Line 2015
					WHERE a.poster_id = ' . $user_id . "
AND a.is_orphan = 0
ORDER BY $order_by";

					WHERE a.poster_id = ' . $user_id . "
AND a.is_orphan = 0
ORDER BY $order_by";

				$result = $db->sql_query_limit($sql, $config['posts_per_page'], $start);

				$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);


while ($row = $db->sql_fetchrow($result))
{


while ($row = $db->sql_fetchrow($result))
{

Line 1846Line 2119
							}

$error = array();

							}

$error = array();

 

// The delete action was successful - therefore update the user row...
$sql = 'SELECT u.*, s.*
FROM ' . USERS_TABLE . ' u
LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
WHERE u.user_id = ' . $user_id . '
ORDER BY s.session_time DESC';
$result = $db->sql_query_limit($sql, 1);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
else
{
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
'u' => $user_id,
'i' => $id,
'mode' => $mode,
'action' => $action,
'g' => $group_id))
);
}

break;

case 'approve':

if (confirm_box(true))
{
if (!$group_id)
{
trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
}
group_user_attributes($action, $group_id, $user_id);

						}
else
{

						}
else
{

Line 1951Line 2257
							'U_DEFAULT'			=> $this->u_action . "&amp;action=default&amp;u=$user_id&amp;g=" . $data['group_id'],
'U_DEMOTE_PROMOTE' => $this->u_action . '&amp;action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&amp;u=$user_id&amp;g=" . $data['group_id'],
'U_DELETE' => $this->u_action . "&amp;action=delete&amp;u=$user_id&amp;g=" . $data['group_id'],

							'U_DEFAULT'			=> $this->u_action . "&amp;action=default&amp;u=$user_id&amp;g=" . $data['group_id'],
'U_DEMOTE_PROMOTE' => $this->u_action . '&amp;action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&amp;u=$user_id&amp;g=" . $data['group_id'],
'U_DELETE' => $this->u_action . "&amp;action=delete&amp;u=$user_id&amp;g=" . $data['group_id'],

 
							'U_APPROVE'			=> ($group_type == 'pending') ? $this->u_action . "&amp;action=approve&amp;u=$user_id&amp;g=" . $data['group_id'] : '',


'GROUP_NAME' => ($group_type == 'special') ? $user->lang['G_' . $data['group_name']] : $data['group_name'],
'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],



'GROUP_NAME' => ($group_type == 'special') ? $user->lang['G_' . $data['group_name']] : $data['group_name'],
'L_DEMOTE_PROMOTE' => ($data['group_leader']) ? $user->lang['GROUP_DEMOTE'] : $user->lang['GROUP_PROMOTE'],


 
							'S_IS_MEMBER'		=> ($group_type != 'pending') ? true : false,

							'S_NO_DEFAULT'		=> ($user_row['group_id'] != $data['group_id']) ? true : false,
'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
)

							'S_NO_DEFAULT'		=> ($user_row['group_id'] != $data['group_id']) ? true : false,
'S_SPECIAL_GROUP' => ($group_type == 'special') ? true : false,
)

Line 2045Line 2353
	}

/**

	}

/**

	* Optionset replacement for this module based on $user->optionset













	* Set option bit field for user options in a user row array.
*
* Optionset replacement for this module based on $user->optionset.
*
* @param array $user_row Row from the users table.
* @param int $key Option key, as defined in $user->keyoptions property.
* @param bool $value True to set the option, false to clear the option.
* @param int $data Current bit field value, or false to use $user_row['user_options']
* @return int|bool If $data is false, the bit field is modified and
* written back to $user_row['user_options'], and
* return value is true if the bit field changed and
* false otherwise. If $data is not false, the new
* bitfield value is returned.

	*/
function optionset(&$user_row, $key, $value, $data = false)
{
global $user;


	*/
function optionset(&$user_row, $key, $value, $data = false)
{
global $user;


		$var = ($data) ? $data : $user_row['user_options'];

		$var = ($data !== false) ? $data : $user_row['user_options'];





		if ($value && !($var & 1 << $user->keyoptions[$key]))



		$new_var = phpbb_optionset($user->keyoptions[$key], $value, $var);

if ($data === false)

		{

		{

			$var += 1 << $user->keyoptions[$key];
}
else if (!$value && ($var & 1 << $user->keyoptions[$key]))

			if ($new_var != $var)



		{

		{

			$var -= 1 << $user->keyoptions[$key];


				$user_row['user_options'] = $new_var;
return true;

		}
else
{

		}
else
{

			return ($data) ? $var : false;

				return false;

		}

		}


if (!$data)
{
$user_row['user_options'] = $var;
return true;

 
		}
else
{

		}
else
{

			return $var;

			return $new_var;

		}
}

/**

		}
}

/**

	* Optionget replacement for this module based on $user->optionget








	* Get option bit field from user options in a user row array.
*
* Optionget replacement for this module based on $user->optionget.
*
* @param array $user_row Row from the users table.
* @param int $key option key, as defined in $user->keyoptions property.
* @param int $data bit field value to use, or false to use $user_row['user_options']
* @return bool true if the option is set in the bit field, false otherwise

	*/
function optionget(&$user_row, $key, $data = false)
{
global $user;


	*/
function optionget(&$user_row, $key, $data = false)
{
global $user;


		$var = ($data) ? $data : $user_row['user_options'];
return ($var & 1 << $user->keyoptions[$key]) ? true : false;

		$var = ($data !== false) ? $data : $user_row['user_options'];
return phpbb_optionget($user->keyoptions[$key], $var);

	}
}


	}
}