"Fossies" - the Fresh Open Source Software Archive

Member "Upload/admin/modules/user/users.php" (6 Aug 2020, 146667 Bytes) of package /linux/www/mybb_1824.zip:


The requested HTML page contains a <FORM> tag that is unusable on "Fossies" in "automatic" (rendered) mode so that page is shown as HTML source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "users.php" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1823_vs_1824.

    1 <?php
    2 /**
    3  * MyBB 1.8
    4  * Copyright 2014 MyBB Group, All Rights Reserved
    5  *
    6  * Website: http://www.mybb.com
    7  * License: http://www.mybb.com/about/license
    8  *
    9  */
   10 
   11 // Disallow direct access to this file for security reasons
   12 if(!defined("IN_MYBB"))
   13 {
   14     die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
   15 }
   16 
   17 require_once MYBB_ROOT."inc/functions_upload.php";
   18 
   19 $page->add_breadcrumb_item($lang->users, "index.php?module=user-users");
   20 
   21 if($mybb->input['action'] == "add" || $mybb->input['action'] == "merge" || $mybb->input['action'] == "search" || !$mybb->input['action'])
   22 {
   23     $sub_tabs['browse_users'] = array(
   24         'title' => $lang->browse_users,
   25         'link' => "index.php?module=user-users",
   26         'description' => $lang->browse_users_desc
   27     );
   28 
   29     $sub_tabs['find_users'] = array(
   30         'title' => $lang->find_users,
   31         'link' => "index.php?module=user-users&amp;action=search",
   32         'description' => $lang->find_users_desc
   33     );
   34 
   35     $sub_tabs['create_user'] = array(
   36         'title' => $lang->create_user,
   37         'link' => "index.php?module=user-users&amp;action=add",
   38         'description' => $lang->create_user_desc
   39     );
   40 
   41     $sub_tabs['merge_users'] = array(
   42         'title' => $lang->merge_users,
   43         'link' => "index.php?module=user-users&amp;action=merge",
   44         'description' => $lang->merge_users_desc
   45     );
   46 }
   47 
   48 $user_view_fields = array(
   49     "avatar" => array(
   50         "title" => $lang->avatar,
   51         "width" => "24",
   52         "align" => ""
   53     ),
   54 
   55     "username" => array(
   56         "title" => $lang->username,
   57         "width" => "",
   58         "align" => ""
   59     ),
   60 
   61     "email" => array(
   62         "title" => $lang->email,
   63         "width" => "",
   64         "align" => "center"
   65     ),
   66 
   67     "usergroup" => array(
   68         "title" => $lang->primary_group,
   69         "width" => "",
   70         "align" => "center"
   71     ),
   72 
   73     "additionalgroups" => array(
   74         "title" => $lang->additional_groups,
   75         "width" => "",
   76         "align" => "center"
   77     ),
   78 
   79     "regdate" => array(
   80         "title" => $lang->registered,
   81         "width" => "",
   82         "align" => "center"
   83     ),
   84 
   85     "lastactive" => array(
   86         "title" => $lang->last_active,
   87         "width" => "",
   88         "align" => "center"
   89     ),
   90 
   91     "postnum" => array(
   92         "title" => $lang->post_count,
   93         "width" => "",
   94         "align" => "center"
   95     ),
   96 
   97     "threadnum" => array(
   98         "title" => $lang->thread_count,
   99         "width" => "",
  100         "align" => "center"
  101     ),
  102 
  103     "reputation" => array(
  104         "title" => $lang->reputation,
  105         "width" => "",
  106         "align" => "center"
  107     ),
  108 
  109     "warninglevel" => array(
  110         "title" => $lang->warning_level,
  111         "width" => "",
  112         "align" => "center"
  113     ),
  114 
  115     "regip" => array(
  116         "title" => $lang->registration_ip,
  117         "width" => "",
  118         "align" => "center"
  119     ),
  120 
  121     "lastip" => array(
  122         "title" => $lang->last_known_ip,
  123         "width" => "",
  124         "align" => "center"
  125     ),
  126 
  127     "controls" => array(
  128         "title" => $lang->controls,
  129         "width" => "",
  130         "align" => "center"
  131     )
  132 );
  133 
  134 $sort_options = array(
  135     "username" => $lang->username,
  136     "regdate" => $lang->registration_date,
  137     "lastactive" => $lang->last_active,
  138     "numposts" => $lang->post_count,
  139     "reputation" => $lang->reputation,
  140     "warninglevel" => $lang->warning_level
  141 );
  142 
  143 $plugins->run_hooks("admin_user_users_begin");
  144 
  145 // Initialise the views manager for user based views
  146 require MYBB_ADMIN_DIR."inc/functions_view_manager.php";
  147 if($mybb->input['action'] == "views")
  148 {
  149     view_manager("index.php?module=user-users", "user", $user_view_fields, $sort_options, "user_search_conditions");
  150 }
  151 
  152 if($mybb->input['action'] == 'iplookup')
  153 {
  154     $mybb->input['ipaddress'] = $mybb->get_input('ipaddress');
  155     $lang->ipaddress_misc_info = $lang->sprintf($lang->ipaddress_misc_info, htmlspecialchars_uni($mybb->input['ipaddress']));
  156     $ipaddress_location = $lang->na;
  157     $ipaddress_host_name = $lang->na;
  158     $modcp_ipsearch_misc_info = '';
  159     if(!strstr($mybb->input['ipaddress'], "*"))
  160     {
  161         // Return GeoIP information if it is available to us
  162         if(function_exists('geoip_record_by_name'))
  163         {
  164             $ip_record = @geoip_record_by_name($mybb->input['ipaddress']);
  165             if($ip_record)
  166             {
  167                 $ipaddress_location = htmlspecialchars_uni(utf8_encode($ip_record['country_name']));
  168                 if($ip_record['city'])
  169                 {
  170                     $ipaddress_location .= $lang->comma.htmlspecialchars_uni(utf8_encode($ip_record['city']));
  171                 }
  172             }
  173         }
  174 
  175         $ipaddress_host_name = htmlspecialchars_uni(@gethostbyaddr($mybb->input['ipaddress']));
  176 
  177         // gethostbyaddr returns the same ip on failure
  178         if($ipaddress_host_name == $mybb->input['ipaddress'])
  179         {
  180             $ipaddress_host_name = $lang->na;
  181         }
  182     }
  183 
  184     ?>
  185     <div class="modal">
  186         <div style="overflow-y: auto; max-height: 400px;">
  187 
  188             <?php
  189 
  190             $table = new Table();
  191 
  192             $table->construct_cell($lang->ipaddress_host_name.":");
  193             $table->construct_cell($ipaddress_host_name);
  194             $table->construct_row();
  195 
  196             $table->construct_cell($lang->ipaddress_location.":");
  197             $table->construct_cell($ipaddress_location);
  198             $table->construct_row();
  199 
  200             $table->output($lang->ipaddress_misc_info);
  201 
  202             ?>
  203         </div>
  204     </div>
  205 <?php
  206 }
  207 
  208 if($mybb->input['action'] == "activate_user")
  209 {
  210     if(!verify_post_check($mybb->input['my_post_key']))
  211     {
  212         flash_message($lang->invalid_post_verify_key2, 'error');
  213         admin_redirect("index.php?module=user-users");
  214     }
  215 
  216     $user = get_user($mybb->input['uid']);
  217 
  218     // Does the user not exist?
  219     if(!$user['uid'] || $user['usergroup'] != 5)
  220     {
  221         flash_message($lang->error_invalid_user, 'error');
  222         admin_redirect("index.php?module=user-users");
  223     }
  224 
  225     $plugins->run_hooks("admin_user_users_coppa_activate");
  226 
  227     $updated_user['usergroup'] = $user['usergroup'];
  228 
  229     // Update
  230     if($user['coppauser'])
  231     {
  232         $updated_user = array(
  233             "coppauser" => 0
  234         );
  235     }
  236     else
  237     {
  238         $db->delete_query("awaitingactivation", "uid='{$user['uid']}'");
  239     }
  240 
  241     // Move out of awaiting activation if they're in it.
  242     if($user['usergroup'] == 5)
  243     {
  244         $updated_user['usergroup'] = 2;
  245     }
  246 
  247     $plugins->run_hooks("admin_user_users_coppa_activate_commit");
  248 
  249     $db->update_query("users", $updated_user, "uid='{$user['uid']}'");
  250 
  251     $cache->update_awaitingactivation();
  252 
  253     $message = $lang->sprintf($lang->email_adminactivateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
  254     my_mail($user['email'], $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']), $message);
  255 
  256     // Log admin action
  257     log_admin_action($user['uid'], $user['username']);
  258 
  259     if($mybb->input['from'] == "home")
  260     {
  261         if($user['coppauser'])
  262         {
  263             $message = $lang->success_coppa_activated;
  264         }
  265         else
  266         {
  267             $message = $lang->success_activated;
  268         }
  269 
  270         update_admin_session('flash_message2', array('message' => $message, 'type' => 'success'));
  271     }
  272     else
  273     {
  274         if($user['coppauser'])
  275         {
  276             flash_message($lang->success_coppa_activated, 'success');
  277         }
  278         else
  279         {
  280             flash_message($lang->success_activated, 'success');
  281         }
  282     }
  283 
  284     if($admin_session['data']['last_users_url'])
  285     {
  286         $url = $admin_session['data']['last_users_url'];
  287         update_admin_session('last_users_url', '');
  288 
  289         if($mybb->input['from'] == "home")
  290         {
  291             update_admin_session('from', 'home');
  292         }
  293     }
  294     else
  295     {
  296         $url = "index.php?module=user-users&action=edit&uid={$user['uid']}";
  297     }
  298 
  299     $plugins->run_hooks("admin_user_users_coppa_end");
  300 
  301     admin_redirect($url);
  302 }
  303 
  304 if($mybb->input['action'] == "add")
  305 {
  306     $plugins->run_hooks("admin_user_users_add");
  307 
  308     if($mybb->request_method == "post")
  309     {
  310         // Determine the usergroup stuff
  311         if(is_array($mybb->input['additionalgroups']))
  312         {
  313             foreach($mybb->input['additionalgroups'] as $key => $gid)
  314             {
  315                 if($gid == $mybb->input['usergroup'])
  316                 {
  317                     unset($mybb->input['additionalgroups'][$key]);
  318                 }
  319             }
  320             $additionalgroups = implode(",", $mybb->input['additionalgroups']);
  321         }
  322         else
  323         {
  324             $additionalgroups = '';
  325         }
  326 
  327         // Set up user handler.
  328         require_once MYBB_ROOT."inc/datahandlers/user.php";
  329         $userhandler = new UserDataHandler('insert');
  330 
  331         // Set the data for the new user.
  332         $new_user = array(
  333             "uid" => $mybb->input['uid'],
  334             "username" => $mybb->input['username'],
  335             "password" => $mybb->input['password'],
  336             "password2" => $mybb->input['confirm_password'],
  337             "email" => $mybb->input['email'],
  338             "email2" => $mybb->input['email'],
  339             "usergroup" => $mybb->input['usergroup'],
  340             "additionalgroups" => $additionalgroups,
  341             "displaygroup" => $mybb->input['displaygroup'],
  342             "profile_fields" => $mybb->input['profile_fields'],
  343             "profile_fields_editable" => true,
  344         );
  345 
  346         // Set the data of the user in the datahandler.
  347         $userhandler->set_data($new_user);
  348         $errors = '';
  349 
  350         // Validate the user and get any errors that might have occurred.
  351         if(!$userhandler->validate_user())
  352         {
  353             $errors = $userhandler->get_friendly_errors();
  354         }
  355         else
  356         {
  357             $user_info = $userhandler->insert_user();
  358 
  359             $plugins->run_hooks("admin_user_users_add_commit");
  360 
  361             // Log admin action
  362             log_admin_action($user_info['uid'], $user_info['username']);
  363 
  364             flash_message($lang->success_user_created, 'success');
  365             admin_redirect("index.php?module=user-users&action=edit&uid={$user_info['uid']}");
  366         }
  367     }
  368 
  369     // Fetch custom profile fields - only need required profile fields here
  370     $query = $db->simple_select("profilefields", "*", "required=1", array('order_by' => 'disporder'));
  371 
  372     $profile_fields = array();
  373     while($profile_field = $db->fetch_array($query))
  374     {
  375         $profile_fields['required'][] = $profile_field;
  376     }
  377 
  378     $page->add_breadcrumb_item($lang->create_user);
  379     $page->output_header($lang->create_user);
  380 
  381     $form = new Form("index.php?module=user-users&amp;action=add", "post");
  382 
  383     $page->output_nav_tabs($sub_tabs, 'create_user');
  384 
  385     // If we have any error messages, show them
  386     if($errors)
  387     {
  388         $page->output_inline_error($errors);
  389     }
  390     else
  391     {
  392         $mybb->input = array_merge($mybb->input, array('usergroup' => 2));
  393     }
  394 
  395     $form_container = new FormContainer($lang->required_profile_info);
  396     $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', htmlspecialchars_uni($mybb->get_input('username')), array('id' => 'username')), 'username');
  397     $form_container->output_row($lang->password." <em>*</em>", "", $form->generate_password_box('password', $mybb->input['password'], array('id' => 'password', 'autocomplete' => 'off')), 'password');
  398     $form_container->output_row($lang->confirm_password." <em>*</em>", "", $form->generate_password_box('confirm_password', $mybb->input['confirm_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
  399     $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
  400 
  401     $display_group_options[0] = $lang->use_primary_user_group;
  402     $options = array();
  403     $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
  404     while($usergroup = $db->fetch_array($query))
  405     {
  406         $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
  407         $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
  408     }
  409 
  410     $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
  411     $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
  412     $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
  413 
  414     // Output custom profile fields - required
  415     output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
  416 
  417     $form_container->end();
  418     $buttons[] = $form->generate_submit_button($lang->save_user);
  419     $form->output_submit_wrapper($buttons);
  420 
  421     $form->end();
  422     $page->output_footer();
  423 }
  424 
  425 if($mybb->input['action'] == "edit")
  426 {
  427     $user = get_user($mybb->input['uid']);
  428 
  429     // Does the user not exist?
  430     if(!$user['uid'])
  431     {
  432         flash_message($lang->error_invalid_user, 'error');
  433         admin_redirect("index.php?module=user-users");
  434     }
  435 
  436     $plugins->run_hooks("admin_user_users_edit");
  437 
  438     if($mybb->request_method == "post")
  439     {
  440         $plugins->run_hooks("admin_user_users_edit_start");
  441         if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
  442         {
  443             flash_message($lang->error_no_perms_super_admin, 'error');
  444             admin_redirect("index.php?module=user-users");
  445         }
  446 
  447         // Determine the usergroup stuff
  448         if(is_array($mybb->input['additionalgroups']))
  449         {
  450             foreach($mybb->input['additionalgroups'] as $key => $gid)
  451             {
  452                 if($gid == $mybb->input['usergroup'])
  453                 {
  454                     unset($mybb->input['additionalgroups'][$key]);
  455                 }
  456             }
  457             $additionalgroups = implode(",", $mybb->input['additionalgroups']);
  458         }
  459         else
  460         {
  461             $additionalgroups = '';
  462         }
  463 
  464         $returndate = "";
  465         if(!empty($mybb->input['away_day']))
  466         {
  467             $awaydate = TIME_NOW;
  468             // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
  469             if(!$mybb->input['away_month'])
  470             {
  471                 $mybb->input['away_month'] = my_date('n', $awaydate);
  472             }
  473             if(!$mybb->input['away_year'])
  474             {
  475                 $mybb->input['away_year'] = my_date('Y', $awaydate);
  476             }
  477 
  478             $return_month = (int)substr($mybb->input['away_month'], 0, 2);
  479             $return_day = (int)substr($mybb->input['away_day'], 0, 2);
  480             $return_year = min($mybb->get_input('away_year', MyBB::INPUT_INT), 9999);
  481 
  482             // Check if return date is after the away date.
  483             $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
  484             $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
  485             if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
  486             {
  487                 $away_in_past = true;
  488             }
  489 
  490             $returndate = "{$return_day}-{$return_month}-{$return_year}";
  491         }
  492 
  493         // Set up user handler.
  494         require_once MYBB_ROOT."inc/datahandlers/user.php";
  495         $userhandler = new UserDataHandler('update');
  496 
  497         // Set the data for the new user.
  498         $updated_user = array(
  499             "uid" => $mybb->input['uid'],
  500             "username" => $mybb->input['username'],
  501             "email" => $mybb->input['email'],
  502             "email2" => $mybb->input['email'],
  503             "usergroup" => $mybb->input['usergroup'],
  504             "additionalgroups" => $additionalgroups,
  505             "displaygroup" => $mybb->input['displaygroup'],
  506             "postnum" => $mybb->input['postnum'],
  507             "threadnum" => $mybb->input['threadnum'],
  508             "usertitle" => $mybb->input['usertitle'],
  509             "timezone" => $mybb->input['timezone'],
  510             "language" => $mybb->input['language'],
  511             "profile_fields" => $mybb->input['profile_fields'],
  512             "profile_fields_editable" => true,
  513             "website" => $mybb->input['website'],
  514             "icq" => $mybb->input['icq'],
  515             "skype" => $mybb->input['skype'],
  516             "google" => $mybb->input['google'],
  517             "birthday" => array(
  518                 "day" => $mybb->input['bday1'],
  519                 "month" => $mybb->input['bday2'],
  520                 "year" => $mybb->input['bday3']
  521             ),
  522             "style" => $mybb->input['style'],
  523             "signature" => $mybb->input['signature'],
  524             "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT),
  525             "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT),
  526             "usernotes" => $mybb->input['usernotes'],
  527             "away" => array(
  528                 "away" => $mybb->input['away'],
  529                 "date" => TIME_NOW,
  530                 "returndate" => $returndate,
  531                 "awayreason" => $mybb->input['awayreason']
  532             )
  533         );
  534 
  535         if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
  536         {
  537             if($user['coppauser'] == 1)
  538             {
  539                 $updated_user['coppa_user'] = 0;
  540             }
  541         }
  542         if($mybb->input['new_password'])
  543         {
  544             $updated_user['password'] = $mybb->input['new_password'];
  545             $updated_user['password2'] = $mybb->input['confirm_new_password'];
  546         }
  547 
  548         $updated_user['options'] = array(
  549             "allownotices" => $mybb->input['allownotices'],
  550             "hideemail" => $mybb->input['hideemail'],
  551             "subscriptionmethod" => $mybb->input['subscriptionmethod'],
  552             "invisible" => $mybb->input['invisible'],
  553             "dstcorrection" => $mybb->input['dstcorrection'],
  554             "threadmode" => $mybb->input['threadmode'],
  555             "classicpostbit" => $mybb->input['classicpostbit'],
  556             "showimages" => $mybb->input['showimages'],
  557             "showvideos" => $mybb->input['showvideos'],
  558             "showsigs" => $mybb->input['showsigs'],
  559             "showavatars" => $mybb->input['showavatars'],
  560             "showquickreply" => $mybb->input['showquickreply'],
  561             "receivepms" => $mybb->input['receivepms'],
  562             "receivefrombuddy" => $mybb->input['receivefrombuddy'],
  563             "pmnotice" => $mybb->input['pmnotice'],
  564             "daysprune" => $mybb->input['daysprune'],
  565             "showcodebuttons" => $mybb->input['showcodebuttons'],
  566             "sourceeditor" => $mybb->input['sourceeditor'],
  567             "pmnotify" => $mybb->input['pmnotify'],
  568             "buddyrequestspm" => $mybb->input['buddyrequestspm'],
  569             "buddyrequestsauto" => $mybb->input['buddyrequestsauto'],
  570             "showredirect" => $mybb->input['showredirect']
  571         );
  572 
  573         if($mybb->settings['usertppoptions'])
  574         {
  575             $updated_user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT);
  576         }
  577 
  578         if($mybb->settings['userpppoptions'])
  579         {
  580             $updated_user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT);
  581         }
  582 
  583         // Set the data of the user in the datahandler.
  584         $userhandler->set_data($updated_user);
  585         $errors = '';
  586 
  587         // Validate the user and get any errors that might have occurred.
  588         if(!$userhandler->validate_user())
  589         {
  590             $errors = $userhandler->get_friendly_errors();
  591         }
  592         else
  593         {
  594             // Are we removing an avatar from this user?
  595             if($mybb->input['remove_avatar'])
  596             {
  597                 $extra_user_updates = array(
  598                     "avatar" => "",
  599                     "avatardimensions" => "",
  600                     "avatartype" => ""
  601                 );
  602                 remove_avatars($user['uid']);
  603             }
  604 
  605             // Are we uploading a new avatar?
  606             if($_FILES['avatar_upload']['name'])
  607             {
  608                 $avatar = upload_avatar($_FILES['avatar_upload'], $user['uid']);
  609                 if($avatar['error'])
  610                 {
  611                     $errors = array($avatar['error']);
  612                 }
  613                 else
  614                 {
  615                     if($avatar['width'] > 0 && $avatar['height'] > 0)
  616                     {
  617                         $avatar_dimensions = $avatar['width']."|".$avatar['height'];
  618                     }
  619                     $extra_user_updates = array(
  620                         "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
  621                         "avatardimensions" => $avatar_dimensions,
  622                         "avatartype" => "upload"
  623                     );
  624                 }
  625             }
  626             // Are we setting a new avatar from a URL?
  627             else if($mybb->input['avatar_url'] && $mybb->input['avatar_url'] != $user['avatar'])
  628             {
  629                 if(!$mybb->settings['allowremoteavatars'])
  630                 {
  631                     $errors = array($lang->error_remote_avatar_not_allowed);
  632                 }
  633                 else
  634                 {
  635                     if(filter_var($mybb->input['avatar_url'], FILTER_VALIDATE_EMAIL) !== false)
  636                     {
  637                         // Gravatar
  638                         $email = md5(strtolower(trim($mybb->input['avatar_url'])));
  639 
  640                         $s = '';
  641                         if(!$mybb->settings['maxavatardims'])
  642                         {
  643                             $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits
  644                         }
  645 
  646                         // Because Gravatars are square, hijack the width
  647                         list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
  648 
  649                         $s = "?s={$maxwidth}";
  650                         $maxheight = (int)$maxwidth;
  651 
  652                         $extra_user_updates = array(
  653                             "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}",
  654                             "avatardimensions" => "{$maxheight}|{$maxheight}",
  655                             "avatartype" => "gravatar"
  656                         );
  657                     }
  658                     else
  659                     {
  660                         $mybb->input['avatar_url'] = preg_replace("#script:#i", "", $mybb->input['avatar_url']);
  661                         $ext = get_extension($mybb->input['avatar_url']);
  662 
  663                         // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
  664                         $file = fetch_remote_file($mybb->input['avatar_url']);
  665                         if(!$file)
  666                         {
  667                             $avatar_error = $lang->error_invalidavatarurl;
  668                         }
  669                         else
  670                         {
  671                             $tmp_name = "../".$mybb->settings['avataruploadpath']."/remote_".md5(random_str());
  672                             $fp = @fopen($tmp_name, "wb");
  673                             if(!$fp)
  674                             {
  675                                 $avatar_error = $lang->error_invalidavatarurl;
  676                             }
  677                             else
  678                             {
  679                                 fwrite($fp, $file);
  680                                 fclose($fp);
  681                                 list($width, $height, $type) = @getimagesize($tmp_name);
  682                                 @unlink($tmp_name);
  683                                 echo $type;
  684                                 if(!$type)
  685                                 {
  686                                     $avatar_error = $lang->error_invalidavatarurl;
  687                                 }
  688                             }
  689                         }
  690 
  691                         if(empty($avatar_error))
  692                         {
  693                             if($width && $height && $mybb->settings['maxavatardims'] != "")
  694                             {
  695                                 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
  696                                 if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
  697                                 {
  698                                     $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
  699                                     $avatar_error = $lang->error_avatartoobig;
  700                                 }
  701                             }
  702                         }
  703 
  704                         if(empty($avatar_error))
  705                         {
  706                             if($width > 0 && $height > 0)
  707                             {
  708                                 $avatar_dimensions = (int)$width."|".(int)$height;
  709                             }
  710                             $extra_user_updates = array(
  711                                 "avatar" => $db->escape_string($mybb->input['avatar_url'].'?dateline='.TIME_NOW),
  712                                 "avatardimensions" => $avatar_dimensions,
  713                                 "avatartype" => "remote"
  714                             );
  715                             remove_avatars($user['uid']);
  716                         }
  717                         else
  718                         {
  719                             $errors = array($avatar_error);
  720                         }
  721                     }
  722                 }
  723             }
  724 
  725             // Moderator "Options" (suspend signature, suspend/moderate posting)
  726             $moderator_options = array(
  727                 1 => array(
  728                     "action" => "suspendsignature", // The moderator action we're performing
  729                     "period" => "action_period", // The time period we've selected from the dropdown box
  730                     "time" => "action_time", // The time we've entered
  731                     "update_field" => "suspendsignature", // The field in the database to update if true
  732                     "update_length" => "suspendsigtime" // The length of suspension field in the database
  733                 ),
  734                 2 => array(
  735                     "action" => "moderateposting",
  736                     "period" => "modpost_period",
  737                     "time" => "modpost_time",
  738                     "update_field" => "moderateposts",
  739                     "update_length" => "moderationtime"
  740                 ),
  741                 3 => array(
  742                     "action" => "suspendposting",
  743                     "period" => "suspost_period",
  744                     "time" => "suspost_time",
  745                     "update_field" => "suspendposting",
  746                     "update_length" => "suspensiontime"
  747                 )
  748             );
  749 
  750             require_once MYBB_ROOT."inc/functions_warnings.php";
  751             foreach($moderator_options as $option)
  752             {
  753                 if(!$mybb->input[$option['action']])
  754                 {
  755                     if($user[$option['update_field']] == 1)
  756                     {
  757                         // We're revoking the suspension
  758                         $extra_user_updates[$option['update_field']] = 0;
  759                         $extra_user_updates[$option['update_length']] = 0;
  760                     }
  761 
  762                     // Skip this option if we haven't selected it
  763                     continue;
  764                 }
  765 
  766                 if($mybb->input[$option['action']])
  767                 {
  768                     if((int)$mybb->input[$option['time']] == 0 && $mybb->input[$option['period']] != "never" && $user[$option['update_field']] != 1)
  769                     {
  770                         // User has selected a type of ban, but not entered a valid time frame
  771                         $string = $option['action']."_error";
  772                         $errors[] = $lang->$string;
  773                     }
  774 
  775                     if(!is_array($errors))
  776                     {
  777                         $suspend_length = fetch_time_length((int)$mybb->input[$option['time']], $mybb->input[$option['period']]);
  778 
  779                         if($user[$option['update_field']] == 1 && ($mybb->input[$option['time']] || $mybb->input[$option['period']] == "never"))
  780                         {
  781                             // We already have a suspension, but entered a new time
  782                             if($suspend_length == "-1")
  783                             {
  784                                 // Permanent ban on action
  785                                 $extra_user_updates[$option['update_length']] = 0;
  786                             }
  787                             elseif($suspend_length && $suspend_length != "-1")
  788                             {
  789                                 // Temporary ban on action
  790                                 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
  791                             }
  792                         }
  793                         elseif(!$user[$option['update_field']])
  794                         {
  795                             // New suspension for this user... bad user!
  796                             $extra_user_updates[$option['update_field']] = 1;
  797                             if($suspend_length == "-1")
  798                             {
  799                                 $extra_user_updates[$option['update_length']] = 0;
  800                             }
  801                             else
  802                             {
  803                                 $extra_user_updates[$option['update_length']] = TIME_NOW + $suspend_length;
  804                             }
  805                         }
  806                     }
  807                 }
  808             }
  809 
  810             if($extra_user_updates['moderateposts'] && $extra_user_updates['suspendposting'])
  811             {
  812                 $errors[] = $lang->suspendmoderate_error;
  813             }
  814 
  815             if(isset($away_in_past))
  816             {
  817                 $errors[] = $lang->error_acp_return_date_past;
  818             }
  819 
  820             if(!$errors)
  821             {
  822                 $user_info = $userhandler->update_user();
  823 
  824                 $plugins->run_hooks("admin_user_users_edit_commit_start");
  825 
  826                 $db->update_query("users", $extra_user_updates, "uid='{$user['uid']}'");
  827 
  828                 // if we're updating the user's signature preferences, do so now
  829                 if($mybb->input['update_posts'] == 'enable' || $mybb->input['update_posts'] == 'disable')
  830                 {
  831                     $update_signature = array(
  832                         'includesig' => ($mybb->input['update_posts'] == 'enable' ? 1 : 0)
  833                     );
  834                     $db->update_query("posts", $update_signature, "uid='{$user['uid']}'");
  835                 }
  836 
  837                 $plugins->run_hooks("admin_user_users_edit_commit");
  838 
  839                 if($user['usergroup'] == 5 && $mybb->input['usergroup'] != 5)
  840                 {
  841                     $cache->update_awaitingactivation();
  842                 }
  843 
  844                 // Log admin action
  845                 log_admin_action($user['uid'], $mybb->input['username']);
  846 
  847                 flash_message($lang->success_user_updated, 'success');
  848                 admin_redirect("index.php?module=user-users");
  849             }
  850             $plugins->run_hooks("admin_user_users_edit_end");
  851         }
  852     }
  853 
  854     if(!$errors)
  855     {
  856         $user['usertitle'] = htmlspecialchars_decode($user['usertitle']);
  857         $mybb->input = array_merge($mybb->input, $user);
  858 
  859         $options = array(
  860             'bday1', 'bday2', 'bday3',
  861             'new_password', 'confirm_new_password',
  862             'action_time', 'action_period',
  863             'modpost_period', 'moderateposting', 'modpost_time', 'suspost_period', 'suspost_time'
  864         );
  865 
  866         foreach($options as $option)
  867         {
  868             if(!isset($input_user[$option]))
  869             {
  870                 $mybb->input[$option] = '';
  871             }
  872         }
  873 
  874         // We need to fetch this users profile field values
  875         $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
  876         $mybb->input['profile_fields'] = $db->fetch_array($query);
  877     }
  878 
  879     if($mybb->input['bday1'] || $mybb->input['bday2'] || $mybb->input['bday3'])
  880     {
  881         $mybb->input['bday'][0] = $mybb->input['bday1'];
  882         $mybb->input['bday'][1] = $mybb->input['bday2'];
  883         $mybb->input['bday'][2] = $mybb->get_input('bday3', MyBB::INPUT_INT);
  884     }
  885     else
  886     {
  887         $mybb->input['bday'] = array(0, 0, '');
  888 
  889         if($user['birthday'])
  890         {
  891             $mybb->input['bday'] = explode('-', $user['birthday']);
  892         }
  893     }
  894 
  895     if($mybb->input['away_day'] || $mybb->input['away_month'] || $mybb->input['away_year'])
  896     {
  897         $mybb->input['away_year'] = $mybb->get_input('away_year', MyBB::INPUT_INT);
  898     }
  899     else
  900     {
  901         $mybb->input['away_day'] = 0;
  902         $mybb->input['away_month'] = 0;
  903         $mybb->input['away_year'] = '';
  904 
  905         if($user['returndate'])
  906         {
  907             list($mybb->input['away_day'], $mybb->input['away_month'], $mybb->input['away_year']) = explode('-', $user['returndate']);
  908         }
  909     }
  910 
  911     // Fetch custom profile fields
  912     $query = $db->simple_select("profilefields", "*", "", array('order_by' => 'disporder'));
  913 
  914     $profile_fields = array();
  915     while($profile_field = $db->fetch_array($query))
  916     {
  917         if($profile_field['required'] == 1)
  918         {
  919             $profile_fields['required'][] = $profile_field;
  920         }
  921         else
  922         {
  923             $profile_fields['optional'][] = $profile_field;
  924         }
  925     }
  926 
  927     $page->add_breadcrumb_item($lang->edit_user.": ".htmlspecialchars_uni($user['username']));
  928 
  929     $page->extra_header .= <<<EOF
  930 
  931     <link rel="stylesheet" href="../jscripts/sceditor/themes/mybb.css" type="text/css" media="all" />
  932     <script type="text/javascript" src="../jscripts/sceditor/jquery.sceditor.bbcode.min.js?ver=1822"></script>
  933     <script type="text/javascript" src="../jscripts/bbcodes_sceditor.js?ver=1824"></script>
  934     <script type="text/javascript" src="../jscripts/sceditor/plugins/undo.js?ver=1805"></script>
  935 EOF;
  936     $page->output_header($lang->edit_user);
  937 
  938     $sub_tabs['edit_user'] = array(
  939         'title' => $lang->edit_user,
  940         'description' => $lang->edit_user_desc
  941     );
  942 
  943     $form = new Form("index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}", "post", "", 1);
  944 
  945     $page->output_nav_tabs($sub_tabs, 'edit_user');
  946 
  947     // If we have any error messages, show them
  948     if($errors)
  949     {
  950         $page->output_inline_error($errors);
  951     }
  952 
  953     // Is this user a COPPA user? We show a warning & activate link
  954     if($user['coppauser'])
  955     {
  956         echo $lang->sprintf($lang->warning_coppa_user, $user['uid'], $mybb->post_code);
  957     }
  958 
  959     $tabs = array(
  960         "overview" => $lang->overview,
  961         "profile" => $lang->profile,
  962         "settings" => $lang->account_settings,
  963         "signature" => $lang->signature,
  964         "avatar" => $lang->avatar,
  965         "modoptions" => $lang->mod_options
  966     );
  967     $tabs = $plugins->run_hooks("admin_user_users_edit_graph_tabs", $tabs);
  968     $page->output_tab_control($tabs);
  969 
  970     //
  971     // OVERVIEW
  972     //
  973     echo "<div id=\"tab_overview\">\n";
  974     $table = new Table;
  975     $table->construct_header($lang->avatar, array('class' => 'align_center'));
  976     $table->construct_header($lang->general_account_stats, array('colspan' => '2', 'class' => 'align_center'));
  977 
  978     // Avatar
  979     $avatar_dimensions = preg_split('/[|x]/', $user['avatardimensions']);
  980     if($user['avatardimensions'])
  981     {
  982         require_once MYBB_ROOT."inc/functions_image.php";
  983         list($width, $height) = preg_split('/[|x]/', $user['avatardimensions']);
  984         $scaled_dimensions = scale_image($width, $height, 120, 120);
  985     }
  986     else
  987     {
  988         $scaled_dimensions = array(
  989             "width" => 120,
  990             "height" => 120
  991         );
  992     }
  993     if($user['avatar'] && (my_strpos($user['avatar'], '://') === false || $mybb->settings['allowremoteavatars']))
  994     {
  995         if(!my_validate_url($user['avatar']))
  996         {
  997             $avatar = format_avatar($user['avatar'], $user['avatardimensions']);
  998             $user['avatar'] = $avatar['image'];
  999         }
 1000     }
 1001     else
 1002     {
 1003         if(my_validate_url($mybb->settings['useravatar']))
 1004         {
 1005             $user['avatar'] = str_replace('{theme}', 'images', $mybb->settings['useravatar']);
 1006         }
 1007         else
 1008         {
 1009             $user['avatar'] = "../".str_replace('{theme}', 'images', $mybb->settings['useravatar']);
 1010         }
 1011     }
 1012     $avatar_top = ceil((126-$scaled_dimensions['height'])/2);
 1013     $last_seen = max(array($user['lastactive'], $user['lastvisit']));
 1014     if(!empty($last_seen))
 1015     {
 1016         $last_active = my_date('relative', $last_seen);
 1017     }
 1018     else
 1019     {
 1020         $last_active = $lang->never;
 1021     }
 1022     $reg_date = my_date('relative', $user['regdate']);
 1023     if($user['dst'] == 1)
 1024     {
 1025         $timezone = (float)$user['timezone']+1;
 1026     }
 1027     else
 1028     {
 1029         $timezone = (float)$user['timezone'];
 1030     }
 1031     $local_date = gmdate($mybb->settings['dateformat'], TIME_NOW + ($timezone * 3600));
 1032     $local_time = gmdate($mybb->settings['timeformat'], TIME_NOW + ($timezone * 3600));
 1033 
 1034     $localtime = $lang->sprintf($lang->local_time_format, $local_date, $local_time);
 1035     $days_registered = (TIME_NOW - $user['regdate']) / (24*3600);
 1036     $posts_per_day = 0;
 1037     if($days_registered > 0)
 1038     {
 1039         $posts_per_day = round($user['postnum'] / $days_registered, 2);
 1040         if($posts_per_day > $user['postnum'])
 1041         {
 1042             $posts_per_day = $user['postnum'];
 1043         }
 1044     }
 1045     $posts_per_day = my_number_format($posts_per_day);
 1046 
 1047     $stats = $cache->read("stats");
 1048     $posts = $stats['numposts'];
 1049     if($posts == 0)
 1050     {
 1051         $percent_posts = "0";
 1052     }
 1053     else
 1054     {
 1055         $percent_posts = round($user['postnum']*100/$posts, 2);
 1056     }
 1057 
 1058     $user_permissions = user_permissions($user['uid']);
 1059 
 1060     // Fetch the reputation for this user
 1061     if($user_permissions['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
 1062     {
 1063         $reputation = get_reputation($user['reputation']);
 1064     }
 1065     else
 1066     {
 1067         $reputation = "-";
 1068     }
 1069 
 1070     if($mybb->settings['enablewarningsystem'] != 0 && $user_permissions['canreceivewarnings'] != 0)
 1071     {
 1072         if($mybb->settings['maxwarningpoints'] < 1)
 1073         {
 1074             $mybb->settings['maxwarningpoints'] = 10;
 1075         }
 1076 
 1077         $warning_level = round($user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
 1078         if($warning_level > 100)
 1079         {
 1080             $warning_level = 100;
 1081         }
 1082         $warning_level = get_colored_warning_level($warning_level);
 1083     }
 1084 
 1085     $age = $lang->na;
 1086     if($user['birthday'])
 1087     {
 1088         $age = get_age($user['birthday']);
 1089     }
 1090 
 1091     $postnum = my_number_format($user['postnum']);
 1092 
 1093     $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" style=\"margin-top: {$avatar_top}px\" width=\"{$scaled_dimensions['width']}\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('rowspan' => 6, 'width' => 1));
 1094     $table->construct_cell("<strong>{$lang->email_address}:</strong> <a href=\"mailto:".htmlspecialchars_uni($user['email'])."\">".htmlspecialchars_uni($user['email'])."</a>");
 1095     $table->construct_cell("<strong>{$lang->last_active}:</strong> {$last_active}");
 1096     $table->construct_row();
 1097     $table->construct_cell("<strong>{$lang->registration_date}:</strong> {$reg_date}");
 1098     $table->construct_cell("<strong>{$lang->local_time}:</strong> {$localtime}");
 1099     $table->construct_row();
 1100     $table->construct_cell("<strong>{$lang->posts}:</strong> {$postnum}");
 1101     $table->construct_cell("<strong>{$lang->age}:</strong> {$age}");
 1102     $table->construct_row();
 1103     $table->construct_cell("<strong>{$lang->posts_per_day}:</strong> {$posts_per_day}");
 1104     $table->construct_cell("<strong>{$lang->reputation}:</strong> {$reputation}");
 1105     $table->construct_row();
 1106     $table->construct_cell("<strong>{$lang->percent_of_total_posts}:</strong> {$percent_posts}");
 1107     $table->construct_cell("<strong>{$lang->warning_level}:</strong> {$warning_level}");
 1108     $table->construct_row();
 1109     $table->construct_cell("<strong>{$lang->registration_ip}:</strong> ".my_inet_ntop($db->unescape_binary($user['regip'])));
 1110     $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> ".my_inet_ntop($db->unescape_binary($user['lastip'])));
 1111     $table->construct_row();
 1112 
 1113     $username = htmlspecialchars_uni($user['username']);
 1114     $table->output("{$lang->user_overview}: {$username}");
 1115     $plugins->run_hooks("admin_user_users_edit_overview");
 1116     echo "</div>\n";
 1117 
 1118     //
 1119     // PROFILE
 1120     //
 1121     echo "<div id=\"tab_profile\">\n";
 1122 
 1123     $form_container = new FormContainer($lang->required_profile_info.": ".htmlspecialchars_uni($user['username']));
 1124     $form_container->output_row($lang->username." <em>*</em>", "", $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
 1125     $form_container->output_row($lang->new_password, $lang->new_password_desc, $form->generate_password_box('new_password', $mybb->input['new_password'], array('id' => 'new_password', 'autocomplete' => 'off')), 'new_password');
 1126     $form_container->output_row($lang->confirm_new_password, $lang->new_password_desc, $form->generate_password_box('confirm_new_password', $mybb->input['confirm_new_password'], array('id' => 'confirm_new_password')), 'confirm_new_password');
 1127     $form_container->output_row($lang->email_address." <em>*</em>", "", $form->generate_text_box('email', $mybb->input['email'], array('id' => 'email')), 'email');
 1128 
 1129     $display_group_options[0] = $lang->use_primary_user_group;
 1130     $options = array();
 1131     $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
 1132     while($usergroup = $db->fetch_array($query))
 1133     {
 1134         $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 1135         $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 1136     }
 1137 
 1138     if(!is_array($mybb->input['additionalgroups']))
 1139     {
 1140         $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
 1141     }
 1142 
 1143     $form_container->output_row($lang->primary_user_group." <em>*</em>", "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 1144     $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
 1145     $form_container->output_row($lang->display_user_group." <em>*</em>", "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
 1146     $form_container->output_row($lang->post_count." <em>*</em>", "", $form->generate_numeric_field('postnum', $mybb->input['postnum'], array('id' => 'postnum', 'min' => 0)), 'postnum');
 1147     $form_container->output_row($lang->thread_count." <em>*</em>", "", $form->generate_numeric_field('threadnum', $mybb->input['threadnum'], array('id' => 'threadnum', 'min' => 0)), 'threadnum');
 1148 
 1149     // Output custom profile fields - required
 1150     if(!isset($profile_fields['required']))
 1151     {
 1152         $profile_fields['required'] = array();
 1153     }
 1154     output_custom_profile_fields($profile_fields['required'], $mybb->input['profile_fields'], $form_container, $form);
 1155 
 1156     $form_container->end();
 1157 
 1158     $form_container = new FormContainer($lang->optional_profile_info.': '.htmlspecialchars_uni($user['username']));
 1159     $form_container->output_row($lang->custom_user_title, $lang->custom_user_title_desc, $form->generate_text_box('usertitle', $mybb->input['usertitle'], array('id' => 'usertitle')), 'usertitle');
 1160     $form_container->output_row($lang->website, "", $form->generate_text_box('website', $mybb->input['website'], array('id' => 'website')), 'website');
 1161     $form_container->output_row($lang->icq_number, "", $form->generate_numeric_field('icq', $mybb->input['icq'], array('id' => 'icq', 'min' => 0)), 'icq');
 1162     $form_container->output_row($lang->skype_handle, "", $form->generate_text_box('skype', $mybb->input['skype'], array('id' => 'skype')), 'skype');
 1163     $form_container->output_row($lang->google_handle, "", $form->generate_text_box('google', $mybb->input['google'], array('id' => 'google')), 'google');
 1164 
 1165     // Birthday
 1166     $birthday_days = array(0 => '');
 1167     for($i = 1; $i <= 31; $i++)
 1168     {
 1169         $birthday_days[$i] = $i;
 1170     }
 1171 
 1172     $birthday_months = array(
 1173         0 => '',
 1174         1 => $lang->january,
 1175         2 => $lang->february,
 1176         3 => $lang->march,
 1177         4 => $lang->april,
 1178         5 => $lang->may,
 1179         6 => $lang->june,
 1180         7 => $lang->july,
 1181         8 => $lang->august,
 1182         9 => $lang->september,
 1183         10 => $lang->october,
 1184         11 => $lang->november,
 1185         12 => $lang->december
 1186     );
 1187 
 1188     $birthday_row = $form->generate_select_box('bday1', $birthday_days, $mybb->input['bday'][0], array('id' => 'bday_day'));
 1189     $birthday_row .= ' '.$form->generate_select_box('bday2', $birthday_months, $mybb->input['bday'][1], array('id' => 'bday_month'));
 1190     $birthday_row .= ' '.$form->generate_numeric_field('bday3', $mybb->input['bday'][2], array('id' => 'bday_year', 'style' => 'width: 4em;', 'min' => 0));
 1191 
 1192     $form_container->output_row($lang->birthday, "", $birthday_row, 'birthday');
 1193 
 1194     // Output custom profile fields - optional
 1195     output_custom_profile_fields($profile_fields['optional'], $mybb->input['profile_fields'], $form_container, $form);
 1196 
 1197     $form_container->end();
 1198 
 1199 
 1200     if($mybb->settings['allowaway'] != 0)
 1201     {
 1202         $form_container = new FormContainer($lang->away_information.': '.htmlspecialchars_uni($user['username']));
 1203         $awaycheck = array(false, true);
 1204         if($mybb->input['away'] == 1)
 1205         {
 1206             $awaycheck = array(true, false);
 1207         }
 1208         $form_container->output_row($lang->away_status, $lang->away_status_desc, $form->generate_radio_button('away', 1, $lang->im_away, array('id' => 'away', "checked" => $awaycheck[0]))." ".$form->generate_radio_button('away', 0, $lang->im_here, array('id' => 'away2', "checked" => $awaycheck[1])), 'away');
 1209         $form_container->output_row($lang->away_reason, $lang->away_reason_desc, $form->generate_text_box('awayreason', $mybb->input['awayreason'], array('id' => 'awayreason')), 'awayreason');
 1210 
 1211         //Return date (we can use the arrays from birthday)
 1212         $return_row = $form->generate_select_box('away_day', $birthday_days, $mybb->input['away_day'], array('id' => 'away_day'));
 1213         $return_row .= ' '.$form->generate_select_box('away_month', $birthday_months, $mybb->input['away_month'], array('id' => 'away_month'));
 1214         $return_row .= ' '.$form->generate_numeric_field('away_year', $mybb->input['away_year'], array('id' => 'away_year', 'style' => 'width: 4em;', 'min' => 0));
 1215 
 1216         $form_container->output_row($lang->return_date, $lang->return_date_desc, $return_row, 'away_date');
 1217 
 1218         $form_container->end();
 1219     }
 1220 
 1221     $plugins->run_hooks("admin_user_users_edit_profile");
 1222     echo "</div>\n";
 1223 
 1224     //
 1225     // ACCOUNT SETTINGS
 1226     //
 1227 
 1228     echo "<div id=\"tab_settings\">\n";
 1229     $form_container = new FormContainer($lang->account_settings.': '.htmlspecialchars_uni($user['username']));
 1230     $login_options = array(
 1231         $form->generate_check_box("invisible", 1, $lang->hide_from_whos_online, array("checked" => $mybb->input['invisible'])),
 1232     );
 1233     $form_container->output_row($lang->login_cookies_privacy, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $login_options)."</div>");
 1234 
 1235     if($mybb->input['pmnotice'] > 1)
 1236     {
 1237         $mybb->input['pmnotice'] = 1;
 1238     }
 1239 
 1240     $messaging_options = array(
 1241         $form->generate_check_box("allownotices", 1, $lang->recieve_admin_emails, array("checked" => $mybb->input['allownotices'])),
 1242         $form->generate_check_box("hideemail", 1, $lang->hide_email_from_others, array("checked" => $mybb->input['hideemail'])),
 1243         $form->generate_check_box("receivepms", 1, $lang->recieve_pms_from_others, array("checked" => $mybb->input['receivepms'])),
 1244         $form->generate_check_box("receivefrombuddy", 1, $lang->recieve_pms_from_buddy, array("checked" => $mybb->input['receivefrombuddy'])),
 1245         $form->generate_check_box("pmnotice", 1, $lang->alert_new_pms, array("checked" => $mybb->input['pmnotice'])),
 1246         $form->generate_check_box("pmnotify", 1, $lang->email_notify_new_pms, array("checked" => $mybb->input['pmnotify'])),
 1247         $form->generate_check_box("buddyrequestspm", 1, $lang->buddy_requests_pm, array("checked" => $mybb->input['buddyrequestspm'])),
 1248         $form->generate_check_box("buddyrequestsauto", 1, $lang->buddy_requests_auto, array("checked" => $mybb->input['buddyrequestsauto'])),
 1249         "<label for=\"subscriptionmethod\">{$lang->default_thread_subscription_mode}:</label><br />".$form->generate_select_box("subscriptionmethod", array($lang->do_not_subscribe, $lang->no_notification, $lang->instant_email_notification, $lang->instant_pm_notification), $mybb->input['subscriptionmethod'], array('id' => 'subscriptionmethod'))
 1250     );
 1251 
 1252     // Allow plugins to add messaging options
 1253     $messaging_options = $plugins->run_hooks('admin_user_users_edit_messaging_options', $messaging_options);
 1254 
 1255     // Output messaging options
 1256     $form_container->output_row($lang->messaging_and_notification, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $messaging_options)."</div>");
 1257 
 1258     $date_format_options = array($lang->use_default);
 1259     foreach($date_formats as $key => $format)
 1260     {
 1261         $date_format_options[$key] = my_date($format, TIME_NOW, "", 0);
 1262     }
 1263 
 1264     $time_format_options = array($lang->use_default);
 1265     foreach($time_formats as $key => $format)
 1266     {
 1267         $time_format_options[$key] = my_date($format, TIME_NOW, "", 0);
 1268     }
 1269 
 1270     $date_options = array(
 1271         "<label for=\"dateformat\">{$lang->date_format}:</label><br />".$form->generate_select_box("dateformat", $date_format_options, $mybb->input['dateformat'], array('id' => 'dateformat')),
 1272         "<label for=\"dateformat\">{$lang->time_format}:</label><br />".$form->generate_select_box("timeformat", $time_format_options, $mybb->input['timeformat'], array('id' => 'timeformat')),
 1273         "<label for=\"timezone\">{$lang->time_zone}:</label><br />".build_timezone_select("timezone", $mybb->input['timezone']),
 1274         "<label for=\"dstcorrection\">{$lang->daylight_savings_time_correction}:</label><br />".$form->generate_select_box("dstcorrection", array(2 => $lang->automatically_detect, 1 => $lang->always_use_dst_correction, 0 => $lang->never_use_dst_correction), $mybb->input['dstcorrection'], array('id' => 'dstcorrection'))
 1275     );
 1276 
 1277     // Allow plugins to add date options
 1278     $date_options = $plugins->run_hooks('admin_user_users_edit_date_options', $date_options);
 1279 
 1280     // Output date options
 1281     $form_container->output_row($lang->date_and_time_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $date_options)."</div>");
 1282 
 1283 
 1284     $tpp_options = array($lang->use_default);
 1285     if($mybb->settings['usertppoptions'])
 1286     {
 1287         $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 1288         if(is_array($explodedtpp))
 1289         {
 1290             foreach($explodedtpp as $tpp)
 1291             {
 1292                 if($tpp <= 0) continue;
 1293                 $tpp_options[$tpp] = $tpp;
 1294             }
 1295         }
 1296     }
 1297 
 1298     $thread_age_options = array(
 1299         0 => $lang->use_default,
 1300         1 => $lang->show_threads_last_day,
 1301         5 => $lang->show_threads_last_5_days,
 1302         10 => $lang->show_threads_last_10_days,
 1303         20 => $lang->show_threads_last_20_days,
 1304         50 => $lang->show_threads_last_50_days,
 1305         75 => $lang->show_threads_last_75_days,
 1306         100 => $lang->show_threads_last_100_days,
 1307         365 => $lang->show_threads_last_year,
 1308         9999 => $lang->show_all_threads
 1309     );
 1310 
 1311     $forum_options = array(
 1312         "<label for=\"tpp\">{$lang->threads_per_page}:</label><br />".$form->generate_select_box("tpp", $tpp_options, $mybb->input['tpp'], array('id' => 'tpp')),
 1313         "<label for=\"daysprune\">{$lang->default_thread_age_view}:</label><br />".$form->generate_select_box("daysprune", $thread_age_options, $mybb->input['daysprune'], array('id' => 'daysprune'))
 1314     );
 1315 
 1316     // Allow plugins to add forum options
 1317     $forum_options = $plugins->run_hooks('admin_user_users_edit_forum_options', $forum_options);
 1318 
 1319     // Output forum options
 1320     $form_container->output_row($lang->forum_display_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $forum_options)."</div>");
 1321 
 1322     $ppp_options = array($lang->use_default);
 1323     if($mybb->settings['userpppoptions'])
 1324     {
 1325         $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 1326         if(is_array($explodedppp))
 1327         {
 1328             foreach($explodedppp as $ppp)
 1329             {
 1330                 if($ppp <= 0) continue;
 1331                 $ppp_options[$ppp] = $ppp;
 1332             }
 1333         }
 1334     }
 1335 
 1336     $thread_options = array(
 1337         $form->generate_check_box("classicpostbit", 1, $lang->show_classic_postbit, array("checked" => $mybb->input['classicpostbit'])),
 1338         $form->generate_check_box("showimages", 1, $lang->display_images, array("checked" => $mybb->input['showimages'])),
 1339         $form->generate_check_box("showvideos", 1, $lang->display_videos, array("checked" => $mybb->input['showvideos'])),
 1340         $form->generate_check_box("showsigs", 1, $lang->display_users_sigs, array("checked" => $mybb->input['showsigs'])),
 1341         $form->generate_check_box("showavatars", 1, $lang->display_users_avatars, array("checked" => $mybb->input['showavatars'])),
 1342         $form->generate_check_box("showquickreply", 1, $lang->show_quick_reply, array("checked" => $mybb->input['showquickreply'])),
 1343         "<label for=\"ppp\">{$lang->posts_per_page}:</label><br />".$form->generate_select_box("ppp", $ppp_options, $mybb->input['ppp'], array('id' => 'ppp')),
 1344         "<label for=\"threadmode\">{$lang->default_thread_view_mode}:</label><br />".$form->generate_select_box("threadmode", array("" => $lang->use_default, "linear" => $lang->linear_mode, "threaded" => $lang->threaded_mode), $mybb->input['threadmode'], array('id' => 'threadmode'))
 1345     );
 1346 
 1347     // Allow plugins to add thread options
 1348     $thread_options = $plugins->run_hooks('admin_user_users_edit_thread_options', $thread_options);
 1349 
 1350     // Output thread options
 1351     $form_container->output_row($lang->thread_view_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $thread_options)."</div>");
 1352 
 1353     $languages = array_merge(array('' => $lang->use_default), $lang->get_languages());
 1354 
 1355     $other_options = array(
 1356         $form->generate_check_box("showredirect", 1, $lang->show_redirect, array("checked" => $mybb->input['showredirect'])),
 1357         $form->generate_check_box("showcodebuttons", "1", $lang->show_code_buttons, array("checked" => $mybb->input['showcodebuttons'])),
 1358         $form->generate_check_box("sourceeditor", "1", $lang->source_editor, array("checked" => $mybb->input['sourceeditor'])),
 1359         "<label for=\"style\">{$lang->theme}:</label><br />".build_theme_select("style", $mybb->input['style'], 0, "", true, false, true),
 1360         "<label for=\"language\">{$lang->board_language}:</label><br />".$form->generate_select_box("language", $languages, $mybb->input['language'], array('id' => 'language'))
 1361     );
 1362 
 1363     // Allow plugins to add other options
 1364     $other_options = $plugins->run_hooks('admin_user_users_edit_other_options', $other_options);
 1365 
 1366     // Output other options
 1367     $form_container->output_row($lang->other_options, "", "<div class=\"user_settings_bit\">".implode("</div><div class=\"user_settings_bit\">", $other_options)."</div>");
 1368 
 1369     $form_container->end();
 1370     $plugins->run_hooks("admin_user_users_edit_settings");
 1371     echo "</div>\n";
 1372 
 1373     //
 1374     // SIGNATURE EDITOR
 1375     //
 1376     $signature_editor = $form->generate_text_area("signature", $mybb->input['signature'], array('id' => 'signature', 'rows' => 15, 'cols' => '70', 'style' => 'height: 250px; width: 95%'));
 1377     $sig_smilies = $lang->off;
 1378     if($mybb->settings['sigsmilies'] == 1)
 1379     {
 1380         $sig_smilies = $lang->on;
 1381     }
 1382     $sig_mycode = $lang->off;
 1383     if($mybb->settings['sigmycode'] == 1)
 1384     {
 1385         $sig_mycode = $lang->on;
 1386         $signature_editor .= build_mycode_inserter("signature");
 1387     }
 1388     $sig_html = $lang->off;
 1389     if($mybb->settings['sightml'] == 1)
 1390     {
 1391         $sig_html = $lang->on;
 1392     }
 1393     $sig_imgcode = $lang->off;
 1394     if($mybb->settings['sigimgcode'] == 1)
 1395     {
 1396         $sig_imgcode = $lang->on;
 1397     }
 1398     echo "<div id=\"tab_signature\">\n";
 1399     $form_container = new FormContainer($lang->signature.': '.htmlspecialchars_uni($user['username']));
 1400     $form_container->output_row($lang->signature, $lang->sprintf($lang->signature_desc, $sig_mycode, $sig_smilies, $sig_imgcode, $sig_html), $signature_editor, 'signature');
 1401 
 1402     $periods = array(
 1403         "hours" => $lang->expire_hours,
 1404         "days" => $lang->expire_days,
 1405         "weeks" => $lang->expire_weeks,
 1406         "months" => $lang->expire_months,
 1407         "never" => $lang->expire_permanent
 1408     );
 1409 
 1410     // Are we already suspending the signature?
 1411     if($mybb->input['suspendsignature'])
 1412     {
 1413         $sig_checked = 1;
 1414 
 1415         // Display how much time is left on the ban for the user to extend it
 1416         if($user['suspendsigtime'] == "0")
 1417         {
 1418             // Permanent
 1419             $lang->suspend_expire_info = $lang->suspend_sig_perm;
 1420         }
 1421         else
 1422         {
 1423             // There's a limit to the suspension!
 1424             $remaining = $user['suspendsigtime']-TIME_NOW;
 1425             $expired = nice_time($remaining, array('seconds' => false));
 1426 
 1427             $color = 'inherit';
 1428             if($remaining < 3600)
 1429             {
 1430                 $color = 'red';
 1431             }
 1432             elseif($remaining < 86400)
 1433             {
 1434                 $color = 'maroon';
 1435             }
 1436             elseif($remaining < 604800)
 1437             {
 1438                 $color = 'green';
 1439             }
 1440 
 1441             $lang->suspend_expire_info = $lang->sprintf($lang->suspend_expire_info, $expired, $color);
 1442         }
 1443         $user_suspend_info = '
 1444                 <tr>
 1445                     <td colspan="2">'.$lang->suspend_expire_info.'<br />'.$lang->suspend_sig_extend.'</td>
 1446                 </tr>';
 1447     }
 1448     else
 1449     {
 1450         $sig_checked = 0;
 1451         $user_suspend_info = '';
 1452     }
 1453 
 1454     $actions = '
 1455     <script type="text/javascript">
 1456     <!--
 1457         var sig_checked = "'.$sig_checked.'";
 1458 
 1459         function toggleAction()
 1460         {
 1461             if($("#suspend_action").is(\':visible\'))
 1462             {
 1463                 $("#suspend_action").hide();
 1464             }
 1465             else
 1466             {
 1467                 $("#suspend_action").show();
 1468             }
 1469         }
 1470     // -->
 1471     </script>
 1472 
 1473     <dl style="margin-top: 0; margin-bottom: 0; width: 100%;">
 1474         <dt>'.$form->generate_check_box("suspendsignature", 1, $lang->suspend_sig_box, array('checked' => $sig_checked, 'onclick' => 'toggleAction();')).'</dt>
 1475         <dd style="margin-top: 4px;" id="suspend_action" class="actions">
 1476             <table cellpadding="4">'.$user_suspend_info.'
 1477                 <tr>
 1478                     <td width="30%"><small>'.$lang->expire_length.'</small></td>
 1479                     <td>'.$form->generate_numeric_field('action_time', $mybb->input['action_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$form->generate_select_box('action_period', $periods, $mybb->input['action_period']).'</td>
 1480                 </tr>
 1481             </table>
 1482         </dd>
 1483     </dl>
 1484 
 1485     <script type="text/javascript">
 1486     <!--
 1487         if(sig_checked == 0)
 1488         {
 1489             $("#suspend_action").hide();
 1490         }
 1491     // -->
 1492     </script>';
 1493 
 1494     $form_container->output_row($lang->suspend_sig, $lang->suspend_sig_info, $actions);
 1495 
 1496     $signature_options = array(
 1497         $form->generate_radio_button("update_posts", "enable", $lang->enable_sig_in_all_posts, array("checked" => 0)),
 1498         $form->generate_radio_button("update_posts", "disable", $lang->disable_sig_in_all_posts, array("checked" => 0)),
 1499         $form->generate_radio_button("update_posts", "no", $lang->do_nothing, array("checked" => 1))
 1500     );
 1501 
 1502     $form_container->output_row($lang->signature_preferences, "", implode("<br />", $signature_options));
 1503 
 1504     $form_container->end();
 1505     $plugins->run_hooks("admin_user_users_edit_signatur");
 1506     echo "</div>\n";
 1507 
 1508     //
 1509     // AVATAR MANAGER
 1510     //
 1511     echo "<div id=\"tab_avatar\">\n";
 1512     $table = new Table;
 1513     $table->construct_header($lang->current_avatar, array('colspan' => 2));
 1514 
 1515     $table->construct_cell("<div style=\"width: 126px; height: 126px;\" class=\"user_avatar\"><img src=\"".htmlspecialchars_uni($user['avatar'])."\" width=\"{$scaled_dimensions['width']}\" style=\"margin-top: {$avatar_top}px\" height=\"{$scaled_dimensions['height']}\" alt=\"\" /></div>", array('width' => 1));
 1516 
 1517     $avatar_url = '';
 1518     if($user['avatartype'] == "upload" || stristr($user['avatar'], $mybb->settings['avataruploadpath']))
 1519     {
 1520         $current_avatar_msg = "<br /><strong>{$lang->user_current_using_uploaded_avatar}</strong>";
 1521     }
 1522     elseif($user['avatartype'] == "remote" || my_validate_url($user['avatar']))
 1523     {
 1524         $current_avatar_msg = "<br /><strong>{$lang->user_current_using_remote_avatar}</strong>";
 1525         $avatar_url = $user['avatar'];
 1526     }
 1527 
 1528     if($errors)
 1529     {
 1530         $avatar_url = htmlspecialchars_uni($mybb->input['avatar_url']);
 1531     }
 1532 
 1533     if($mybb->settings['maxavatardims'] != "")
 1534     {
 1535         list($max_width, $max_height) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
 1536         $max_size = "<br />{$lang->max_dimensions_are} {$max_width}x{$max_height}";
 1537     }
 1538 
 1539     if($mybb->settings['avatarsize'])
 1540     {
 1541         $maximum_size = get_friendly_size($mybb->settings['avatarsize']*1024);
 1542         $max_size .= "<br />{$lang->avatar_max_size} {$maximum_size}";
 1543     }
 1544 
 1545     if($user['avatar'])
 1546     {
 1547         $remove_avatar = "<br /><br />".$form->generate_check_box("remove_avatar", 1, "<strong>{$lang->remove_avatar}</strong>");
 1548     }
 1549 
 1550     $table->construct_cell($lang->avatar_desc."{$remove_avatar}<br /><small>{$max_size}</small>");
 1551     $table->construct_row();
 1552 
 1553     $table->output($lang->avatar.': '.htmlspecialchars_uni($user['username']));
 1554 
 1555     // Custom avatar
 1556     if($mybb->settings['avatarresizing'] == "auto")
 1557     {
 1558         $auto_resize = $lang->avatar_auto_resize;
 1559     }
 1560     else if($mybb->settings['avatarresizing'] == "user")
 1561     {
 1562         $auto_resize = "<input type=\"checkbox\" name=\"auto_resize\" value=\"1\" checked=\"checked\" id=\"auto_resize\" /> <label for=\"auto_resize\">{$lang->attempt_to_auto_resize}</label></span>";
 1563     }
 1564     $form_container = new FormContainer($lang->specify_custom_avatar);
 1565     $form_container->output_row($lang->upload_avatar, $auto_resize, $form->generate_file_upload_box('avatar_upload', array('id' => 'avatar_upload')), 'avatar_upload');
 1566     if($mybb->settings['allowremoteavatars'])
 1567     {
 1568         $form_container->output_row($lang->or_specify_avatar_url, "", $form->generate_text_box('avatar_url', $avatar_url, array('id' => 'avatar_url')), 'avatar_url');
 1569     }
 1570     $form_container->end();
 1571     $plugins->run_hooks("admin_user_users_edit_avatar");
 1572     echo "</div>\n";
 1573 
 1574     //
 1575     // MODERATOR OPTIONS
 1576     //
 1577     $periods = array(
 1578         "hours" => $lang->expire_hours,
 1579         "days" => $lang->expire_days,
 1580         "weeks" => $lang->expire_weeks,
 1581         "months" => $lang->expire_months,
 1582         "never" => $lang->expire_permanent
 1583     );
 1584 
 1585     echo "<div id=\"tab_modoptions\">\n";
 1586     $form_container = new FormContainer($lang->mod_options.': '.htmlspecialchars_uni($user['username']));
 1587     $form_container->output_row($lang->user_notes, '', $form->generate_text_area('usernotes', $mybb->input['usernotes'], array('id' => 'usernotes')), 'usernotes');
 1588 
 1589     // Mod posts
 1590     // Generate check box
 1591     $modpost_options = $form->generate_select_box('modpost_period', $periods, $mybb->input['modpost_period'], array('id' => 'modpost_period'));
 1592 
 1593     // Do we have any existing suspensions here?
 1594     $existing_info = '';
 1595     if($user['moderateposts'] || ($mybb->input['moderateposting'] && !empty($errors)))
 1596     {
 1597         $mybb->input['moderateposting'] = 1;
 1598         if($user['moderationtime'] != 0)
 1599         {
 1600             $remaining = $user['moderationtime']-TIME_NOW;
 1601             $expired = nice_time($remaining, array('seconds' => false));
 1602 
 1603             $color = 'inherit';
 1604             if($remaining < 3600)
 1605             {
 1606                 $color = 'red';
 1607             }
 1608             elseif($remaining < 86400)
 1609             {
 1610                 $color = 'maroon';
 1611             }
 1612             elseif($remaining < 604800)
 1613             {
 1614                 $color = 'green';
 1615             }
 1616 
 1617             $existing_info = $lang->sprintf($lang->moderate_length, $expired, $color);
 1618         }
 1619         else
 1620         {
 1621             $existing_info = $lang->moderated_perm;
 1622         }
 1623     }
 1624 
 1625     $modpost_div = '<div id="modpost">'.$existing_info.''.$lang->moderate_for.' '.$form->generate_numeric_field("modpost_time", $mybb->input['modpost_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$modpost_options.'</div>';
 1626     $lang->moderate_posts_info = $lang->sprintf($lang->moderate_posts_info, htmlspecialchars_uni($user['username']));
 1627     $form_container->output_row($form->generate_check_box("moderateposting", 1, $lang->moderate_posts, array("id" => "moderateposting", "onclick" => "toggleBox('modpost');", "checked" => $mybb->input['moderateposting'])), $lang->moderate_posts_info, $modpost_div);
 1628 
 1629     // Suspend posts
 1630     // Generate check box
 1631     $suspost_options = $form->generate_select_box('suspost_period', $periods, $mybb->input['suspost_period'], array('id' => 'suspost_period'));
 1632 
 1633     // Do we have any existing suspensions here?
 1634     if($user['suspendposting'] || ($mybb->input['suspendposting'] && !empty($errors)))
 1635     {
 1636         $mybb->input['suspendposting'] = 1;
 1637 
 1638         if($user['suspensiontime'] == 0 || $mybb->input['suspost_period'] == "never")
 1639         {
 1640             $existing_info = $lang->suspended_perm;
 1641         }
 1642         else
 1643         {
 1644             $remaining = $user['suspensiontime']-TIME_NOW;
 1645             $suspost_date = nice_time($remaining, array('seconds' => false));
 1646 
 1647             $color = 'inherit';
 1648             if($remaining < 3600)
 1649             {
 1650                 $color = 'red';
 1651             }
 1652             elseif($remaining < 86400)
 1653             {
 1654                 $color = 'maroon';
 1655             }
 1656             elseif($remaining < 604800)
 1657             {
 1658                 $color = 'green';
 1659             }
 1660 
 1661             $existing_info = $lang->sprintf($lang->suspend_length, $suspost_date, $color);
 1662         }
 1663     }
 1664 
 1665     $suspost_div = '<div id="suspost">'.$existing_info.''.$lang->suspend_for.' '.$form->generate_numeric_field("suspost_time", $mybb->input['suspost_time'], array('style' => 'width: 3em;', 'min' => 0)).' '.$suspost_options.'</div>';
 1666     $lang->suspend_posts_info = $lang->sprintf($lang->suspend_posts_info, htmlspecialchars_uni($user['username']));
 1667     $form_container->output_row($form->generate_check_box("suspendposting", 1, $lang->suspend_posts, array("id" => "suspendposting", "onclick" => "toggleBox('suspost');", "checked" => $mybb->input['suspendposting'])), $lang->suspend_posts_info, $suspost_div);
 1668 
 1669 
 1670     $form_container->end();
 1671     $plugins->run_hooks("admin_user_users_edit_moderator_options");
 1672     echo "</div>\n";
 1673 
 1674     $plugins->run_hooks("admin_user_users_edit_graph");
 1675 
 1676     $buttons[] = $form->generate_submit_button($lang->save_user);
 1677     $form->output_submit_wrapper($buttons);
 1678 
 1679     $form->end();
 1680 
 1681     echo '<script type="text/javascript">
 1682 <!--
 1683 
 1684 function toggleBox(action)
 1685 {
 1686     if(action == "modpost")
 1687     {
 1688         $("#suspendposting").attr("checked", false);
 1689         $("#suspost").hide();
 1690 
 1691         if($("#moderateposting").is(":checked") == true)
 1692         {
 1693             $("#modpost").show();
 1694         }
 1695         else if($("#moderateposting").is(":checked") == false)
 1696         {
 1697             $("#modpost").hide();
 1698         }
 1699     }
 1700     else if(action == "suspost")
 1701     {
 1702         $("#moderateposting").attr("checked", false);
 1703         $("#modpost").hide();
 1704 
 1705         if($("#suspendposting").is(":checked") == true)
 1706         {
 1707             $("#suspost").show();
 1708         }
 1709         else if($("#suspendposting").is(":checked") == false)
 1710         {
 1711             $("#suspost").hide();
 1712         }
 1713     }
 1714 }
 1715 
 1716 if($("#moderateposting").is(":checked") == false)
 1717 {
 1718     $("#modpost").hide();
 1719 }
 1720 else
 1721 {
 1722     $("#modpost").show();
 1723 }
 1724 
 1725 if($("#suspendposting").is(":checked") == false)
 1726 {
 1727     $("#suspost").hide();
 1728 }
 1729 else
 1730 {
 1731     $("#suspost").show();
 1732 }
 1733 
 1734 // -->
 1735 </script>';
 1736 
 1737     $page->output_footer();
 1738 }
 1739 
 1740 if($mybb->input['action'] == "delete")
 1741 {
 1742     $user = get_user($mybb->input['uid']);
 1743 
 1744     // Does the user not exist?
 1745     if(!$user['uid'])
 1746     {
 1747         flash_message($lang->error_invalid_user, 'error');
 1748         admin_redirect("index.php?module=user-users");
 1749     }
 1750 
 1751     if(is_super_admin($mybb->input['uid']) && $mybb->user['uid'] != $mybb->input['uid'] && !is_super_admin($mybb->user['uid']))
 1752     {
 1753         flash_message($lang->error_no_perms_super_admin, 'error');
 1754         admin_redirect("index.php?module=user-users");
 1755     }
 1756 
 1757     // User clicked no
 1758     if($mybb->input['no'])
 1759     {
 1760         admin_redirect("index.php?module=user-users");
 1761     }
 1762 
 1763     $plugins->run_hooks("admin_user_users_delete");
 1764 
 1765     if($mybb->request_method == "post")
 1766     {
 1767         $plugins->run_hooks("admin_user_users_delete_commit");
 1768 
 1769         // Set up user handler.
 1770         require_once MYBB_ROOT.'inc/datahandlers/user.php';
 1771         $userhandler = new UserDataHandler('delete');
 1772 
 1773         // Delete the user
 1774         if(!$userhandler->delete_user($user['uid']))
 1775         {
 1776             flash_message($lang->error_cannot_delete_user, 'error');
 1777             admin_redirect("index.php?module=user-users");
 1778         }
 1779 
 1780         $cache->update_awaitingactivation();
 1781 
 1782         $plugins->run_hooks("admin_user_users_delete_commit_end");
 1783 
 1784         log_admin_action($user['uid'], $user['username']);
 1785 
 1786         flash_message($lang->success_user_deleted, 'success');
 1787         admin_redirect("index.php?module=user-users");
 1788     }
 1789     else
 1790     {
 1791         $page->output_confirm_action("index.php?module=user-users&action=delete&uid={$user['uid']}", $lang->user_deletion_confirmation);
 1792     }
 1793 }
 1794 
 1795 if($mybb->input['action'] == "referrers")
 1796 {
 1797     $page->add_breadcrumb_item($lang->show_referrers);
 1798     $page->output_header($lang->show_referrers);
 1799 
 1800     $sub_tabs['referrers'] = array(
 1801         'title' => $lang->show_referrers,
 1802         'link' => "index.php?module=user-users&amp;action=referrers&amp;uid={$mybb->input['uid']}",
 1803         'description' => $lang->show_referrers_desc
 1804     );
 1805 
 1806     $plugins->run_hooks("admin_user_users_referrers");
 1807 
 1808     $page->output_nav_tabs($sub_tabs, 'referrers');
 1809 
 1810     // Fetch default admin view
 1811     $default_view = fetch_default_view("user");
 1812     if(!$default_view)
 1813     {
 1814         $default_view = "0";
 1815     }
 1816     $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
 1817     $admin_view = $db->fetch_array($query);
 1818 
 1819     if($mybb->input['type'])
 1820     {
 1821         $admin_view['view_type'] = $mybb->input['type'];
 1822     }
 1823 
 1824     $admin_view['conditions'] = my_unserialize($admin_view['conditions']);
 1825     $admin_view['conditions']['referrer'] = $mybb->input['uid'];
 1826 
 1827     $view = build_users_view($admin_view);
 1828 
 1829     // No referred users
 1830     if(!$view)
 1831     {
 1832         $table = new Table;
 1833         $table->construct_cell($lang->error_no_referred_users);
 1834         $table->construct_row();
 1835         $table->output($lang->show_referrers);
 1836     }
 1837     else
 1838     {
 1839         echo $view;
 1840     }
 1841 
 1842     $page->output_footer();
 1843 }
 1844 
 1845 if($mybb->input['action'] == "ipaddresses")
 1846 {
 1847     $page->add_breadcrumb_item($lang->ip_addresses);
 1848     $page->output_header($lang->ip_addresses);
 1849 
 1850     $sub_tabs['ipaddresses'] = array(
 1851         'title' => $lang->show_ip_addresses,
 1852         'link' => "index.php?module=user-users&amp;action=ipaddresses&amp;uid={$mybb->input['uid']}",
 1853         'description' => $lang->show_ip_addresses_desc
 1854     );
 1855 
 1856     $plugins->run_hooks("admin_user_users_ipaddresses");
 1857 
 1858     $page->output_nav_tabs($sub_tabs, 'ipaddresses');
 1859 
 1860     $query = $db->simple_select("users", "uid, regip, username, lastip", "uid='{$mybb->input['uid']}'", array('limit' => 1));
 1861     $user = $db->fetch_array($query);
 1862 
 1863     // Log admin action
 1864     log_admin_action($user['uid'], $user['username']);
 1865 
 1866     $table = new Table;
 1867 
 1868     $table->construct_header($lang->ip_address);
 1869     $table->construct_header($lang->controls, array('width' => 200, 'class' => "align_center"));
 1870 
 1871     if(empty($user['lastip']))
 1872     {
 1873         $user['lastip'] = $lang->unknown;
 1874         $controls = '';
 1875     }
 1876     else
 1877     {
 1878         $user['lastip'] = my_inet_ntop($db->unescape_binary($user['lastip']));
 1879         $popup = new PopupMenu("user_last", $lang->options);
 1880         $popup->add_item($lang->show_users_regged_with_ip,
 1881             "index.php?module=user-users&amp;action=search&amp;results=1&amp;conditions=".urlencode(my_serialize(array("regip" => $user['lastip']))));
 1882         $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $user['lastip']))));
 1883         $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$user['lastip']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$user['lastip']}', null, true); return false;");
 1884         $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['lastip']}");
 1885         $controls = $popup->fetch();
 1886     }
 1887     $table->construct_cell("<strong>{$lang->last_known_ip}:</strong> ".$user['lastip']);
 1888     $table->construct_cell($controls, array('class' => "align_center"));
 1889     $table->construct_row();
 1890 
 1891     if(empty($user['regip']))
 1892     {
 1893         $user['regip'] = $lang->unknown;
 1894         $controls = '';
 1895     }
 1896     else
 1897     {
 1898         $user['regip'] = my_inet_ntop($db->unescape_binary($user['regip']));
 1899         $popup = new PopupMenu("user_reg", $lang->options);
 1900         $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("regip" => $user['regip']))));
 1901         $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $user['regip']))));
 1902         $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$user['regip']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$user['regip']}', null, true); return false;");
 1903         $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$user['regip']}");
 1904         $controls = $popup->fetch();
 1905     }
 1906     $table->construct_cell("<strong>{$lang->registration_ip}:</strong> ".$user['regip']);
 1907     $table->construct_cell($controls, array('class' => "align_center"));
 1908     $table->construct_row();
 1909 
 1910     $counter = 0;
 1911 
 1912     $query = $db->simple_select("posts", "DISTINCT ipaddress", "uid='{$mybb->input['uid']}'");
 1913     while($ip = $db->fetch_array($query))
 1914     {
 1915         ++$counter;
 1916         $ip['ipaddress'] = my_inet_ntop($db->unescape_binary($ip['ipaddress']));
 1917         $popup = new PopupMenu("id_{$counter}", $lang->options);
 1918         $popup->add_item($lang->show_users_regged_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("regip" => $ip['ipaddress']))));
 1919         $popup->add_item($lang->show_users_posted_with_ip, "index.php?module=user-users&amp;results=1&amp;action=search&amp;conditions=".urlencode(my_serialize(array("postip" => $ip['ipaddress']))));
 1920         $popup->add_item($lang->info_on_ip, "index.php?module=user-users&amp;action=iplookup&ipaddress={$ip['ipaddress']}", "MyBB.popupWindow('index.php?module=user-users&amp;action=iplookup&ipaddress={$ip['ipaddress']}', null, true); return false;");
 1921         $popup->add_item($lang->ban_ip, "index.php?module=config-banning&amp;filter={$ip['ipaddress']}");
 1922         $controls = $popup->fetch();
 1923 
 1924         $table->construct_cell($ip['ipaddress']);
 1925         $table->construct_cell($controls, array('class' => "align_center"));
 1926         $table->construct_row();
 1927     }
 1928 
 1929     $table->output($lang->ip_address_for.' '.htmlspecialchars_uni($user['username']));
 1930 
 1931     $page->output_footer();
 1932 }
 1933 
 1934 if($mybb->input['action'] == "merge")
 1935 {
 1936     $plugins->run_hooks("admin_user_users_merge");
 1937 
 1938     if($mybb->request_method == "post")
 1939     {
 1940         foreach(array('source', 'destination') as $target)
 1941         {
 1942             ${$target.'_user'} = get_user_by_username($mybb->input[$target.'_username'], array('fields' => '*'));
 1943             if(!${$target.'_user'}['uid'])
 1944             {
 1945                 $errors[] = $lang->{'error_invalid_user_'.$target};
 1946             }
 1947         }
 1948 
 1949         // If we're not a super admin and we're merging a source super admin or a destination super admin then dissallow this action
 1950         if(!is_super_admin($mybb->user['uid']) && (is_super_admin($source_user['uid']) || is_super_admin($destination_user['uid'])))
 1951         {
 1952             flash_message($lang->error_no_perms_super_admin, 'error');
 1953             admin_redirect("index.php?module=user-users");
 1954         }
 1955 
 1956         if($source_user['uid'] == $destination_user['uid'] && !empty($source_user['uid']))
 1957         {
 1958             $errors[] = $lang->error_cannot_merge_same_account;
 1959         }
 1960 
 1961         if(empty($errors))
 1962         {
 1963             // Begin to merge the accounts
 1964             $uid_update = array(
 1965                 "uid" => $destination_user['uid']
 1966             );
 1967             $query = $db->simple_select("adminoptions", "uid", "uid='{$destination_user['uid']}'");
 1968             $existing_admin_options = $db->fetch_field($query, "uid");
 1969 
 1970             // Only carry over admin options/permissions if we don't already have them
 1971             if(!$existing_admin_options)
 1972             {
 1973                 $db->update_query("adminoptions", $uid_update, "uid='{$source_user['uid']}'");
 1974             }
 1975 
 1976             $db->update_query("adminlog", $uid_update, "uid='{$source_user['uid']}'");
 1977             $db->update_query("announcements", $uid_update, "uid='{$source_user['uid']}'");
 1978             $db->update_query("events", $uid_update, "uid='{$source_user['uid']}'");
 1979             $db->update_query("threadsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
 1980             $db->update_query("forumsubscriptions", $uid_update, "uid='{$source_user['uid']}'");
 1981             $db->update_query("joinrequests", $uid_update, "uid='{$source_user['uid']}'");
 1982             $db->update_query("moderatorlog", $uid_update, "uid='{$source_user['uid']}'");
 1983             $db->update_query("pollvotes", $uid_update, "uid='{$source_user['uid']}'");
 1984             $db->update_query("posts", $uid_update, "uid='{$source_user['uid']}'");
 1985             $db->update_query("privatemessages", $uid_update, "uid='{$source_user['uid']}'");
 1986             $db->update_query("reportedcontent", $uid_update, "uid='{$source_user['uid']}'");
 1987             $db->update_query("threads", $uid_update, "uid='{$source_user['uid']}'");
 1988             $db->update_query("warnings", $uid_update, "uid='{$source_user['uid']}'");
 1989             $db->update_query("warnings", array("revokedby" => $destination_user['uid']), "revokedby='{$source_user['uid']}'");
 1990             $db->update_query("warnings", array("issuedby" => $destination_user['uid']), "issuedby='{$source_user['uid']}'");
 1991 
 1992             // Thread ratings
 1993             merge_thread_ratings($source_user['uid'], $destination_user['uid']);
 1994 
 1995             // Banning
 1996             $db->update_query("banned", array('admin' => $destination_user['uid']), "admin = '{$source_user['uid']}'");
 1997 
 1998             // Carry over referrals
 1999             $db->update_query("users", array("referrer" => $destination_user['uid']), "referrer='{$source_user['uid']}' AND uid!='{$destination_user['uid']}'");
 2000             // If destination user has no referrer but source does and source user was not referred by destination user
 2001             // or destination user was referred by the source user
 2002             if(($destination_user['referrer'] == 0 && $source_user['referrer'] > 0 && $source_user['referrer'] != $destination_user['uid']) || $destination_user['referrer'] == $source_user['uid'])
 2003             {
 2004                 $db->update_query("users", array("referrer" => $source_user['referrer']), "uid='{$destination_user['uid']}'");
 2005             }
 2006             $query = $db->simple_select("users", "COUNT(uid) as total_referrals", "referrer='{$destination_user['uid']}' AND uid!='{$source_user['uid']}'");
 2007             $new_referrals = $db->fetch_field($query, "total_referrals");
 2008             $db->update_query("users", array("referrals" => (int)$new_referrals), "uid='{$destination_user['uid']}'");
 2009 
 2010             // Merging Reputation
 2011             // First, let's change all the details over to our new user...
 2012             $db->update_query("reputation", array("adduid" => $destination_user['uid']), "adduid = '".$source_user['uid']."'");
 2013             $db->update_query("reputation", array("uid" => $destination_user['uid']), "uid = '".$source_user['uid']."'");
 2014 
 2015             // Now that all the repuation is merged, figure out what to do with this user's comments...
 2016             $options = array(
 2017                 "order_by" => "uid",
 2018                 "order_dir" => "ASC"
 2019             );
 2020 
 2021             $to_remove = array();
 2022             $query = $db->simple_select("reputation", "*", "adduid = '".$destination_user['uid']."'");
 2023             while($rep = $db->fetch_array($query))
 2024             {
 2025                 if($rep['pid'] == 0 && $mybb->settings['multirep'] == 0 && $last_result['uid'] == $rep['uid'])
 2026                 {
 2027                     // Multiple reputation is disallowed, and this isn't a post, so let's remove this comment
 2028                     $to_remove[] = $rep['rid'];
 2029                 }
 2030 
 2031                 // Remove comments or posts liked by "me"
 2032                 if($last_result['uid'] == $destination_user['uid'] || $rep['uid'] == $destination_user['uid'])
 2033                 {
 2034                     if(!in_array($rep['rid'], $to_remove))
 2035                     {
 2036                         $to_remove[] = $rep['rid'];
 2037                         continue;
 2038                     }
 2039                 }
 2040 
 2041                 $last_result = array(
 2042                     "rid" => $rep['rid'],
 2043                     "uid" => $rep['uid']
 2044                 );
 2045             }
 2046 
 2047             // Remove any reputations we've selected to remove...
 2048             if(!empty($to_remove))
 2049             {
 2050                 $imp = implode(",", $to_remove);
 2051                 $db->delete_query("reputation", "rid IN (".$imp.")");
 2052             }
 2053 
 2054             // Calculate the new reputation for this user...
 2055             $query = $db->simple_select("reputation", "SUM(reputation) as total_rep", "uid='{$destination_user['uid']}'");
 2056             $total_reputation = $db->fetch_field($query, "total_rep");
 2057 
 2058             $db->update_query("users", array('reputation' => (int)$total_reputation), "uid='{$destination_user['uid']}'");
 2059 
 2060             // Calculate warning points
 2061             $query = $db->query("
 2062                 SELECT SUM(points) as warn_lev
 2063                 FROM ".TABLE_PREFIX."warnings
 2064                 WHERE uid='{$source_user['uid']}' AND expired='0'
 2065             ");
 2066             $original_warn_level = $db->fetch_field($query, "warn_lev");
 2067 
 2068             $query = $db->query("
 2069                 SELECT SUM(points) as warn_lev
 2070                 FROM ".TABLE_PREFIX."warnings
 2071                 WHERE uid='{$destination_user['uid']}' AND expired='0'
 2072             ");
 2073             $new_warn_level = $db->fetch_field($query, "warn_lev");
 2074             $db->update_query("users", array("warningpoints" => (int)$original_warn_level + $new_warn_level), "uid='{$destination_user['uid']}'");
 2075 
 2076             // Additional updates for non-uid fields
 2077             $last_poster = array(
 2078                 "lastposteruid" => $destination_user['uid'],
 2079                 "lastposter" => $db->escape_string($destination_user['username'])
 2080             );
 2081             $db->update_query("forums", $last_poster, "lastposteruid='{$source_user['uid']}'");
 2082             $db->update_query("threads", $last_poster, "lastposteruid='{$source_user['uid']}'");
 2083             $edit_uid = array(
 2084                 "edituid" => $destination_user['uid']
 2085             );
 2086             $db->update_query("posts", $edit_uid, "edituid='{$source_user['uid']}'");
 2087 
 2088             $from_uid = array(
 2089                 "fromid" => $destination_user['uid']
 2090             );
 2091             $db->update_query("privatemessages", $from_uid, "fromid='{$source_user['uid']}'");
 2092             $to_uid = array(
 2093                 "toid" => $destination_user['uid']
 2094             );
 2095             $db->update_query("privatemessages", $to_uid, "toid='{$source_user['uid']}'");
 2096 
 2097             // Buddy/ignore lists
 2098             $destination_buddies = explode(',', $destination_user['buddylist']);
 2099             $source_buddies = explode(',', $source_user['buddylist']);
 2100             $buddies = array_unique(array_merge($source_buddies, $destination_buddies));
 2101             // Make sure the new buddy list doesn't contain either users
 2102             $buddies_array = array_diff($buddies, array($destination_user['uid'], $source_user['uid']));
 2103 
 2104             $destination_ignored = explode(',', $destination_user['ignorelist']);
 2105             $source_ignored = explode(',', $destination_user['ignorelist']);
 2106             $ignored = array_unique(array_merge($source_ignored, $destination_ignored));
 2107             // ... and the same for the new ignore list
 2108             $ignored_array = array_diff($ignored, array($destination_user['uid'], $source_user['uid']));
 2109 
 2110             // Remove any ignored users from the buddy list
 2111             $buddies = array_diff($buddies_array, $ignored_array);
 2112             // implode the arrays so we get a nice neat list for each
 2113             $buddies = trim(implode(',', $buddies), ',');
 2114             $ignored = trim(implode(',', $ignored_array), ',');
 2115 
 2116             $lists = array(
 2117                 "buddylist" => $buddies,
 2118                 "ignorelist" => $ignored
 2119             );
 2120             $db->update_query("users", $lists, "uid='{$destination_user['uid']}'");
 2121 
 2122             // Get a list of forums where post count doesn't apply
 2123             $fids = array();
 2124             $query = $db->simple_select("forums", "fid", "usepostcounts=0");
 2125             while($fid = $db->fetch_field($query, "fid"))
 2126             {
 2127                 $fids[] = $fid;
 2128             }
 2129 
 2130             $fids_not_in = '';
 2131             if(!empty($fids))
 2132             {
 2133                 $fids_not_in = "AND fid NOT IN(".implode(',', $fids).")";
 2134             }
 2135 
 2136             // Update user post count
 2137             $query = $db->simple_select("posts", "COUNT(*) AS postnum", "uid='".$destination_user['uid']."' {$fids_not_in}");
 2138             $num = $db->fetch_array($query);
 2139             $updated_count = array(
 2140                 "postnum" => $num['postnum']
 2141             );
 2142             $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'");
 2143 
 2144             // Update user thread count
 2145             $query = $db->simple_select("threads", "COUNT(*) AS threadnum", "uid='".$destination_user['uid']."' {$fids_not_in}");
 2146             $num = $db->fetch_array($query);
 2147             $updated_count = array(
 2148                 "threadnum" => $num['threadnum']
 2149             );
 2150             $db->update_query("users", $updated_count, "uid='{$destination_user['uid']}'");
 2151 
 2152             // Use the earliest registration date
 2153             if($destination_user['regdate'] > $source_user['regdate'])
 2154             {
 2155                 $db->update_query("users", array('regdate' => $source_user['regdate']), "uid='{$destination_user['uid']}'");
 2156             }
 2157 
 2158             $plugins->run_hooks("admin_user_users_merge_commit");
 2159 
 2160             // Set up user handler.
 2161             require_once MYBB_ROOT.'inc/datahandlers/user.php';
 2162             $userhandler = new UserDataHandler('delete');
 2163 
 2164             // Delete the old user
 2165             $userhandler->delete_user($source_user['uid']);
 2166 
 2167             $cache->update_awaitingactivation();
 2168 
 2169             // Log admin action
 2170             log_admin_action($source_user['uid'], $source_user['username'], $destination_user['uid'], $destination_user['username']);
 2171 
 2172             // Redirect!
 2173             $username = htmlspecialchars_uni($source_user['username']);
 2174             $destination_username = htmlspecialchars_uni($destination_user['username']);
 2175             flash_message("<strong>{$username}</strong> {$lang->success_merged} {$destination_username}", "success");
 2176             admin_redirect("index.php?module=user-users");
 2177             exit;
 2178         }
 2179     }
 2180 
 2181     $page->add_breadcrumb_item($lang->merge_users);
 2182     $page->output_header($lang->merge_users);
 2183 
 2184     $page->output_nav_tabs($sub_tabs, 'merge_users');
 2185 
 2186     // If we have any error messages, show them
 2187     if($errors)
 2188     {
 2189         $page->output_inline_error($errors);
 2190     }
 2191 
 2192     $form = new Form("index.php?module=user-users&amp;action=merge", "post");
 2193 
 2194     $form_container = new FormContainer($lang->merge_users);
 2195     $form_container->output_row($lang->source_account." <em>*</em>", $lang->source_account_desc, $form->generate_text_box('source_username', $mybb->input['source_username'], array('id' => 'source_username')), 'source_username');
 2196     $form_container->output_row($lang->destination_account." <em>*</em>", $lang->destination_account_desc, $form->generate_text_box('destination_username', $mybb->input['destination_username'], array('id' => 'destination_username')), 'destination_username');
 2197     $form_container->end();
 2198 
 2199     // Autocompletion for usernames
 2200     echo '
 2201     <link rel="stylesheet" href="../jscripts/select2/select2.css">
 2202     <script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script>
 2203     <script type="text/javascript">
 2204     <!--
 2205     $("#source_username").select2({
 2206         placeholder: "'.$lang->search_for_a_user.'",
 2207         minimumInputLength: 2,
 2208         multiple: false,
 2209         ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
 2210             url: "../xmlhttp.php?action=get_users",
 2211             dataType: \'json\',
 2212             data: function (term, page) {
 2213                 return {
 2214                     query: term // search term
 2215                 };
 2216             },
 2217             results: function (data, page) { // parse the results into the format expected by Select2.
 2218                 // since we are using custom formatting functions we do not need to alter remote JSON data
 2219                 return {results: data};
 2220             }
 2221         },
 2222         initSelection: function(element, callback) {
 2223             var query = $(element).val();
 2224             if (query !== "") {
 2225                 $.ajax("../xmlhttp.php?action=get_users&getone=1", {
 2226                     data: {
 2227                         query: query
 2228                     },
 2229                     dataType: "json"
 2230                 }).done(function(data) { callback(data); });
 2231             }
 2232         }
 2233     });
 2234     $("#destination_username").select2({
 2235         placeholder: "'.$lang->search_for_a_user.'",
 2236         minimumInputLength: 2,
 2237         multiple: false,
 2238         ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
 2239             url: "../xmlhttp.php?action=get_users",
 2240             dataType: \'json\',
 2241             data: function (term, page) {
 2242                 return {
 2243                     query: term // search term
 2244                 };
 2245             },
 2246             results: function (data, page) { // parse the results into the format expected by Select2.
 2247                 // since we are using custom formatting functions we do not need to alter remote JSON data
 2248                 return {results: data};
 2249             }
 2250         },
 2251         initSelection: function(element, callback) {
 2252             var query = $(element).val();
 2253             if (query !== "") {
 2254                 $.ajax("../xmlhttp.php?action=get_users&getone=1", {
 2255                     data: {
 2256                         query: query
 2257                     },
 2258                     dataType: "json"
 2259                 }).done(function(data) { callback(data); });
 2260             }
 2261         }
 2262     });
 2263     // -->
 2264     </script>';
 2265 
 2266     $buttons[] = $form->generate_submit_button($lang->merge_user_accounts);
 2267     $form->output_submit_wrapper($buttons);
 2268     $form->end();
 2269 
 2270     $page->output_footer();
 2271 }
 2272 
 2273 if($mybb->input['action'] == "search")
 2274 {
 2275     $plugins->run_hooks("admin_user_users_search");
 2276 
 2277     if($mybb->request_method == "post" || $mybb->input['results'] == 1)
 2278     {
 2279         // Build view options from incoming search options
 2280         if($mybb->input['vid'])
 2281         {
 2282             $query = $db->simple_select("adminviews", "*", "vid='".$mybb->get_input('vid', MyBB::INPUT_INT)."'");
 2283             $admin_view = $db->fetch_array($query);
 2284             // View does not exist or this view is private and does not belong to the current user
 2285             if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
 2286             {
 2287                 unset($admin_view);
 2288             }
 2289         }
 2290 
 2291         if($mybb->input['search_id'] && $admin_session['data']['user_views'][$mybb->input['search_id']])
 2292         {
 2293             $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
 2294             unset($admin_view['extra_sql']);
 2295         }
 2296         else
 2297         {
 2298             // Don't have a view? Fetch the default
 2299             if(!$admin_view['vid'])
 2300             {
 2301                 $default_view = fetch_default_view("user");
 2302                 if(!$default_view)
 2303                 {
 2304                     $default_view = "0";
 2305                 }
 2306                 $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
 2307                 $admin_view = $db->fetch_array($query);
 2308             }
 2309         }
 2310 
 2311         // Override specific parts of the view
 2312         unset($admin_view['vid']);
 2313 
 2314         if($mybb->input['type'])
 2315         {
 2316             $admin_view['view_type'] = $mybb->input['type'];
 2317         }
 2318 
 2319         if($mybb->input['conditions'])
 2320         {
 2321             $admin_view['conditions'] = $mybb->input['conditions'];
 2322         }
 2323 
 2324         if($mybb->input['sortby'])
 2325         {
 2326             $admin_view['sortby'] = $mybb->input['sortby'];
 2327         }
 2328 
 2329         if($mybb->get_input('perpage', MyBB::INPUT_INT))
 2330         {
 2331             $admin_view['perpage'] = $mybb->input['perpage'];
 2332         }
 2333 
 2334         if($mybb->input['order'])
 2335         {
 2336             $admin_view['sortorder'] = $mybb->input['order'];
 2337         }
 2338 
 2339         if($mybb->input['displayas'])
 2340         {
 2341             $admin_view['view_type'] = $mybb->input['displayas'];
 2342         }
 2343 
 2344         if($mybb->input['profile_fields'])
 2345         {
 2346             $admin_view['custom_profile_fields'] = $mybb->input['profile_fields'];
 2347         }
 2348 
 2349         $plugins->run_hooks("admin_user_users_search_commit");
 2350 
 2351         $results = build_users_view($admin_view);
 2352 
 2353         if($results)
 2354         {
 2355             $page->output_header($lang->find_users);
 2356             echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
 2357             $page->output_nav_tabs($sub_tabs, 'find_users');
 2358             echo $results;
 2359             $page->output_footer();
 2360         }
 2361         else
 2362         {
 2363             if($mybb->input['from'] == "home")
 2364             {
 2365                 flash_message($lang->error_no_users_found, 'error');
 2366                 admin_redirect("index.php");
 2367                 exit;
 2368             }
 2369             else
 2370             {
 2371                 $errors[] = $lang->error_no_users_found;
 2372             }
 2373         }
 2374     }
 2375 
 2376     $page->add_breadcrumb_item($lang->find_users);
 2377     $page->output_header($lang->find_users);
 2378 
 2379     $page->output_nav_tabs($sub_tabs, 'find_users');
 2380 
 2381     // If we have any error messages, show them
 2382     if($errors)
 2383     {
 2384         $page->output_inline_error($errors);
 2385     }
 2386 
 2387     if(!$mybb->input['displayas'])
 2388     {
 2389         $mybb->input['displayas'] = "card";
 2390     }
 2391 
 2392     $form = new Form("index.php?module=user-users&amp;action=search", "post");
 2393 
 2394     user_search_conditions($mybb->input, $form);
 2395 
 2396     $form_container = new FormContainer($lang->display_options);
 2397     $sort_directions = array(
 2398         "asc" => $lang->ascending,
 2399         "desc" => $lang->descending
 2400     );
 2401     $form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby'))." {$lang->in} ".$form->generate_select_box('order', $sort_directions, $mybb->input['order'], array('id' => 'order')), 'sortby');
 2402     $form_container->output_row($lang->results_per_page, "", $form->generate_numeric_field('perpage', $mybb->input['perpage'], array('id' => 'perpage', 'min' => 1)), 'perpage');
 2403     $form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('displayas', 'table', $lang->table, array('checked' => ($mybb->input['displayas'] != "card" ? true : false)))."<br />".$form->generate_radio_button('displayas', 'card', $lang->business_card, array('checked' => ($mybb->input['displayas'] == "card" ? true : false))));
 2404     $form_container->end();
 2405 
 2406     $buttons[] = $form->generate_submit_button($lang->find_users);
 2407     $form->output_submit_wrapper($buttons);
 2408     $form->end();
 2409 
 2410     $page->output_footer();
 2411 }
 2412 
 2413 if($mybb->input['action'] == "inline_edit")
 2414 {
 2415     $plugins->run_hooks("admin_user_users_inline");
 2416 
 2417     if($mybb->input['vid'] || $mybb->cookies['acp_view'])
 2418     {
 2419         // We have a custom view
 2420         if(!$mybb->cookies['acp_view'])
 2421         {
 2422             // Set a cookie
 2423             my_setcookie("acp_view", $mybb->input['vid'], 60);
 2424         }
 2425         elseif($mybb->cookies['acp_view'])
 2426         {
 2427             // We already have a cookie, so let's use it...
 2428             $mybb->input['vid'] = $mybb->cookies['acp_view'];
 2429         }
 2430 
 2431         $vid_url = "&amp;vid=".$mybb->input['vid'];
 2432     }
 2433 
 2434     // First, collect the user IDs that we're performing the moderation on
 2435     $ids = explode("|", $mybb->cookies['inlinemod_useracp']);
 2436     foreach($ids as $id)
 2437     {
 2438         if($id != '')
 2439         {
 2440             $selected[] = (int)$id;
 2441         }
 2442     }
 2443 
 2444     // Verify incoming POST request
 2445     if(!verify_post_check($mybb->input['my_post_key']))
 2446     {
 2447         flash_message($lang->invalid_post_verify_key2, 'error');
 2448         admin_redirect("index.php?module=user-user");
 2449     }
 2450     $sub_tabs['manage_users'] = array(
 2451         "title" => $lang->manage_users,
 2452         "link" => "./",
 2453         "description" => $lang->manage_users_desc
 2454     );
 2455     $page->add_breadcrumb_item($lang->manage_users);
 2456 
 2457     if(!is_array($selected))
 2458     {
 2459         // Not selected any users, show error
 2460         flash_message($lang->error_inline_no_users_selected, 'error');
 2461         admin_redirect("index.php?module=user-users".$vid_url);
 2462     }
 2463 
 2464     switch($mybb->input['inline_action'])
 2465     {
 2466         case 'multiactivate':
 2467             // Run through the activating users, so that users already registered (but have been selected) aren't affected
 2468             if(is_array($selected))
 2469             {
 2470                 $sql_array = implode(",", $selected);
 2471                 $query = $db->simple_select("users", "uid, username, email", "usergroup = '5' AND uid IN (".$sql_array.")");
 2472                 $user_mail_data = array();
 2473                 while($user = $db->fetch_array($query))
 2474                 {
 2475                     $to_update[] = $user['uid'];
 2476                     $user_mail_data[] = array('username' => $user['username'], 'email' => $user['email']);
 2477                 }
 2478             }
 2479 
 2480             if(is_array($to_update))
 2481             {
 2482                 $sql_array = implode(",", $to_update);
 2483                 $db->write_query("UPDATE ".TABLE_PREFIX."users SET usergroup = '2' WHERE uid IN (".$sql_array.")");
 2484 
 2485                 $cache->update_awaitingactivation();
 2486 
 2487                 // send activation mail
 2488                 foreach($user_mail_data as $mail_data)
 2489                 {
 2490                     $message = $lang->sprintf($lang->email_adminactivateaccount, $mail_data['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
 2491                     my_mail($mail_data['email'], $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']), $message);
 2492                 }
 2493 
 2494                 // Action complete, grab stats and show success message - redirect user
 2495                 $to_update_count = count($to_update);
 2496                 $lang->inline_activated = $lang->sprintf($lang->inline_activated, my_number_format($to_update_count));
 2497 
 2498                 if(is_array($selected) && $to_update_count != count($selected))
 2499                 {
 2500                     // The update count is different to how many we selected!
 2501                     $not_updated_count = count($selected) - $to_update_count;
 2502                     $lang->inline_activated_more = $lang->sprintf($lang->inline_activated_more, my_number_format($not_updated_count));
 2503                     $lang->inline_activated = $lang->inline_activated."<br />".$lang->inline_activated_more; // Add these stats to the message
 2504                 }
 2505 
 2506                 $mybb->input['action'] = "inline_activated"; // Force a change to the action so we can add it to the adminlog
 2507                 log_admin_action($to_update_count); // Add to adminlog
 2508                 my_unsetcookie("inlinemod_useracp"); // Unset the cookie, so that the users aren't still selected when we're redirected
 2509 
 2510                 flash_message($lang->inline_activated, 'success');
 2511                 admin_redirect("index.php?module=user-users".$vid_url);
 2512             }
 2513             else
 2514             {
 2515                 // Nothing was updated, show an error
 2516                 flash_message($lang->inline_activated_failed, 'error');
 2517                 admin_redirect("index.php?module=user-users".$vid_url);
 2518             }
 2519             break;
 2520         case 'multilift':
 2521             // Get the users that are banned, and check that they have been selected
 2522             if($mybb->input['no'])
 2523             {
 2524                 admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No'
 2525             }
 2526 
 2527             if($mybb->request_method == "post")
 2528             {
 2529                 $sql_array = implode(",", $selected);
 2530                 $query = $db->simple_select("banned", "*", "uid IN (".$sql_array.")");
 2531                 $to_be_unbanned = $db->num_rows($query);
 2532                 while($ban = $db->fetch_array($query))
 2533                 {
 2534                     $updated_group = array(
 2535                         "usergroup" => $ban['oldgroup'],
 2536                         "additionalgroups" => $ban['oldadditionalgroups'],
 2537                         "displaygroup" => $ban['olddisplaygroup']
 2538                     );
 2539                     $db->update_query("users", $updated_group, "uid = '".$ban['uid']."'");
 2540                     $db->delete_query("banned", "uid = '".$ban['uid']."'");
 2541                 }
 2542 
 2543                 $cache->update_moderators();
 2544 
 2545                 $mybb->input['action'] = "inline_lift";
 2546                 log_admin_action($to_be_unbanned);
 2547                 my_unsetcookie("inlinemod_useracp");
 2548 
 2549                 $lang->success_ban_lifted = $lang->sprintf($lang->success_ban_lifted, my_number_format($to_be_unbanned));
 2550                 flash_message($lang->success_ban_lifted, 'success');
 2551                 admin_redirect("index.php?module=user-users".$vid_url);
 2552             }
 2553             else
 2554             {
 2555                 $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift", $lang->confirm_multilift);
 2556             }
 2557 
 2558             break;
 2559         case 'multiban':
 2560             if($mybb->input['processed'] == 1)
 2561             {
 2562                 // We've posted ban information!
 2563                 // Build an array of users to ban, =D
 2564                 $sql_array = implode(",", $selected);
 2565                 // Build a cache array for this users that have been banned already
 2566                 $query = $db->simple_select("banned", "uid", "uid IN (".$sql_array.")");
 2567                 while($user = $db->fetch_array($query))
 2568                 {
 2569                     $bannedcache[] = "u_".$user['uid'];
 2570                 }
 2571 
 2572                 // Collect the users
 2573                 $query = $db->simple_select("users", "uid, username, usergroup, additionalgroups, displaygroup", "uid IN (".$sql_array.")");
 2574 
 2575                 if($mybb->input['bantime'] == '---')
 2576                 {
 2577                     $lifted = 0;
 2578                 }
 2579                 else
 2580                 {
 2581                     $lifted = ban_date2timestamp($mybb->input['bantime']);
 2582                 }
 2583 
 2584                 $reason = my_substr($mybb->input['reason'], 0, 255);
 2585 
 2586                 $banned_count = 0;
 2587                 while($user = $db->fetch_array($query))
 2588                 {
 2589                     if($user['uid'] == $mybb->user['uid'] || is_super_admin($user['uid']))
 2590                     {
 2591                         // We remove ourselves and Super Admins from the mix
 2592                         continue;
 2593                     }
 2594 
 2595                     if(is_array($bannedcache) && in_array("u_".$user['uid'], $bannedcache))
 2596                     {
 2597                         // User already has a ban, update it!
 2598                         $update_array = array(
 2599                             "admin" => (int)$mybb->user['uid'],
 2600                             "dateline" => TIME_NOW,
 2601                             "bantime" => $db->escape_string($mybb->input['bantime']),
 2602                             "lifted" => $db->escape_string($lifted),
 2603                             "reason" => $db->escape_string($reason)
 2604                         );
 2605                         $db->update_query("banned", $update_array, "uid = '".$user['uid']."'");
 2606                     }
 2607                     else
 2608                     {
 2609                         // Not currently banned - insert the ban
 2610                         $insert_array = array(
 2611                             'uid' => $user['uid'],
 2612                             'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 2613                             'oldgroup' => $user['usergroup'],
 2614                             'oldadditionalgroups' => $user['additionalgroups'],
 2615                             'olddisplaygroup' => $user['displaygroup'],
 2616                             'admin' => (int)$mybb->user['uid'],
 2617                             'dateline' => TIME_NOW,
 2618                             'bantime' => $db->escape_string($mybb->input['bantime']),
 2619                             'lifted' => $db->escape_string($lifted),
 2620                             'reason' => $db->escape_string($reason)
 2621                         );
 2622                         $db->insert_query('banned', $insert_array);
 2623                     }
 2624 
 2625                     // Moved the user to the 'Banned' Group
 2626                     $update_array = array(
 2627                         'usergroup' => 7,
 2628                         'displaygroup' => 0,
 2629                         'additionalgroups' => '',
 2630                     );
 2631                     $db->update_query('users', $update_array, "uid = '{$user['uid']}'");
 2632 
 2633                     $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
 2634                     $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
 2635 
 2636                     ++$banned_count;
 2637                 }
 2638                 $mybb->input['action'] = "inline_banned";
 2639                 log_admin_action($banned_count, $lifted);
 2640                 my_unsetcookie("inlinemod_useracp"); // Remove the cookie of selected users as we've finished with them
 2641 
 2642                 $lang->users_banned = $lang->sprintf($lang->users_banned, $banned_count);
 2643                 flash_message($lang->users_banned, 'success');
 2644                 admin_redirect("index.php?module=user-users".$vid_url);
 2645             }
 2646 
 2647             $page->output_header($lang->manage_users);
 2648             $page->output_nav_tabs($sub_tabs, 'manage_users');
 2649 
 2650             // Provide the user with a warning of what they're about to do
 2651             $table = new Table;
 2652             $lang->mass_ban_info = $lang->sprintf($lang->mass_ban_info, count($selected));
 2653             $table->construct_cell($lang->mass_ban_info);
 2654             $table->construct_row();
 2655             $table->output($lang->important);
 2656 
 2657             // If there's any errors, display inline
 2658             if($errors)
 2659             {
 2660                 $page->output_inline_error($errors);
 2661             }
 2662 
 2663             $form = new Form("index.php?module=user-users", "post");
 2664             echo $form->generate_hidden_field('action', 'inline_edit');
 2665             echo $form->generate_hidden_field('inline_action', 'multiban');
 2666             echo $form->generate_hidden_field('processed', '1');
 2667 
 2668             $form_container = new FormContainer('<div class="float_right"><a href="index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multilift&amp;my_post_key='.$mybb->post_code.'">'.$lang->lift_bans.'</a></div>'.$lang->mass_ban);
 2669             $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
 2670             $ban_times = fetch_ban_times();
 2671             foreach($ban_times as $time => $period)
 2672             {
 2673                 if($time != '---')
 2674                 {
 2675                     $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
 2676                     $period = "{$period} ({$friendly_time})";
 2677                 }
 2678                 $length_list[$time] = $period;
 2679             }
 2680             $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
 2681             $form_container->end();
 2682 
 2683             $buttons[] = $form->generate_submit_button($lang->ban_users);
 2684             $form->output_submit_wrapper($buttons);
 2685             $form->end();
 2686             $page->output_footer();
 2687             break;
 2688         case 'multidelete':
 2689             if($mybb->input['no'])
 2690             {
 2691                 admin_redirect("index.php?module=user-users".$vid_url); // User clicked on 'No
 2692             }
 2693             else
 2694             {
 2695                 if($mybb->input['processed'] == 1)
 2696                 {
 2697                     // Set up user handler.
 2698                     require_once MYBB_ROOT.'inc/datahandlers/user.php';
 2699                     $userhandler = new UserDataHandler('delete');
 2700 
 2701                     // Delete users
 2702                     $deleted = $userhandler->delete_user($selected);
 2703                     $to_be_deleted = $deleted['deleted_users']; // Get the correct number of deleted users
 2704 
 2705                     // Update forum stats, remove the cookie and redirect the user
 2706                     my_unsetcookie("inlinemod_useracp");
 2707                     $mybb->input['action'] = "inline_delete";
 2708                     log_admin_action($to_be_deleted);
 2709 
 2710                     $lang->users_deleted = $lang->sprintf($lang->users_deleted, $to_be_deleted);
 2711 
 2712                     $cache->update_awaitingactivation();
 2713 
 2714                     flash_message($lang->users_deleted, 'success');
 2715                     admin_redirect("index.php?module=user-users".$vid_url);
 2716                 }
 2717 
 2718                 $to_be_deleted = count($selected);
 2719                 $lang->confirm_multidelete = $lang->sprintf($lang->confirm_multidelete, my_number_format($to_be_deleted));
 2720                 $page->output_confirm_action("index.php?module=user-users&amp;action=inline_edit&amp;inline_action=multidelete&amp;my_post_key={$mybb->post_code}&amp;processed=1", $lang->confirm_multidelete);
 2721             }
 2722             break;
 2723         case 'multiprune':
 2724             if($mybb->input['processed'] == 1)
 2725             {
 2726                 if(($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year']) && $mybb->input['set'])
 2727                 {
 2728                     $errors[] = $lang->multi_selected_dates;
 2729                 }
 2730 
 2731                 $day = $mybb->get_input('day', MyBB::INPUT_INT);
 2732                 $month = $mybb->get_input('month', MyBB::INPUT_INT);
 2733                 $year = $mybb->get_input('year', MyBB::INPUT_INT);
 2734 
 2735                 // Selected a date - check if the date the user entered is valid
 2736                 if($mybb->input['day'] || $mybb->input['month'] || $mybb->input['year'])
 2737                 {
 2738                     // Is the date sort of valid?
 2739                     if($day < 1 || $day > 31 || $month < 1 || $month > 12 || ($month == 2 && $day > 29))
 2740                     {
 2741                         $errors[] = $lang->incorrect_date;
 2742                     }
 2743 
 2744                     // Check the month
 2745                     $months = get_bdays($year);
 2746                     if($day > $months[$month-1])
 2747                     {
 2748                         $errors[] = $lang->incorrect_date;
 2749                     }
 2750 
 2751                     // Check the year
 2752                     if($year != 0 && ($year < (date("Y")-100)) || $year > date("Y"))
 2753                     {
 2754                         $errors[] = $lang->incorrect_date;
 2755                     }
 2756 
 2757                     if(!$errors)
 2758                     {
 2759                         // No errors, so let's continue and set the date to delete from
 2760                         $date = mktime(date('H'), date('i'), date('s'), $month, $day, $year); // Generate a unix time stamp
 2761                     }
 2762                 }
 2763                 elseif($mybb->input['set'] > 0)
 2764                 {
 2765                     // Set options
 2766                     // For this purpose, 1 month = 31 days
 2767                     $base_time = 24 * 60 * 60;
 2768 
 2769                     switch($mybb->input['set'])
 2770                     {
 2771                         case '1':
 2772                             $threshold = $base_time * 31; // 1 month = 31 days, in the standard terms
 2773                             break;
 2774                         case '2':
 2775                             $threshold = $base_time * 93; // 3 months = 31 days * 3
 2776                             break;
 2777                         case '3':
 2778                             $threshold = $base_time * 183; // 6 months = 365 days / 2
 2779                             break;
 2780                         case '4':
 2781                             $threshold = $base_time * 365; // 1 year = 365 days
 2782                             break;
 2783                         case '5':
 2784                             $threshold = $base_time * 548; // 18 months = 365 + 183
 2785                             break;
 2786                         case '6':
 2787                             $threshold = $base_time * 730; // 2 years = 365 * 2
 2788                             break;
 2789                     }
 2790 
 2791                     if(!$threshold)
 2792                     {
 2793                         // An option was entered that isn't in the dropdown box
 2794                         $errors[] = $lang->no_set_option;
 2795                     }
 2796                     else
 2797                     {
 2798                         $date = TIME_NOW - $threshold;
 2799                     }
 2800                 }
 2801                 else
 2802                 {
 2803                     $errors[] = $lang->no_prune_option;
 2804                 }
 2805 
 2806                 if(!$errors)
 2807                 {
 2808                     $sql_array = implode(",", $selected);
 2809                     $prune_array = array();
 2810                     $query = $db->simple_select("users", "uid", "uid IN (".$sql_array.")");
 2811                     while($user = $db->fetch_array($query))
 2812                     {
 2813                         // Protect Super Admins
 2814                         if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
 2815                         {
 2816                             continue;
 2817                         }
 2818 
 2819                         $return_array = delete_user_posts($user['uid'], $date); // Delete user posts, and grab a list of threads to delete
 2820                         if($return_array && is_array($return_array))
 2821                         {
 2822                             $prune_array = array_merge_recursive($prune_array, $return_array);
 2823                         }
 2824                     }
 2825 
 2826                     // No posts were found for the user, return error
 2827                     if(!is_array($prune_array) || count($prune_array) == 0)
 2828                     {
 2829                         flash_message($lang->prune_fail, 'error');
 2830                         admin_redirect("index.php?module=user-users".$vid_url);
 2831                     }
 2832 
 2833                     // Require the rebuild functions
 2834                     require_once MYBB_ROOT.'/inc/functions.php';
 2835                     require_once MYBB_ROOT.'/inc/functions_rebuild.php';
 2836 
 2837                     // We've finished deleting user's posts, so let's delete the threads
 2838                     if(is_array($prune_array['to_delete']) && count($prune_array['to_delete']) > 0)
 2839                     {
 2840                         foreach($prune_array['to_delete'] as $tid)
 2841                         {
 2842                             $db->delete_query("threads", "tid='$tid'");
 2843                             $db->delete_query("threads", "closed='moved|$tid'");
 2844                             $db->delete_query("threadsubscriptions", "tid='$tid'");
 2845                             $db->delete_query("polls", "tid='$tid'");
 2846                             $db->delete_query("threadsread", "tid='$tid'");
 2847                             $db->delete_query("threadratings", "tid='$tid'");
 2848                         }
 2849                     }
 2850 
 2851                     // After deleting threads, rebuild the thread counters for the affected threads
 2852                     if(is_array($prune_array['thread_update']) && count($prune_array['thread_update']) > 0)
 2853                     {
 2854                         $sql_array = implode(",", $prune_array['thread_update']);
 2855                         $query = $db->simple_select("threads", "tid", "tid IN (".$sql_array.")", array('order_by' => 'tid', 'order_dir' => 'asc'));
 2856                         while($thread = $db->fetch_array($query))
 2857                         {
 2858                             rebuild_thread_counters($thread['tid']);
 2859                         }
 2860                     }
 2861 
 2862                     // After updating thread counters, update the affected forum counters
 2863                     if(is_array($prune_array['forum_update']) && count($prune_array['forum_update']) > 0)
 2864                     {
 2865                         $sql_array = implode(",", $prune_array['forum_update']);
 2866                         $query = $db->simple_select("forums", "fid", "fid IN (".$sql_array.")", array('order_by' => 'fid', 'order_dir' => 'asc'));
 2867                         while($forum = $db->fetch_array($query))
 2868                         {
 2869                             // Because we have a recursive array merge, check to see if there isn't a duplicated forum to update
 2870                             if($looped_forum == $forum['fid'])
 2871                             {
 2872                                 continue;
 2873                             }
 2874                             $looped_forum = $forum['fid'];
 2875                             rebuild_forum_counters($forum['fid']);
 2876                         }
 2877                     }
 2878 
 2879                     //log_admin_action();
 2880                     my_unsetcookie("inlinemod_useracp"); // We've got our users, remove the cookie
 2881                     flash_message($lang->prune_complete, 'success');
 2882                     admin_redirect("index.php?module=user-users".$vid_url);
 2883                 }
 2884             }
 2885 
 2886             $page->output_header($lang->manage_users);
 2887             $page->output_nav_tabs($sub_tabs, 'manage_users');
 2888 
 2889             // Display a table warning
 2890             $table = new Table;
 2891             $lang->mass_prune_info = $lang->sprintf($lang->mass_prune_info, count($selected));
 2892             $table->construct_cell($lang->mass_prune_info);
 2893             $table->construct_row();
 2894             $table->output($lang->important);
 2895 
 2896             if($errors)
 2897             {
 2898                 $page->output_inline_error($errors);
 2899             }
 2900 
 2901             // Display the prune options
 2902             $form = new Form("index.php?module=user-users", "post");
 2903             echo $form->generate_hidden_field('action', 'inline_edit');
 2904             echo $form->generate_hidden_field('inline_action', 'multiprune');
 2905             echo $form->generate_hidden_field('processed', '1');
 2906 
 2907             $form_container = new FormContainer($lang->mass_prune_posts);
 2908 
 2909             // Generate a list of days (1 - 31)
 2910             $day_options = array();
 2911             $day_options[] = "&nbsp;";
 2912             for($i = 1; $i <= 31; ++$i)
 2913             {
 2914                 $day_options[] = $i;
 2915             }
 2916 
 2917             // Generate a list of months (1 - 12)
 2918             $month_options = array();
 2919             $month_options[] = "&nbsp;";
 2920             for($i = 1; $i <= 12; ++$i)
 2921             {
 2922                 $string = "month_{$i}";
 2923                 $month_options[] = $lang->$string;
 2924             }
 2925             $date_box = $form->generate_select_box('day', $day_options, $mybb->input['day']);
 2926             $month_box = $form->generate_select_box('month', $month_options, $mybb->input['month']);
 2927             $year_box = $form->generate_numeric_field('year', $mybb->input['year'], array('id' => 'year', 'style' => 'width: 50px;', 'min' => 0));
 2928 
 2929             $prune_select = $date_box.$month_box.$year_box;
 2930             $form_container->output_row($lang->manual_date, "", $prune_select, 'date');
 2931 
 2932             // Generate the set date box
 2933             $set_options = array();
 2934             $set_options[] = $lang->set_an_option;
 2935             for($i = 1; $i <= 6; ++$i)
 2936             {
 2937                 $string = "option_{$i}";
 2938                 $set_options[] = $lang->$string;
 2939             }
 2940 
 2941             $form_container->output_row($lang->relative_date, "", $lang->delete_posts." ".$form->generate_select_box('set', $set_options, $mybb->input['set']), 'set');
 2942             $form_container->end();
 2943 
 2944             $buttons[] = $form->generate_submit_button($lang->prune_posts);
 2945             $form->output_submit_wrapper($buttons);
 2946             $form->end();
 2947             $page->output_footer();
 2948             break;
 2949         case 'multiusergroup':
 2950             if($mybb->input['processed'] == 1)
 2951             {
 2952                 // Determine additional usergroups
 2953                 if(is_array($mybb->input['additionalgroups']))
 2954                 {
 2955                     foreach($mybb->input['additionalgroups'] as $key => $gid)
 2956                     {
 2957                         if($gid == $mybb->input['usergroup'])
 2958                         {
 2959                             unset($mybb->input['additionalgroups'][$key]);
 2960                         }
 2961                     }
 2962 
 2963                     $additionalgroups = implode(",", array_map('intval', $mybb->input['additionalgroups']));
 2964                 }
 2965                 else
 2966                 {
 2967                     $additionalgroups = '';
 2968                 }
 2969 
 2970                 // Create an update array
 2971                 $update_array = array(
 2972                     "usergroup" => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 2973                     "additionalgroups" => $additionalgroups,
 2974                     "displaygroup" => $mybb->get_input('displaygroup', MyBB::INPUT_INT)
 2975                 );
 2976 
 2977                 // Do the usergroup update for all those selected
 2978                 // If the a selected user is a super admin, don't update that user
 2979                 $users_to_update = array();
 2980                 foreach($selected as $user)
 2981                 {
 2982                     if(!is_super_admin($user))
 2983                     {
 2984                         $users_to_update[] = $user;
 2985                     }
 2986                 }
 2987 
 2988                 $to_update_count = count($users_to_update);
 2989                 if($to_update_count > 0)
 2990                 {
 2991                     // Update the users in the database
 2992                     $sql = implode(",", $users_to_update);
 2993                     $db->update_query("users", $update_array, "uid IN (".$sql.")");
 2994 
 2995                     // Redirect the admin...
 2996                     $mybb->input['action'] = "inline_usergroup";
 2997                     log_admin_action($to_update_count);
 2998                     my_unsetcookie("inlinemod_useracp");
 2999                     flash_message($lang->success_mass_usergroups, 'success');
 3000                     admin_redirect("index.php?module=user-users".$vid_url);
 3001                 }
 3002                 else
 3003                 {
 3004                     // They tried to edit super admins! Uh-oh!
 3005                     $errors[] = $lang->no_usergroup_changed;
 3006                 }
 3007             }
 3008 
 3009             $page->output_header($lang->manage_users);
 3010             $page->output_nav_tabs($sub_tabs, 'manage_users');
 3011 
 3012             // Display a table warning
 3013             $table = new Table;
 3014             $lang->usergroup_info = $lang->sprintf($lang->usergroup_info, count($selected));
 3015             $table->construct_cell($lang->usergroup_info);
 3016             $table->construct_row();
 3017             $table->output($lang->important);
 3018 
 3019             if($errors)
 3020             {
 3021                 $page->output_inline_error($errors);
 3022             }
 3023 
 3024             // Display the usergroup options
 3025             $form = new Form("index.php?module=user-users", "post");
 3026             echo $form->generate_hidden_field('action', 'inline_edit');
 3027             echo $form->generate_hidden_field('inline_action', 'multiusergroup');
 3028             echo $form->generate_hidden_field('processed', '1');
 3029 
 3030             $form_container = new FormContainer($lang->mass_usergroups);
 3031 
 3032             // Usergroups
 3033             $display_group_options[0] = $lang->use_primary_user_group;
 3034             $options = array();
 3035             $query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
 3036             while($usergroup = $db->fetch_array($query))
 3037             {
 3038                 $options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 3039                 $display_group_options[$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 3040             }
 3041 
 3042             if(!is_array($mybb->input['additionalgroups']))
 3043             {
 3044                 $mybb->input['additionalgroups'] = explode(',', $mybb->input['additionalgroups']);
 3045             }
 3046 
 3047             $form_container->output_row($lang->primary_user_group, "", $form->generate_select_box('usergroup', $options, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 3048             $form_container->output_row($lang->additional_user_groups, $lang->additional_user_groups_desc, $form->generate_select_box('additionalgroups[]', $options, $mybb->input['additionalgroups'], array('id' => 'additionalgroups', 'multiple' => true, 'size' => 5)), 'additionalgroups');
 3049             $form_container->output_row($lang->display_user_group, "", $form->generate_select_box('displaygroup', $display_group_options, $mybb->input['displaygroup'], array('id' => 'displaygroup')), 'displaygroup');
 3050 
 3051             $form_container->end();
 3052 
 3053             $buttons[] = $form->generate_submit_button($lang->alter_usergroups);
 3054             $form->output_submit_wrapper($buttons);
 3055             $form->end();
 3056             $page->output_footer();
 3057             break;
 3058     }
 3059 }
 3060 
 3061 if(!$mybb->input['action'])
 3062 {
 3063     $plugins->run_hooks("admin_user_users_start");
 3064 
 3065     $page->output_header($lang->browse_users);
 3066     echo "<script type=\"text/javascript\" src=\"jscripts/users.js\"></script>";
 3067 
 3068     $page->output_nav_tabs($sub_tabs, 'browse_users');
 3069 
 3070     if(isset($mybb->input['search_id']) && $admin_session['data']['user_views'][$mybb->input['search_id']])
 3071     {
 3072         $admin_view = $admin_session['data']['user_views'][$mybb->input['search_id']];
 3073         unset($admin_view['extra_sql']);
 3074     }
 3075     else
 3076     {
 3077         // Showing a specific view
 3078         if(isset($mybb->input['vid']))
 3079         {
 3080             $query = $db->simple_select("adminviews", "*", "vid='".$mybb->get_input('vid', MyBB::INPUT_INT)."'");
 3081             $admin_view = $db->fetch_array($query);
 3082             // View does not exist or this view is private and does not belong to the current user
 3083             if(!$admin_view['vid'] || ($admin_view['visibility'] == 1 && $admin_view['uid'] != $mybb->user['uid']))
 3084             {
 3085                 unset($admin_view);
 3086             }
 3087         }
 3088 
 3089         // Don't have a view? Fetch the default
 3090         if(!isset($admin_view))
 3091         {
 3092             $default_view = fetch_default_view("user");
 3093             if(!$default_view)
 3094             {
 3095                 $default_view = "0";
 3096             }
 3097             $query = $db->simple_select("adminviews", "*", "type='user' AND (vid='{$default_view}' OR uid=0)", array("order_by" => "uid", "order_dir" => "desc"));
 3098             $admin_view = $db->fetch_array($query);
 3099         }
 3100     }
 3101 
 3102     // Fetch a list of all of the views for this user
 3103     $popup = new PopupMenu("views", $lang->views);
 3104 
 3105     $query = $db->simple_select("adminviews", "*", "type='user' AND (visibility=2 OR uid={$mybb->user['uid']})", array("order_by" => "title"));
 3106     while($view = $db->fetch_array($query))
 3107     {
 3108         $popup->add_item(htmlspecialchars_uni($view['title']), "index.php?module=user-users&amp;vid={$view['vid']}");
 3109     }
 3110     $popup->add_item("<em>{$lang->manage_views}</em>", "index.php?module=user-users&amp;action=views");
 3111     $admin_view['popup'] = $popup->fetch();
 3112 
 3113     if(isset($mybb->input['type']))
 3114     {
 3115         $admin_view['view_type'] = $mybb->input['type'];
 3116     }
 3117 
 3118     $results = build_users_view($admin_view);
 3119 
 3120     if(!$results)
 3121     {
 3122         // If we came from the home page and clicked on the "Activate Users" link, send them back to here
 3123         if($admin_session['data']['from'] == "home")
 3124         {
 3125             flash_message($admin_session['data']['flash_message2']['message'], $admin_session['data']['flash_message2']['type']);
 3126             update_admin_session('flash_message2', '');
 3127             update_admin_session('from', '');
 3128             admin_redirect("index.php");
 3129             exit;
 3130         }
 3131         else
 3132         {
 3133             $errors[] = $lang->error_no_users_found;
 3134         }
 3135     }
 3136 
 3137     // If we have any error messages, show them
 3138     if($errors)
 3139     {
 3140         if($inline != true)
 3141         {
 3142             echo "<div style=\"display: inline; float: right;\">{$admin_view['popup']}</div><br />\n";
 3143         }
 3144         $page->output_inline_error($errors);
 3145     }
 3146 
 3147     echo $results;
 3148 
 3149     $page->output_footer();
 3150 }
 3151 
 3152 /**
 3153  * @param array $view
 3154  *
 3155  * @return string
 3156  */
 3157 function build_users_view($view)
 3158 {
 3159     global $mybb, $db, $cache, $lang, $user_view_fields, $page;
 3160 
 3161     if($view['view_type'] != 'card')
 3162     {
 3163         $view['view_type'] = 'table';
 3164     }
 3165 
 3166     $view_title = '';
 3167     if($view['title'])
 3168     {
 3169         $title_string = "view_title_{$view['vid']}";
 3170 
 3171         if($lang->$title_string)
 3172         {
 3173             $view['title'] = $lang->$title_string;
 3174         }
 3175 
 3176         $view_title .= " (".htmlspecialchars_uni($view['title']).")";
 3177     }
 3178 
 3179     // Build the URL to this view
 3180     if(!isset($view['url']))
 3181     {
 3182         $view['url'] = "index.php?module=user-users";
 3183     }
 3184     if(!is_array($view['conditions']))
 3185     {
 3186         $view['conditions'] = my_unserialize($view['conditions']);
 3187     }
 3188     if(!is_array($view['fields']))
 3189     {
 3190         $view['fields'] = my_unserialize($view['fields']);
 3191     }
 3192     if(!is_array($view['custom_profile_fields']))
 3193     {
 3194         $view['custom_profile_fields'] = my_unserialize($view['custom_profile_fields']);
 3195     }
 3196     if(isset($mybb->input['username']))
 3197     {
 3198         $view['conditions']['username'] = $mybb->input['username'];
 3199         $view['url'] .= "&amp;username=".urlencode(htmlspecialchars_uni($mybb->input['username']));
 3200     }
 3201     if($view['vid'])
 3202     {
 3203         $view['url'] .= "&amp;vid={$view['vid']}";
 3204     }
 3205     else
 3206     {
 3207         // If this is a custom view we need to save everything ready to pass it on from page to page
 3208         global $admin_session;
 3209         if(!$mybb->input['search_id'])
 3210         {
 3211             $search_id = md5(random_str());
 3212             $admin_session['data']['user_views'][$search_id] = $view;
 3213             update_admin_session('user_views', $admin_session['data']['user_views']);
 3214             $mybb->input['search_id'] = $search_id;
 3215         }
 3216         $view['url'] .= "&amp;search_id=".htmlspecialchars_uni($mybb->input['search_id']);
 3217     }
 3218 
 3219     if(!isset($admin_session['data']['last_users_view']) || $admin_session['data']['last_users_view'] != str_replace("&amp;", "&", $view['url']))
 3220     {
 3221         update_admin_session('last_users_url', str_replace("&amp;", "&", $view['url']));
 3222     }
 3223 
 3224     if(isset($view['conditions']['referrer'])){
 3225         $view['url'] .= "&amp;action=referrers&amp;uid=".htmlspecialchars_uni($view['conditions']['referrer']);
 3226     }
 3227 
 3228     // Do we not have any views?
 3229     if(empty($view))
 3230     {
 3231         return false;
 3232     }
 3233 
 3234     $table = new Table;
 3235 
 3236     // Build header for table based view
 3237     if($view['view_type'] != "card")
 3238     {
 3239         foreach($view['fields'] as $field)
 3240         {
 3241             if(!$user_view_fields[$field])
 3242             {
 3243                 continue;
 3244             }
 3245             $view_field = $user_view_fields[$field];
 3246             $field_options = array();
 3247             if($view_field['width'])
 3248             {
 3249                 $field_options['width'] = $view_field['width'];
 3250             }
 3251             if($view_field['align'])
 3252             {
 3253                 $field_options['class'] = "align_".$view_field['align'];
 3254             }
 3255             $table->construct_header($view_field['title'], $field_options);
 3256         }
 3257         $table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes
 3258     }
 3259 
 3260     $search_sql = '1=1';
 3261 
 3262     // Build the search SQL for users
 3263 
 3264     // List of valid LIKE search fields
 3265     $user_like_fields = array("username", "email", "website", "icq", "skype", "google", "signature", "usertitle");
 3266     foreach($user_like_fields as $search_field)
 3267     {
 3268         if(!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field.'_blank'])
 3269         {
 3270             $search_sql .= " AND u.{$search_field} LIKE '%".$db->escape_string_like($view['conditions'][$search_field])."%'";
 3271         }
 3272         else if(!empty($view['conditions'][$search_field.'_blank']))
 3273         {
 3274             $search_sql .= " AND u.{$search_field} != ''";
 3275         }
 3276     }
 3277 
 3278     // EXACT matching fields
 3279     $user_exact_fields = array("referrer");
 3280     foreach($user_exact_fields as $search_field)
 3281     {
 3282         if(!empty($view['conditions'][$search_field]))
 3283         {
 3284             $search_sql .= " AND u.{$search_field}='".$db->escape_string($view['conditions'][$search_field])."'";
 3285         }
 3286     }
 3287 
 3288     // LESS THAN or GREATER THAN
 3289     $direction_fields = array("postnum", "threadnum");
 3290     foreach($direction_fields as $search_field)
 3291     {
 3292         $direction_field = $search_field."_dir";
 3293         if(isset($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field])
 3294         {
 3295             switch($view['conditions'][$direction_field])
 3296             {
 3297                 case "greater_than":
 3298                     $direction = ">";
 3299                     break;
 3300                 case "less_than":
 3301                     $direction = "<";
 3302                     break;
 3303                 default:
 3304                     $direction = "=";
 3305             }
 3306             $search_sql .= " AND u.{$search_field}{$direction}'".$db->escape_string($view['conditions'][$search_field])."'";
 3307         }
 3308     }
 3309 
 3310     // Registration searching
 3311     $reg_fields = array("regdate");
 3312     foreach($reg_fields as $search_field)
 3313     {
 3314         if(!empty($view['conditions'][$search_field]) && (int)$view['conditions'][$search_field])
 3315         {
 3316             $threshold = TIME_NOW - ((int)$view['conditions'][$search_field] * 24 * 60 * 60);
 3317 
 3318             $search_sql .= " AND u.{$search_field} >= '{$threshold}'";
 3319         }
 3320     }
 3321 
 3322     // IP searching
 3323     $ip_fields = array("regip", "lastip");
 3324     foreach($ip_fields as $search_field)
 3325     {
 3326         if(!empty($view['conditions'][$search_field]))
 3327         {
 3328             $ip_range = fetch_ip_range($view['conditions'][$search_field]);
 3329             if(!is_array($ip_range))
 3330             {
 3331                 $ip_sql = "{$search_field}=".$db->escape_binary($ip_range);
 3332             }
 3333             else
 3334             {
 3335                 $ip_sql = "{$search_field} BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
 3336             }
 3337             $search_sql .= " AND {$ip_sql}";
 3338         }
 3339     }
 3340 
 3341     // Post IP searching
 3342     if(!empty($view['conditions']['postip']))
 3343     {
 3344         $ip_range = fetch_ip_range($view['conditions']['postip']);
 3345         if(!is_array($ip_range))
 3346         {
 3347             $ip_sql = "ipaddress=".$db->escape_binary($ip_range);
 3348         }
 3349         else
 3350         {
 3351             $ip_sql = "ipaddress BETWEEN ".$db->escape_binary($ip_range[0])." AND ".$db->escape_binary($ip_range[1]);
 3352         }
 3353         $ip_uids = array(0);
 3354         $query = $db->simple_select("posts", "uid", $ip_sql);
 3355         while($uid = $db->fetch_field($query, "uid"))
 3356         {
 3357             $ip_uids[] = $uid;
 3358         }
 3359         $search_sql .= " AND u.uid IN(".implode(',', $ip_uids).")";
 3360         unset($ip_uids);
 3361     }
 3362 
 3363     // Custom Profile Field searching
 3364     if($view['custom_profile_fields'])
 3365     {
 3366         $userfield_sql = '1=1';
 3367         foreach($view['custom_profile_fields'] as $column => $input)
 3368         {
 3369             if(is_array($input))
 3370             {
 3371                 foreach($input as $value => $text)
 3372                 {
 3373                     if($value == $column)
 3374                     {
 3375                         $value = $text;
 3376                     }
 3377 
 3378                     if($value == $lang->na)
 3379                     {
 3380                         continue;
 3381                     }
 3382 
 3383                     if(strpos($column, '_blank') !== false)
 3384                     {
 3385                         $column = str_replace('_blank', '', $column);
 3386                         $userfield_sql .= ' AND '.$db->escape_string($column)." != ''";
 3387                     }
 3388                     else
 3389                     {
 3390                         $userfield_sql .= ' AND '.$db->escape_string($column)."='".$db->escape_string($value)."'";
 3391                     }
 3392                 }
 3393             }
 3394             else if(!empty($input))
 3395             {
 3396                 if($input == $lang->na)
 3397                 {
 3398                     continue;
 3399                 }
 3400 
 3401                 if(strpos($column, '_blank') !== false)
 3402                 {
 3403                     $column = str_replace('_blank', '', $column);
 3404                     $userfield_sql .= ' AND '.$db->escape_string($column)." != ''";
 3405                 }
 3406                 else
 3407                 {
 3408                     $userfield_sql .= ' AND '.$db->escape_string($column)." LIKE '%".$db->escape_string_like($input)."%'";
 3409                 }
 3410             }
 3411         }
 3412 
 3413         if($userfield_sql != '1=1')
 3414         {
 3415             $userfield_uids = array(0);
 3416             $query = $db->simple_select("userfields", "ufid", $userfield_sql);
 3417             while($userfield = $db->fetch_array($query))
 3418             {
 3419                 $userfield_uids[] = $userfield['ufid'];
 3420             }
 3421             $search_sql .= " AND u.uid IN(".implode(',', $userfield_uids).")";
 3422             unset($userfield_uids);
 3423         }
 3424     }
 3425 
 3426     // Usergroup based searching
 3427     if(isset($view['conditions']['usergroup']))
 3428     {
 3429         if(!is_array($view['conditions']['usergroup']))
 3430         {
 3431             $view['conditions']['usergroup'] = array($view['conditions']['usergroup']);
 3432         }
 3433 
 3434         foreach($view['conditions']['usergroup'] as $usergroup)
 3435         {
 3436             $usergroup = (int)$usergroup;
 3437 
 3438             if(!$usergroup)
 3439             {
 3440                 continue;
 3441             }
 3442 
 3443             $additional_sql = '';
 3444 
 3445             switch($db->type)
 3446             {
 3447                 case "pgsql":
 3448                 case "sqlite":
 3449                     $additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'";
 3450                     break;
 3451                 default:
 3452                     $additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'";
 3453             }
 3454         }
 3455 
 3456         $search_sql .= " AND (u.usergroup IN (".implode(",", array_map('intval', $view['conditions']['usergroup'])).") {$additional_sql})";
 3457     }
 3458 
 3459     // COPPA users only?
 3460     if(isset($view['conditions']['coppa']))
 3461     {
 3462         $search_sql .= " AND u.coppauser=1 AND u.usergroup=5";
 3463     }
 3464 
 3465     // Extra SQL?
 3466     if(isset($view['extra_sql']))
 3467     {
 3468         $search_sql .= $view['extra_sql'];
 3469     }
 3470 
 3471     // Lets fetch out how many results we have
 3472     $query = $db->query("
 3473         SELECT COUNT(u.uid) AS num_results
 3474         FROM ".TABLE_PREFIX."users u
 3475         WHERE {$search_sql}
 3476     ");
 3477     $num_results = $db->fetch_field($query, "num_results");
 3478 
 3479     // No matching results then return false
 3480     if(!$num_results)
 3481     {
 3482         return false;
 3483     }
 3484     // Generate the list of results
 3485     else
 3486     {
 3487         if(!$view['perpage'])
 3488         {
 3489             $view['perpage'] = 20;
 3490         }
 3491         $view['perpage'] = (int)$view['perpage'];
 3492 
 3493         // Establish which page we're viewing and the starting index for querying
 3494         if(!isset($mybb->input['page']))
 3495         {
 3496             $mybb->input['page'] = 1;
 3497         }
 3498         else
 3499         {
 3500             $mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT);
 3501         }
 3502 
 3503         if($mybb->input['page'])
 3504         {
 3505             $start = ($mybb->input['page'] - 1) * $view['perpage'];
 3506             $pages = ceil($num_results / $view['perpage']);
 3507             if($mybb->input['page'] > $pages)
 3508             {
 3509                 $start = 0;
 3510                 $mybb->input['page'] = 1;
 3511             }
 3512         }
 3513         else
 3514         {
 3515             $start = 0;
 3516             $mybb->input['page'] = 1;
 3517         }
 3518 
 3519         $from_bit = "";
 3520         if(isset($mybb->input['from']) && $mybb->input['from'] == "home")
 3521         {
 3522             $from_bit = "&amp;from=home";
 3523         }
 3524 
 3525         switch($view['sortby'])
 3526         {
 3527             case "regdate":
 3528             case "lastactive":
 3529             case "postnum":
 3530             case "reputation":
 3531                 $view['sortby'] = $db->escape_string($view['sortby']);
 3532                 break;
 3533             case "numposts":
 3534                 $view['sortby'] = "postnum";
 3535                 break;
 3536             case "numthreads":
 3537                 $view['sortby'] = "threadnum";
 3538                 break;
 3539             case "warninglevel":
 3540                 $view['sortby'] = "warningpoints";
 3541                 break;
 3542             default:
 3543                 $view['sortby'] = "username";
 3544         }
 3545 
 3546         if($view['sortorder'] != "desc")
 3547         {
 3548             $view['sortorder'] = "asc";
 3549         }
 3550 
 3551         $usergroups = $cache->read("usergroups");
 3552 
 3553         // Fetch matching users
 3554         $query = $db->query("
 3555             SELECT u.*
 3556             FROM ".TABLE_PREFIX."users u
 3557             WHERE {$search_sql}
 3558             ORDER BY {$view['sortby']} {$view['sortorder']}
 3559             LIMIT {$start}, {$view['perpage']}
 3560         ");
 3561         $users = '';
 3562         while($user = $db->fetch_array($query))
 3563         {
 3564             $comma = $groups_list = '';
 3565             $user['username'] = htmlspecialchars_uni($user['username']);
 3566             $user['view']['username'] = "<a href=\"index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}\">".format_name($user['username'], $user['usergroup'], $user['displaygroup'])."</a>";
 3567             $user['view']['usergroup'] = htmlspecialchars_uni($usergroups[$user['usergroup']]['title']);
 3568             if($user['additionalgroups'])
 3569             {
 3570                 $additional_groups = explode(",", $user['additionalgroups']);
 3571 
 3572                 foreach($additional_groups as $group)
 3573                 {
 3574                     $groups_list .= $comma.htmlspecialchars_uni($usergroups[$group]['title']);
 3575                     $comma = $lang->comma;
 3576                 }
 3577             }
 3578             if(!$groups_list)
 3579             {
 3580                 $groups_list = $lang->none;
 3581             }
 3582             $user['view']['additionalgroups'] = "<small>{$groups_list}</small>";
 3583             $user['view']['email'] = "<a href=\"mailto:".htmlspecialchars_uni($user['email'])."\">".htmlspecialchars_uni($user['email'])."</a>";
 3584             $user['view']['regdate'] = my_date('relative', $user['regdate']);
 3585             $last_seen = max(array($user['lastactive'], $user['lastvisit']));
 3586             if(!empty($last_seen))
 3587             {
 3588                 $user['view']['lastactive'] = my_date('relative', $last_seen);
 3589             }
 3590             else
 3591             {
 3592                 $user['view']['lastactive'] = $lang->never;
 3593             }
 3594 
 3595             // Build popup menu
 3596             $popup = new PopupMenu("user_{$user['uid']}", $lang->options);
 3597             $popup->add_item($lang->view_profile, $mybb->settings['bburl'].'/'.get_profile_link($user['uid']));
 3598             $popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&amp;action=edit&amp;uid={$user['uid']}");
 3599 
 3600             // Banning options... is this user banned?
 3601             if($usergroups[$user['usergroup']]['isbannedgroup'] == 1)
 3602             {
 3603                 // Yes, so do we want to edit the ban or pardon his crime?
 3604                 $popup->add_item($lang->edit_ban, "index.php?module=user-banning&amp;uid={$user['uid']}#username");
 3605                 $popup->add_item($lang->lift_ban, "index.php?module=user-banning&action=lift&uid={$user['uid']}&my_post_key={$mybb->post_code}");
 3606             }
 3607             else
 3608             {
 3609                 // Not banned... but soon maybe!
 3610                 $popup->add_item($lang->ban_user, "index.php?module=user-banning&amp;uid={$user['uid']}#username");
 3611             }
 3612 
 3613             if($user['usergroup'] == 5)
 3614             {
 3615                 if($user['coppauser'])
 3616                 {
 3617                     $popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&amp;action=activate_user&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}{$from_bit}");
 3618                 }
 3619                 else
 3620                 {
 3621                     $popup->add_item($lang->approve_user, "index.php?module=user-users&amp;action=activate_user&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}{$from_bit}");
 3622                 }
 3623             }
 3624 
 3625             $popup->add_item($lang->delete_user, "index.php?module=user-users&amp;action=delete&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')");
 3626             $popup->add_item($lang->show_referred_users, "index.php?module=user-users&amp;action=referrers&amp;uid={$user['uid']}");
 3627             $popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&amp;action=ipaddresses&amp;uid={$user['uid']}");
 3628             $popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&amp;results=1&amp;username=".urlencode($user['username']));
 3629             $user['view']['controls'] = $popup->fetch();
 3630 
 3631             // Fetch the reputation for this user
 3632             if($usergroups[$user['usergroup']]['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
 3633             {
 3634                 $user['view']['reputation'] = get_reputation($user['reputation']);
 3635             }
 3636             else
 3637             {
 3638                 $reputation = "-";
 3639             }
 3640 
 3641             if($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0)
 3642             {
 3643                 if($mybb->settings['maxwarningpoints'] < 1)
 3644                 {
 3645                     $mybb->settings['maxwarningpoints'] = 10;
 3646                 }
 3647 
 3648                 $warning_level = round($user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
 3649                 if($warning_level > 100)
 3650                 {
 3651                     $warning_level = 100;
 3652                 }
 3653                 $user['view']['warninglevel'] = get_colored_warning_level($warning_level);
 3654             }
 3655 
 3656             if($view['view_type'] == "card")
 3657             {
 3658                 $max_dimensions = '80x80';
 3659             }
 3660             else
 3661             {
 3662                 $max_dimensions = '34x34';
 3663             }
 3664 
 3665             $avatar = format_avatar($user['avatar'], $user['avatardimensions'], $max_dimensions);
 3666 
 3667             $user['view']['avatar'] = "<img src=\"".$avatar['image']."\" alt=\"\" {$avatar['width_height']} />";
 3668 
 3669             // Convert IP's to readable
 3670             $user['regip'] = my_inet_ntop($db->unescape_binary($user['regip']));
 3671             $user['lastip'] = my_inet_ntop($db->unescape_binary($user['lastip']));
 3672 
 3673             if($view['view_type'] == "card")
 3674             {
 3675                 $users .= build_user_view_card($user, $view, $i);
 3676             }
 3677             else
 3678             {
 3679                 build_user_view_table($user, $view, $table);
 3680             }
 3681         }
 3682 
 3683         // If card view, we need to output the results
 3684         if($view['view_type'] == "card")
 3685         {
 3686             $table->construct_cell($users);
 3687             $table->construct_row();
 3688         }
 3689     }
 3690 
 3691     if(!isset($view['table_id']))
 3692     {
 3693         $view['table_id'] = "users_list";
 3694     }
 3695 
 3696     $switch_view = "<div class=\"float_right\">";
 3697     $switch_url = $view['url'];
 3698     if($mybb->input['page'] > 0)
 3699     {
 3700         $switch_url .= "&amp;page=".$mybb->get_input('page', MyBB::INPUT_INT);
 3701     }
 3702     if($view['view_type'] != "card")
 3703     {
 3704         $switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&amp;type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>";
 3705     }
 3706     else
 3707     {
 3708         $switch_view .= "<a href=\"{$switch_url}&amp;type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>";
 3709     }
 3710     $switch_view .= "</div>";
 3711 
 3712     // Do we need to construct the pagination?
 3713     if($num_results > $view['perpage'])
 3714     {
 3715         $view_type = htmlspecialchars_uni($view['view_type']);
 3716         $pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url']."&amp;type={$view_type}");
 3717         $search_class = "float_right";
 3718         $search_style = "";
 3719     }
 3720     else
 3721     {
 3722         $search_class = '';
 3723         $search_style = "text-align: right;";
 3724     }
 3725 
 3726     $search_action = $view['url'];
 3727     // stop &username= in the query string
 3728     if($view_upos = strpos($search_action, '&amp;username='))
 3729     {
 3730         $search_action = substr($search_action, 0, $view_upos);
 3731     }
 3732     $search_action = str_replace("&amp;", "&", $search_action);
 3733     $search = new Form(htmlspecialchars_uni($search_action), 'post', 'search_form', 0, '', true);
 3734     $built_view = $search->construct_return;
 3735     $built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">";
 3736     $built_view .= $search->generate_hidden_field('action', 'search')."\n";
 3737     if(isset($view['conditions']['username']))
 3738     {
 3739         $default_class = '';
 3740         $value = $view['conditions']['username'];
 3741     }
 3742     else
 3743     {
 3744         $default_class = "search_default";
 3745         $value = $lang->search_for_user;
 3746     }
 3747     $built_view .= $search->generate_text_box('username', htmlspecialchars_uni($value), array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small"))."\n";
 3748     $built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n";
 3749     if($view['popup'])
 3750     {
 3751         $built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n";
 3752     }
 3753     $built_view .= "<script type=\"text/javascript\">
 3754         var form = $(\"#search_form\");
 3755         form.on('submit', function() {
 3756             var search = $('#search_keywords');
 3757             if(search.val() == '' || search.val() == '".addcslashes($lang->search_for_user, "'")."')
 3758             {
 3759                 search.trigger('focus');
 3760                 return false;
 3761             }
 3762         });
 3763 
 3764         var search = $(\"#search_keywords\");
 3765         search.on('focus', function()
 3766         {
 3767             var searched_focus = $(this);
 3768             if(searched_focus.val() == '".addcslashes($lang->search_for_user, "'")."')
 3769             {
 3770                 searched_focus.removeClass(\"search_default\");
 3771                 searched_focus.val(\"\");
 3772             }
 3773         }).on('blur', function()
 3774         {
 3775             var searched_blur = $(this);
 3776             if(searched_blur.val() == \"\")
 3777             {
 3778                 searched_blur.addClass('search_default');
 3779                 searched_blur.val('".addcslashes($lang->search_for_user, "'")."');
 3780             }
 3781         });
 3782 
 3783         // fix the styling used if we have a different default value
 3784         if(search.val() != '".addcslashes($lang->search_for_user, "'")."')
 3785         {
 3786             $(search).removeClass('search_default');
 3787         }
 3788         </script>\n";
 3789     $built_view .= "</div>\n";
 3790 
 3791     // Autocompletion for usernames
 3792     // TODO Select2
 3793 
 3794     $built_view .= $search->end();
 3795 
 3796     if(isset($pagination))
 3797     {
 3798         $built_view .= $pagination;
 3799     }
 3800     if($view['view_type'] != "card")
 3801     {
 3802         $checkbox = '';
 3803     }
 3804     else
 3805     {
 3806         $checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> ";
 3807     }
 3808     $built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']);
 3809     if(isset($pagination))
 3810     {
 3811         $built_view .= $pagination;
 3812     }
 3813 
 3814     $built_view .= '
 3815 <script type="text/javascript" src="'.$mybb->settings['bburl'].'/jscripts/inline_moderation.js?ver=1821"></script>
 3816 <form action="index.php?module=user-users" method="post">
 3817 <input type="hidden" name="my_post_key" value="'.$mybb->post_code.'" />
 3818 <input type="hidden" name="action" value="inline_edit" />
 3819 <div class="float_right"><span class="smalltext"><strong>'.$lang->inline_edit.'</strong></span>
 3820 <select name="inline_action">
 3821     <option value="multiactivate">'.$lang->inline_activate.'</option>
 3822     <option value="multiban">'.$lang->inline_ban.'</option>
 3823     <option value="multiusergroup">'.$lang->inline_usergroup.'</option>
 3824     <option value="multidelete">'.$lang->inline_delete.'</option>
 3825     <option value="multiprune">'.$lang->inline_prune.'</option>
 3826 </select>
 3827 <input type="submit" class="submit_button inline_element" name="go" value="'.$lang->go.' (0)" id="inline_go" />&nbsp;
 3828 <input type="button" onclick="javascript:inlineModeration.clearChecked();" value="'.$lang->clear.'" class="submit_button inline_element" />
 3829 </div>
 3830 </form>
 3831 <br style="clear: both;" />
 3832 <script type="text/javascript">
 3833 <!--
 3834     var go_text = "'.$lang->go.'";
 3835     var all_text = "1";
 3836     var inlineType = "user";
 3837     var inlineId = "acp";
 3838 // -->
 3839 </script>';
 3840 
 3841     return $built_view;
 3842 }
 3843 
 3844 /**
 3845  * @param array $user
 3846  * @param array $view
 3847  * @param int $i
 3848  *
 3849  * @return string
 3850  */
 3851 function build_user_view_card($user, $view, &$i)
 3852 {
 3853     global $user_view_fields;
 3854 
 3855     ++$i;
 3856     if($i == 3)
 3857     {
 3858         $i = 1;
 3859     }
 3860 
 3861     // Loop through fields user wants to show
 3862     foreach($view['fields'] as $field)
 3863     {
 3864         if(!$user_view_fields[$field])
 3865         {
 3866             continue;
 3867         }
 3868 
 3869         $view_field = $user_view_fields[$field];
 3870 
 3871         // Special conditions for avatar
 3872         if($field == "avatar")
 3873         {
 3874             $avatar = $user['view']['avatar'];
 3875         }
 3876         else if($field == "controls")
 3877         {
 3878             $controls = $user['view']['controls'];
 3879         }
 3880         // Otherwise, just user data
 3881         else if($field != "username")
 3882         {
 3883             if(isset($user['view'][$field]))
 3884             {
 3885                 $value = $user['view'][$field];
 3886             }
 3887             else
 3888             {
 3889                 $value = $user[$field];
 3890             }
 3891 
 3892             if($field == "postnum")
 3893             {
 3894                 $value = my_number_format($value);
 3895             }
 3896 
 3897             $user_details[] = "<strong>{$view_field['title']}:</strong> {$value}";
 3898         }
 3899 
 3900     }
 3901     // Floated to the left or right?
 3902     if($i == 1)
 3903     {
 3904         $float = "left";
 3905     }
 3906     else
 3907     {
 3908         $float = "right";
 3909     }
 3910 
 3911     // And build the final card
 3912     $uname = "";
 3913     if(in_array('username', $view['fields']))
 3914     {
 3915         $uname = $user['view']['username'];
 3916     }
 3917     $card = "<fieldset id=\"uid_{$user['uid']}\" style=\"width: 47%; float: {$float};\">\n";
 3918     $card .= "<legend><input type=\"checkbox\" class=\"checkbox\" name=\"inlinemod_{$user['uid']}\" id=\"inlinemod_{$user['uid']}\" value=\"1\" onclick=\"$('#uid_{$user['uid']}').toggleClass('inline_selected');\" /> {$uname}</legend>\n";
 3919     if($avatar)
 3920     {
 3921         $card .= "<div class=\"user_avatar\">{$avatar}</div>\n";
 3922     }
 3923     if($user_details)
 3924     {
 3925         $card .= "<div class=\"user_details\">".implode("<br />", $user_details)."</div>\n";
 3926     }
 3927     if($controls)
 3928     {
 3929         $card .= "<div class=\"float_right\" style=\"padding: 4px;\">{$controls}</div>\n";
 3930     }
 3931     $card .= "</fieldset>";
 3932     return $card;
 3933 
 3934 }
 3935 
 3936 /**
 3937  * @param array $user
 3938  * @param array $view
 3939  * @param DefaultTable $table
 3940  */
 3941 function build_user_view_table($user, $view, &$table)
 3942 {
 3943     global $user_view_fields;
 3944 
 3945     foreach($view['fields'] as $field)
 3946     {
 3947         if(!$user_view_fields[$field])
 3948         {
 3949             continue;
 3950         }
 3951         $view_field = $user_view_fields[$field];
 3952         $field_options = array();
 3953         if($view_field['align'])
 3954         {
 3955             $field_options['class'] = "align_".$view_field['align'];
 3956         }
 3957         if($user['view'][$field])
 3958         {
 3959             $value = $user['view'][$field];
 3960         }
 3961         else
 3962         {
 3963             $value = $user[$field];
 3964         }
 3965 
 3966         if($field == "postnum")
 3967         {
 3968             $value = my_number_format($user[$field]);
 3969         }
 3970         $table->construct_cell($value, $field_options);
 3971     }
 3972 
 3973     $table->construct_cell("<input type=\"checkbox\" class=\"checkbox\" name=\"inlinemod_{$user['uid']}\" id=\"inlinemod_{$user['uid']}\" value=\"1\" onclick=\"$('#uid_{$user['uid']}').toggleClass('inline_selected');\" />");
 3974 
 3975     $table->construct_row();
 3976 }
 3977 
 3978 /**
 3979  * @param array $fields
 3980  * @param array $values
 3981  * @param DefaultFormContainer $form_container
 3982  * @param DefaultForm $form
 3983  * @param bool $search
 3984  */
 3985 function output_custom_profile_fields($fields, $values, &$form_container, &$form, $search=false)
 3986 {
 3987     global $lang, $mybb;
 3988 
 3989     if(!is_array($fields))
 3990     {
 3991         return;
 3992     }
 3993     foreach($fields as $profile_field)
 3994     {
 3995         $profile_field['name'] = htmlspecialchars_uni($profile_field['name']);
 3996         $profile_field['description'] = htmlspecialchars_uni($profile_field['description']);
 3997         list($type, $options) = explode("\n", $profile_field['type'], 2);
 3998         $type = trim($type);
 3999         $field_name = "fid{$profile_field['fid']}";
 4000 
 4001         switch($type)
 4002         {
 4003             case "multiselect":
 4004                 $selected_options = array();
 4005                 if(!is_array($values[$field_name]))
 4006                 {
 4007                     $user_options = explode("\n", $values[$field_name]);
 4008                 }
 4009                 else
 4010                 {
 4011                     $user_options = $values[$field_name];
 4012                 }
 4013 
 4014 
 4015                 foreach($user_options as $val)
 4016                 {
 4017                     $selected_options[$val] = htmlspecialchars_uni($val);
 4018                 }
 4019 
 4020                 $select_options = explode("\n", $options);
 4021                 $options = array();
 4022                 if($search == true)
 4023                 {
 4024                     $select_options[''] = $lang->na;
 4025                 }
 4026 
 4027                 foreach($select_options as $val)
 4028                 {
 4029                     $val = htmlspecialchars_uni(trim($val));
 4030                     $options[$val] = $val;
 4031                 }
 4032                 if(!$profile_field['length'])
 4033                 {
 4034                     $profile_field['length'] = 3;
 4035                 }
 4036                 $code = $form->generate_select_box("profile_fields[{$field_name}][]", $options, $selected_options, array('id' => "profile_field_{$field_name}", 'multiple' => true, 'size' => $profile_field['length']));
 4037                 break;
 4038             case "select":
 4039                 $select_options = array();
 4040                 if($search == true)
 4041                 {
 4042                     $select_options[''] = $lang->na;
 4043                 }
 4044                 $select_options += explode("\n", $options);
 4045                 $options = array();
 4046                 foreach($select_options as $val)
 4047                 {
 4048                     $val = htmlspecialchars_uni(trim($val));
 4049                     $options[$val] = $val;
 4050                 }
 4051                 if(!$profile_field['length'])
 4052                 {
 4053                     $profile_field['length'] = 1;
 4054                 }
 4055                 if($search == true)
 4056                 {
 4057                     $code = $form->generate_select_box("profile_fields[{$field_name}][{$field_name}]", $options, htmlspecialchars_uni($values[$field_name]), array('id' => "profile_field_{$field_name}", 'size' => $profile_field['length']));
 4058                 }
 4059                 else
 4060                 {
 4061                     $code = $form->generate_select_box("profile_fields[{$field_name}]", $options, htmlspecialchars_uni($values[$field_name]), array('id' => "profile_field_{$field_name}", 'size' => $profile_field['length']));
 4062                 }
 4063                 break;
 4064             case "radio":
 4065                 $radio_options = array();
 4066                 if($search == true)
 4067                 {
 4068                     $radio_options[''] = $lang->na;
 4069                 }
 4070                 $radio_options += explode("\n", $options);
 4071                 $code = '';
 4072                 foreach($radio_options as $val)
 4073                 {
 4074                     $val = trim($val);
 4075                     $code .= $form->generate_radio_button("profile_fields[{$field_name}]", $val, htmlspecialchars_uni($val), array('id' => "profile_field_{$field_name}", 'checked' => ($val == $values[$field_name] ? true : false)))."<br />";
 4076                 }
 4077                 break;
 4078             case "checkbox":
 4079                 $select_options = array();
 4080                 if(!is_array($values[$field_name]))
 4081                 {
 4082                     $user_options = explode("\n", $values[$field_name]);
 4083                 }
 4084                 else
 4085                 {
 4086                     $user_options = $values[$field_name];
 4087                 }
 4088 
 4089                 $selected_options = array();
 4090                 foreach($user_options as $val)
 4091                 {
 4092                     $selected_options[$val] = $val;
 4093                 }
 4094 
 4095                 if($search == true)
 4096                 {
 4097                     $select_options[''] = $lang->na;
 4098                 }
 4099                 $select_options += explode("\n", $options);
 4100                 $code = '';
 4101                 foreach($select_options as $val)
 4102                 {
 4103                     $val = trim($val);
 4104                     $code .= $form->generate_check_box("profile_fields[{$field_name}][]", $val, htmlspecialchars_uni($val), array('id' => "profile_field_{$field_name}", 'checked' => ($val == $selected_options[$val] ? true : false)))."<br />";
 4105                 }
 4106                 break;
 4107             case "textarea":
 4108                 $extra = '';
 4109                 if(isset($mybb->input['action']) && $mybb->input['action'] == "search")
 4110                 {
 4111                     $extra = " {$lang->or} ".$form->generate_check_box("profile_fields[{$field_name}_blank]", 1, $lang->is_not_blank, array('id' => "{$field_name}_blank", 'checked' => $values[$field_name.'_blank']));
 4112                 }
 4113 
 4114                 $code = $form->generate_text_area("profile_fields[{$field_name}]", $values[$field_name], array('id' => "profile_field_{$field_name}", 'rows' => 6, 'cols' => 50)).$extra;
 4115                 break;
 4116             default:
 4117                 $extra = '';
 4118                 if(isset($mybb->input['action']) && $mybb->input['action'] == "search")
 4119                 {
 4120                     $extra = " {$lang->or} ".$form->generate_check_box("profile_fields[{$field_name}_blank]", 1, $lang->is_not_blank, array('id' => "{$field_name}_blank", 'checked' => $values[$field_name.'_blank']));
 4121                 }
 4122 
 4123                 $code = $form->generate_text_box("profile_fields[{$field_name}]", $values[$field_name], array('id' => "profile_field_{$field_name}", 'maxlength' => $profile_field['maxlength'], 'length' => $profile_field['length'])).$extra;
 4124                 break;
 4125         }
 4126 
 4127         $form_container->output_row($profile_field['name'], $profile_field['description'], $code, "", array('id' => "profile_field_{$field_name}"));
 4128         $code = $user_options = $selected_options = $radio_options = $val = $options = '';
 41