A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

459 lines
15 KiB

  1. <?php
  2. /**
  3. * @package uForum
  4. * @file admin/admin_users.php
  5. * @version $Id$
  6. * @copyright 2009(c) PioDer <pioder@wp.pl>
  7. * @link http://pioder.gim2przemysl.int.pl/
  8. * @license GNU GPL v3
  9. **/
  10. define('IN_uF', true);
  11. //include files
  12. include('./../config.php');
  13. include('./../includes/constants.php');
  14. include('./../includes/db.php');
  15. include('./../includes/errors.php');
  16. //connect to database
  17. DataBase::db_connect();
  18. include('./../includes/sessions.php');
  19. include('./../includes/classes/class_user.php');
  20. include('./../common.php');
  21. include('./../includes/admin/class_main.php');
  22. include('./../includes/classes/class_topic.php');
  23. include('./../includes/classes/class_posting.php');
  24. include('./../includes/classes/secure.php');
  25. $default_lang = Admin_Over::DefaultLang();
  26. include('./../lngs/'.$default_lang.'/admin.php');
  27. SessDelInvalid();
  28. SessRegister();
  29. SessDeleteOld();
  30. if (User::UserInformation($_SESSION['uid'],'rank')!=2)
  31. {
  32. admin_message_forum($lng['yournotadmin'],'../index.php');
  33. }
  34. if (!isset($_GET['mode']))
  35. {
  36. header('Location: admin_users.php?mode=view');
  37. }
  38. switch($_GET['mode'])
  39. {
  40. case 'delete':
  41. {
  42. $uid = intval($_GET['id']);
  43. //delete from users table
  44. $sql = "DELETE FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
  45. DataBase::sql_query($sql,GENERAL,'Could not delete user.');
  46. //delete from PM SentBox table
  47. $sql = "DELETE FROM ".PM_SENTBOX_TABLE." WHERE `u_n_id`='$uid'";
  48. DataBase::sql_query($sql,GENERAL,'Could not delete user sentbox messages.');
  49. //update PM InBox table -> change u_n_id to Anonymous
  50. $sql = "UPDATE ".PM_INBOX_TABLE." SET `u_n_id`='-1' WHERE `u_n_id`='$uid'";
  51. DataBase::sql_query($sql,GENERAL,'Could not update user inbox messages.');
  52. //update user posts -> change u_id to Anonymous
  53. $sql = "UPDATE ".POSTS_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
  54. DataBase::sql_query($sql,GENERAL,'Could edit post.');
  55. //update shoutbox messages -> change u_id to Anonymous
  56. $sql = "UPDATE ".SHOUTBOX_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
  57. DataBase::sql_query($sql,GENERAL,'Could edit shoutbox messages.');
  58. //update user topics -> change u_id to Anonymous
  59. $sql = "UPDATE ".TOPICS_TABLE." SET `author`='-1' WHERE `author`='$uid'";
  60. DataBase::sql_query($sql,GENERAL,'Could edit post.');
  61. //back to admin users
  62. admin_message_forum($lng['user_deleted'],'admin_users.php');
  63. break;
  64. }
  65. case 'edit':
  66. {
  67. $uid = intval($_GET['id']);
  68. $msg='';
  69. $errors = true;
  70. if (isset($_POST['email']))
  71. {
  72. if ( ereg ("^.+@.+\..+$", $_POST['email']))
  73. {
  74. //if user changing password...
  75. if ($_POST['password']!='')
  76. {
  77. if (md5($_POST['password'])==User::UserInformation($_SESSION['uid'],'pass'))
  78. {
  79. if ($_POST['newpassword']==$_POST['confirmpassword'])
  80. {
  81. User::UpdatePassword($_SESSION['uid'], md5(strip_tags($_POST['newpassword'])));
  82. $errors = false;
  83. }
  84. else
  85. {
  86. $message=$lng['incorrect_password2'];
  87. $msg = './template/post_error_body.tpl';
  88. }
  89. }
  90. else
  91. {
  92. $message=$lng['incorrect_password'];
  93. $msg = './template/post_error_body.tpl';
  94. }
  95. }
  96. else
  97. {
  98. if ($_POST['default_skin']!='-1')
  99. {
  100. if ($_POST['default_lang']!='-1')
  101. {
  102. if ($_POST['limit_tpid']!='-1')
  103. {
  104. if ($_POST['limit_ftid']!='-1')
  105. {
  106. if ($_POST['limit_users']!='-1')
  107. {
  108. if (strlen(trim($_POST['sig']))<$forum_config['sig_len'])
  109. {
  110. $errors = false;
  111. }
  112. else
  113. {
  114. $message = $lng['signature_too_long'];
  115. $msg = './template/post_error_body.tpl';
  116. }
  117. }
  118. else
  119. {
  120. $message = $lng['no_limit_users'];
  121. $msg = './template/post_error_body.tpl';
  122. }
  123. }
  124. else
  125. {
  126. $message = $lng['no_limit_ftid'];
  127. $msg = './template/post_error_body.tpl';
  128. }
  129. }
  130. else
  131. {
  132. $message = $lng['no_limit_tpid'];
  133. $msg = './template/post_error_body.tpl';
  134. }
  135. }
  136. else
  137. {
  138. $message=$lng['invalid_lang'];
  139. $msg = './template/post_error_body.tpl';
  140. }
  141. }
  142. else
  143. {
  144. $message=$lng['invalid_skin'];
  145. $msg = './template/post_error_body.tpl';
  146. }
  147. }
  148. if (!$errors)
  149. {
  150. $_POST['ggnumber']=strip_tags($_POST['ggnumber']);
  151. $_POST['interests']=strip_tags($_POST['interests']);
  152. $_POST['sig']=Secure::TagsReplace($_POST['sig']);
  153. $allow_shoutbox = (isset($_POST['allow_shoutbox'])) ? '1' : 0;
  154. if (isset($_FILES['avatar_file']['tmp_name']))
  155. {
  156. $extension = substr($_FILES['avatar_file']['name'],(strlen($_FILES['avatar_file']['name'])-3));
  157. if (($extension == 'jpg') or ($extension == 'gif'))
  158. {
  159. if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg'))
  160. {
  161. unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg');
  162. }
  163. if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif'))
  164. {
  165. unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif');
  166. }
  167. move_uploaded_file($_FILES['avatar_file']['tmp_name'], AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension);
  168. $_POST['avatar'] = AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension;
  169. }
  170. else
  171. {
  172. $_POST['avatar'] = strip_tags($_POST['avatar']);
  173. }
  174. }
  175. else
  176. {
  177. $_POST['avatar'] = strip_tags($_POST['avatar']);
  178. }
  179. User::UpdateAdminPools($uid,strip_tags($_POST['posts']),$_POST['user_rank'],$_POST['user_active'], strip_tags($_POST['nick']));
  180. User::UpdateProfile($uid,$_POST['ggnumber'],$_POST['email'],$_POST['interests'], $_POST['sig'],$_POST['avatar'],$_POST['allow_qr'],$_POST['allow_email'],$_POST['allow_gg'],$_POST['default_skin'],$_POST['default_lang'], $_POST['limit_tpid'],$_POST['limit_ftid'], $_POST['limit_users'], $allow_shoutbox);
  181. admin_message_forum($lng['profile_modernized'],'admin_users.php?mode=edit&id='.$uid);
  182. }
  183. }
  184. else
  185. {
  186. $message=$lng['invalid_email'];
  187. $msg = './template/post_error_body.tpl';
  188. }
  189. }
  190. $sql = "SELECT * FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
  191. $userinfo = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information'));
  192. if ($userinfo['rank']=='')
  193. {
  194. admin_message_forum($lng['no_user'],'admin_users.php?mode=view');
  195. }
  196. //add skin variables
  197. $skin = array(
  198. //labels profile
  199. 'L.admin_users'=>$lng['admin_users'],
  200. 'lnick'=>$lng['user_name'],
  201. 'lpass'=>$lng['lpassw'],
  202. 'lnewpass'=>$lng['new_password'],
  203. 'lcpass'=>$lng['confirm_password'],
  204. 'lemail'=>'E-mail',
  205. 'lgg'=>$lng['gg_number'],
  206. 'lallow_gg'=>$lng['allow_gg'],
  207. 'lallow_email'=>$lng['allow_email'],
  208. 'lallow_qr'=>$lng['allow_qr'],
  209. 'linterests'=>$lng['luinterests'],
  210. 'lsig'=>$lng['sig'],
  211. 'lavaddr'=>$lng['picture_adress'],
  212. 'lovpr'=>$lng['general_settings'],
  213. 'L.select_value'=>$lng['select_value'],
  214. 'L.limit_users'=>$lng['limit_users'],
  215. 'OPTIONS.limit_users'=>Admin_Over::ListPages($userinfo['limit_users']),
  216. 'L.posts_in_topic'=>$lng['limit_posts'],
  217. 'OPTIONS.limit_tpid'=>Admin_Over::ListPages($userinfo['limit_tpid']),
  218. 'L.topics_in_forum'=>$lng['limit_topics'],
  219. 'OPTIONS.limit_ftid'=>Admin_Over::ListPages($userinfo['limit_ftid']),
  220. 'lupr'=>$lng['profile_settings'],
  221. 'lspr'=>$lng['signature_settings'],
  222. 'ladmpr'=>$lng['admin_settings'],
  223. 'luser_rank'=>$lng['user_rank'],
  224. 'luser_actived'=>$lng['user_actived'],
  225. 'lposts'=>$lng['posts'],
  226. 'posts'=>$userinfo['posts'],
  227. 'ldefault_lang'=>$lng['default_lang'],
  228. 'default_lang'=>Admin_Over::ListDir('lngs', $userinfo['default_lang']),
  229. 'l2default_lang'=>$lng['select_lang'],
  230. 'ldefault_skin'=>$lng['default_skin2'],
  231. 'default_skin'=>Admin_Over::ListDir('skins', $userinfo['default_skin']),
  232. 'l2default_skin'=>$lng['select_skin'],
  233. 'lapr'=>$lng['avatar_settings'],
  234. 'lsubmit'=>$lng['save'],
  235. 'allow'=>$lng['allow'],
  236. 'lreset'=>$lng['reset'],
  237. 'nick'=>$userinfo['nick'],
  238. 'user'=>$lng['user'],
  239. 'lallow_shoutbox'=>$lng['allow_shoutbox'],
  240. 'allow_shoutbox'=>($userinfo['view_shoutbox']==1) ? 'checked="checked"' : '',
  241. //options profile
  242. 'sig'=>$userinfo['sig'],
  243. 'avatar'=>$userinfo['avatar'],
  244. 'interests'=>$userinfo['interests'],
  245. 'email'=>$userinfo['email'],
  246. 'gg'=>$userinfo['gg'],
  247. //options values
  248. 'option_no_gg'=>($userinfo['allow_gg']==0) ? 'checked="checked"' : '',
  249. 'option_no_email'=>($userinfo['allow_email']==0) ? 'checked="checked"' : '',
  250. 'option_no_qr'=>($userinfo['allow_qr']==0) ? 'checked="checked"' : '',
  251. 'option_yes_gg'=>($userinfo['allow_gg']==1) ? 'checked="checked"' : '',
  252. 'option_yes_email'=>($userinfo['allow_email']==1) ? 'checked="checked"' : '',
  253. 'option_yes_qr'=>($userinfo['allow_qr']==1) ? 'checked="checked"' : '',
  254. 'option_no_ua'=>($userinfo['active']==0) ? 'checked="checked"' : '',
  255. 'option_yes_ua'=>($userinfo['active']==1) ? 'checked="checked"' : '',
  256. //user rank
  257. 'option_0_rank'=>($userinfo['rank']==0) ? 'checked="checked"' : '',
  258. 'option_1_rank'=>($userinfo['rank']==1) ? 'checked="checked"' : '',
  259. 'option_2_rank'=>($userinfo['rank']==2) ? 'checked="checked"' : '',
  260. 'no'=>$lng['no'],
  261. 'lavfile'=>$lng['avatar_file'],
  262. 'yes'=>$lng['yes']
  263. );
  264. if ($msg=='')
  265. {
  266. $msg = './template/blank.tpl';
  267. }
  268. Admin_Over::GenerateHeader();
  269. include('./template/user_edit_body.tpl');
  270. include('./template/overall_footer.tpl');;
  271. break;
  272. }
  273. case 'view':
  274. {
  275. if (isset($_GET['page'])&&($_GET['page']!=1))
  276. {
  277. if (!is_numeric($_GET['page']))
  278. {
  279. die('Hacking attempt');
  280. }
  281. $value = ($_GET['page']-1)*30;
  282. $limit = 'LIMIT '.$value . ', 30';
  283. $page = $_GET['page'];
  284. }
  285. else
  286. {
  287. $limit = 'LIMIT 0, 30';
  288. $page=1;
  289. }
  290. $count = DataBase::fetch(DataBase::sql_query("SELECT COUNT(`u_id`) as `u_id`
  291. FROM ".USERS_TABLE,GENERAL,'Could not obtain count amout of users'));
  292. $count = $count['u_id'];
  293. $count = ceil($count /30);
  294. if(isset($_GET['page']) && ($_GET['page']>$count))
  295. {
  296. message_forum($lng['invalidpage'],'admin_users.php');
  297. }
  298. if (isset($_COOKIE['users_desc'], $_POST['desc']))
  299. {
  300. unset($_COOKIE['users_desc']);
  301. }
  302. if (isset($_POST['sort'],$_COOKIE['users_sort']))
  303. {
  304. unset($_COOKIE['users_sort']);
  305. }
  306. if (!isset($_COOKIE['users_desc']))
  307. {
  308. if (isset($_POST['desc']))
  309. {
  310. switch($_POST['desc'])
  311. {
  312. case 'yes':
  313. {
  314. @setcookie('users_desc','desc',time()+3600);
  315. $_COOKIE['users_desc'] = 'desc';
  316. $desc = 'DESC';
  317. break;
  318. }
  319. case 'no':
  320. {
  321. @setcookie('users_desc','no',time()+3600);
  322. $_COOKIE['users_desc'] = 'no';
  323. $desc = '';
  324. break;
  325. }
  326. }
  327. }
  328. else
  329. {
  330. @setcookie('users_desc','no',time()+3600);
  331. $_COOKIE['users_desc'] = 'no';
  332. $desc = '';
  333. }
  334. }
  335. else
  336. {
  337. $desc = ($_COOKIE['users_desc']=='desc') ? 'DESC' : '';
  338. }
  339. if (!isset($_COOKIE['users_sort']))
  340. {
  341. if (isset($_POST['sort']))
  342. {
  343. switch($_POST['sort'])
  344. {
  345. case 'regdate':
  346. {
  347. @setcookie('users_sort','regdate',time()+3600);
  348. $_COOKIE['users_sort'] = 'regdate';
  349. break;
  350. }
  351. case 'lastvisit':
  352. {
  353. @setcookie('users_sort','lastvisit',time()+3600);
  354. $_COOKIE['users_sort'] = 'lastvisit';
  355. break;
  356. }
  357. case 'uname':
  358. {
  359. @setcookie('users_sort','uname',time()+3600);
  360. $_COOKIE['users_sort'] = 'uname';
  361. break;
  362. }
  363. case 'posts':
  364. {
  365. @setcookie('users_sort','posts',time()+3600);
  366. $_COOKIE['users_sort'] = 'posts';
  367. break;
  368. }
  369. }
  370. }
  371. else
  372. {
  373. @setcookie('users_sort','regdate',time()+3600);
  374. $_COOKIE['users_sort'] = 'regdate';
  375. }
  376. }
  377. //add skin variables
  378. $skin = array(
  379. 'ldesc' => $lng['desc'],
  380. 'lselectusers'=>$lng['sort_u_by'],
  381. 'ltitle'=>$lng['admin_users'],
  382. 'lregdate'=>$lng['luregister'],
  383. 'llastvisit'=>$lng['lulastvisit'],
  384. 'lposts'=>$lng['posts'],
  385. 'luname'=>$lng['user_name'],
  386. 'lgo'=>$lng['lgo'],
  387. 'desc_yes_option'=>(($_COOKIE['users_desc']=='desc') || ((isset ($_POST['desc'])) && ($_POST['desc']=='yes'))) ? 'selected="selected"' : '',
  388. 'desc_no_option'=>(($_COOKIE['users_desc']=='no') || ((isset ($_POST['desc'])) && ($_POST['desc']=='no'))) ? 'selected="selected"' : '',
  389. 'regdate_option'=>(($_COOKIE['users_sort']=='regdate') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
  390. 'lastvisit_option'=>(($_COOKIE['users_sort']=='lastvisit') || ((isset ($_POST['sort'])) && ($_POST['sort']=='lastvisit'))) ? 'selected="selected"' : '',
  391. 'posts_option'=>(($_COOKIE['users_sort']=='posts') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
  392. 'uname_option'=>(($_COOKIE['users_sort']=='uname') || ((isset ($_POST['sort'])) && ($_POST['sort']=='uname'))) ? 'selected="selected"' : '',
  393. 'lyes'=>$lng['yes'],
  394. 'lno'=>$lng['no']
  395. );
  396. //do it!
  397. Admin_Over::GenerateHeader();
  398. include('./template/users_beam_body.tpl');
  399. switch($_COOKIE['users_sort'])
  400. {
  401. case 'regdate':
  402. {
  403. $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `regdate` $desc $limit;";
  404. break;
  405. }
  406. case 'lastvisit':
  407. {
  408. $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `lastvisit` $desc $limit;";
  409. break;
  410. }
  411. case 'uname':
  412. {
  413. $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `nick` $desc $limit;";
  414. break;
  415. }
  416. case 'posts':
  417. {
  418. $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `posts` $desc $limit;";
  419. break;
  420. }
  421. }
  422. $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain user information.');
  423. while($result = DataBase::fetch($query))
  424. {
  425. $skin = array(
  426. 'id'=>$result['u_id'],
  427. 'uname'=>Topic::UserName($result['nick'], $result['rank']),
  428. 'regdate'=>date('d-m-Y, G:i',$result['regdate']),
  429. 'lastvisit'=>($result['lastvisit']!='0') ? date('d-m-Y, G:i',$result['lastvisit']) : $lng['never'],
  430. 'posts'=>$result['posts'],
  431. 'c_del_user'=>$lng['c_delete_user']
  432. );
  433. include('./template/user_item_add_body.tpl');
  434. }
  435. $skin = array(
  436. 'option_pages'=>Admin_Over::ListPages($page, $count),
  437. 'lwith'=>$lng['with'],
  438. 'lpage'=>$lng['page'],
  439. 'lpages'=>$count
  440. );
  441. include('./template/users_end_body.tpl');
  442. include('./template/overall_footer.tpl');
  443. break;
  444. }
  445. default:
  446. {
  447. header('Location: admin_users.php?mode=view');
  448. break;
  449. }
  450. }
  451. ?>