"; ob_start(); $email_status = $validator->ValidateEmailBox($_POST['test_email']); $text .= ob_get_contents(); ob_end_clean(); $text .= "

"; } $ns->tablerender($caption,$text); unset ($id,$action,$sub_cation); } // ------- Update Options. -------------- if (isset ($_POST['update_options'])) { $temp = array(); $temp['avatar_upload'] = (FILE_UPLOADS ? $_POST['avatar_upload'] : 0); $temp['im_width'] = $_POST['im_width']; $temp['im_height'] = $_POST['im_height']; $temp['photo_upload'] = (FILE_UPLOADS ? $_POST['photo_upload'] : 0); $temp['del_unv'] = $_POST['del_unv']; $temp['profile_rate'] = $_POST['profile_rate']; $temp['profile_comments'] = $_POST['profile_comments']; $temp['track_online'] = $_POST['track_online']; $temp['force_userupdate'] = $_POST['force_userupdate']; $temp['memberlist_access'] = $_POST['memberlist_access']; $temp['user_new_period'] = $_POST['user_new_period']; if ($admin_log->logArrayDiffs($temp,$pref,'USET_03')) { save_prefs(); // Only save if changes $user->show_message(USRLAN_1); } else { $user->show_message(USRLAN_193); } } // ------- Prune Users. -------------- if (isset ($_POST['prune'])) { $e107cache->clear('online_menu_member_total'); $e107cache->clear('online_menu_member_newest'); $text = USRLAN_56.' '; $bantype = $_POST['prune_type']; if ($bantype == 30) // older than 30 days. { $bantype = 2; $ins = " AND user_join < ".strtotime("-30 days"); } if ($sql->db_Select("user","user_id, user_name","user_ban= {$bantype}".$ins)) { $uList = $sql->db_getList(); foreach ($uList as $u) { $text .= $u['user_name']." "; $sql->db_Delete("user","user_id='{$u['user_id']}' "); $sql->db_Delete("user_extended","user_extended_id='{$u['user_id']}' "); } $admin_log->log_event('USET_04',str_replace(array('--COUNT--','--TYPE--'),array(count($uList),$bantype),USRLAN_160),E_LOG_INFORMATIVE); } $ns->tablerender(USRLAN_57,""); unset ($text); } // ------- Quick Add User -------------- if (isset ($_POST['adduser'])) { if (!$_POST['ac'] == md5(ADMINPWCHANGE)) { exit; } $e107cache->clear('online_menu_member_total'); $e107cache->clear('online_menu_member_newest'); $error = false; if (isset ($_POST['generateloginname'])) { $_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']); } if (isset ($_POST['generatepassword'])) { $_POST['password1'] = $userMethods->generateRandomString('**********'); // 10-char password should be enough $_POST['password2'] = $_POST['password1']; } // Now validate everything $allData = validatorClass :: validateFields($_POST,$userMethods->userVettingInfo,true); // Do basic validation validatorClass :: checkMandatory('user_name,user_loginname',$allData); // Check for missing fields (email done in userValidation() ) validatorClass :: dbValidateArray($allData,$userMethods->userVettingInfo,'user',0); // Do basic DB-related checks $userMethods->userValidation($allData); // Do user-specific DB checks if (!isset ($allData['errors']['user_password'])) { // No errors in password - keep it outside the main data array $savePassword = $allData['data']['user_password']; unset ($allData['data']['user_password']); // Delete the password value in the output array } unset ($_POST['password1']); // Restrict the scope of this unset ($_POST['password2']); if (!check_class($pref['displayname_class'],$allData['data']['user_class'])) { if ($allData['data']['user_name'] != $allData['data']['user_loginname']) { $allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT; } } if (count($allData['errors'])) { require_once (e_HANDLER."message_handler.php"); $temp = validatorClass :: makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v','
',$userMethods->userVettingInfo); message_handler('P_ALERT',$temp); $error = true; } // Always save some of the entered data - then we can redisplay on error $user_data = & $allData['data']; if (!$error) { $message = ''; $user_data['user_password'] = $userMethods->HashPassword($savePassword,$loginname); $user_data['user_join'] = time(); if ($userMethods->needEmailPassword()) { // Save separate password encryption for use with email address $user_data['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword,$user_data['user_email']))); } $userMethods->userClassUpdate($allData['data'],'userall'); // Set any initial classes $userMethods->addNonDefaulted($user_data); validatorClass :: addFieldTypes($userMethods->userVettingInfo,$allData); //FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later) $allData['data']['user_realm'] = ''; if ($sql->db_Insert('user',$allData)) { // Add to admin log $admin_log->log_event('USET_02',"UName: {$user_data['user_name']}; Email: {$user_data['user_email']}",E_LOG_INFORMATIVE); // Add to user audit trail $admin_log->user_audit(USER_AUDIT_ADD_ADMIN,$user_data,0,$user_data['user_loginname']); $e_event->trigger('userfull',$user_data); // send everything available for user data - bit sparse compared with user-generated signup if (isset ($_POST['sendconfemail'])) { // Send confirmation email to user require_once (e_HANDLER.'mail.php'); $e_message = str_replace(array('--SITE--','--LOGIN--','--PASSWORD--'),array(SITEURL,$loginname,$savePassword),USRLAN_185).USRLAN_186; if (sendemail($user_data['user_email'],USRLAN_187.SITEURL,$e_message,$user_data['user_login'],'','')) { $message = USRLAN_188.'

'; } else { $message = USRLAN_189.'

'; } } $message .= str_replace('--NAME--',$user_data['user_name'],USRLAN_174); if (isset ($_POST['generateloginname'])) $message .= '

'.USRLAN_173.': '.$loginname; if (isset ($_POST['generatepassword'])) $message .= '

'.USRLAN_172.': '.$savePassword; unset ($user_data); // Don't recycle the data once the user's been accepted without error } } if (isset ($message)) $user->show_message($message); } // ------- Bounce --> Unverified -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == "reqverify") { $sql->db_Select("user","*","user_id='".$_POST['userid']."'"); $row = $sql->db_Fetch(); extract($row); $sql->db_Update("user","user_ban='2' WHERE user_id='".$_POST['userid']."' "); $user->show_message("User now has to verify"); $action = "main"; if (!$sub_action) { $sub_action = "user_id"; } } if (isset ($_POST['useraction']) && $_POST['useraction'] == "ban") { $user->user_ban($_POST['userid']); } // ------- Unban User -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == "unban") { $user->user_unban($_POST['userid']); } // User Info. if ((isset ($_POST['useraction']) && $_POST['useraction'] == "userinfo") || $_GET['userinfo']) { $ip = ($_POST['userip']) ? $_POST['userip'] : $_GET['userinfo']; $user->user_info($ip); } // ------- Delete User -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == 'deluser') { $user->user_delete($_POST['userid'],true); } // ---- Update User's class -------------------- if (isset ($_POST['updateclass'])) { $user->user_userclass($_POST['userid'], $_POST['userclass']); } if (isset ($_POST['useraction']) && $_POST['useraction'] == 'userclass') { // header('location:'.e_ADMIN.'userclass.php?'.$e107->tp->toDB($_POST['userid'].'.'.e_QUERY)); // exit; $user->show_userclass($_POST['userid']); } // ------- Resend Email Confirmation. -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == 'resend') { $qry = (e_QUERY) ? "?".e_QUERY : ""; if ($sql->db_Select("user","*","user_id='".$_POST['userid']."' ")) { $resend = $sql->db_Fetch(); $text .= "

\n"; $text .= USRLAN_116." ".$resend['user_name']."

\n \n \n \n \n

\n"; $caption = USRLAN_112; $ns->tablerender($caption,$text); require_once ("footer.php"); exit; } } // ------- TEst Email confirmation. -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == 'test') { $qry = (e_QUERY) ? "?".e_QUERY : ""; if ($sql->db_Select("user","*","user_id='".$_POST['userid']."' ")) { $test = $sql->db_Fetch(); $text .= "

\n"; $text .= USRLAN_117."
".$test['user_email']."

\n \n \n

\n"; $caption = USRLAN_118; $ns->tablerender($caption,$text); require_once ("footer.php"); exit; } } // ------- Make Admin -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == "admin" && getperms('3')) { $sql->db_Select("user","user_id, user_name","user_id='".$_POST['userid']."'"); $row = $sql->db_Fetch(); $sql->db_Update("user","user_admin='1' WHERE user_id='".$_POST['userid']."' "); $admin_log->log_event('USET_08',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_164),E_LOG_INFORMATIVE); $user->show_message($row['user_name']." ".USRLAN_3." ".USRLAN_4.""); $action = "main"; if (!$sub_action) { $sub_action = "user_id"; } if (!$id) { $id = "DESC"; } } // ------- Remove Admin -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == "unadmin" && getperms('3')) { $sql->db_Select("user","*","user_id='".$_POST['userid']."'"); $row = $sql->db_Fetch(); extract($row); if ($user_perms == "0") { $user->show_message(USRLAN_5); } else { $sql->db_Update("user","user_admin='0', user_perms='' WHERE user_id='".$_POST['userid']."'"); $admin_log->log_event('USET_09',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_165),E_LOG_INFORMATIVE); $user->show_message($user_name." ".USRLAN_6); $action = "main"; if (!$sub_action) { $sub_action = "user_id"; } if (!$id) { $id = "DESC"; } } } // ------- Approve User. -------------- if (isset ($_POST['useraction']) && $_POST['useraction'] == "verify") { $user->user_activate($_POST['userid']); } if (isset ($action) && $action == "uset") { $user->show_message(USRLAN_87); $action = "main"; } if (isset ($action) && $action == "cu") { $user->show_message(USRLAN_88); $action = "main"; // $sub_action = "user_id"; } /* echo "action= ".$action."
"; echo "subaction= ".$sub_action."
"; echo "id= ".$id."
"; echo "from= ".$from."
"; echo "amount= ".$amount."
"; */ $unverified = $sql->db_Count("user","(*)","WHERE user_ban = 2"); if (!e_QUERY) $action = "main"; switch ($action) { case "unverified" : $user->show_existing_users($action,$sub_action,$id,$from,$amount); break; case "options" : $user->show_prefs(); break; case "prune" : $user->show_prune(); break; case "create" : $userMethods->deleteExpired(); // Remove time-expired users $user->user_add($user_data); break; default : $user->show_existing_users($action,$sub_action,$id,$from,$amount); } require_once ("footer.php"); class users { var $fields = array(); var $fieldpref = array(); var $sortorder = "asc"; var $sortorderrev = "desc"; var $sortfield = "user_id"; var $from = 0; function users() { global $pref,$user_pref,$sql,$tp; if (isset ($pref['admin_user_disp'])) { $user_pref['admin_users_columns'] = ($pref['admin_user_disp']) ? explode("|",$pref['admin_user_disp']) : array('user_status','user_name','user_class'); save_prefs('user'); unset ($pref['admin_user_disp']); save_prefs(); } $this->usersSaveColumnPref(); $this->fieldpref = (!$user_pref['admin_users_columns']) ? array('user_name','user_class') : $user_pref['admin_users_columns']; /* if (e_QUERY) { $tmp = explode('.', e_QUERY); $action = $tmp[0]; // main $sub_action = varset($tmp[1],''); $id = varset($tmp[2],0); $from = varset($tmp[3],0); unset($tmp); }*/ global $sub_action,$id,$from; if ($from) { $this->sortfield = $sub_action; $this->sortorder = $id; $this->sortorderrev = ($this->sortorder == 'asc') ? 'desc' : 'asc'; $this->from = $from; } $this->fields = array( 'checkboxes' => array('title' => '','width' => '3%','forced' => true,'thclass' => 'center first'), 'user_id' => array('title' => 'Id','width' => '5%','forced' => true), 'user_status' => array('title' => ADLAN_134,'width' => 'auto', 'nosort'=>TRUE), 'user_name' => array('title' => LAN_USER_01,'type' => 'text','width' => 'auto','thclass' => 'left first'), // Display name 'user_loginname' => array('title' => LAN_USER_02,'type' => 'text','width' => 'auto'), // User name 'user_login' => array('title' => LAN_USER_03,'type' => 'text','width' => 'auto'), // Real name (no real vetting) 'user_customtitle' => array('title' => LAN_USER_04,'type' => 'text','width' => 'auto'), // No real vetting 'user_password' => array('title' => LAN_USER_05,'type' => 'text','width' => 'auto'), 'user_sess' => array('title' => LAN_USER_06,'type' => 'text','width' => 'auto'), // Photo 'user_image' => array('title' => LAN_USER_07,'type' => 'text','width' => 'auto'), // Avatar 'user_email' => array('title' => LAN_USER_08,'type' => 'text','width' => 'auto'), 'user_signature' => array('title' => LAN_USER_09,'type' => 'text','width' => 'auto'), 'user_hideemail' => array('title' => LAN_USER_10,'type' => 'int','width' => 'auto'), 'user_xup' => array('title' => LAN_USER_11,'type' => 'text','width' => 'auto'), 'user_class' => array('title' => LAN_USER_12,'type' => 'class'), 'user_join' => array('title' => LAN_USER_14,'width' => 'auto'), 'user_lastvisit' => array('title' => LAN_USER_15,'width' => 'auto'), 'user_currentvisit' => array('title' => LAN_USER_16,'width' => 'auto'), 'user_comments' => array('title' => LAN_USER_17,'width' => 'auto'), 'user_ip' => array('title' => LAN_USER_18,'width' => 'auto'), 'user_ban' => array('title' => LAN_USER_19,'width' => 'auto'), 'user_prefs' => array('title' => LAN_USER_20,'width' => 'auto'), 'user_visits' => array('title' => LAN_USER_21,'width' => 'auto'), 'user_admin' => array('title' => LAN_USER_22,'width' => 'auto'), 'user_perms' => array('title' => LAN_USER_23,'width' => 'auto'), 'user_pwchange' => array('title' => LAN_USER_24,'width' => 'auto'), ); $sql->db_Select("user_extended_struct"); while ($row = $sql->db_Fetch()) { $field = "user_".$row['user_extended_struct_name']; $title = ucfirst(str_replace("user_","",$field)); $this->fields[$field] = array('title' => $title,'width' => 'auto'); } $this->fields['options'] = array('title' => LAN_OPTIONS,'width' => '10%',"thclass" => "center last",'forced' => true); } function process_batch() { list($type,$tmp,$uclass) = explode("_",$_POST['execute_batch']); $method = "user_".$type; if (method_exists($this,$method) && isset ($_POST['user_selected'])) { foreach ($_POST['user_selected'] as $userid) { if($type=='userclass' || $type=='remuserclass') { $append = ($uclass) ? 'append' : FALSE; $this->$method($userid,array($uclass),$append); } else { $this->$method($userid); } } } } function user_delete($userid,$confirm = false) { global $sql,$admin_log,$e_event,$ns; if ($_POST['confirm'] || !$confirm) { $uid = ($confirm) ? intval($_POST['userid']) : $userid; if ($sql->db_Delete("user","user_id=".$uid." AND user_perms != '0' AND user_perms != '0.'")) { $sql->db_Delete("user_extended","user_extended_id='".$uid."' "); $admin_log->log_event('USET_07',str_replace('--UID--',$uid,USRLAN_163),E_LOG_INFORMATIVE); $e_event->trigger('userdelete',$temp = array('user_id' => $uid)); $this->show_message(USRLAN_10); } if (!$sub_action) { $sub_action = "user_id"; } if (!$id) { $id = "DESC"; } } else { // Put up confirmation if ($sql->db_Select("user","*","user_id='".$_POST['userid']."' ")) { $row = $sql->db_Fetch(); $qry = (e_QUERY) ? "?".e_QUERY : ""; $text .= "

\n"; $text .= "

".USRLAN_13."

#{$row['user_id']} : {$row['user_name']}

  

"; $ns->tablerender(USRLAN_16,$text); require_once ("footer.php"); exit; } } } function user_unban($userid) { global $sql,$admin_log; $sql->db_Select("user","user_name,user_ip","user_id='".$userid."'"); $row = $sql->db_Fetch(); $sql->db_Update("user","user_ban='0' WHERE user_id='".$userid."' "); $sql->db_Delete("banlist"," banlist_ip='{$row['user_ip']}' "); $admin_log->log_event('USET_06',str_replace(array('--UID--','--NAME--'),array($userid,$row['user_name']),USRLAN_162),E_LOG_INFORMATIVE); $this->show_message(USRLAN_9." (".$userid.". ".$row['user_name'].")"); $action = "main"; if (!$sub_action) { $sub_action = "user_id"; } } function user_activate($userid) { global $sql,$e_event,$admin_log,$userMethods; $uid = intval($userid); if ($sql->db_Select("user","*","user_id='".$uid."' ")) { if ($row = $sql->db_Fetch()) { $dbData = array(); $dbData['WHERE'] = "user_id=".$uid; $dbData['data'] = array('user_ban' => '0','user_sess' => ''); // Add in the initial classes as necessary if ($userMethods->userClassUpdate($row,'userall')) { $dbData['data']['user_class'] = $row['user_class']; } $userMethods->addNonDefaulted($dbData); validatorClass :: addFieldTypes($userMethods->userVettingInfo,$dbData); $sql->db_Update('user',$dbData); $admin_log->log_event('USET_10',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_166),E_LOG_INFORMATIVE); $e_event->trigger('userfull',$row); // 'New' event $this->show_message(USRLAN_86." (#".$userid." : ".$row['user_name'].")"); if (!$action) { $action = "main"; } if (!$sub_action) { $sub_action = "user_id"; } if (!$id) { $id = "DESC"; } if ($pref['user_reg_veri'] == 2) { if ($sql->db_Select("user","user_email, user_name","user_id = '{$uid}'")) { $row = $sql->db_Fetch(); $message = USRLAN_114." ".$row['user_name'].",\n\n".USRLAN_122." ".SITENAME.".\n\n".USRLAN_123."\n\n"; $message .= str_replace("{SITEURL}",SITEURL,USRLAN_139); require_once (e_HANDLER."mail.php"); if (sendemail($row['user_email'],USRLAN_113." ".SITENAME,$message)) { // echo str_replace("\n","
",$message); $this->show_message("Email sent to: ".$row['user_name']); } else { $this->show_message("Failed to send to: ".$row['user_name'],'error'); } } } } } } function usersSaveColumnPref() { global $pref,$user_pref,$admin_log; if (isset ($_POST['submit-e-columns'])) { $user_pref['admin_users_columns'] = $_POST['e-columns']; save_prefs('user'); } } function user_info($ipd) { global $ns,$sql,$e107; if (isset($ipd)) { if(!defined("BULLET")) define("BULLET", "bullet2.gif"); // TODO - move to e_userinfo.php $obj = new convert; $sql->db_Select("chatbox", "*", "cb_ip='$ipd' LIMIT 0,20"); $host = $e107->get_host_name($ipd); $text = USFLAN_3." ".$ipd." [ ".USFLAN_4.": $host ]
".USFLAN_5."

"; while (list($cb_id, $cb_nick, $cb_message, $cb_datestamp, $cb_blocked, $cb_ip ) = $sql->db_Fetch()) { $datestamp = $obj->convert_date($cb_datestamp, "short"); $post_author_id = substr($cb_nick, 0, strpos($cb_nick, ".")); $post_author_name = substr($cb_nick, (strpos($cb_nick, ".")+1)); $text .= " ".$post_author_name." (".USFLAN_6.": ".$post_author_id.")\n
"; } $text .= "

---

"; $sql->db_Select("comments", "*", "comment_ip='$ipd' LIMIT 0,20"); while (list($comment_id, $comment_item_id, $comment_author, $comment_author_email, $comment_datestamp, $comment_comment, $comment_blocked, $comment_ip) = $sql->db_Fetch()) { $datestamp = $obj->convert_date($comment_datestamp, "short"); $post_author_id = substr($comment_author, 0, strpos($comment_author, ".")); $post_author_name = substr($comment_author, (strpos($comment_author, ".")+1)); $text .= " ".$post_author_name." (".USFLAN_6.": ".$post_author_id.")\n
"; } } $ns->tablerender(USFLAN_7, $text); } function showUserStatus($row) { if ($row['user_perms'] == "0") { $text .= ""; } else if ($row['user_admin']) { $text .= ""; } else if ($row['user_ban'] == 1) { $text .= ""; } else if ($row['user_ban'] == 2) { $text .= ""; } else if ($row['user_ban'] == 3) { $text .= ""; } else { $text .= " "; } return $text; } function showUserOptions($row) { extract($row); $text .= ""; return $text; } function show_search_filter() { global $frm; $e_userclass = new user_class; // TODO - The search field (not the userclass drop-down) should be replaced with a generic ajax search-filter class element. $text = "

\n"; $text .= "

\n"; $list = $e_userclass->uc_required_class_list("public,member,admin,main,classes"); $ulist = $list + array('unverified'=>LAN_NOTVERIFIED,'banned'=>LAN_BANNED,'bounced'=>LAN_BOUNCED); $text .= "\n"; foreach($ulist as $key=>$val) { $sel = ($_SESSION['searchclass'] == $key) ? "selected='selected'" : ""; $text .= "".$val."\n"; } $text .= ""; $text .= $frm->admin_button('searchsubmit', ADLAN_142); // \n // \n"; $text .= "

\n"; return $text; } function get_search_query() { global $sql,$frm,$ns,$tp,$mySQLdefaultdb,$pref,$unverified,$userMethods,$sub_action,$id,$from, $amount; if(isset($_POST['searchquery'])) // We could use $_GET, if so, would need to rework the ordering to use $_GET also. { $_SESSION['searchquery'] = $_POST['searchquery']; } if(isset($_POST['searchclass'])) { $_SESSION['searchclass'] = $_POST['searchclass']; } if (isset ($_SESSION['searchquery']) && $_SESSION['searchquery'] != "") { $_SESSION['searchquery'] = $tp->toDB(trim($_SESSION['searchquery'])); $query .= "( "; $query .= (strpos($_SESSION['searchquery'],"@") !== false) ? "user_email REGEXP('".$_SESSION['searchquery']."') OR " : ""; $query .= (strpos($_SESSION['searchquery'],".") !== false) ? "user_ip REGEXP('".$_SESSION['searchquery']."') OR " : ""; $fquery = array(); foreach ($this->fieldpref as $field) { $fquery[] = $field." REGEXP('".$_SESSION['searchquery']."')"; } $query .= implode(" OR ",$fquery); $query .= " ) "; $qry_order = ' ORDER BY user_id'; } else { $query = ''; /* if ($action == 'unverified') { $query = 'user_ban = 2 '; }*/ $qry_order = 'ORDER BY '.($sub_action ? $sub_action : 'user_id').' '.($id ? $id : 'DESC')." LIMIT $from, $amount"; } if(varset($_SESSION['searchclass'])) { $uqry[e_UC_ADMIN] = " u.user_admin = 1 "; $uqry[e_UC_MEMBER] = " u.user_ban = '0' "; $uqry[e_UC_MAINADMIN] = " u.user_perms = '0' "; $uqry['unverified'] = " u.user_ban = 2 "; $uqry['banned'] = " u.user_ban = 1 "; $uqry['bounced'] = " u.user_ban = 3 "; if($query) { $query .= " AND "; } if(isset($uqry[$_SESSION['searchclass']])) { $query .= $uqry[$_SESSION['searchclass']]; } else { $query .= " FIND_IN_SET(".$_SESSION['searchclass'].",u.user_class) "; } } // $user_total = db_Count($table, $fields = '(*)', $qry_insert = 'SELECT u.*, ue.* FROM `#user` AS u LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id '; return ($query) ? $qry_insert." WHERE ".$query.$qry_order : $qry_insert.$qry_order; } function show_existing_users($action,$sub_action,$id,$from,$amount) { global $sql,$frm,$ns,$tp,$mySQLdefaultdb,$pref,$unverified,$userMethods; $e107 = e107 :: getInstance(); $qry = $this->get_search_query(); $text = ""; $emessage = & eMessage :: getInstance(); // ====================== $total_cap = (isset ($_POST['searchquery'])) ? $user_total : $users; $caption = USRLAN_77."   (total: $total_cap)"; $ns->tablerender($caption,$emessage->render().$text); } function show_batch_options() { $text = " With selected... ".USRLAN_30." ".USRLAN_33." ".USRLAN_32." ".LAN_DELETE." "; $classes = get_userclass_list(); foreach ($classes as $key => $val) { if ($key < 240 && $key!=0) { $text .= "".$val['userclass_name']['userclass_name']."\n"; } } $text .= " "; foreach ($classes as $key => $val) { if ($key < 240 && $key!=0) { $text .= "".$val['userclass_name']['userclass_name']."\n"; } } $text .= "".USRLAN_220."  "; return $text; } function show_options($action) { // Please duplicate any changes to this function also in /usersettings.php. (at the end of the script) global $unverified; // ##### Display options if ($action == '') { $action = 'main'; } // ##### Display options $var ['main']['text'] = USRLAN_71; $var ['main']['link'] = e_ADMIN.'users.php'; $var ['create']['text'] = USRLAN_72; $var ['create']['link'] = e_ADMIN.'users.php?create'; $var ['prune']['text'] = USRLAN_73; $var ['prune']['link'] = e_ADMIN.'users.php?prune'; $var ['options']['text'] = LAN_OPTIONS; $var ['options']['link'] = e_ADMIN.'users.php?options'; if ($unverified) { $var ['unveri']['text'] = USRLAN_138." ($unverified)"; $var ['unveri']['link'] = e_ADMIN.'users.php?unverified'; } $var ['rank']['text'] = USRLAN_196; $var ['rank']['link'] = e_ADMIN.'users.php?ranks'; // $var['mailing']['text']= USRLAN_121; // $var['mailing']['link']="mailout.php"; show_admin_menu(USRLAN_76,$action,$var); } function show_prefs() { global $ns,$pref,$e_userclass; if (!is_object($e_userclass)) $e_userclass = new user_class; $pref['memberlist_access'] = varset($pref['memberlist_access'],e_UC_MEMBER); $text = ""; $emessage = & eMessage :: getInstance(); $ns->tablerender(USRLAN_52,$emessage->render().$text); } function show_message($message,$type = '') { $emessage = & eMessage :: getInstance(); $emessage->add($message,E_MESSAGE_SUCCESS); } function show_prune() { global $ns,$sql; $unactive = $sql->db_Count("user","(*)","WHERE user_ban=2"); $bounced = $sql->db_Count("user","(*)","WHERE user_ban=3"); $older30 = $sql->db_Count("user","(*)","WHERE user_ban=2 AND (user_join < ".strtotime("-30 days").")"); $text = ""; $emessage = & eMessage :: getInstance(); $ns->tablerender(USRLAN_55,$emessage->render().$text); } // Add a new user - may be passed existing data if there was an entry error on first pass function user_add($user_data) { global $rs,$ns,$pref,$e_userclass; if (!is_object($e_userclass)) $e_userclass = new user_class; $text = " "; $emessage = & eMessage :: getInstance(); $ns->tablerender(USRLAN_59,$emessage->render().$text); } function resend($id,$key,$name,$email,$lfile = '') { global $sql,$mailheader_e107id,$admin_log; $id = (int) $id; // Check for a Language field, and if present, send the email in the user's language. if ($lfile == "") { if ($sql->db_Select('user_extended','user_language','user_extended_id = '.$id)) { $row = $sql->db_Fetch(); $lfile = e_LANGUAGEDIR.$row['user_language'].'/lan_signup.php'; } } if (is_readable($lfile)) { require_once ($lfile); } else { $row['user_language'] = e_LANGUAGE; //@FIXME use array require_once (e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); } $return_address = (substr(SITEURL,- 1) == "/") ? SITEURL."signup.php?activate.".$id.".".$key : SITEURL."/signup.php?activate.".$id.".".$key; $message = LAN_EMAIL_01." ".$name."\n\n".LAN_SIGNUP_24." ".SITENAME.".\n".LAN_SIGNUP_21."\n\n"; $message .= $return_address."\n\n".SITENAME."\n".SITEURL; $mailheader_e107id = $id; require_once (e_HANDLER."mail.php"); if (sendemail($email,LAN_404." ".SITENAME,$message)) { // echo str_replace("\n","
",$message); $admin_log->log_event('USET_11',str_replace(array('--ID--','--NAME--','--EMAIL--'),array($id,$name,$email),USRLAN_167),E_LOG_INFORMATIVE); $this->show_message(USRLAN_140.": ".$name." (".$row['user_language'].") "); } else { $this->show_message(USRLAN_141.": ".$name); } } // ------- Ban User. -------------- function user_ban($user_id) { global $sql,$user,$admin_log; // $sub_action = $user_id; $sql->db_Select("user","*","user_id='".$user_id."'"); $row = $sql->db_Fetch(); if (($row['user_perms'] == "0") || ($row['user_perms'] == "0.")) { $this->show_message(USRLAN_7); } else { if ($sql->db_Update("user","user_ban='1' WHERE user_id='".$user_id."' ")) { $admin_log->log_event('USET_05',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_161),E_LOG_INFORMATIVE); $this->show_message(USRLAN_8); } if (trim($row['user_ip']) == "") { $this->show_message(USRLAN_135); } else { if ($sql->db_Count("user","(*)","WHERE user_ip = '{$row['user_ip']}'") > 1) { // Multiple users have same IP address $this->show_message(str_replace("{IP}",$row['user_ip'],USRLAN_136)); } else { if ($e107->add_ban(6,USRLAN_149.$row['user_name'].'/'.$row['user_loginname'],$row['user_ip'],USERID)) { // Successful IP ban $this->show_message(str_replace("{IP}",$row['user_ip'],USRLAN_137)); } else { // IP address on whitelist $this->show_message(str_replace("{IP}",$row['user_ip'],USRLAN_150)); } } } } $action = "main"; if (!$sub_action) { $sub_action = "user_id"; } } function resend_to_all() { global $sql,$pref,$sql3,$admin_log; $count = 0; $pause_count = 1; $pause_amount = ($pref['mail_pause']) ? $pref['mail_pause'] : 10; $pause_time = ($pref['mail_pausetime']) ? $pref['mail_pausetime'] : 1; if ($sql->db_Select_gen('SELECT user_language FROM `#user_extended` LIMIT 1')) { $query = "SELECT u.*, ue.* FROM `#user` AS u LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id WHERE u.user_ban = 2 ORDER BY u.user_id DESC"; } else { $query = 'SELECT * FROM `#user` WHERE user_ban=2'; } $sql3 = e107::getDb('sql3'); $sql3->db_Select_gen($query); while ($row = $sql3->db_Fetch()) { echo $row['user_id']." ".$row['user_sess']." ".$row['user_name']." ".$row['user_email']."
"; $this->resend($row['user_id'],$row['user_sess'],$row['user_name'],$row['user_email'],$row['user_language']); if ($pause_count > $pause_amount) { sleep($pause_time); $pause_count = 1; } sleep(1); $pause_count++; $count++; } if ($count) { $admin_log->log_event('USET_12',str_replace('--COUNT--',$count,USRLAN_168),E_LOG_INFORMATIVE); } } // --------------------------------------------------------------------- // Bounce handling // --------------------------------------------------------------------- // $bounce_act has the task to perform: // 'first_check' - initial read of list of bounces // 'delnonbounce' - delete any emails that aren't bounces // 'clearemailbounce' - delete email address for any user whose emails bounced // 'delchecked' - delete the emails whose comma-separated IDs are in $bounce_arr // 'delall' - delete all bounced emails function check_bounces($bounce_act = 'first_check',$bounce_arr = '') { global $sql,$pref; include (e_HANDLER.'pop3_class.php'); if (!trim($bounce_act)) { $bounce_act = 'first_check'; } // echo "Check bounces. Action: {$bounce_act}; Entries: {$bounce_arr}
"; $obj = new receiveMail($pref['mail_bounce_user'],$pref['mail_bounce_pass'],$pref['mail_bounce_email'],$pref['mail_bounce_pop3'],varset($pref['mail_bounce_type'],'pop3')); $del_count = 0; if ($bounce_act != 'first_check') { // Must do some deleting $obj->connect(); $tot = $obj->getTotalMails(); $del_array = explode(',',$bounce_arr); for ($i = 1; $i <= $tot; $i++) { // Scan all emails; delete current one if meets the criteria $dodel = false; switch ($bounce_act) { case 'delnonbounce' : $head = $obj->getHeaders($i); $dodel = (!$head['bounce']); break; case 'clearemailbounce' : if (!in_array($i,$del_array)) break; $head = $obj->getHeaders($i); if ($head['bounce']) { if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i",$obj->getBody($i),$result)) { $usr_email = trim($result[0]); } if ($sql->db_Select('user','user_id, user_name, user_email',"user_email='".$usr_email."' ")) { $row = $sql->db_Fetch(); if ($sql->db_Update('user',"`user_email`='' WHERE `user_id` = '".$row['user_id']."' ") !== false) { // echo "Deleting user email {$row['user_email']} for user {$row['user_name']}, id={$row['user_id']}
"; $dodel = true; } } } break; case 'delall' : $dodel = true; break; case 'delchecked' : $dodel = in_array($i,$del_array); break; } if ($dodel) { // echo "Delete email ID {$i}
"; $obj->deleteMails($i); $del_count++; // Keep track of number of emails deleted } } // End - Delete one email $obj->close_mailbox(); // This actually deletes the emails } // End of email deletion // Now list the emails that are left $obj->connect(); $tot = $obj->getTotalMails(); $found = false; $DEL = ($pref['mail_bounce_delete']) ? true : false; $text = "
"; array_unique($id); array_unique($emails); $all_ids = implode(',',$id); $all_emails = implode(',',$emails); $obj->close_mailbox(); // This will actually delete emails // $tot has total number of emails in the mailbox $found = count($emails); // $found - Number of bounce emails found // $del_count has number of emails deleted // Update bounce status for users $ed = $sql->db_Update('user',"user_ban=3 WHERE (`user_id` IN (".$all_ids.") OR `user_email` IN (".$all_emails.")) AND user_sess !='' "); if (!$ed) $ed = '0'; $this->show_message(str_replace(array('{TOTAL}','{DELCOUNT}','{DELUSER}','{FOUND}'),array($tot,$del_count,$ed,$found),USRLAN_155).$text); } function check_allowed($class_id) // check userclass change is permitted. { global $e_userclass; if (!isset ($e_userclass->class_tree[$class_id])) { header("location:".SITEURL); exit; } if (!getperms("0") && !check_class($e_userclass->class_tree[$class_id]['userclass_editclass'])) { header("location:".SITEURL); exit; } return true; } // ------------------------------------------------------------------------ function show_userclass($userid) { global $sql,$ns, $e_userclass; $sql->db_Select("user","*","user_id={$userid} "); $row = $sql->db_Fetch(); $caption = UCSLAN_6." ".$row['user_name']." (".$row['user_class'].")"; $text = " "; $ns->tablerender($caption,$text); } function user_remuserclass($userid,$uclass) { global $sql,$sql2; $eu = new e_userclass; if($sql->db_Select("user","user_id,user_class","user_id={$userid} LIMIT 1")) { $row = $sql->db_Fetch(); $eu->class_remove($uclass[0], array($row['user_id']=>$row['user_class'])); } $emessage = &eMessage::getInstance(); $emessage->add(UCSLAN_9, E_MESSAGE_SUCCESS); // classes updated; } // Set userclass for user(s). function user_userclass($userid,$uclass,$append=FALSE) { global $sql, $admin_log, $e_userclass; $remuser = true; $emessage = &eMessage::getInstance(); if($_POST['notifyuser'] || $append!==FALSE) { $sql->db_Select("user","*","user_id={$userid} "); $row = $sql->db_Fetch(); $curClass = varset($row['user_class']) ? explode(",",$row['user_class']) : array(); } foreach ($uclass as $a) { $a = intval($a); $this->check_allowed($a); if($a !=0) { $curClass[] = $a; } } $curClass = array_unique($curClass); $svar = is_array($curClass) ? implode(",",$curClass) : ""; if($sql->db_Update("user","user_class='".$svar."' WHERE user_id={$userid} ")===TRUE) { $message = UCSLAN_9; if ($_POST['notifyuser']) { $message .= "
".UCSLAN_1.": ".$row['user_name']."
"; require_once (e_HANDLER."mail.php"); $messaccess = ''; foreach ($curClass as $a) { if (!isset ($e_userclass->fixed_classes[$a])) { $messaccess .= $e_userclass->class_tree[$a]['userclass_name']." - ".$e_userclass->class_tree[$a]['userclass_description']."\n"; } } if ($messaccess == '') $messaccess = UCSLAN_12."\n"; $send_to = $row['user_email']; $subject = UCSLAN_2; $message = UCSLAN_3." ".$row['user_name'].",\n\n".UCSLAN_4." ".SITENAME."\n( ".SITEURL." )\n\n".UCSLAN_5.": \n\n".$messaccess."\n".UCSLAN_10."\n".SITEADMIN."\n( ".SITENAME." )"; // $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User class change",str_replace("\n","
",$message),FALSE,LOG_TO_ROLLING); sendemail($send_to,$subject,$message); } $admin_log->log_event('USET_14',str_replace(array('--UID--','--CLASSES--'),array($id,$svar),UCSLAN_11),E_LOG_INFORMATIVE); $emessage->add($message, E_MESSAGE_SUCCESS); } else { // $emessage->add("Update Failed", E_MESSAGE_ERROR); } } } // End class users function users_adminmenu() { global $user; global $action; $user->show_options($action); } function deleteRank($rankId) { global $emessage; $e107 = e107 :: getInstance(); $rankId = (int) $rankId; $e107->ecache->clear_sys('nomd5_user_ranks'); if ($e107->sql->db_Delete('generic',"gen_id='{$rankId}'")) { $emessage->add(USRLAN_218,E_MESSAGE_SUCCESS); } else { $emessage->add(USRLAN_218,E_MESSAGE_FAIL); } } function updateRanks() { global $pref,$emessage; $e107 = e107 :: getInstance(); $config = array(); $ranks_calc = ''; $ranks_flist = ''; foreach ($_POST['op'] as $f => $o) { $config[$f]['op'] = $o; $config[$f]['val'] = varset($_POST['val'][$f],''); if ($_POST['val'][$f]) { $ranks_calc .= ($ranks_calc ? ' + ' : '').'({'.$f.'} '." $o {$_POST['val'][$f]}".' )'; $ranks_flist .= ($ranks_flist ? ',' : '').$f; } } $e107->sql->db_Delete('generic',"gen_type = 'user_rank_config'"); $tmp = array(); $tmp['data']['gen_type'] = 'user_rank_config'; $tmp['data']['gen_chardata'] = serialize($config); $tmp['_FIELD_TYPES']['gen_type'] = 'string'; $tmp['_FIELD_TYPES']['gen_chardata'] = 'escape'; $e107->sql->db_Insert('generic',$tmp); $pref['ranks_calc'] = $ranks_calc; $pref['ranks_flist'] = $ranks_flist; save_prefs(); //Delete existing rank data $e107->sql->db_Delete('generic',"gen_type = 'user_rank_data'"); //Add main site admin info $tmp = array(); $tmp['_FIELD_TYPES']['gen_datestamp'] = 'int'; $tmp['_FIELD_TYPES']['gen_ip'] = 'todb'; $tmp['_FIELD_TYPES']['gen_user_id'] = 'int'; $tmp['_FIELD_TYPES']['gen_chardata'] = 'todb'; $tmp['_FIELD_TYPES']['gen_intdata'] = 'int'; $tmp['data']['gen_datestamp'] = 1; $tmp['data']['gen_type'] = 'user_rank_data'; $tmp['data']['gen_ip'] = $_POST['calc_name']['main_admin']; $tmp['data']['gen_user_id'] = varset($_POST['calc_pfx']['main_admin'],0); $tmp['data']['gen_chardata'] = $_POST['calc_img']['main_admin']; $e107->sql->db_Insert('generic',$tmp); //Add site admin info unset ($tmp['data']); $tmp['data']['gen_type'] = 'user_rank_data'; $tmp['data']['gen_datestamp'] = 2; $tmp['data']['gen_ip'] = $_POST['calc_name']['admin']; $tmp['data']['gen_user_id'] = varset($_POST['calc_pfx']['admin'],0); $tmp['data']['gen_chardata'] = $_POST['calc_img']['admin']; $e107->sql->db_Insert('generic',$tmp); //Add all current site defined ranks if (isset ($_POST['field_id'])) { foreach ($_POST['field_id'] as $fid => $x) { unset ($tmp['data']); $tmp['data']['gen_type'] = 'user_rank_data'; $tmp['data']['gen_ip'] = varset($_POST['calc_name'][$fid],''); $tmp['data']['gen_user_id'] = varset($_POST['calc_pfx'][$fid],0); $tmp['data']['gen_chardata'] = varset($_POST['calc_img'][$fid],''); $tmp['data']['gen_intdata'] = varset($_POST['calc_lower'][$fid],'_NULL_'); $e107->sql->db_Insert('generic',$tmp); } } //Add new rank, if posted if (varset($_POST['new_calc_lower'])) { unset ($tmp['data']); $tmp['data']['gen_type'] = 'user_rank_data'; $tmp['data']['gen_datestamp'] = 0; $tmp['data']['gen_ip'] = varset($_POST['new_calc_name']); $tmp['data']['gen_user_id'] = varset($_POST['new_calc_pfx'],0); $tmp['data']['gen_chardata'] = varset($_POST['new_calc_img']); $tmp['data']['gen_intdata'] = varset($_POST['new_calc_lower']); $e107->sql->db_Insert('generic',$tmp); } $e107->ecache->clear_sys('nomd5_user_ranks'); $emessage->add(USRLAN_217,E_MESSAGE_SUCCESS); } function show_ranks() { global $pref,$emessage; $e107 = e107 :: getInstance(); include_once (e_HANDLER.'file_class.php'); include_once (e_HANDLER.'level_handler.php'); require_once (e_HANDLER.'message_handler.php'); require_once (e_HANDLER."form_handler.php"); $frm = new e_form(true); //enable inner tabindex counter $f = new e_file; $ranks = new e107UserRank; $imageList = $f->get_files(e_IMAGE.'ranks','.*?\.(png|gif|jpg)'); $config = array(); if ($e107->sql->db_Select('generic','gen_chardata',"gen_type='user_rank_config'",'default')) { $row = $e107->sql->db_Fetch(MYSQL_ASSOC); $config = unserialize($row['gen_chardata']); } $fieldList = array('core' => array(),'extended' => array()); $fieldList['core'] = array('comments' => USRLAN_201,'visits' => USRLAN_202,'daysregged' => USRLAN_203); foreach ($e107->extended_struct as $field) { if (strpos($field['Type'],'int') !== false && $field['Field'] != 'user_extended_id') { $fieldList['extended'][] = substr($field['Field'],5); } } $opArray = array('*','+','-'); $text .= "

"; foreach ($fieldList['core'] as $k => $f) { $text .= " "; } if (count($fieldList['extended'])) { foreach ($fieldList['extended'] as $f) { $text .= " "; } } if (isset ($pref['ranks_calc'])) { $text .= " "; } $text .= '

".USRLAN_197."	".USRLAN_198."	".USRLAN_199."	".USRLAN_200."
".USRLAN_204."	{$f}	"; foreach ($opArray as $op) { $sel = (varset($config[$k]['op']) == $op ? "selected='selected'" : ''); $text .= "{$op}"; } $text .= "
".USRLAN_205."	{$f}	"; foreach ($opArray as $op) { $sel = (varset($config[$f]['op']) == $op ? "selected='selected'" : ''); $text .= "{$op}"; } $text .= "
".USRLAN_206.": {$pref['ranks_calc']}

'; $e107->ns->tablerender('',$emessage->render()); $e107->ns->tablerender('Rank Calculation fields',$text); $text = " "; $info = $ranks->ranks['special'][1]; $val = $e107->tp->toForm($info['name']); $pfx = ($info['lan_pfx'] ? "checked='checked'" : ''); $text .= " "; $info = $ranks->ranks['special'][2]; $val = $e107->tp->toForm($info['name']); $pfx = ($info['lan_pfx'] ? "checked='checked'" : ''); $text .= " "; foreach ($ranks->ranks['data'] as $k => $r) { $pfx_checked = ($r['lan_pfx'] ? "checked='checked'" : ''); $text .= " "; } $text .= " "; $text .= '

".USRLAN_207."	".USRLAN_208."	".USRLAN_209."	".USRLAN_210."	".USRLAN_211."
".LAN_MAINADMIN."		N/A		".RankImageDropdown($imageList,'calc_img[main_admin]',$info['image'])."
".LAN_ADMIN."		N/A		".RankImageDropdown($imageList,'calc_img[admin]',$info['image'])."
".USRLAN_212."				".RankImageDropdown($imageList,"calc_img[$k]",$r['image'])." ".$frm->submit_image("delete_rank[{$r['id']}]",LAN_DELETE,'delete',USRLAN_213.": [{$r['name']}]?")."
".USRLAN_214."				".RankImageDropdown($imageList,'new_calc_img')."

'; $e107->ns->tablerender('Ranks',$text); include (e_ADMIN.'footer.php'); exit; } function RankImageDropdown(& $imgList,$field,$curVal = '') { $ret = " ".USRLAN_216." "; foreach ($imgList as $img) { $sel = ($img['fname'] == $curVal ? "selected='selected'" : ''); $ret .= "\n{$img['fname']}"; } $ret .= ''; return $ret; } ?>