MyBB PHP Cross Reference Discussion Forums

Source: /modcp.php - 3552 lines - 107156 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define('THIS_SCRIPT', 'modcp.php');
  14  
  15  $templatelist = "modcp_reports,modcp_reports_report,modcp_reports_multipage,modcp_reports_allreport,modcp_reports_allreports,modcp_modlogs_multipage,modcp_announcements_delete,modcp_announcements_edit";
  16  $templatelist .= ",modcp_reports_allnoreports,modcp_reports_noreports,modcp_banning,modcp_banning_ban,modcp_announcements_announcement_global,modcp_no_announcements_forum,modcp_modqueue_threads_thread";
  17  $templatelist .= ",modcp_banning_multipage,modcp_banning_nobanned,modcp_modqueue_threads_empty,modcp_modqueue_masscontrols,modcp_modqueue_threads,modcp_modqueue_posts_post,modcp_modqueue_posts_empty";
  18  $templatelist .= ",modcp_nav,modcp_modlogs_noresults,modcp,modcp_modqueue_posts,modcp_modqueue_attachments_attachment,modcp_modqueue_attachments_empty,modcp_modqueue_attachments,modcp_editprofile_suspensions_info";
  19  $templatelist .= ",modcp_no_announcements_global,modcp_announcements_global,modcp_announcements_forum,modcp_announcements,modcp_editprofile_select_option,modcp_editprofile_select,modcp_finduser_noresults";
  20  $templatelist .= ",codebuttons,smilieinsert,modcp_announcements_new,modcp_modqueue_empty,forumjump_bit,forumjump_special,modcp_warninglogs_warning_revoked,modcp_warninglogs_warning,modcp_ipsearch_result";
  21  $templatelist .= ",modcp_modlogs,modcp_finduser_user,modcp_finduser,usercp_profile_customfield,usercp_profile_profilefields,modcp_ipsearch_noresults,modcp_ipsearch_results,modcp_ipsearch_misc_info";
  22  $templatelist .= ",modcp_editprofile,modcp_ipsearch,modcp_banuser_addusername,modcp_banuser,modcp_warninglogs_nologs,modcp_banuser_editusername,modcp_lastattachment,modcp_lastpost,modcp_lastthread,modcp_nobanned";
  23  $templatelist .= ",modcp_warninglogs,modcp_modlogs_result,modcp_editprofile_signature,forumjump_advanced,smilieinsert_getmore,modcp_announcements_forum_nomod,modcp_announcements_announcement,multipage_prevpage";
  24  $templatelist .= ",multipage_start,multipage_page_current,multipage_page,multipage_end,multipage_nextpage,multipage";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_user.php";
  28  require_once  MYBB_ROOT."inc/functions_upload.php";
  29  require_once  MYBB_ROOT."inc/functions_modcp.php";
  30  require_once  MYBB_ROOT."inc/class_parser.php";
  31  
  32  $parser = new postParser;
  33  
  34  // Set up the array of ban times.
  35  $bantimes = fetch_ban_times();
  36  
  37  // Load global language phrases
  38  $lang->load("modcp");
  39  
  40  if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  $errors = '';
  46  // SQL for fetching items only related to forums this user moderates
  47  $moderated_forums = array();
  48  if($mybb->usergroup['issupermod'] != 1)
  49  {
  50      $query = $db->simple_select("moderators", "*", "(id='{$mybb->user['uid']}' AND isgroup = '0') OR (id='{$mybb->user['usergroup']}' AND isgroup = '1')");
  51      while($forum = $db->fetch_array($query))
  52      {
  53          $flist .= ",'{$forum['fid']}'";
  54  
  55          $children = get_child_list($forum['fid']);
  56          if(!empty($children))
  57          {
  58              $flist .= ",'".implode("','", $children)."'";
  59          }
  60          $moderated_forums[] = $forum['fid'];
  61      }
  62      if($flist)
  63      {
  64          $tflist = " AND t.fid IN (0{$flist})";
  65          $flist = " AND fid IN (0{$flist})";
  66      }
  67  }
  68  else
  69  {
  70      $flist = $tflist = '';
  71  }
  72  
  73  // Retrieve a list of unviewable forums
  74  $unviewableforums = get_unviewable_forums();
  75  
  76  if($unviewableforums && !is_super_admin($mybb->user['uid']))
  77  {
  78      $flist .= " AND fid NOT IN ({$unviewableforums})";
  79      $tflist .= " AND t.fid NOT IN ({$unviewableforums})";
  80  
  81      $unviewableforums = str_replace("'", '', $unviewableforums);
  82      $unviewableforums = explode(',', $unviewableforums);
  83  }
  84  else
  85  {
  86      $unviewableforums = array();
  87  }
  88  
  89  // Fetch the Mod CP menu
  90  eval("\$modcp_nav = \"".$templates->get("modcp_nav")."\";");
  91  
  92  $plugins->run_hooks("modcp_start");
  93  
  94  // Make navigation
  95  add_breadcrumb($lang->nav_modcp, "modcp.php");
  96  
  97  if($mybb->input['action'] == "do_reports")
  98  {
  99      // Verify incoming POST request
 100      verify_post_check($mybb->input['my_post_key']);
 101  
 102      if(!is_array($mybb->input['reports']))
 103      {
 104          error($lang->error_noselected_reports);
 105      }
 106  
 107      $sql = '1=1';
 108      if(!$mybb->input['allbox'])
 109      {
 110          $mybb->input['reports'] = array_map("intval", $mybb->input['reports']);
 111          $rids = implode($mybb->input['reports'], "','");
 112          $rids = "'0','{$rids}'";
 113  
 114          $sql = "rid IN ({$rids})";
 115      }
 116  
 117      $plugins->run_hooks("modcp_do_reports");
 118  
 119      $db->update_query("reportedposts", array('reportstatus' => 1), "{$sql}{$flist}");
 120      $cache->update_reportedposts();
 121  
 122      $page = intval($mybb->input['page']);
 123  
 124      redirect("modcp.php?action=reports&page={$page}", $lang->redirect_reportsmarked);
 125  }
 126  
 127  if($mybb->input['action'] == "reports")
 128  {
 129      add_breadcrumb($lang->mcp_nav_reported_posts, "modcp.php?action=reports");
 130  
 131      if(!$mybb->settings['threadsperpage'])
 132      {
 133          $mybb->settings['threadsperpage'] = 20;
 134      }
 135  
 136      // Figure out if we need to display multiple pages.
 137      $perpage = $mybb->settings['threadsperpage'];
 138      if($mybb->input['page'] != "last")
 139      {
 140          $page = intval($mybb->input['page']);
 141      }
 142  
 143      $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "reportstatus ='0'");
 144      $report_count = $db->fetch_field($query, "count");
 145  
 146      $mybb->input['rid'] = intval($mybb->input['rid']);
 147  
 148      if($mybb->input['rid'])
 149      {
 150          $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 151          $result = $db->fetch_field($query, "count");
 152          if(($result % $perpage) == 0)
 153          {
 154              $page = $result / $perpage;
 155          }
 156          else
 157          {
 158              $page = intval($result / $perpage) + 1;
 159          }
 160      }
 161      $postcount = intval($report_count);
 162      $pages = $postcount / $perpage;
 163      $pages = ceil($pages);
 164  
 165      if($mybb->input['page'] == "last")
 166      {
 167          $page = $pages;
 168      }
 169  
 170      if($page > $pages || $page <= 0)
 171      {
 172          $page = 1;
 173      }
 174  
 175      if($page && $page > 0)
 176      {
 177          $start = ($page-1) * $perpage;
 178      }
 179      else
 180      {
 181          $start = 0;
 182          $page = 1;
 183      }
 184      $upper = $start+$perpage;
 185  
 186      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=reports");
 187      if($postcount > $perpage)
 188      {
 189          eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 190      }
 191  
 192      $query = $db->simple_select("forums", "fid, name");
 193      while($forum = $db->fetch_array($query))
 194      {
 195          $forums[$forum['fid']] = $forum['name'];
 196      }
 197  
 198      $plugins->run_hooks("modcp_reports_start");
 199  
 200      $reports = '';
 201      $query = $db->query("
 202          SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject
 203          FROM ".TABLE_PREFIX."reportedposts r
 204          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid)
 205          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 206          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 207          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 208          WHERE r.reportstatus='0'
 209          ORDER BY r.dateline DESC
 210          LIMIT {$start}, {$perpage}
 211      ");
 212  
 213      if(!$db->num_rows($query))
 214      {
 215          eval("\$reports = \"".$templates->get("modcp_reports_noreports")."\";");
 216      }
 217      else
 218      {
 219          while($report = $db->fetch_array($query))
 220          {
 221              $trow = alt_trow();
 222              if(is_moderator($report['fid']))
 223              {
 224                  $trow = 'trow_shaded';
 225              }
 226  
 227              $report['postlink'] = get_post_link($report['pid'], $report['tid']);
 228              $report['threadlink'] = get_thread_link($report['tid']);
 229              $report['posterlink'] = get_profile_link($report['postuid']);
 230              $report['reporterlink'] = get_profile_link($report['uid']);
 231              $reportdate = my_date($mybb->settings['dateformat'], $report['dateline']);
 232              $reporttime = my_date($mybb->settings['timeformat'], $report['dateline']);
 233              $report['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 234  
 235              eval("\$reports .= \"".$templates->get("modcp_reports_report")."\";");
 236          }
 237      }
 238  
 239      $plugins->run_hooks("modcp_reports_end");
 240  
 241      eval("\$reportedposts = \"".$templates->get("modcp_reports")."\";");
 242      output_page($reportedposts);
 243  }
 244  
 245  if($mybb->input['action'] == "allreports")
 246  {
 247      add_breadcrumb($lang->mcp_nav_all_reported_posts, "modcp.php?action=allreports");
 248  
 249      if(!$mybb->settings['threadsperpage'])
 250      {
 251          $mybb->settings['threadsperpage'] = 20;
 252      }
 253  
 254      // Figure out if we need to display multiple pages.
 255      $perpage = $mybb->settings['threadsperpage'];
 256      if($mybb->input['page'] != "last")
 257      {
 258          $page = intval($mybb->input['page']);
 259      }
 260  
 261      $query = $db->simple_select("reportedposts", "COUNT(rid) AS count");
 262      $warnings = $db->fetch_field($query, "count");
 263  
 264      if($mybb->input['rid'])
 265      {
 266          $mybb->input['rid'] = intval($mybb->input['rid']);
 267          $query = $db->simple_select("reportedposts", "COUNT(rid) AS count", "rid <= '".$mybb->input['rid']."'");
 268          $result = $db->fetch_field($query, "count");
 269          if(($result % $perpage) == 0)
 270          {
 271              $page = $result / $perpage;
 272          }
 273          else
 274          {
 275              $page = intval($result / $perpage) + 1;
 276          }
 277      }
 278      $postcount = intval($warnings);
 279      $pages = $postcount / $perpage;
 280      $pages = ceil($pages);
 281  
 282      if($mybb->input['page'] == "last")
 283      {
 284          $page = $pages;
 285      }
 286  
 287      if($page > $pages || $page <= 0)
 288      {
 289          $page = 1;
 290      }
 291  
 292      if($page)
 293      {
 294          $start = ($page-1) * $perpage;
 295      }
 296      else
 297      {
 298          $start = 0;
 299          $page = 1;
 300      }
 301      $upper = $start+$perpage;
 302  
 303      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
 304      if($postcount > $perpage)
 305      {
 306          eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");
 307      }
 308  
 309      $plugins->run_hooks("modcp_allreports_start");
 310  
 311      $query = $db->query("
 312          SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject
 313          FROM ".TABLE_PREFIX."reportedposts r
 314          LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid)
 315          LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)
 316          LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
 317          LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
 318          ORDER BY r.dateline DESC
 319          LIMIT {$start}, {$perpage}
 320      ");
 321  
 322      $allreports = '';
 323      if(!$db->num_rows($query))
 324      {
 325          eval("\$allreports = \"".$templates->get("modcp_reports_allnoreports")."\";");
 326      }
 327      else
 328      {
 329          while($report = $db->fetch_array($query))
 330          {
 331              $trow = alt_trow();
 332  
 333              $report['threadlink'] = get_thread_link($report['tid']);
 334  
 335              $report['posterlink'] = get_profile_link($report['postuid']);
 336              $report['postlink'] = get_post_link($report['pid'], $report['tid']);
 337              $report['postusername'] = build_profile_link($report['postusername'], $report['postuid']);
 338              $report['reporterlink'] = get_profile_link($report['uid']);
 339  
 340              $reportdate = my_date($mybb->settings['dateformat'], $report['dateline']);
 341              $reporttime = my_date($mybb->settings['timeformat'], $report['dateline']);
 342  
 343              if($report['reportstatus'] == 0)
 344              {
 345                  $trow = "trow_shaded";
 346              }
 347  
 348              // No subject? Set it to N/A
 349              if($report['threadsubject'] == '')
 350              {
 351                  $report['threadsubject'] = $lang->na;
 352              }
 353              else
 354              {
 355                  // Only parse bad words and sanitize subject if there is one...
 356                  $report['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($report['threadsubject']));
 357              }
 358  
 359              $report['threadsubject'] = "<a href=\"".get_thread_link($report['tid'])."\" target=\"_blank\">{$report['threadsubject']}</a>";
 360  
 361              eval("\$allreports .= \"".$templates->get("modcp_reports_allreport")."\";");
 362          }
 363      }
 364  
 365      $plugins->run_hooks("modcp_allreports_end");
 366  
 367      eval("\$allreportedposts = \"".$templates->get("modcp_reports_allreports")."\";");
 368      output_page($allreportedposts);
 369  }
 370  
 371  if($mybb->input['action'] == "modlogs")
 372  {
 373      add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");
 374  
 375      $perpage = intval($mybb->input['perpage']);
 376      if(!$perpage || $perpage <= 0)
 377      {
 378          $perpage = $mybb->settings['threadsperpage'];
 379      }
 380  
 381      $where = '';
 382  
 383      // Searching for entries by a particular user
 384      if($mybb->input['uid'])
 385      {
 386          $where .= " AND l.uid='".intval($mybb->input['uid'])."'";
 387      }
 388  
 389      // Searching for entries in a specific forum
 390      if($mybb->input['fid'])
 391      {
 392          $where .= " AND t.fid='".intval($mybb->input['fid'])."'";
 393      }
 394  
 395      // Order?
 396      switch($mybb->input['sortby'])
 397      {
 398          case "username":
 399              $sortby = "u.username";
 400              break;
 401          case "forum":
 402              $sortby = "f.name";
 403              break;
 404          case "thread":
 405              $sortby = "t.subject";
 406              break;
 407          default:
 408              $sortby = "l.dateline";
 409      }
 410      $order = $mybb->input['order'];
 411      if($order != "asc")
 412      {
 413          $order = "desc";
 414      }
 415  
 416      $plugins->run_hooks("modcp_modlogs_start");
 417  
 418      $query = $db->query("
 419          SELECT COUNT(l.dateline) AS count
 420          FROM ".TABLE_PREFIX."moderatorlog l
 421          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 422          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 423          WHERE 1=1 {$where}{$tflist}
 424      ");
 425      $rescount = $db->fetch_field($query, "count");
 426  
 427      // Figure out if we need to display multiple pages.
 428      if($mybb->input['page'] != "last")
 429      {
 430          $page = intval($mybb->input['page']);
 431      }
 432  
 433      $postcount = intval($rescount);
 434      $pages = $postcount / $perpage;
 435      $pages = ceil($pages);
 436  
 437      if($mybb->input['page'] == "last")
 438      {
 439          $page = $pages;
 440      }
 441  
 442      if($page > $pages || $page <= 0)
 443      {
 444          $page = 1;
 445      }
 446  
 447      if($page)
 448      {
 449          $start = ($page-1) * $perpage;
 450      }
 451      else
 452      {
 453          $start = 0;
 454          $page = 1;
 455      }
 456  
 457      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modlogs&amp;perpage=$perpage&amp;uid={$mybb->input['uid']}&amp;fid={$mybb->input['fid']}&amp;sortby={$mybb->input['sortby']}&amp;order={$mybb->input['order']}");
 458      if($postcount > $perpage)
 459      {
 460          eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");
 461      }
 462      $query = $db->query("
 463          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 464          FROM ".TABLE_PREFIX."moderatorlog l
 465          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 466          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 467          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 468          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 469          WHERE 1=1 {$where}{$tflist}
 470          ORDER BY {$sortby} {$order}
 471          LIMIT {$start}, {$perpage}
 472      ");
 473      while($logitem = $db->fetch_array($query))
 474      {
 475          $information = '';
 476          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
 477          $log_date = my_date($mybb->settings['dateformat'], $logitem['dateline']);
 478          $log_time = my_date($mybb->settings['timeformat'], $logitem['dateline']);
 479          $trow = alt_trow();
 480          $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
 481          $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
 482          if($logitem['tsubject'])
 483          {
 484              $information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />";
 485          }
 486          if($logitem['fname'])
 487          {
 488              $information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">{$logitem['fname']}</a><br />";
 489          }
 490          if($logitem['psubject'])
 491          {
 492              $information .= "<strong>{$lang->post}</strong> <a href=\"".get_post_link($logitem['pid'])."#pid{$logitem['pid']}\">".htmlspecialchars_uni($logitem['psubject'])."</a>";
 493          }
 494  
 495          // Edited a user?
 496          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
 497          {
 498              $data = unserialize($logitem['data']);
 499              if($data['uid'])
 500              {
 501                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
 502              }
 503          }
 504  
 505          eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");
 506      }
 507  
 508      if(!$results)
 509      {
 510          eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");
 511      }
 512  
 513      $plugins->run_hooks("modcp_modlogs_filter");
 514  
 515      // Fetch filter options
 516      $sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";
 517      $ordersel[$mybb->input['order']] = "selected=\"selected\"";
 518      $query = $db->query("
 519          SELECT DISTINCT l.uid, u.username
 520          FROM ".TABLE_PREFIX."moderatorlog l
 521          LEFT JOIN ".TABLE_PREFIX."users u ON (l.uid=u.uid)
 522          ORDER BY u.username ASC
 523      ");
 524      while($user = $db->fetch_array($query))
 525      {
 526          // Deleted Users
 527          if(!$user['username'])
 528          {
 529              $user['username'] = $lang->na_deleted;
 530          }
 531  
 532          $selected = '';
 533          if($mybb->input['uid'] == $user['uid'])
 534          {
 535              $selected = " selected=\"selected\"";
 536          }
 537          $user_options .= "<option value=\"{$user['uid']}\"{$selected}>".htmlspecialchars_uni($user['username'])."</option>\n";
 538      }
 539  
 540      $forum_select = build_forum_jump("", $mybb->input['fid'], 1, '', 0, true, '', "fid");
 541  
 542      eval("\$modlogs = \"".$templates->get("modcp_modlogs")."\";");
 543      output_page($modlogs);
 544  }
 545  
 546  if($mybb->input['action'] == "do_delete_announcement")
 547  {
 548      verify_post_check($mybb->input['my_post_key']);
 549  
 550      $aid = intval($mybb->input['aid']);
 551      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
 552      $announcement = $db->fetch_array($query);
 553  
 554      if(!$announcement['aid'])
 555      {
 556          error($lang->error_invalid_announcement);
 557      }
 558      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
 559      {
 560          error_no_permission();
 561      }
 562  
 563      $plugins->run_hooks("modcp_do_delete_announcement");
 564  
 565      $db->delete_query("announcements", "aid='{$aid}'");
 566      $cache->update_forumsdisplay();
 567  
 568      redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);
 569  }
 570  
 571  if($mybb->input['action'] == "delete_announcement")
 572  {
 573      $aid = intval($mybb->input['aid']);
 574      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
 575  
 576      $announcement = $db->fetch_array($query);
 577      $announcement['subject'] = htmlspecialchars_uni($announcement['subject']);
 578  
 579      if(!$announcement['aid'])
 580      {
 581          error($lang->error_invalid_announcement);
 582      }
 583  
 584      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
 585      {
 586          error_no_permission();
 587      }
 588  
 589      $plugins->run_hooks("modcp_delete_announcement");
 590  
 591      eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
 592      output_page($announcements);
 593  }
 594  
 595  if($mybb->input['action'] == "do_new_announcement")
 596  {
 597      verify_post_check($mybb->input['my_post_key']);
 598  
 599      $announcement_fid = intval($mybb->input['fid']);
 600      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid)) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
 601      {
 602          error_no_permission();
 603      }
 604  
 605      if(!trim($mybb->input['title']))
 606      {
 607          $errors[] = $lang->error_missing_title;
 608      }
 609  
 610      if(!trim($mybb->input['message']))
 611      {
 612          $errors[] = $lang->error_missing_message;
 613      }
 614  
 615      if(!trim($mybb->input['fid']))
 616      {
 617          $errors[] = $lang->error_missing_forum;
 618      }
 619  
 620      $startdate = @explode(" ", $mybb->input['starttime_time']);
 621      $startdate = @explode(":", $startdate[0]);
 622      $enddate = @explode(" ", $mybb->input['endtime_time']);
 623      $enddate = @explode(":", $enddate[0]);
 624  
 625      if(stristr($mybb->input['starttime_time'], "pm"))
 626      {
 627          $startdate[0] = 12+$startdate[0];
 628          if($startdate[0] >= 24)
 629          {
 630              $startdate[0] = "00";
 631          }
 632      }
 633  
 634      if(stristr($mybb->input['endtime_time'], "pm"))
 635      {
 636          $enddate[0] = 12+$enddate[0];
 637          if($enddate[0] >= 24)
 638          {
 639              $enddate[0] = "00";
 640          }
 641      }
 642  
 643      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
 644      if(!in_array($mybb->input['starttime_month'], $months))
 645      {
 646          $mybb->input['starttime_month'] = 1;
 647      }
 648  
 649      $startdate = gmmktime(intval($startdate[0]), intval($startdate[1]), 0, (int)$mybb->input['starttime_month'], intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year']));
 650      if(!checkdate(intval($mybb->input['starttime_month']), intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])) || $startdate < 0 || $startdate == false)
 651      {
 652          $errors[] = $lang->error_invalid_start_date;
 653      }
 654  
 655      if($mybb->input['endtime_type'] == "2")
 656      {
 657          $enddate = '0';
 658      }
 659      else
 660      {
 661          if(!in_array($mybb->input['endtime_month'], $months))
 662          {
 663              $mybb->input['endtime_month'] = 1;
 664          }
 665          $enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year']));
 666          if(!checkdate(intval($mybb->input['endtime_month']), intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])) || $enddate < 0 || $enddate == false)
 667          {
 668              $errors[] = $lang->error_invalid_end_date;
 669          }
 670          if($enddate <= $startdate)
 671          {
 672              $errors[] = $lang->error_end_before_start;
 673          }
 674      }
 675  
 676      $plugins->run_hooks("modcp_do_new_announcement_start");
 677  
 678      if(!$errors)
 679      {
 680          $insert_announcement = array(
 681              'fid' => $announcement_fid,
 682              'uid' => $mybb->user['uid'],
 683              'subject' => $db->escape_string($mybb->input['title']),
 684              'message' => $db->escape_string($mybb->input['message']),
 685              'startdate' => $startdate,
 686              'enddate' => $enddate,
 687              'allowhtml' => $db->escape_string($mybb->input['allowhtml']),
 688              'allowmycode' => $db->escape_string($mybb->input['allowmycode']),
 689              'allowsmilies' => $db->escape_string($mybb->input['allowsmilies']),
 690          );
 691  
 692          $aid = $db->insert_query("announcements", $insert_announcement);
 693  
 694          $plugins->run_hooks("modcp_do_new_announcement_end");
 695  
 696          $cache->update_forumsdisplay();
 697          redirect("modcp.php?action=announcements", $lang->redirect_add_announcement);
 698      }
 699      else
 700      {
 701          $mybb->input['action'] = 'new_announcement';
 702      }
 703  }
 704  
 705  if($mybb->input['action'] == "new_announcement")
 706  {
 707      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
 708      add_breadcrumb($lang->add_announcement, "modcp.php?action=new_announcements");
 709  
 710      $announcement_fid = intval($mybb->input['fid']);
 711  
 712      if(($mybb->usergroup['issupermod'] != 1 && $announcement_fid == -1) || ($announcement_fid != -1 && !is_moderator($announcement_fid)) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
 713      {
 714          error_no_permission();
 715      }
 716  
 717      // Deal with inline errors
 718      if(is_array($errors))
 719      {
 720          $errors = inline_error($errors);
 721  
 722          // Set $announcement to input stuff
 723          $announcement['subject'] = $mybb->input['title'];
 724          $announcement['message'] = $mybb->input['message'];
 725          $announcement['allowhtml'] = $mybb->input['allowhtml'];
 726          $announcement['allowmycode'] = $mybb->input['allowmycode'];
 727          $announcement['allowsmilies'] = $mybb->input['allowsmilies'];
 728  
 729          $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
 730          if(!in_array($mybb->input['starttime_month'], $months))
 731          {
 732              $mybb->input['starttime_month'] = 1;
 733          }
 734  
 735          if(!in_array($mybb->input['endtime_month'], $months))
 736          {
 737              $mybb->input['endtime_month'] = 1;
 738          }
 739  
 740          $startmonth = $mybb->input['starttime_month'];
 741          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
 742          $startday = intval($mybb->input['starttime_day']);
 743          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
 744          $endmonth = $mybb->input['endtime_month'];
 745          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
 746          $endday = intval($mybb->input['endtime_day']);
 747          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
 748      }
 749      else
 750      {
 751          // Note: dates are in GMT timezone
 752          $starttime_time = gmdate("g:i a", TIME_NOW);
 753          $endtime_time = gmdate("g:i a", TIME_NOW);
 754          $startday = $endday = gmdate("j", TIME_NOW);
 755          $startmonth = $endmonth = gmdate("m", TIME_NOW);
 756          $startdateyear = gmdate("Y", TIME_NOW);
 757  
 758          $enddateyear = $startdateyear+1;
 759      }
 760  
 761      // Generate form elements
 762      for($i = 1; $i <= 31; ++$i)
 763      {
 764          if($startday == $i)
 765          {
 766              $startdateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
 767          }
 768          else
 769          {
 770              $startdateday .= "<option value=\"$i\">$i</option>\n";
 771          }
 772  
 773          if($endday == $i)
 774          {
 775              $enddateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
 776          }
 777          else
 778          {
 779              $enddateday .= "<option value=\"$i\">$i</option>\n";
 780          }
 781      }
 782  
 783      $startmonthsel = $endmonthsel = array();
 784      $startmonthsel[$startmonth] = "selected=\"selected\"";
 785      $endmonthsel[$endmonth] = "selected=\"selected\"";
 786  
 787      $startdatemonth .= "<option value=\"01\" {$startmonthsel['01']}>{$lang->january}</option>\n";
 788      $enddatemonth .= "<option value=\"01\" {$endmonthsel['01']}>{$lang->january}</option>\n";
 789      $startdatemonth .= "<option value=\"02\" {$startmonthsel['02']}>{$lang->february}</option>\n";
 790      $enddatemonth .= "<option value=\"02\" {$endmonthsel['02']}>{$lang->february}</option>\n";
 791      $startdatemonth .= "<option value=\"03\" {$startmonthsel['03']}>{$lang->march}</option>\n";
 792      $enddatemonth .= "<option value=\"03\" {$endmonthsel['03']}>{$lang->march}</option>\n";
 793      $startdatemonth .= "<option value=\"04\" {$startmonthsel['04']}>{$lang->april}</option>\n";
 794      $enddatemonth .= "<option value=\"04\" {$endmonthsel['04']}>{$lang->april}</option>\n";
 795      $startdatemonth .= "<option value=\"05\" {$startmonthsel['05']}>{$lang->may}</option>\n";
 796      $enddatemonth .= "<option value=\"05\" {$endmonthsel['05']}>{$lang->may}</option>\n";
 797      $startdatemonth .= "<option value=\"06\" {$startmonthsel['06']}>{$lang->june}</option>\n";
 798      $enddatemonth .= "<option value=\"06\" {$endmonthsel['06']}>{$lang->june}</option>\n";
 799      $startdatemonth .= "<option value=\"07\" {$startmonthsel['07']}>{$lang->july}</option>\n";
 800      $enddatemonth .= "<option value=\"07\" {$endmonthsel['07']}>{$lang->july}</option>\n";
 801      $startdatemonth .= "<option value=\"08\" {$startmonthsel['08']}>{$lang->august}</option>\n";
 802      $enddatemonth .= "<option value=\"08\" {$endmonthsel['08']}>{$lang->august}</option>\n";
 803      $startdatemonth .= "<option value=\"09\" {$startmonthsel['09']}>{$lang->september}</option>\n";
 804      $enddatemonth .= "<option value=\"09\" {$endmonthsel['09']}>{$lang->september}</option>\n";
 805      $startdatemonth .= "<option value=\"10\" {$startmonthsel['10']}>{$lang->october}</option>\n";
 806      $enddatemonth .= "<option value=\"10\" {$endmonthsel['10']}>{$lang->october}</option>\n";
 807      $startdatemonth .= "<option value=\"11\" {$startmonthsel['11']}>{$lang->november}</option>\n";
 808      $enddatemonth .= "<option value=\"11\" {$endmonthsel['11']}>{$lang->november}</option>\n";
 809      $startdatemonth .= "<option value=\"12\" {$startmonthsel['12']}>{$lang->december}</option>\n";
 810      $enddatemonth .= "<option value=\"12\" {$endmonthsel['12']}>{$lang->december}</option>\n";
 811  
 812      $title = htmlspecialchars_uni($announcement['subject']);
 813      $message = htmlspecialchars_uni($announcement['message']);
 814  
 815      $html_sel = $mycode_sel = $smilies_sel = array();
 816      if($mybb->input['allowhtml'] || !isset($mybb->input['allowhtml']))
 817      {
 818          $html_sel['yes'] = ' checked="checked"';
 819      }
 820      else
 821      {
 822          $html_sel['no'] = ' checked="checked"';
 823      }
 824  
 825      if($mybb->input['allowmycode'] || !isset($mybb->input['allowmycode']))
 826      {
 827          $mycode_sel['yes'] = ' checked="checked"';
 828      }
 829      else
 830      {
 831          $mycode_sel['no'] = ' checked="checked"';
 832      }
 833  
 834      if($mybb->input['allowsmilies'] || !isset($mybb->input['allowsmilies']))
 835      {
 836          $smilies_sel['yes'] = ' checked="checked"';
 837      }
 838      else
 839      {
 840          $smilies_sel['no'] = ' checked="checked"';
 841      }
 842  
 843      if($mybb->input['endtime_type'] == 2 || !isset($mybb->input['endtime_type']))
 844      {
 845          $end_type_sel['infinite'] = ' checked="checked"';
 846      }
 847      else
 848      {
 849          $end_type_sel['finite'] = ' checked="checked"';
 850      }
 851  
 852      // MyCode editor
 853      $codebuttons = build_mycode_inserter();
 854      $smilieinserter = build_clickable_smilies();
 855  
 856      $plugins->run_hooks("modcp_new_announcement");
 857  
 858      eval("\$announcements = \"".$templates->get("modcp_announcements_new")."\";");
 859      output_page($announcements);
 860  }
 861  
 862  if($mybb->input['action'] == "do_edit_announcement")
 863  {
 864      verify_post_check($mybb->input['my_post_key']);
 865  
 866      // Get the announcement
 867      $aid = intval($mybb->input['aid']);
 868      $query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
 869      $announcement = $db->fetch_array($query);
 870  
 871      // Check that it exists
 872      if(!$announcement['aid'])
 873      {
 874          error($lang->error_invalid_announcement);
 875      }
 876  
 877      // Mod has permissions to edit this announcement
 878      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
 879      {
 880          error_no_permission();
 881      }
 882  
 883      // Basic error checking
 884      if(!trim($mybb->input['title']))
 885      {
 886          $errors[] = $lang->error_missing_title;
 887      }
 888  
 889      if(!trim($mybb->input['message']))
 890      {
 891          $errors[] = $lang->error_missing_message;
 892      }
 893  
 894      if(!trim($mybb->input['fid']))
 895      {
 896          $errors[] = $lang->error_missing_forum;
 897      }
 898  
 899      $startdate = @explode(" ", $mybb->input['starttime_time']);
 900      $startdate = @explode(":", $startdate[0]);
 901      $enddate = @explode(" ", $mybb->input['endtime_time']);
 902      $enddate = @explode(":", $enddate[0]);
 903  
 904      if(stristr($mybb->input['starttime_time'], "pm"))
 905      {
 906          $startdate[0] = 12+$startdate[0];
 907          if($startdate[0] >= 24)
 908          {
 909              $startdate[0] = "00";
 910          }
 911      }
 912  
 913      if(stristr($mybb->input['endtime_time'], "pm"))
 914      {
 915          $enddate[0] = 12+$enddate[0];
 916          if($enddate[0] >= 24)
 917          {
 918              $enddate[0] = "00";
 919          }
 920      }
 921  
 922      $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
 923      if(!in_array($mybb->input['starttime_month'], $months))
 924      {
 925          $mybb->input['starttime_month'] = 1;
 926      }
 927  
 928      $startdate = gmmktime(intval($startdate[0]), intval($startdate[1]), 0, (int)$mybb->input['starttime_month'], intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year']));
 929      if(!checkdate(intval($mybb->input['starttime_month']), intval($mybb->input['starttime_day']), intval($mybb->input['starttime_year'])) || $startdate < 0 || $startdate == false)
 930      {
 931          $errors[] = $lang->error_invalid_start_date;
 932      }
 933  
 934      if($mybb->input['endtime_type'] == "2")
 935      {
 936          $enddate = '0';
 937      }
 938      else
 939      {
 940          if(!in_array($mybb->input['endtime_month'], $months))
 941          {
 942              $mybb->input['endtime_month'] = 1;
 943          }
 944          $enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year']));
 945          if(!checkdate(intval($mybb->input['endtime_month']), intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year'])) || $enddate < 0 || $enddate == false)
 946          {
 947              $errors[] = $lang->error_invalid_end_date;
 948          }
 949          elseif($enddate <= $startdate)
 950          {
 951              $errors[] = $lang->error_end_before_start;
 952          }
 953      }
 954  
 955      $plugins->run_hooks("modcp_do_edit_announcement_start");
 956  
 957      // Proceed to update if no errors
 958      if(!$errors)
 959      {
 960          $update_announcement = array(
 961              'uid' => $mybb->user['uid'],
 962              'subject' => $db->escape_string($mybb->input['title']),
 963              'message' => $db->escape_string($mybb->input['message']),
 964              'startdate' => $startdate,
 965              'enddate' => $enddate,
 966              'allowhtml' => $db->escape_string($mybb->input['allowhtml']),
 967              'allowmycode' => $db->escape_string($mybb->input['allowmycode']),
 968              'allowsmilies' => $db->escape_string($mybb->input['allowsmilies']),
 969          );
 970  
 971          $db->update_query("announcements", $update_announcement, "aid='{$aid}'");
 972  
 973          $plugins->run_hooks("modcp_do_edit_announcement_end");
 974  
 975          $cache->update_forumsdisplay();
 976          redirect("modcp.php?action=announcements", $lang->redirect_edit_announcement);
 977      }
 978      else
 979      {
 980          $mybb->input['action'] = 'edit_announcement';
 981      }
 982  }
 983  
 984  if($mybb->input['action'] == "edit_announcement")
 985  {
 986      $announcement_fid = intval($mybb->input['fid']);
 987      $aid = intval($mybb->input['aid']);
 988  
 989      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
 990      add_breadcrumb($lang->edit_announcement, "modcp.php?action=edit_announcements&amp;aid={$aid}");
 991  
 992      // Get announcement
 993      $query = $db->simple_select("announcements", "*", "aid='{$aid}'");
 994      $announcement = $db->fetch_array($query);
 995  
 996      if(!$announcement['fid'])
 997      {
 998          error($lang->error_invalid_announcement);
 999      }
1000      if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])) || ($unviewableforums && in_array($announcement['fid'], $unviewableforums)))
1001      {
1002          error_no_permission();
1003      }
1004  
1005      if(!$announcement['startdate'])
1006      {
1007          // No start date? Make it now.
1008          $announcement['startdate'] = TIME_NOW;
1009      }
1010  
1011      $makeshift_end = false;
1012      if(!$announcement['enddate'])
1013      {
1014          $makeshift_end = true;
1015          $makeshift_time = TIME_NOW;
1016          if($announcement['startdate'])
1017          {
1018              $makeshift_time = $announcement['startdate'];
1019          }
1020  
1021          // No end date? Make it a year from now.
1022          $announcement['enddate'] = $makeshift_time + (60 * 60 * 24 * 366);
1023      }
1024  
1025      // Deal with inline errors
1026      if(is_array($errors))
1027      {
1028          $errors = inline_error($errors);
1029  
1030          // Set $announcement to input stuff
1031          $announcement['subject'] = $mybb->input['title'];
1032          $announcement['message'] = $mybb->input['message'];
1033          $announcement['allowhtml'] = $mybb->input['allowhtml'];
1034          $announcement['allowmycode'] = $mybb->input['allowmycode'];
1035          $announcement['allowsmilies'] = $mybb->input['allowsmilies'];
1036  
1037          $months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');
1038          if(!in_array($mybb->input['starttime_month'], $months))
1039          {
1040              $mybb->input['starttime_month'] = 1;
1041          }
1042  
1043          if(!in_array($mybb->input['endtime_month'], $months))
1044          {
1045              $mybb->input['endtime_month'] = 1;
1046          }
1047  
1048          $startmonth = $mybb->input['starttime_month'];
1049          $startdateyear = htmlspecialchars_uni($mybb->input['starttime_year']);
1050          $startday = intval($mybb->input['starttime_day']);
1051          $starttime_time = htmlspecialchars_uni($mybb->input['starttime_time']);
1052          $endmonth = $mybb->input['endtime_month'];
1053          $enddateyear = htmlspecialchars_uni($mybb->input['endtime_year']);
1054          $endday = intval($mybb->input['endtime_day']);
1055          $endtime_time = htmlspecialchars_uni($mybb->input['endtime_time']);
1056  
1057          $errored = true;
1058      }
1059      else
1060      {
1061          // Note: dates are in GMT timezone
1062          $starttime_time = gmdate('g:i a', $announcement['startdate']);
1063          $endtime_time = gmdate('g:i a', $announcement['enddate']);
1064  
1065          $startday = gmdate('j', $announcement['startdate']);
1066          $endday = gmdate('j', $announcement['enddate']);
1067  
1068          $startmonth = gmdate('m', $announcement['startdate']);
1069          $endmonth = gmdate('m', $announcement['enddate']);
1070  
1071          $startdateyear = gmdate('Y', $announcement['startdate']);
1072          $enddateyear = gmdate('Y', $announcement['enddate']);
1073  
1074          $errored = false;
1075      }
1076  
1077      // Generate form elements
1078      for($i = 1; $i <= 31; ++$i)
1079      {
1080          if($startday == $i)
1081          {
1082              $startdateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
1083          }
1084          else
1085          {
1086              $startdateday .= "<option value=\"$i\">$i</option>\n";
1087          }
1088  
1089          if($endday == $i)
1090          {
1091              $enddateday .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
1092          }
1093          else
1094          {
1095              $enddateday .= "<option value=\"$i\">$i</option>\n";
1096          }
1097      }
1098  
1099      $startmonthsel = $endmonthsel = array();
1100      $startmonthsel[$startmonth] = "selected=\"selected\"";
1101      $endmonthsel[$endmonth] = "selected=\"selected\"";
1102  
1103      $startdatemonth .= "<option value=\"01\" {$startmonthsel['01']}>{$lang->january}</option>\n";
1104      $enddatemonth .= "<option value=\"01\" {$endmonthsel['01']}>{$lang->january}</option>\n";
1105      $startdatemonth .= "<option value=\"02\" {$startmonthsel['02']}>{$lang->february}</option>\n";
1106      $enddatemonth .= "<option value=\"02\" {$endmonthsel['02']}>{$lang->february}</option>\n";
1107      $startdatemonth .= "<option value=\"03\" {$startmonthsel['03']}>{$lang->march}</option>\n";
1108      $enddatemonth .= "<option value=\"03\" {$endmonthsel['03']}>{$lang->march}</option>\n";
1109      $startdatemonth .= "<option value=\"04\" {$startmonthsel['04']}>{$lang->april}</option>\n";
1110      $enddatemonth .= "<option value=\"04\" {$endmonthsel['04']}>{$lang->april}</option>\n";
1111      $startdatemonth .= "<option value=\"05\" {$startmonthsel['05']}>{$lang->may}</option>\n";
1112      $enddatemonth .= "<option value=\"05\" {$endmonthsel['05']}>{$lang->may}</option>\n";
1113      $startdatemonth .= "<option value=\"06\" {$startmonthsel['06']}>{$lang->june}</option>\n";
1114      $enddatemonth .= "<option value=\"06\" {$endmonthsel['06']}>{$lang->june}</option>\n";
1115      $startdatemonth .= "<option value=\"07\" {$startmonthsel['07']}>{$lang->july}</option>\n";
1116      $enddatemonth .= "<option value=\"07\" {$endmonthsel['07']}>{$lang->july}</option>\n";
1117      $startdatemonth .= "<option value=\"08\" {$startmonthsel['08']}>{$lang->august}</option>\n";
1118      $enddatemonth .= "<option value=\"08\" {$endmonthsel['08']}>{$lang->august}</option>\n";
1119      $startdatemonth .= "<option value=\"09\" {$startmonthsel['09']}>{$lang->september}</option>\n";
1120      $enddatemonth .= "<option value=\"09\" {$endmonthsel['09']}>{$lang->september}</option>\n";
1121      $startdatemonth .= "<option value=\"10\" {$startmonthsel['10']}>{$lang->october}</option>\n";
1122      $enddatemonth .= "<option value=\"10\" {$endmonthsel['10']}>{$lang->october}</option>\n";
1123      $startdatemonth .= "<option value=\"11\" {$startmonthsel['11']}>{$lang->november}</option>\n";
1124      $enddatemonth .= "<option value=\"11\" {$endmonthsel['11']}>{$lang->november}</option>\n";
1125      $startdatemonth .= "<option value=\"12\" {$startmonthsel['12']}>{$lang->december}</option>\n";
1126      $enddatemonth .= "<option value=\"12\" {$endmonthsel['12']}>{$lang->december}</option>\n";
1127  
1128      $title = htmlspecialchars_uni($announcement['subject']);
1129      $message = htmlspecialchars_uni($announcement['message']);
1130  
1131      $html_sel = $mycode_sel = $smilies_sel = array();
1132      if($announcement['allowhtml'])
1133      {
1134          $html_sel['yes'] = ' checked="checked"';
1135      }
1136      else
1137      {
1138          $html_sel['no'] = ' checked="checked"';
1139      }
1140  
1141      if($announcement['allowmycode'])
1142      {
1143          $mycode_sel['yes'] = ' checked="checked"';
1144      }
1145      else
1146      {
1147          $mycode_sel['no'] = ' checked="checked"';
1148      }
1149  
1150      if($announcement['allowsmilies'])
1151      {
1152          $smilies_sel['yes'] = ' checked="checked"';
1153      }
1154      else
1155      {
1156          $smilies_sel['no'] = ' checked="checked"';
1157      }
1158  
1159      if(($errored && $mybb->input['endtime_type'] == 2) || (!$errored && intval($announcement['enddate']) == 0) || $makeshift_end == true)
1160      {
1161          $end_type_sel['infinite'] = ' checked="checked"';
1162      }
1163      else
1164      {
1165          $end_type_sel['finite'] = ' checked="checked"';
1166      }
1167  
1168      // MyCode editor
1169      $codebuttons = build_mycode_inserter();
1170      $smilieinserter = build_clickable_smilies();
1171  
1172      $plugins->run_hooks("modcp_edit_announcement");
1173  
1174      eval("\$announcements = \"".$templates->get("modcp_announcements_edit")."\";");
1175      output_page($announcements);
1176  }
1177  
1178  if($mybb->input['action'] == "announcements")
1179  {
1180      add_breadcrumb($lang->mcp_nav_announcements, "modcp.php?action=announcements");
1181  
1182      // Fetch announcements into their proper arrays
1183      $query = $db->simple_select("announcements", "aid, fid, subject, enddate");
1184      while($announcement = $db->fetch_array($query))
1185      {
1186          if($announcement['fid'] == -1)
1187          {
1188              $global_announcements[$announcement['aid']] = $announcement;
1189              continue;
1190          }
1191          $announcements[$announcement['fid']][$announcement['aid']] = $announcement;
1192      }
1193  
1194      if($mybb->usergroup['issupermod'] == 1)
1195      {
1196          if($global_announcements && $mybb->usergroup['issupermod'] == 1)
1197          {
1198              // Get the global announcements
1199              foreach($global_announcements as $aid => $announcement)
1200              {
1201                  $trow = alt_trow();
1202                  if($announcement['startdate'] > TIME_NOW || ($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0))
1203                  {
1204                      $icon = "<img src=\"{$theme['imgdir']}/minioff.gif\" alt=\"({$lang->expired})\" title=\"{$lang->expired_announcement}\"  style=\"vertical-align: middle;\" /> ";
1205                  }
1206                  else
1207                  {
1208                      $icon = "<img src=\"{$theme['imgdir']}/minion.gif\" alt=\"({$lang->active})\" title=\"{$lang->active_announcement}\"  style=\"vertical-align: middle;\" /> ";
1209                  }
1210  
1211                  $subject = htmlspecialchars_uni($announcement['subject']);
1212  
1213                  eval("\$announcements_global .= \"".$templates->get("modcp_announcements_announcement_global")."\";");
1214              }
1215          }
1216          else
1217          {
1218              // No global announcements
1219              eval("\$announcements_global = \"".$templates->get("modcp_no_announcements_global")."\";");
1220          }
1221          eval("\$announcements_global = \"".$templates->get("modcp_announcements_global")."\";");
1222      }
1223      else
1224      {
1225          // Moderator is not super, so don't show global annnouncemnets
1226          $announcements_global = '';
1227      }
1228  
1229      fetch_forum_announcements();
1230  
1231      if(!$announcements_forum)
1232      {
1233          eval("\$announcements_forum = \"".$templates->get("modcp_no_announcements_forum")."\";");
1234      }
1235  
1236      $plugins->run_hooks("modcp_announcements");
1237  
1238      eval("\$announcements = \"".$templates->get("modcp_announcements")."\";");
1239      output_page($announcements);
1240  }
1241  
1242  if($mybb->input['action'] == "do_modqueue")
1243  {
1244      require_once  MYBB_ROOT."inc/class_moderation.php";
1245      $moderation = new Moderation;
1246  
1247      // Verify incoming POST request
1248      verify_post_check($mybb->input['my_post_key']);
1249  
1250      $plugins->run_hooks("modcp_do_modqueue_start");
1251  
1252      if(is_array($mybb->input['threads']))
1253      {
1254          // Fetch threads
1255          $query = $db->simple_select("threads", "tid", "tid IN (".implode(",", array_map("intval", array_keys($mybb->input['threads'])))."){$flist}");
1256          while($thread = $db->fetch_array($query))
1257          {
1258              $action = $mybb->input['threads'][$thread['tid']];
1259              if($action == "approve")
1260              {
1261                  $threads_to_approve[] = $thread['tid'];
1262              }
1263              else if($action == "delete")
1264              {
1265                  $threads_to_delete[] = $thread['tid'];
1266              }
1267          }
1268          if(!empty($threads_to_approve))
1269          {
1270              $moderation->approve_threads($threads_to_approve);
1271              log_moderator_action(array('tids' => $threads_to_approve), $lang->multi_approve_threads);
1272          }
1273          if(!empty($threads_to_delete))
1274          {
1275              foreach($threads_to_delete as $tid)
1276              {
1277                  $moderation->delete_thread($tid);
1278              }
1279              log_moderator_action(array('tids' => $threads_to_delete), $lang->multi_delete_threads);
1280          }
1281  
1282          $plugins->run_hooks("modcp_do_modqueue_end");
1283  
1284          redirect("modcp.php?action=modqueue", $lang->redirect_threadsmoderated);
1285      }
1286      else if(is_array($mybb->input['posts']))
1287      {
1288          // Fetch posts
1289          $query = $db->simple_select("posts", "pid", "pid IN (".implode(",", array_map("intval", array_keys($mybb->input['posts'])))."){$flist}");
1290          while($post = $db->fetch_array($query))
1291          {
1292              $action = $mybb->input['posts'][$post['pid']];
1293              if($action == "approve")
1294              {
1295                  $posts_to_approve[] = $post['pid'];
1296              }
1297              else if($action == "delete")
1298              {
1299                  $moderation->delete_post($post['pid']);
1300              }
1301          }
1302          if(is_array($posts_to_approve))
1303          {
1304              $moderation->approve_posts($posts_to_approve);
1305          }
1306          log_moderator_action(array('pids' => $posts_to_approve), $lang->multi_approve_posts);
1307  
1308          $plugins->run_hooks("modcp_do_modqueue_end");
1309  
1310          redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated);
1311      }
1312      else if(is_array($mybb->input['attachments']))
1313      {
1314          $query = $db->query("
1315              SELECT a.pid, a.aid
1316              FROM  ".TABLE_PREFIX."attachments a
1317              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
1318              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
1319              WHERE aid IN (".implode(",", array_map("intval", array_keys($mybb->input['attachments'])))."){$tflist}
1320          ");
1321          while($attachment = $db->fetch_array($query))
1322          {
1323              $action = $mybb->input['attachments'][$attachment['aid']];
1324              if($action == "approve")
1325              {
1326                  $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");
1327              }
1328              else if($action == "delete")
1329              {
1330                  remove_attachment($attachment['pid'], '', $attachment['aid']);
1331              }
1332          }
1333  
1334          $plugins->run_hooks("modcp_do_modqueue_end");
1335  
1336          redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
1337      }
1338  }
1339  
1340  if($mybb->input['action'] == "modqueue")
1341  {
1342      if($mybb->input['type'] == "threads" || !$mybb->input['type'])
1343      {
1344          $forum_cache = $cache->read("forums");
1345  
1346          $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}");
1347          $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
1348  
1349          // Figure out if we need to display multiple pages.
1350          if($mybb->input['page'] != "last")
1351          {
1352              $page = intval($mybb->input['page']);
1353          }
1354  
1355          $perpage = $mybb->settings['threadsperpage'];
1356          $pages = $unapproved_threads / $perpage;
1357          $pages = ceil($pages);
1358  
1359          if($mybb->input['page'] == "last")
1360          {
1361              $page = $pages;
1362          }
1363  
1364          if($page > $pages || $page <= 0)
1365          {
1366              $page = 1;
1367          }
1368  
1369          if($page)
1370          {
1371              $start = ($page-1) * $perpage;
1372          }
1373          else
1374          {
1375              $start = 0;
1376              $page = 1;
1377          }
1378  
1379          $multipage = multipage($unapproved_threads, $perpage, $page, "modcp.php?action=modqueue&type=threads");
1380  
1381          $query = $db->query("
1382              SELECT t.tid, t.dateline, t.fid, t.subject, t.username AS threadusername, p.message AS postmessage, u.username AS username, t.uid
1383              FROM ".TABLE_PREFIX."threads t
1384              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=t.firstpost)
1385              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
1386              WHERE t.visible='0' {$tflist}
1387              ORDER BY t.lastpost DESC
1388              LIMIT {$start}, {$perpage}
1389          ");
1390          while($thread = $db->fetch_array($query))
1391          {
1392              $altbg = alt_trow();
1393              $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
1394              $thread['threadlink'] = get_thread_link($thread['tid']);
1395              $thread['forumlink'] = get_forum_link($thread['fid']);
1396              $forum_name = $forum_cache[$thread['fid']]['name'];
1397              $threaddate = my_date($mybb->settings['dateformat'], $thread['dateline']);
1398              $threadtime = my_date($mybb->settings['timeformat'], $thread['dateline']);
1399  
1400              if($thread['username'] == "")
1401              {
1402                  if($thread['threadusername'] != "")
1403                  {
1404                      $profile_link = $thread['threadusername'];
1405                  }
1406                  else
1407                  {
1408                      $profile_link = $lang->guest;
1409                  }
1410              }
1411              else
1412              {
1413                  $profile_link = build_profile_link($thread['username'], $thread['uid']);
1414              }
1415  
1416              $thread['postmessage'] = nl2br(htmlspecialchars_uni($thread['postmessage']));
1417              $forum = "<strong>{$lang->meta_forum} <a href=\"{$thread['forumlink']}\">{$forum_name}</a></strong>";
1418              eval("\$threads .= \"".$templates->get("modcp_modqueue_threads_thread")."\";");
1419          }
1420  
1421          if(!$threads && $mybb->input['type'] == "threads")
1422          {
1423              eval("\$threads = \"".$templates->get("modcp_modqueue_threads_empty")."\";");
1424          }
1425  
1426          if($threads)
1427          {
1428              add_breadcrumb($lang->mcp_nav_modqueue_threads, "modcp.php?action=modqueue&amp;type=threads");
1429  
1430              $plugins->run_hooks("modcp_modqueue_threads_end");
1431  
1432              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
1433              eval("\$threadqueue = \"".$templates->get("modcp_modqueue_threads")."\";");
1434              output_page($threadqueue);
1435          }
1436          $type = 'threads';
1437      }
1438  
1439      if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue))
1440      {
1441          $forum_cache = $cache->read("forums");
1442  
1443          $query = $db->query("
1444              SELECT COUNT(pid) AS unapprovedposts
1445              FROM  ".TABLE_PREFIX."posts p
1446              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
1447              WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
1448          ");
1449          $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
1450  
1451          // Figure out if we need to display multiple pages.
1452          if($mybb->input['page'] != "last")
1453          {
1454              $page = intval($mybb->input['page']);
1455          }
1456  
1457          $perpage = $mybb->settings['postsperpage'];
1458          $pages = $unapproved_posts / $perpage;
1459          $pages = ceil($pages);
1460  
1461          if($mybb->input['page'] == "last")
1462          {
1463              $page = $pages;
1464          }
1465  
1466          if($page > $pages || $page <= 0)
1467          {
1468              $page = 1;
1469          }
1470  
1471          if($page)
1472          {
1473              $start = ($page-1) * $perpage;
1474          }
1475          else
1476          {
1477              $start = 0;
1478              $page = 1;
1479          }
1480  
1481          $multipage = multipage($unapproved_posts, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");
1482  
1483          $query = $db->query("
1484              SELECT p.pid, p.subject, p.message, p.username AS postusername, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline
1485              FROM  ".TABLE_PREFIX."posts p
1486              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
1487              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
1488              WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
1489              ORDER BY p.dateline DESC
1490              LIMIT {$start}, {$perpage}
1491          ");
1492          while($post = $db->fetch_array($query))
1493          {
1494              $altbg = alt_trow();
1495              $post['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($post['threadsubject']));
1496              $post['threadlink'] = get_thread_link($post['tid']);
1497              $post['forumlink'] = get_forum_link($post['fid']);
1498              $post['postlink'] = get_post_link($post['pid'], $post['tid']);
1499              $forum_name = $forum_cache[$post['fid']]['name'];
1500              $postdate = my_date($mybb->settings['dateformat'], $post['dateline']);
1501              $posttime = my_date($mybb->settings['timeformat'], $post['dateline']);
1502  
1503              if($post['username'] == "")
1504              {
1505                  if($post['postusername'] != "")
1506                  {
1507                      $profile_link = $post['postusername'];
1508                  }
1509                  else
1510                  {
1511                      $profile_link = $lang->guest;
1512                  }
1513              }
1514              else
1515              {
1516                  $profile_link = build_profile_link($post['username'], $post['uid']);
1517              }
1518  
1519              $thread = "<strong>{$lang->meta_thread} <a href=\"{$post['threadlink']}\">{$post['threadsubject']}</a></strong>";
1520              $forum = "<strong>{$lang->meta_forum} <a href=\"{$post['forumlink']}\">{$forum_name}</a></strong><br />";
1521              $post['message'] = nl2br(htmlspecialchars_uni($post['message']));
1522              eval("\$posts .= \"".$templates->get("modcp_modqueue_posts_post")."\";");
1523          }
1524  
1525          if(!$posts && $mybb->input['type'] == "posts")
1526          {
1527              eval("\$posts = \"".$templates->get("modcp_modqueue_posts_empty")."\";");
1528          }
1529  
1530          if($posts)
1531          {
1532              add_breadcrumb($lang->mcp_nav_modqueue_posts, "modcp.php?action=modqueue&amp;type=posts");
1533  
1534              $plugins->run_hooks("modcp_modqueue_posts_end");
1535  
1536              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
1537              eval("\$postqueue = \"".$templates->get("modcp_modqueue_posts")."\";");
1538              output_page($postqueue);
1539          }
1540      }
1541  
1542      if($mybb->input['type'] == "attachments" || (!$mybb->input['type'] && !$postqueue && !$threadqueue))
1543      {
1544          $query = $db->query("
1545              SELECT COUNT(aid) AS unapprovedattachments
1546              FROM  ".TABLE_PREFIX."attachments a
1547              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
1548              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
1549              WHERE a.visible='0' {$tflist}
1550          ");
1551          $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
1552  
1553          // Figure out if we need to display multiple pages.
1554          if($mybb->input['page'] != "last")
1555          {
1556              $page = intval($mybb->input['page']);
1557          }
1558  
1559          $perpage = $mybb->settings['postsperpage'];
1560          $pages = $unapproved_attachments / $perpage;
1561          $pages = ceil($pages);
1562  
1563          if($mybb->input['page'] == "last")
1564          {
1565              $page = $pages;
1566          }
1567  
1568          if($page > $pages || $page <= 0)
1569          {
1570              $page = 1;
1571          }
1572  
1573          if($page)
1574          {
1575              $start = ($page-1) * $perpage;
1576          }
1577          else
1578          {
1579              $start = 0;
1580              $page = 1;
1581          }
1582  
1583          $multipage = multipage($unapproved_attachments, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");
1584  
1585          $query = $db->query("
1586              SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject
1587              FROM  ".TABLE_PREFIX."attachments a
1588              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
1589              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
1590              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
1591              WHERE a.visible='0'
1592              ORDER BY a.dateuploaded DESC
1593              LIMIT {$start}, {$perpage}
1594          ");
1595          while($attachment = $db->fetch_array($query))
1596          {
1597              $altbg = alt_trow();
1598  
1599              if(!$attachment['dateuploaded'])
1600              {
1601                  $attachment['dateuploaded'] = $attachment['dateline'];
1602              }
1603  
1604              $attachdate = my_date($mybb->settings['dateformat'], $attachment['dateuploaded']);
1605              $attachtime = my_date($mybb->settings['timeformat'], $attachment['dateuploaded']);
1606  
1607              $attachment['postsubject'] = htmlspecialchars_uni($attachment['postsubject']);
1608              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1609              $attachment['threadsubject'] = htmlspecialchars_uni($attachment['threadsubject']);
1610              $attachment['filesize'] = get_friendly_size($attachment['filesize']);
1611  
1612              $link = get_post_link($attachment['pid'], $attachment['tid']) . "#pid{$attachment['pid']}";
1613              $thread_link = get_thread_link($attachment['tid']);
1614              $profile_link = build_profile_link($attachment['username'], $attachment['uid']);
1615  
1616              eval("\$attachments .= \"".$templates->get("modcp_modqueue_attachments_attachment")."\";");
1617          }
1618  
1619          if(!$attachments && $mybb->input['type'] == "attachments")
1620          {
1621              eval("\$attachments = \"".$templates->get("modcp_modqueue_attachments_empty")."\";");
1622          }
1623  
1624          if($attachments)
1625          {
1626              add_breadcrumb($lang->mcp_nav_modqueue_attachments, "modcp.php?action=modqueue&amp;type=attachments");
1627  
1628              $plugins->run_hooks("modcp_modqueue_attachments_end");
1629  
1630              eval("\$mass_controls = \"".$templates->get("modcp_modqueue_masscontrols")."\";");
1631              eval("\$attachmentqueue = \"".$templates->get("modcp_modqueue_attachments")."\";");
1632              output_page($attachmentqueue);
1633          }
1634      }
1635  
1636      // Still nothing? All queues are empty! :-D
1637      if(!$threadqueue && !$postqueue && !$attachmentqueue)
1638      {
1639          add_breadcrumb($lang->mcp_nav_modqueue, "modcp.php?action=modqueue");
1640  
1641          $plugins->run_hooks("modcp_modqueue_end");
1642  
1643          eval("\$queue = \"".$templates->get("modcp_modqueue_empty")."\";");
1644          output_page($queue);
1645      }
1646  }
1647  
1648  if($mybb->input['action'] == "do_editprofile")
1649  {
1650      // Verify incoming POST request
1651      verify_post_check($mybb->input['my_post_key']);
1652  
1653      $user = get_user($mybb->input['uid']);
1654      if(!$user['uid'])
1655      {
1656          error($lang->invalid_user);
1657      }
1658  
1659      // Check if the current user has permission to edit this user
1660      if(!modcp_can_manage_user($user['uid']))
1661      {
1662          error_no_permission();
1663      }
1664  
1665      $plugins->run_hooks("modcp_do_editprofile_start");
1666  
1667      // Set up user handler.
1668      require_once  MYBB_ROOT."inc/datahandlers/user.php";
1669      $userhandler = new UserDataHandler('update');
1670  
1671      // Set the data for the new user.
1672      $updated_user = array(
1673          "uid" => $mybb->input['uid'],
1674          "profile_fields" => $mybb->input['profile_fields'],
1675          "profile_fields_editable" => true,
1676          "website" => $mybb->input['website'],
1677          "icq" => $mybb->input['icq'],
1678          "aim" => $mybb->input['aim'],
1679          "yahoo" => $mybb->input['yahoo'],
1680          "msn" => $mybb->input['msn'],
1681          "signature" => $mybb->input['signature'],
1682          "usernotes" => $mybb->input['usernotes']
1683      );
1684  
1685      $updated_user['birthday'] = array(
1686          "day" => $mybb->input['birthday_day'],
1687          "month" => $mybb->input['birthday_month'],
1688          "year" => $mybb->input['birthday_year']
1689      );
1690  
1691      if($mybb->input['usertitle'] != '')
1692      {
1693          $updated_user['usertitle'] = $mybb->input['usertitle'];
1694      }
1695      else if($mybb->input['reverttitle'])
1696      {
1697          $updated_user['usertitle'] = '';
1698      }
1699  
1700      if($mybb->input['remove_avatar'])
1701      {
1702          $updated_user['avatarurl'] = '';
1703      }
1704  
1705      // Set the data of the user in the datahandler.
1706      $userhandler->set_data($updated_user);
1707      $errors = '';
1708  
1709      // Validate the user and get any errors that might have occurred.
1710      if(!$userhandler->validate_user())
1711      {
1712          $errors = $userhandler->get_friendly_errors();
1713          $mybb->input['action'] = "editprofile";
1714      }
1715      else
1716      {
1717          // Are we removing an avatar from this user?
1718          if($mybb->input['remove_avatar'])
1719          {
1720              $extra_user_updates = array(
1721                  "avatar" => "",
1722                  "avatardimensions" => "",
1723                  "avatartype" => ""
1724              );
1725              remove_avatars($user['uid']);
1726          }
1727  
1728          // Moderator "Options" (suspend signature, suspend/moderate posting)
1729          $moderator_options = array(
1730              1 => array(
1731                  "action" => "suspendsignature", // The moderator action we're performing
1732                  "period" => "action_period", // The time period we've selected from the dropdown box
1733                  "time" => "action_time", // The time we've entered
1734                  "update_field" => "suspendsignature", // The field in the database to update if true
1735                  "update_length" => "suspendsigtime" // The length of suspension field in the database
1736              ),
1737              2 => array(
1738                  "action" => "moderateposting",
1739                  "period" => "modpost_period",
1740                  "time" => "modpost_time",
1741                  "update_field" => "moderateposts",
1742                  "update_length" => "moderationtime"
1743              ),
1744              3 => array(
1745                  "action" => "suspendposting",
1746                  "period" => "suspost_period",
1747                  "time" => "suspost_time",
1748                  "update_field" => "suspendposting",
1749                  "update_length" => "suspensiontime"
1750              )
1751          );
1752  
1753          require_once  MYBB_ROOT."inc/functions_warnings.php";
1754          foreach($moderator_options as $option)
1755          {
1756              $mybb->input[$option['time']] = intval($mybb->input[$option['time']]);
1757              if(!$mybb->input[$option['action']])
1758              {
1759                  if($user[$option['update_field']] == 1)
1760                  {
1761                      // We're revoking the suspension
1762                      $extra_user_updates[$option['update_field']] = 0;
1763                      $extra_user_updates[$option['update_length']] = 0;
1764                  }
1765  
1766                  // Skip this option if we haven't selected it
1767                  continue;
1768              }
1769  
1770              if($mybb->input[$option['action']])
1771              {
1772                  if($mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
1773                  {
1774                      // User has selected a type of ban, but not entered a valid time frame
1775                      $string = $option['action']."_error";
1776                      $errors[] = $lang->$string;
1777                  }
1778  
1779                  if(!is_array($errors))
1780                  {
1781                      $suspend_length = fetch_time_length(intval($mybb->input[$option['time']]), $mybb->input[$option['period']]);
1782  
1783                      if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
1784                      {
1785                          // We already have a suspension, but entered a new time
1786                          if($suspend_length == "-1")
1787                          {
1788                              // Permanent ban on action
1789                              $extra_user_updates[$option['update_length']] = 0;
1790                          }
1791                          elseif($suspend_length && $suspend_length != "-1")
1792                          {
1793                              // Temporary ban on action
1794                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
1795                          }
1796                      }
1797                      elseif(!$user[$option['update_field']])
1798                      {
1799                          // New suspension for this user... bad user!
1800                          $extra_user_updates[$option['update_field']] = 1;
1801                          if($suspend_length == "-1")
1802                          {
1803                              $extra_user_updates[$option['update_length']] = 0;
1804                          }
1805                          else
1806                          {
1807                              $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
1808                          }
1809                      }
1810                  }
1811              }
1812          }
1813  
1814          // Those with javascript turned off will be able to select both - cheeky!
1815          // Check to make sure we're not moderating AND suspending posting
1816          if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
1817          {
1818              $errors[] = $lang->suspendmoderate_error;
1819          }
1820  
1821          if(is_array($errors))
1822          {
1823              $mybb->input['action'] = "editprofile";
1824          }
1825          else
1826          {
1827              $plugins->run_hooks("modcp_do_editprofile_update");
1828  
1829              // Continue with the update if there is no errors
1830              $user_info = $userhandler->update_user();
1831              $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
1832              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user);
1833  
1834              $plugins->run_hooks("modcp_do_editprofile_end");
1835  
1836              redirect("modcp.php?action=finduser", $lang->redirect_user_updated);
1837          }
1838      }
1839  }
1840  
1841  if($mybb->input['action'] == "editprofile")
1842  {
1843      add_breadcrumb($lang->mcp_nav_editprofile, "modcp.php?action=editprofile");
1844  
1845      $user = get_user($mybb->input['uid']);
1846      if(!$user['uid'])
1847      {
1848          error($lang->invalid_user);
1849      }
1850  
1851      // Check if the current user has permission to edit this user
1852      if(!modcp_can_manage_user($user['uid']))
1853      {
1854          error_no_permission();
1855      }
1856  
1857      if($user['website'] == "" || $user['website'] == "http://")
1858      {
1859          $user['website'] = "http://";
1860      }
1861  
1862      if($user['icq'] != "0")
1863      {
1864          $user['icq'] = intval($user['icq']);
1865      }
1866      if($user['icq'] == 0)
1867      {
1868          $user['icq'] = "";
1869      }
1870  
1871      if(!$errors)
1872      {
1873          $mybb->input = array_merge($user, $mybb->input);
1874          list($mybb->input['birthday_day'], $mybb->input['birthday_month'], $mybb->input['birthday_year']) = explode("-", $user['birthday']);
1875      }
1876      else
1877      {
1878          $errors = inline_error($errors);
1879      }
1880  
1881      // Sanitize all input
1882      foreach(array('usertitle', 'website', 'icq', 'aim', 'yahoo', 'msn', 'signature', 'birthday_day', 'birthday_month', 'birthday_year') as $field)
1883      {
1884          $mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]);
1885      }
1886  
1887      // Custom user title, check to see if we have a default group title
1888      if(!$user['displaygroup'])
1889      {
1890          $user['displaygroup'] = $user['usergroup'];
1891      }
1892  
1893      $displaygroupfields = array('usertitle');
1894      $display_group = usergroup_displaygroup($user['displaygroup']);
1895  
1896      if(!empty($display_group['usertitle']))
1897      {
1898          $defaulttitle = $display_group['usertitle'];
1899      }
1900      else
1901      {
1902          // Go for post count title if a group default isn't set
1903          $usertitles = $cache->read('usertitles');
1904  
1905          foreach($usertitles as $title)
1906          {
1907              if($title['posts'] <= $mybb->user['postnum'])
1908              {
1909                  $defaulttitle = $title['title'];
1910              }
1911          }
1912      }
1913  
1914      if(empty($user['usertitle']))
1915      {
1916          $lang->current_custom_usertitle = '';
1917      }
1918  
1919      $bdaysel = '';
1920      for($i = 1; $i <= 31; ++$i)
1921      {
1922          if($mybb->input['birthday_day'] == $i)
1923          {
1924              $bdaydaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
1925          }
1926          else
1927          {
1928              $bdaydaysel .= "<option value=\"$i\">$i</option>\n";
1929          }
1930      }
1931      $bdaymonthsel[$mybb->input['birthday_month']] = 'selected="selected"';
1932  
1933      $plugins->run_hooks("modcp_editprofile_start");
1934  
1935      // Fetch profile fields
1936      $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
1937      $user_fields = $db->fetch_array($query);
1938  
1939      $requiredfields = '';
1940      $customfields = '';
1941      $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder'));
1942      while($profilefield = $db->fetch_array($query))
1943      {
1944          $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
1945          $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
1946          $thing = explode("\n", $profilefield['type'], "2");
1947          $type = $thing[0];
1948          $options = $thing[1];
1949          $field = "fid{$profilefield['fid']}";
1950          $select = '';
1951          if($errors)
1952          {
1953              $userfield = $mybb->input['profile_fields'][$field];
1954          }
1955          else
1956          {
1957              $userfield = $user_fields[$field];
1958          }
1959          if($type == "multiselect")
1960          {
1961              if($errors)
1962              {
1963                  $useropts = $userfield;
1964              }
1965              else
1966              {
1967                  $useropts = explode("\n", $userfield);
1968              }
1969              if(is_array($useropts))
1970              {
1971                  foreach($useropts as $key => $val)
1972                  {
1973                      $seloptions[$val] = $val;
1974                  }
1975              }
1976              $expoptions = explode("\n", $options);
1977              if(is_array($expoptions))
1978              {
1979                  foreach($expoptions as $key => $val)
1980                  {
1981                      $val = trim($val);
1982                      $val = str_replace("\n", "\\n", $val);
1983  
1984                      $sel = "";
1985                      if($val == $seloptions[$val])
1986                      {
1987                          $sel = " selected=\"selected\"";
1988                      }
1989                      $select .= "<option value=\"$val\"$sel>$val</option>\n";
1990                  }
1991                  if(!$profilefield['length'])
1992                  {
1993                      $profilefield['length'] = 3;
1994                  }
1995                  $code = "<select name=\"profile_fields[$field][]\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>";
1996              }
1997          }
1998          elseif($type == "select")
1999          {
2000              $expoptions = explode("\n", $options);
2001              if(is_array($expoptions))
2002              {
2003                  foreach($expoptions as $key => $val)
2004                  {
2005                      $val = trim($val);
2006                      $val = str_replace("\n", "\\n", $val);
2007                      $sel = "";
2008                      if($val == $userfield)
2009                      {
2010                          $sel = " selected=\"selected\"";
2011                      }
2012                      $select .= "<option value=\"$val\"$sel>$val</option>";
2013                  }
2014                  if(!$profilefield['length'])
2015                  {
2016                      $profilefield['length'] = 1;
2017                  }
2018                  $code = "<select name=\"profile_fields[$field]\" size=\"{$profilefield['length']}\">$select</select>";
2019              }
2020          }
2021          elseif($type == "radio")
2022          {
2023              $expoptions = explode("\n", $options);
2024              if(is_array($expoptions))
2025              {
2026                  foreach($expoptions as $key => $val)
2027                  {
2028                      $checked = "";
2029                      if($val == $userfield)
2030                      {
2031                          $checked = " checked=\"checked\"";
2032                      }
2033                      $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />";
2034                  }
2035              }
2036          }
2037          elseif($type == "checkbox")
2038          {
2039              if($errors)
2040              {
2041                  $useropts = $userfield;
2042              }
2043              else
2044              {
2045                  $useropts = explode("\n", $userfield);
2046              }
2047              if(is_array($useropts))
2048              {
2049                  foreach($useropts as $key => $val)
2050                  {
2051                      $seloptions[$val] = $val;
2052                  }
2053              }
2054              $expoptions = explode("\n", $options);
2055              if(is_array($expoptions))
2056              {
2057                  foreach($expoptions as $key => $val)
2058                  {
2059                      $checked = "";
2060                      if($val == $seloptions[$val])
2061                      {
2062                          $checked = " checked=\"checked\"";
2063                      }
2064                      $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />";
2065                  }
2066              }
2067          }
2068          elseif($type == "textarea")
2069          {
2070              $value = htmlspecialchars_uni($userfield);
2071              $code = "<textarea name=\"profile_fields[$field]\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>";
2072          }
2073          else
2074          {
2075              $value = htmlspecialchars_uni($userfield);
2076              $maxlength = "";
2077              if($profilefield['maxlength'] > 0)
2078              {
2079                  $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
2080              }
2081              $code = "<input type=\"text\" name=\"profile_fields[$field]\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />";
2082          }
2083          if($profilefield['required'] == 1)
2084          {
2085              eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
2086          }
2087          else
2088          {
2089              eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
2090          }
2091          $altbg = alt_trow();
2092          $code = "";
2093          $select = "";
2094          $val = "";
2095          $options = "";
2096          $expoptions = "";
2097          $useropts = "";
2098          $seloptions = "";
2099      }
2100      if($customfields)
2101      {
2102          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
2103      }
2104  
2105      $lang->edit_profile = $lang->sprintf($lang->edit_profile, $user['username']);
2106      $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
2107  
2108      $codebuttons = build_mycode_inserter("signature");
2109  
2110      // Do we mark the suspend signature box?
2111      if($user['suspendsignature'] || ($mybb->input['suspendsignature'] && !empty($errors)))
2112      {
2113          $checked = 1;
2114          $checked_item = "checked=\"checked\"";
2115      }
2116      else
2117      {
2118          $checked = 0;
2119      }
2120  
2121      // Do we mark the moderate posts box?
2122      if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors)))
2123      {
2124          $modpost_check = 1;
2125          $modpost_checked = "checked=\"checked\"";
2126      }
2127      else
2128      {
2129          $modpost_check = 0;
2130      }
2131  
2132      // Do we mark the suspend posts box?
2133      if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors)))
2134      {
2135          $suspost_check = 1;
2136          $suspost_checked = "checked=\"checked\"";
2137      }
2138      else
2139      {
2140          $suspost_check = 0;
2141      }
2142  
2143      $moderator_options = array(
2144          1 => array(
2145              "action" => "suspendsignature", // The input action for this option
2146              "option" => "suspendsignature", // The field in the database that this option relates to
2147              "time" => "action_time", // The time we've entered
2148              "length" => "suspendsigtime", // The length of suspension field in the database
2149              "select_option" => "action" // The name of the select box of this option
2150          ),
2151          2 => array(
2152              "action" => "moderateposting",
2153              "option" => "moderateposts",
2154              "time" => "modpost_time",
2155              "length" => "moderationtime",
2156              "select_option" => "modpost"
2157          ),
2158          3 => array(
2159              "action" => "suspendposting",
2160              "option" => "suspendposting",
2161              "time" => "suspost_time",
2162              "length" => "suspensiontime",
2163              "select_option" => "suspost"
2164          )
2165      );
2166  
2167      $periods = array(
2168          "hours" => $lang->expire_hours,
2169          "days" => $lang->expire_days,
2170          "weeks" => $lang->expire_weeks,
2171          "months" => $lang->expire_months,
2172          "never" => $lang->expire_permanent
2173      );
2174  
2175      foreach($moderator_options as $option)
2176      {
2177          $mybb->input[$option['time']] = intval($mybb->input[$option['time']]);
2178          // Display the suspension info, if this user has this option suspended
2179          if($user[$option['option']])
2180          {
2181              if($user[$option['length']] == 0)
2182              {
2183                  // User has a permanent ban
2184                  $string = $option['option']."_perm";
2185                  $suspension_info = $lang->$string;
2186              }
2187              else
2188              {
2189                  // User has a temporary (or limited) ban
2190                  $string = $option['option']."_for";
2191                  $for_date = my_date($mybb->settings['dateformat'], $user[$option['length']]);
2192                  $for_time = my_date($mybb->settings['timeformat'], $user[$option['length']]);
2193                  $suspension_info = $lang->sprintf($lang->$string, $for_date, $for_time);
2194              }
2195  
2196              switch($option['option'])
2197              {
2198                  case "suspendsignature":
2199                      eval("\$suspendsignature_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
2200                      break;
2201                  case "moderateposts":
2202                      eval("\$moderateposts_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
2203                      break;
2204                  case "suspendposting":
2205                      eval("\$suspendposting_info = \"".$templates->get("modcp_editprofile_suspensions_info")."\";");
2206                      break;
2207              }
2208          }
2209  
2210          // Generate the boxes for this option
2211          $selection_options = '';
2212          foreach($periods as $key => $value)
2213          {
2214              $string = $option['select_option']."_period";
2215              if($mybb->input[$string] == $key)
2216              {
2217                  $selected = "selected=\"selected\"";
2218              }
2219              else
2220              {
2221                  $selected = '';
2222              }
2223  
2224              eval("\$selection_options .= \"".$templates->get("modcp_editprofile_select_option")."\";");
2225          }
2226  
2227          $select_name = $option['select_option']."_period";
2228          switch($option['option'])
2229          {
2230              case "suspendsignature":
2231                  eval("\$action_options = \"".$templates->get("modcp_editprofile_select")."\";");
2232                  break;
2233              case "moderateposts":
2234                  eval("\$modpost_options = \"".$templates->get("modcp_editprofile_select")."\";");
2235                  break;
2236              case "suspendposting":
2237                  eval("\$suspost_options = \"".$templates->get("modcp_editprofile_select")."\";");
2238                  break;
2239          }
2240      }
2241  
2242      eval("\$suspend_signature = \"".$templates->get("modcp_editprofile_signature")."\";");
2243  
2244      $plugins->run_hooks("modcp_editprofile_end");
2245  
2246      eval("\$edituser = \"".$templates->get("modcp_editprofile")."\";");
2247      output_page($edituser);
2248  }
2249  
2250  if($mybb->input['action'] == "finduser")
2251  {
2252      add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=finduser");
2253  
2254      $perpage = intval($mybb->input['perpage']);
2255      if(!$perpage || $perpage <= 0)
2256      {
2257          $perpage = $mybb->settings['threadsperpage'];
2258      }
2259      $where = '';
2260  
2261      if($mybb->input['username'])
2262      {
2263          $where = " AND LOWER(username) LIKE '%".my_strtolower($db->escape_string_like($mybb->input['username']))."%'";
2264      }
2265  
2266      // Sort order & direction
2267      switch($mybb->input['sortby'])
2268      {
2269          case "lastvisit":
2270              $sortby = "lastvisit";
2271              break;
2272          case "postnum":
2273              $sortby = "postnum";
2274              break;
2275          case "username":
2276              $sortby = "username";
2277              break;
2278          default:
2279              $sortby = "regdate";
2280      }
2281      $order = $mybb->input['order'];
2282      if($order != "asc")
2283      {
2284          $order = "desc";
2285      }
2286  
2287      $query = $db->simple_select("users", "COUNT(uid) AS count", "1=1 {$where}");
2288      $user_count = $db->fetch_field($query, "count");
2289  
2290      // Figure out if we need to display multiple pages.
2291      if($mybb->input['page'] != "last")
2292      {
2293          $page = intval($mybb->input['page']);
2294      }
2295  
2296      $pages = $user_count / $perpage;
2297      $pages = ceil($pages);
2298  
2299      if($mybb->input['page'] == "last")
2300      {
2301          $page = $pages;
2302      }
2303  
2304      if($page > $pages || $page <= 0)
2305      {
2306          $page = 1;
2307      }
2308      if($page)
2309      {
2310          $start = ($page-1) * $perpage;
2311      }
2312      else
2313      {
2314          $start = 0;
2315          $page = 1;
2316      }
2317  
2318      $page_url = 'modcp.php?action=finduser';
2319      foreach(array('username', 'sortby', 'order') as $field)
2320      {
2321          if($mybb->input[$field])
2322          {
2323              $page_url .= "&amp;{$field}=".htmlspecialchars_uni($mybb->input[$field]);
2324              $mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]);
2325          }
2326      }
2327  
2328      $multipage = multipage($user_count, $perpage, $page, $page_url);
2329  
2330      $usergroups_cache = $cache->read("usergroups");
2331  
2332      $plugins->run_hooks("modcp_finduser_start");
2333  
2334      // Fetch out results
2335      $query = $db->simple_select("users", "*", "1=1 {$where}", array("order_by" => $sortby, "order_dir" => $order, "limit" => $perpage, "limit_start" => $start));
2336      while($user = $db->fetch_array($query))
2337      {
2338          $alt_row = alt_trow();
2339          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2340          $user['postnum'] = my_number_format($user['postnum']);
2341          $regdate = my_date($mybb->settings['dateformat'], $user['regdate']);
2342          $regtime = my_date($mybb->settings['timeformat'], $user['regdate']);
2343          $lastdate = my_date($mybb->settings['dateformat'], $user['lastvisit']);
2344          $lasttime = my_date($mybb->settings['timeformat'], $user['lastvisit']);
2345          $usergroup = $usergroups_cache[$user['usergroup']]['title'];
2346          eval("\$users .= \"".$templates->get("modcp_finduser_user")."\";");
2347      }
2348  
2349      // No results?
2350      if(!$users)
2351      {
2352          eval("\$users = \"".$templates->get("modcp_finduser_noresults")."\";");
2353      }
2354  
2355      $plugins->run_hooks("modcp_finduser_end");
2356  
2357      eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
2358      output_page($finduser);
2359  }
2360  
2361  if($mybb->input['action'] == "warninglogs")
2362  {
2363      add_breadcrumb($lang->mcp_nav_warninglogs, "modcp.php?action=warninglogs");
2364  
2365      // Filter options
2366      $where_sql = '';
2367      if($mybb->input['filter']['username'])
2368      {
2369          $search['username'] = $db->escape_string($mybb->input['filter']['username']);
2370          $query = $db->simple_select("users", "uid", "username='{$search['username']}'");
2371          $mybb->input['filter']['uid'] = $db->fetch_field($query, "uid");
2372          $mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);
2373      }
2374      if($mybb->input['filter']['uid'])
2375      {
2376          $search['uid'] = intval($mybb->input['filter']['uid']);
2377          $where_sql .= " AND w.uid='{$search['uid']}'";
2378          if(!isset($mybb->input['search']['username']))
2379          {
2380              $user = get_user($mybb->input['search']['uid']);
2381              $mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);
2382          }
2383      }
2384      if($mybb->input['filter']['mod_username'])
2385      {
2386          $search['mod_username'] = $db->escape_string($mybb->input['filter']['mod_username']);
2387          $query = $db->simple_select("users", "uid", "username='{$search['mod_username']}'");
2388          $mybb->input['filter']['mod_uid'] = $db->fetch_field($query, "uid");
2389          $mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);
2390      }
2391      if($mybb->input['filter']['mod_uid'])
2392      {
2393          $search['mod_uid'] = intval($mybb->input['filter']['mod_uid']);
2394          $where_sql .= " AND w.issuedby='{$search['mod_uid']}'";
2395          if(!isset($mybb->input['search']['mod_username']))
2396          {
2397              $mod_user = get_user($mybb->input['search']['uid']);
2398              $mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);
2399          }
2400      }
2401      if($mybb->input['filter']['reason'])
2402      {
2403          $search['reason'] = $db->escape_string_like($mybb->input['filter']['reason']);
2404          $where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";
2405          $mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);
2406      }
2407      $sortbysel = array();
2408      switch($mybb->input['filter']['sortby'])
2409      {
2410          case "username":
2411              $sortby = "u.username";
2412              $sortbysel['username'] = ' selected="selected"';
2413              break;
2414          case "expires":
2415              $sortby = "w.expires";
2416              $sortbysel['expires'] = ' selected="selected"';
2417              break;
2418          case "issuedby":
2419              $sortby = "i.username";
2420              $sortbysel['issuedby'] = ' selected="selected"';
2421              break;
2422          default: // "dateline"
2423              $sortby = "w.dateline";
2424              $sortbysel['dateline'] = ' selected="selected"';
2425      }
2426      $order = $mybb->input['filter']['order'];
2427      $ordersel = array();
2428      if($order != "asc")
2429      {
2430          $order = "desc";
2431          $ordersel['desc'] = ' selected="selected"';
2432      }
2433      else
2434      {
2435          $ordersel['asc'] = ' selected="selected"';
2436      }
2437  
2438      $plugins->run_hooks("modcp_warninglogs_start");
2439  
2440      // Pagination stuff
2441      $sql = "
2442          SELECT COUNT(wid) as count
2443          FROM
2444              ".TABLE_PREFIX."warnings w
2445              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
2446          WHERE 1=1
2447              {$where_sql}
2448      ";
2449      $query = $db->query($sql);
2450      $total_warnings = $db->fetch_field($query, 'count');
2451      $page = 1;
2452      if(isset($mybb->input['page']) && intval($mybb->input['page']) > 0)
2453      {
2454          $page = intval($mybb->input['page']);
2455      }
2456      $per_page = 20;
2457      if(isset($mybb->input['filter']['per_page']) && intval($mybb->input['filter']['per_page']) > 0)
2458      {
2459          $per_page = intval($mybb->input['filter']['per_page']);
2460      }
2461      $start = ($page-1) * $per_page;
2462      // Build the base URL for pagination links
2463      $url = 'modcp.php?action=warninglogs';
2464      if(is_array($mybb->input['filter']) && count($mybb->input['filter']))
2465      {
2466          foreach($mybb->input['filter'] as $field => $value)
2467          {
2468              $value = urlencode($value);
2469              $url .= "&amp;filter[{$field}]={$value}";
2470          }
2471      }
2472      $multipage = multipage($total_warnings, $per_page, $page, $url);
2473  
2474      // The actual query
2475      $sql = "
2476          SELECT
2477              w.wid, w.title as custom_title, w.points, w.dateline, w.issuedby, w.expires, w.expired, w.daterevoked, w.revokedby,
2478              t.title,
2479              u.uid, u.username, u.usergroup, u.displaygroup,
2480              i.uid as mod_uid, i.username as mod_username, i.usergroup as mod_usergroup, i.displaygroup as mod_displaygroup
2481          FROM ".TABLE_PREFIX."warnings w
2482              LEFT JOIN ".TABLE_PREFIX."users u ON (w.uid=u.uid)
2483              LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (w.tid=t.tid)
2484              LEFT JOIN ".TABLE_PREFIX."users i ON (i.uid=w.issuedby)
2485          WHERE 1=1
2486              {$where_sql}
2487          ORDER BY {$sortby} {$order}
2488          LIMIT {$start}, {$per_page}
2489      ";
2490      $query = $db->query($sql);
2491  
2492  
2493      $warning_list = '';
2494      while($row = $db->fetch_array($query))
2495      {
2496          $trow = alt_trow();
2497          $username = format_name($row['username'], $row['usergroup'], $row['displaygroup']);
2498          $username_link = build_profile_link($username, $row['uid']);
2499          $mod_username = format_name($row['mod_username'], $row['mod_usergroup'], $row['mod_displaygroup']);
2500          $mod_username_link = build_profile_link($mod_username, $row['mod_uid']);
2501          $issued_date = my_date($mybb->settings['dateformat'], $row['dateline']).' '.my_date($mybb->settings['timeformat'], $row['dateline']);
2502          $revoked_text = '';
2503          if($row['daterevoked'] > 0)
2504          {
2505              $revoked_date = my_date($mybb->settings['dateformat'], $row['daterevoked']).' '.my_date($mybb->settings['timeformat'], $row['daterevoked']);
2506              eval("\$revoked_text = \"".$templates->get("modcp_warninglogs_warning_revoked")."\";");
2507          }
2508          if($row['expires'] > 0)
2509          {
2510              $expire_date = my_date($mybb->settings['dateformat'], $row['expires']).' '.my_date($mybb->settings['timeformat'], $row['expires']);
2511          }
2512          else
2513          {
2514              $expire_date = $lang->never;
2515          }
2516          $title = $row['title'];
2517          if(empty($row['title']))
2518          {
2519              $title = $row['custom_title'];
2520          }
2521          $title = htmlspecialchars_uni($title);
2522          if($row['points'] >= 0)
2523          {
2524              $points = '+'.$row['points'];
2525          }
2526  
2527          eval("\$warning_list .= \"".$templates->get("modcp_warninglogs_warning")."\";");
2528      }
2529  
2530      if(!$warning_list)
2531      {
2532          eval("\$warning_list = \"".$templates->get("modcp_warninglogs_nologs")."\";");
2533      }
2534  
2535      $plugins->run_hooks("modcp_warninglogs_end");
2536  
2537      eval("\$warninglogs = \"".$templates->get("modcp_warninglogs")."\";");
2538      output_page($warninglogs);
2539  }
2540  
2541  if($mybb->input['action'] == "ipsearch")
2542  {
2543      add_breadcrumb($lang->mcp_nav_ipsearch, "modcp.php?action=ipsearch");
2544  
2545      if($mybb->input['ipaddress'])
2546      {
2547          if(!is_array($groupscache))
2548          {
2549              $groupscache = $cache->read("usergroups");
2550          }
2551  
2552          $ipaddressvalue = htmlspecialchars_uni($mybb->input['ipaddress']);
2553  
2554          // Searching post IP addresses
2555          if($mybb->input['search_posts'])
2556          {
2557              // IPv6 IP
2558              if(strpos($mybb->input['ipaddress'], ":") !== false)
2559              {
2560                  $post_ip_sql = "ipaddress LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."'";
2561              }
2562              else
2563              {
2564                  $ip_range = fetch_longipv4_range($mybb->input['ipaddress']);
2565  
2566                  if($ip_range)
2567                  {
2568                      if(!is_array($ip_range))
2569                      {
2570                          $post_ip_sql = "longipaddress='{$ip_range}'";
2571                      }
2572                      else
2573                      {
2574                          $post_ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'";
2575                      }
2576                  }
2577              }
2578  
2579              $plugins->run_hooks("modcp_ipsearch_posts_start");
2580  
2581              if($post_ip_sql)
2582              {
2583                  $query = $db->query("
2584                      SELECT COUNT(pid) AS count
2585                      FROM ".TABLE_PREFIX."posts
2586                      WHERE {$post_ip_sql}
2587                  ");
2588  
2589                  $post_results = $db->fetch_field($query, "count");
2590              }
2591          }
2592  
2593          // Searching user IP addresses
2594          if($mybb->input['search_users'])
2595          {
2596              // IPv6 IP
2597              if(strpos($mybb->input['ipaddress'], ":") !== false)
2598              {
2599                  $user_ip_sql = "regip LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."' OR lastip LIKE '".$db->escape_string(str_replace("*", "%", $mybb->input['ipaddress']))."'";
2600              }
2601              else
2602              {
2603                  $ip_range = fetch_longipv4_range($mybb->input['ipaddress']);
2604  
2605                  if($ip_range)
2606                  {
2607                      if(!is_array($ip_range))
2608                      {
2609                          $user_ip_sql = "longregip='{$ip_range}' OR longlastip='{$ip_range}'";
2610                      }
2611                      else
2612                      {
2613                          $user_ip_sql = "(longregip > '{$ip_range[0]}' AND longregip < '{$ip_range[1]}') OR (longlastip > '{$ip_range[0]}' AND longlastip < '{$ip_range[1]}')";
2614                      }
2615                  }
2616              }
2617  
2618              $plugins->run_hooks("modcp_ipsearch_users_start");
2619  
2620              if($user_ip_sql)
2621              {
2622                  $query = $db->query("
2623                      SELECT COUNT(uid) AS count
2624                      FROM ".TABLE_PREFIX."users
2625                      WHERE {$user_ip_sql}
2626                  ");
2627  
2628                  $user_results = $db->fetch_field($query, "count");
2629              }
2630          }
2631  
2632          $total_results = $post_results+$user_results;
2633  
2634          if(!$total_results)
2635          {
2636              $total_results = 1;
2637          }
2638  
2639          // Now we have the result counts, paginate
2640          $perpage = intval($mybb->input['perpage']);
2641          if(!$perpage || $perpage <= 0)
2642          {
2643              $perpage = $mybb->settings['threadsperpage'];
2644          }
2645  
2646          // Figure out if we need to display multiple pages.
2647          if($mybb->input['page'] != "last")
2648          {
2649              $page = intval($mybb->input['page']);
2650          }
2651  
2652          $pages = $total_results / $perpage;
2653          $pages = ceil($pages);
2654  
2655          if($mybb->input['page'] == "last")
2656          {
2657              $page = $pages;
2658          }
2659  
2660          if($page > $pages || $page <= 0)
2661          {
2662              $page = 1;
2663          }
2664  
2665          if($page)
2666          {
2667              $start = ($page-1) * $perpage;
2668          }
2669          else
2670          {
2671              $start = 0;
2672              $page = 1;
2673          }
2674  
2675          $page_url = "modcp.php?action=ipsearch&amp;perpage={$perpage}";
2676          foreach(array('ipaddress', 'search_users', 'search_posts') as $input)
2677          {
2678              if(!$mybb->input[$input]) continue;
2679              $page_url .= "&amp;{$input}=".htmlspecialchars_uni($mybb->input[$input]);
2680          }
2681          $multipage = multipage($total_results, $perpage, $page, $page_url);
2682  
2683          $post_limit = $perpage;
2684          if($mybb->input['search_users'] && $user_results && $start <= $user_results)
2685          {
2686              $query = $db->query("
2687                  SELECT username, uid, regip, lastip
2688                  FROM ".TABLE_PREFIX."users
2689                  WHERE {$user_ip_sql}
2690                  ORDER BY regdate DESC
2691                  LIMIT {$start}, {$perpage}
2692              ");
2693              while($ipaddress = $db->fetch_array($query))
2694              {
2695                  $result = false;
2696                  $profile_link = build_profile_link($ipaddress['username'], $ipaddress['uid']);
2697                  $trow = alt_trow();
2698                  $regexp_ip = str_replace("\*", "(.*)", preg_quote($mybb->input['ipaddress'], "#"));
2699                  // Reg IP matches
2700                  if(preg_match("#{$regexp_ip}#i", $ipaddress['regip']))
2701                  {
2702                      $ip = $ipaddress['regip'];
2703                      $subject = "<strong>{$lang->ipresult_regip}</strong> {$profile_link}";
2704                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
2705                      $result = true;
2706                  }
2707                  // Last known IP matches
2708                  if(preg_match("#{$regexp_ip}#i", $ipaddress['lastip']))
2709                  {
2710                      $ip = $ipaddress['lastip'];
2711                      $subject = "<strong>{$lang->ipresult_lastip}</strong> {$profile_link}";
2712                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
2713                      $result = true;
2714                  }
2715  
2716                  if($result)
2717                  {
2718                      --$post_limit;
2719                  }
2720              }
2721          }
2722          $post_start = 0;
2723          if($total_results > $user_results && $post_limit)
2724          {
2725              $post_start = $start-$user_results;
2726              if($post_start < 0)
2727              {
2728                  $post_start = 0;
2729              }
2730          }
2731          if($mybb->input['search_posts'] && $post_results && (!$mybb->input['search_users'] || ($mybb->input['search_users'] && $post_limit > 0)))
2732          {
2733              $ipaddresses = $tids = $uids = array();
2734              $query = $db->query("
2735                  SELECT username AS postusername, uid, subject, pid, tid, ipaddress
2736                  FROM ".TABLE_PREFIX."posts
2737                  WHERE {$post_ip_sql}
2738                  ORDER BY dateline DESC
2739                  LIMIT {$post_start}, {$post_limit}
2740              ");
2741              while($ipaddress = $db->fetch_array($query))
2742              {
2743                  $tids[$ipaddress['tid']] = $ipaddress['pid'];
2744                  $uids[$ipaddress['uid']] = $ipaddress['pid'];
2745                  $ipaddresses[$ipaddress['pid']] = $ipaddress;
2746              }
2747  
2748              if(!empty($ipaddresses))
2749              {
2750                  $query = $db->simple_select("threads", "subject, tid", "tid IN(".implode(',', array_keys($tids)).")");
2751                  while($thread = $db->fetch_array($query))
2752                  {
2753                      $ipaddresses[$tids[$thread['tid']]]['threadsubject'] = $thread['subject'];
2754                  }
2755                  unset($tids);
2756  
2757                  $query = $db->simple_select("users", "username, uid", "uid IN(".implode(',', array_keys($uids)).")");
2758                  while($user = $db->fetch_array($query))
2759                  {
2760                      $ipaddresses[$uids[$user['uid']]]['username'] = $user['username'];
2761                  }
2762                  unset($uids);
2763  
2764                  foreach($ipaddresses as $ipaddress)
2765                  {
2766                      $ip = $ipaddress['ipaddress'];
2767                      if(!$ipaddress['username']) $ipaddress['username'] = $ipaddress['postusername']; // Guest username support
2768                      $trow = alt_trow();
2769                      if(!$ipaddress['subject'])
2770                      {
2771                          $ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}";
2772                      }
2773                      $subject = "<strong>{$lang->ipresult_post}</strong> <a href=\"".get_post_link($ipaddress['pid'], $ipaddress['tid'])."\">".htmlspecialchars_uni($ipaddress['subject'])."</a> {$lang->by} ".build_profile_link($ipaddress['username'], $ipaddress['uid']);
2774                      eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
2775                  }
2776              }
2777          }
2778  
2779          if(!$results)
2780          {
2781              eval("\$results = \"".$templates->get("modcp_ipsearch_noresults")."\";");
2782          }
2783  
2784          if($ipaddressvalue)
2785          {
2786              $lang->ipsearch_results = $lang->sprintf($lang->ipsearch_results, $ipaddressvalue);
2787          }
2788          else
2789          {
2790              $lang->ipsearch_results = $lang->ipsearch;
2791          }
2792  
2793          if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], ":"))
2794          {
2795              $misc_info_link = "<div class=\"float_right\">(<a href=\"modcp.php?action=iplookup&ipaddress=".htmlspecialchars_uni($mybb->input['ipaddress'])."\" onclick=\"MyBB.popupWindow('{$mybb->settings['bburl']}/modcp.php?action=iplookup&ipaddress=".urlencode($mybb->input['ipaddress'])."', 'iplookup', 500, 250); return false;\">{$lang->info_on_ip}</a>)</div>";
2796          }
2797  
2798          eval("\$ipsearch_results = \"".$templates->get("modcp_ipsearch_results")."\";");
2799      }
2800  
2801      // Fetch filter options
2802      if(!$mybb->input['ipaddress'])
2803      {
2804          $mybb->input['search_posts'] = 1;
2805          $mybb->input['search_users'] = 1;
2806      }
2807      if($mybb->input['search_posts'])
2808      {
2809          $postsearchselect = "checked=\"checked\"";
2810      }
2811      if($mybb->input['search_users'])
2812      {
2813          $usersearchselect = "checked=\"checked\"";
2814      }
2815  
2816      $plugins->run_hooks("modcp_ipsearch_end");
2817  
2818      eval("\$ipsearch = \"".$templates->get("modcp_ipsearch")."\";");
2819      output_page($ipsearch);
2820  }
2821  
2822  if($mybb->input['action'] == "iplookup")
2823  {
2824      $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress']));
2825      $ipaddress_location = $lang->na;
2826      $ipaddress_host_name = $lang->na;
2827      $modcp_ipsearch_misc_info = '';
2828      if(!strstr($mybb->input['ipaddress'], "*") && !strstr($mybb->input['ipaddress'], ":"))
2829      {
2830          // Return GeoIP information if it is available to us
2831          if(function_exists('geoip_record_by_name'))
2832          {
2833              $ip_record = @geoip_record_by_name($mybb->input['ipaddress']);
2834              if($ip_record)
2835              {
2836                  $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name']));
2837                  if($ip_record['city'])
2838                  {
2839                      $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city']));
2840                  }
2841              }
2842          }
2843  
2844          $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress']));
2845  
2846          // gethostbyaddr returns the same ip on failure
2847          if($ipaddress_host_name == $mybb->input['ipaddress'])
2848          {
2849              $ipaddress_host_name = $lang->na;
2850          }
2851      }
2852  
2853      $plugins->run_hooks("modcp_iplookup_end");
2854  
2855      eval("\$iplookup = \"".$templates->get('modcp_ipsearch_misc_info')."\";");
2856      output_page($iplookup);
2857  }
2858  
2859  if($mybb->input['action'] == "banning")
2860  {
2861      add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning");
2862  
2863      if(!$mybb->settings['threadsperpage'])
2864      {
2865          $mybb->settings['threadsperpage'] = 20;
2866      }
2867  
2868      // Figure out if we need to display multiple pages.
2869      $perpage = $mybb->settings['threadsperpage'];
2870      if($mybb->input['page'] != "last")
2871      {
2872          $page = intval($mybb->input['page']);
2873      }
2874  
2875      $query = $db->simple_select("banned", "COUNT(uid) AS count");
2876      $banned_count = $db->fetch_field($query, "count");
2877  
2878      $postcount = intval($banned_count);
2879      $pages = $postcount / $perpage;
2880      $pages = ceil($pages);
2881  
2882      if($mybb->input['page'] == "last")
2883      {
2884          $page = $pages;
2885      }
2886  
2887      if($page > $pages || $page <= 0)
2888      {
2889          $page = 1;
2890      }
2891  
2892      if($page)
2893      {
2894          $start = ($page-1) * $perpage;
2895      }
2896      else
2897      {
2898          $start = 0;
2899          $page = 1;
2900      }
2901      $upper = $start+$perpage;
2902  
2903      $multipage = multipage($postcount, $perpage, $page, "modcp.php?action=banning");
2904      if($postcount > $perpage)
2905      {
2906          eval("\$allbannedpages = \"".$templates->get("modcp_banning_multipage")."\";");
2907      }
2908  
2909      $plugins->run_hooks("modcp_banning_start");
2910  
2911      $query = $db->query("
2912          SELECT b.*, a.username AS adminuser, u.username
2913          FROM ".TABLE_PREFIX."banned b
2914          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
2915          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
2916          ORDER BY lifted ASC
2917          LIMIT {$start}, {$perpage}
2918      ");
2919  
2920      // Get the banned users
2921      while($banned = $db->fetch_array($query))
2922      {
2923          $profile_link = build_profile_link($banned['username'], $banned['uid']);
2924  
2925          // Only show the edit & lift links if current user created ban, or is super mod/admin
2926          $edit_link = '';
2927          if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1)
2928          {
2929              $edit_link = "<br /><span class=\"smalltext\"><a href=\"modcp.php?action=banuser&amp;uid={$banned['uid']}\">{$lang->edit_ban}</a> | <a href=\"modcp.php?action=liftban&amp;uid={$banned['uid']}&amp;my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></span>";
2930          }
2931  
2932          $admin_profile = build_profile_link($banned['adminuser'], $banned['admin']);
2933  
2934          $trow = alt_trow();
2935  
2936          if($banned['reason'])
2937          {
2938              $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));
2939          }
2940          else
2941          {
2942              $banned['reason'] = $lang->na;
2943          }
2944  
2945          if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---')
2946          {
2947              $banlength = $lang->permanent;
2948              $timeremaining = $lang->na;
2949          }
2950          else
2951          {
2952              $banlength = $bantimes[$banned['bantime']];
2953              $remaining = $banned['lifted']-TIME_NOW;
2954  
2955              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2956  
2957              if($remaining < 3600)
2958              {
2959                  $timeremaining = "<span style=\"color: red;\">({$timeremaining} {$lang->ban_remaining})</span>";
2960              }
2961              else if($remaining < 86400)
2962              {
2963                  $timeremaining = "<span style=\"color: maroon;\">({$timeremaining} {$lang->ban_remaining})</span>";
2964              }
2965              else if($remaining < 604800)
2966              {
2967                  $timeremaining = "<span style=\"color: green;\">({$timeremaining} {$lang->ban_remaining})</span>";
2968              }
2969              else
2970              {
2971                  $timeremaining = "({$timeremaining} {$lang->ban_remaining})";
2972              }
2973          }
2974  
2975          eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";");
2976      }
2977  
2978      if(!$bannedusers)
2979      {
2980          eval("\$bannedusers = \"".$templates->get("modcp_banning_nobanned")."\";");
2981      }
2982  
2983      $plugins->run_hooks("modcp_banning");
2984  
2985      eval("\$bannedpage = \"".$templates->get("modcp_banning")."\";");
2986      output_page($bannedpage);
2987  }
2988  
2989  if($mybb->input['action'] == "liftban")
2990  {
2991      // Verify incoming POST request
2992      verify_post_check($mybb->input['my_post_key']);
2993  
2994      $query = $db->simple_select("banned", "*", "uid='".intval($mybb->input['uid'])."'");
2995      $ban = $db->fetch_array($query);
2996  
2997      if(!$ban['uid'])
2998      {
2999          error($lang->error_invalidban);
3000      }
3001  
3002      // Permission to edit this ban?
3003      if($mybb->user['uid'] != $ban['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
3004      {
3005          error_no_permission();
3006      }
3007  
3008      $plugins->run_hooks("modcp_liftban_start");
3009  
3010      $query = $db->simple_select("users", "username", "uid = '{$ban['uid']}'");
3011      $username = $db->fetch_field($query, "username");
3012  
3013      $updated_group = array(
3014          'usergroup' => $ban['oldgroup'],
3015          'additionalgroups' => $ban['oldadditionalgroups'],
3016          'displaygroup' => $ban['olddisplaygroup']
3017      );
3018      $db->update_query("users", $updated_group, "uid='{$ban['uid']}'");
3019      $db->delete_query("banned", "uid='{$ban['uid']}'");
3020  
3021      $cache->update_banned();
3022      $cache->update_moderators();
3023      log_moderator_action(array("uid" => $ban['uid'], "username" => $username), $lang->lifted_ban);
3024  
3025      $plugins->run_hooks("modcp_liftban_end");
3026  
3027      redirect("modcp.php?action=banning", $lang->redirect_banlifted);
3028  }
3029  
3030  if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post")
3031  {
3032      // Verify incoming POST request
3033      verify_post_check($mybb->input['my_post_key']);
3034  
3035      // Editing an existing ban
3036      if($mybb->input['uid'])
3037      {
3038          // Get the users info from their uid
3039          $query = $db->query("
3040              SELECT b.*, u.uid, u.usergroup, u.additionalgroups, u.displaygroup
3041              FROM ".TABLE_PREFIX."banned b
3042              LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
3043              WHERE b.uid='{$mybb->input['uid']}'
3044          ");
3045          $user = $db->fetch_array($query);
3046          if(!$user['uid'])
3047          {
3048              error($lang->error_invalidban);
3049          }
3050  
3051          // Permission to edit this ban?
3052          if($mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
3053          {
3054              error_no_permission();
3055          }
3056      }
3057      // Creating a new ban
3058      else
3059      {
3060          // Get the users info from their Username
3061          $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "username = '".$db->escape_string($mybb->input['username'])."'", array('limit' => 1));
3062          $user = $db->fetch_array($query);
3063          if(!$user['uid'])
3064          {
3065              $errors[] = $lang->invalid_username;
3066          }
3067      }
3068  
3069      if($user['uid'] == $mybb->user['uid'])
3070      {
3071          $errors[] = $lang->error_cannotbanself;
3072      }
3073  
3074      // Have permissions to ban this user?
3075      if(!modcp_can_manage_user($user['uid']))
3076      {
3077          $errors[] = $lang->error_cannotbanuser;
3078      }
3079  
3080      // Check for an incoming reason
3081      if(!$mybb->input['banreason'])
3082      {
3083          $errors[] = $lang->error_nobanreason;
3084      }
3085  
3086      // Check banned group
3087      $query = $db->simple_select("usergroups", "gid", "isbannedgroup=1 AND gid='".intval($mybb->input['usergroup'])."'");
3088      if(!$db->fetch_field($query, "gid"))
3089      {
3090          $errors[] = $lang->error_nobangroup;
3091      }
3092  
3093      // If this is a new ban, we check the user isn't already part of a banned group
3094      if(!$mybb->input['uid'] && $user['uid'])
3095      {
3096          $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'");
3097          if($db->fetch_field($query, "uid"))
3098          {
3099              $errors[] = $lang->error_useralreadybanned;
3100          }
3101      }
3102  
3103      $plugins->run_hooks("modcp_do_banuser_start");
3104  
3105      // Still no errors? Ban the user
3106      if(!$errors)
3107      {
3108          // Ban the user
3109          if($mybb->input['liftafter'] == '---')
3110          {
3111              $lifted = 0;
3112          }
3113          else
3114          {
3115              $lifted = ban_date2timestamp($mybb->input['liftafter'], $user['dateline']);
3116          }
3117  
3118          if($mybb->input['uid'])
3119          {
3120              $username_select = $db->simple_select('users', 'username', "uid='" . (int)$mybb->input['uid'] . "'");
3121              $user['username'] = $db->fetch_field($username_select, 'username');
3122              $update_array = array(
3123                  'gid' => intval($mybb->input['usergroup']),
3124                  'admin' => intval($mybb->user['uid']),
3125                  'dateline' => TIME_NOW,
3126                  'bantime' => $db->escape_string($mybb->input['liftafter']),
3127                  'lifted' => $db->escape_string($lifted),
3128                  'reason' => $db->escape_string($mybb->input['banreason'])
3129              );
3130  
3131              $db->update_query('banned', $update_array, "uid='{$user['uid']}'");
3132          }
3133          else
3134          {
3135              $insert_array = array(
3136                  'uid' => $user['uid'],
3137                  'gid' => intval($mybb->input['usergroup']),
3138                  'oldgroup' => $user['usergroup'],
3139                  'oldadditionalgroups' => $user['additionalgroups'],
3140                  'olddisplaygroup' => $user['displaygroup'],
3141                  'admin' => intval($mybb->user['uid']),
3142                  'dateline' => TIME_NOW,
3143                  'bantime' => $db->escape_string($mybb->input['liftafter']),
3144                  'lifted' => $db->escape_string($lifted),
3145                  'reason' => $db->escape_string($mybb->input['banreason'])
3146              );
3147  
3148              $db->insert_query('banned', $insert_array);
3149          }
3150  
3151          // Move the user to the banned group
3152          $update_array = array(
3153              'usergroup' => intval($mybb->input['usergroup']),
3154              'displaygroup' => 0,
3155              'additionalgroups' => '',
3156          );
3157          $db->update_query('users', $update_array, "uid = {$user['uid']}");
3158  
3159          $cache->update_banned();
3160  
3161          // Log edit or add ban
3162          if($mybb->input['uid'])
3163          {
3164              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user_ban);
3165          }
3166          else
3167          {
3168              log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user);
3169          }
3170  
3171          $plugins->run_hooks("modcp_do_banuser_end");
3172  
3173          if($mybb->input['uid'])
3174          {
3175              redirect("modcp.php?action=banning", $lang->redirect_banuser_updated);
3176          }
3177          else
3178          {
3179              redirect("modcp.php?action=banning", $lang->redirect_banuser);
3180          }
3181      }
3182      // Otherwise has errors, throw back to ban page
3183      else
3184      {
3185          $mybb->input['action'] = "banuser";
3186      }
3187  }
3188  
3189  if($mybb->input['action'] == "banuser")
3190  {
3191      add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning");
3192  
3193      if($mybb->input['uid'])
3194      {
3195          add_breadcrumb($lang->mcp_nav_ban_user);
3196      }
3197      else
3198      {
3199          add_breadcrumb($lang->mcp_nav_editing_ban);
3200      }
3201  
3202      $plugins->run_hooks("modcp_banuser_start");
3203  
3204      // If incoming user ID, we are editing a ban
3205      if($mybb->input['uid'])
3206      {
3207          $query = $db->query("
3208              SELECT b.*, u.username, u.uid
3209              FROM ".TABLE_PREFIX."banned b
3210              LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
3211              WHERE b.uid='{$mybb->input['uid']}'
3212          ");
3213          $banned = $db->fetch_array($query);
3214          if($banned['username'])
3215          {
3216              $username = htmlspecialchars_uni($banned['username']);
3217              $banreason = htmlspecialchars_uni($banned['reason']);
3218              $uid = $mybb->input['uid'];
3219              $user = get_user($banned['uid']);
3220              $lang->ban_user = $lang->edit_ban; // Swap over lang variables
3221              eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";");
3222          }
3223      }
3224  
3225      // New ban!
3226      if(!$banuser_username)
3227      {
3228          if($mybb->input['uid'])
3229          {
3230              $user = get_user($mybb->input['uid']);
3231              $username = $user['username'];
3232          }
3233          else
3234          {
3235              $username = htmlspecialchars_uni($mybb->input['username']);
3236          }
3237          eval("\$banuser_username = \"".$templates->get("modcp_banuser_addusername")."\";");
3238      }
3239  
3240      // Coming back to this page from an error?
3241      if($errors)
3242      {
3243          $errors = inline_error($errors);
3244          $banned = array(
3245              "bantime" => $mybb->input['liftafter'],
3246              "reason" => $mybb->input['reason'],
3247              "gid" => $mybb->input['gid']
3248          );
3249          $banreason = htmlspecialchars_uni($mybb->input['banreason']);
3250      }
3251  
3252      // Generate the banned times dropdown
3253      foreach($bantimes as $time => $title)
3254      {
3255          $liftlist .= "<option value=\"{$time}\"";
3256          if($banned['bantime'] == $time)
3257          {
3258              $liftlist .= " selected=\"selected\"";
3259          }
3260          $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $banned['dateline']));
3261          if($time == '---')
3262          {
3263              $liftlist .= ">{$title}</option>\n";
3264          }
3265          else
3266          {
3267              $liftlist .= ">{$title} ({$thatime})</option>\n";
3268          }
3269      }
3270  
3271      $bangroups = '';
3272      $query = $db->simple_select("usergroups", "gid, title", "isbannedgroup=1");
3273      while($item = $db->fetch_array($query))
3274      {
3275          $selected = "";
3276          if($banned['gid'] == $item['gid'])
3277          {
3278              $selected = " selected=\"selected\"";
3279          }
3280          $bangroups .= "<option value=\"{$item['gid']}\"{$selected}>".htmlspecialchars_uni($item['title'])."</option>\n";
3281      }
3282  
3283      $lift_link = "<div class=\"float_right\"><a href=\"modcp.php?action=liftban&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></div>";
3284  
3285      $plugins->run_hooks("modcp_banuser_end");
3286  
3287      eval("\$banuser = \"".$templates->get("modcp_banuser")."\";");
3288      output_page($banuser);
3289  }
3290  
3291  if($mybb->input['action'] == "do_modnotes")
3292  {
3293      // Verify incoming POST request
3294      verify_post_check($mybb->input['my_post_key']);
3295  
3296      $plugins->run_hooks("modcp_do_modnotes_start");
3297  
3298      // Update Moderator Notes cache
3299      $update_cache = array(
3300          "modmessage" => $mybb->input['modnotes']
3301      );
3302      $cache->update("modnotes", $update_cache);
3303  
3304      $plugins->run_hooks("modcp_do_modnotes_end");
3305  
3306      redirect("modcp.php", $lang->redirect_modnotes);
3307  }
3308  
3309  if(!$mybb->input['action'])
3310  {
3311      $query = $db->query("
3312          SELECT COUNT(aid) AS unapprovedattachments
3313          FROM  ".TABLE_PREFIX."attachments a
3314          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
3315          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3316          WHERE a.visible='0' {$tflist}
3317      ");
3318      $unapproved_attachments = $db->fetch_field($query, "unapprovedattachments");
3319  
3320      if($unapproved_attachments > 0)
3321      {
3322          $query = $db->query("
3323              SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded
3324              FROM  ".TABLE_PREFIX."attachments a
3325              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
3326              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3327              WHERE a.visible='0' {$tflist}
3328              ORDER BY a.dateuploaded DESC
3329              LIMIT 1
3330          ");
3331          $attachment = $db->fetch_array($query);
3332          $attachment['date'] = my_date($mybb->settings['dateformat'], $attachment['dateuploaded']);
3333          $attachment['time'] = my_date($mybb->settings['timeformat'], $attachment['dateuploaded']);
3334          $attachment['profilelink'] = build_profile_link($attachment['username'], $attachment['uid']);
3335          $attachment['link'] = get_post_link($attachment['pid'], $attachment['tid']);
3336          $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
3337  
3338          eval("\$latest_attachment = \"".$templates->get("modcp_lastattachment")."\";");
3339      }
3340      else
3341      {
3342          $latest_attachment = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>";
3343      }
3344  
3345      $query = $db->query("
3346          SELECT COUNT(pid) AS unapprovedposts
3347          FROM  ".TABLE_PREFIX."posts p
3348          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3349          WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
3350      ");
3351      $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
3352  
3353      if($unapproved_posts > 0)
3354      {
3355          $query = $db->query("
3356              SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline
3357              FROM  ".TABLE_PREFIX."posts p
3358              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3359              WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid
3360              ORDER BY p.dateline DESC
3361              LIMIT 1
3362          ");
3363          $post = $db->fetch_array($query);
3364          $post['date'] = my_date($mybb->settings['dateformat'], $post['dateline']);
3365          $post['time'] = my_date($mybb->settings['timeformat'], $post['dateline']);
3366          $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
3367          $post['link'] = get_post_link($post['pid'], $post['tid']);
3368          $post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']);
3369          if(my_strlen($post['subject']) > 25)
3370          {
3371              $post['subject'] = my_substr($post['subject'], 0, 25)."...";
3372          }
3373          $post['subject'] = htmlspecialchars_uni($post['subject']);
3374          $post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']);
3375  
3376          eval("\$latest_post = \"".$templates->get("modcp_lastpost")."\";");
3377      }
3378      else
3379      {
3380          $latest_post =  "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>";
3381      }
3382  
3383      $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}");
3384      $unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
3385  
3386      if($unapproved_threads > 0)
3387      {
3388          $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible=0 {$flist}", array('order_by' =>  'dateline', 'order_dir' => 'DESC', 'limit' => 1));
3389          $thread = $db->fetch_array($query);
3390          $thread['date'] = my_date($mybb->settings['dateformat'], $thread['dateline']);
3391          $thread['time'] = my_date($mybb->settings['timeformat'], $thread['dateline']);
3392          $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
3393          $thread['link'] = get_thread_link($thread['tid']);
3394          $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']);
3395          if(my_strlen($thread['subject']) > 25)
3396          {
3397              $post['subject'] = my_substr($thread['subject'], 0, 25)."...";
3398          }
3399          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
3400          $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']);
3401  
3402          eval("\$latest_thread = \"".$templates->get("modcp_lastthread")."\";");
3403      }
3404      else
3405      {
3406          $latest_thread = "<span style=\"text-align: center;\">{$lang->lastpost_never}</span>";
3407      }
3408  
3409      $where = '';
3410      if($tflist)
3411      {
3412          $where = "WHERE (t.fid <> 0 {$tflist}) OR (!l.fid)";
3413      }
3414  
3415      $query = $db->query("
3416          SELECT l.*, u.username, u.usergroup, u.displaygroup, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
3417          FROM ".TABLE_PREFIX."moderatorlog l
3418          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
3419          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
3420          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
3421          LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
3422          {$where}
3423          ORDER BY l.dateline DESC
3424          LIMIT 5
3425      ");
3426  
3427      while($logitem = $db->fetch_array($query))
3428      {
3429          $information = '';
3430          $logitem['action'] = htmlspecialchars_uni($logitem['action']);
3431          $log_date = my_date($mybb->settings['dateformat'], $logitem['dateline']);
3432          $log_time = my_date($mybb->settings['timeformat'], $logitem['dateline']);
3433          $trow = alt_trow();
3434          $username = format_name($logitem['username'], $logitem['usergroup'], $logitem['displaygroup']);
3435          $logitem['profilelink'] = build_profile_link($username, $logitem['uid']);
3436          if($logitem['tsubject'])
3437          {
3438              $information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />";
3439          }
3440          if($logitem['fname'])
3441          {
3442              $information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['fname'])."</a><br />";
3443          }
3444          if($logitem['psubject'])
3445          {
3446              $information .= "<strong>{$lang->post}</strong> <a href=\"".get_post_link($logitem['pid'])."#pid{$logitem['pid']}\">".htmlspecialchars_uni($logitem['psubject'])."</a>";
3447          }
3448  
3449          // Edited a user?
3450          if(!$logitem['tsubject'] || !$logitem['fname'] || !$logitem['psubject'])
3451          {
3452              $data = unserialize($logitem['data']);
3453              if($data['uid'])
3454              {
3455                  $information = $lang->sprintf($lang->edited_user_info, htmlspecialchars_uni($data['username']), get_profile_link($data['uid']));
3456              }
3457          }
3458  
3459          eval("\$modlogresults .= \"".$templates->get("modcp_modlogs_result")."\";");
3460      }
3461  
3462      if(!$modlogresults)
3463      {
3464          eval("\$modlogresults = \"".$templates->get("modcp_modlogs_noresults")."\";");
3465      }
3466  
3467      $query = $db->query("
3468          SELECT b.*, a.username AS adminuser, u.username, (b.lifted-".TIME_NOW.") AS remaining
3469          FROM ".TABLE_PREFIX."banned b
3470          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
3471          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
3472          WHERE b.bantime != '---' AND b.bantime != 'perm'
3473          ORDER BY remaining ASC
3474          LIMIT 5
3475      ");
3476  
3477      // Get the banned users
3478      while($banned = $db->fetch_array($query))
3479      {
3480          $profile_link = build_profile_link($banned['username'], $banned['uid']);
3481  
3482          // Only show the edit & lift links if current user created ban, or is super mod/admin
3483          $edit_link = '';
3484          if($mybb->user['uid'] == $banned['admin'] || !$banned['adminuser'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1)
3485          {
3486              $edit_link = "<br /><span class=\"smalltext\"><a href=\"modcp.php?action=banuser&amp;uid={$banned['uid']}\">{$lang->edit_ban}</a> | <a href=\"modcp.php?action=liftban&amp;uid={$banned['uid']}&amp;my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></span>";
3487          }
3488  
3489          $admin_profile = build_profile_link($banned['adminuser'], $banned['admin']);
3490  
3491          $trow = alt_trow();
3492  
3493          if($banned['reason'])
3494          {
3495              $banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));
3496          }
3497          else
3498          {
3499              $banned['reason'] = $lang->na;
3500          }
3501  
3502          if($banned['lifted'] == 'perm' || $banned['lifted'] == '' || $banned['bantime'] == 'perm' || $banned['bantime'] == '---')
3503          {
3504              $banlength = $lang->permanent;
3505              $timeremaining = $lang->na;
3506          }
3507          else
3508          {
3509              $banlength = $bantimes[$banned['bantime']];
3510              $remaining = $banned['remaining'];
3511  
3512              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
3513  
3514              if($remaining <= 0)
3515              {
3516                  $timeremaining = "<span style=\"color: red;\">({$lang->ban_ending_imminently})</span>";
3517              }
3518              else if($remaining < 3600)
3519              {
3520                  $timeremaining = "<span style=\"color: red;\">({$timeremaining} {$lang->ban_remaining})</span>";
3521              }
3522              else if($remaining < 86400)
3523              {
3524                  $timeremaining = "<span style=\"color: maroon;\">({$timeremaining} {$lang->ban_remaining})</span>";
3525              }
3526              else if($remaining < 604800)
3527              {
3528                  $timeremaining = "<span style=\"color: green;\">({$timeremaining} {$lang->ban_remaining})</span>";
3529              }
3530              else
3531              {
3532                  $timeremaining = "({$timeremaining} {$lang->ban_remaining})";
3533              }
3534          }
3535  
3536          eval("\$bannedusers .= \"".$templates->get("modcp_banning_ban")."\";");
3537      }
3538  
3539      if(!$bannedusers)
3540      {
3541          eval("\$bannedusers = \"".$templates->get("modcp_nobanned")."\";");
3542      }
3543  
3544      $modnotes = $cache->read("modnotes");
3545      $modnotes = htmlspecialchars_uni($modnotes['modmessage']);
3546  
3547      $plugins->run_hooks("modcp_end");
3548  
3549      eval("\$modcp = \"".$templates->get("modcp")."\";");
3550      output_page($modcp);
3551  }
3552  ?>

title

Description

title

Description

title

Description

title

title

Body