]> git.vanrenterghem.biz Git - www.vanrenterghem.biz.git/blob - phpBB2/admin/admin_userlist.php
11ced3f1763e8d6fd69598d1f058f3ba819b0f29
[www.vanrenterghem.biz.git] / phpBB2 / admin / admin_userlist.php
1 <?php
2 /***************************************************************************
3  *                              admin_userlist.php
4  *                            -------------------
5  *   begin                : Tuesday, 09 Feburary 2004
6  *   copyright            : (C) 2001 The phpBB Group
7  *   email                : support@phpbb.com
8  *
9  ***************************************************************************/
11 /***************************************************************************
12  *
13  *   This program is free software; you can redistribute it and/or modify
14  *   it under the terms of the GNU General Public License as published by
15  *   the Free Software Foundation; either version 2 of the License, or
16  *   (at your option) any later version.
17  *
18  ***************************************************************************/
20 define('IN_PHPBB', 1);
22 if( !empty($setmodules) )
23 {
24         $filename = basename(__FILE__);
25         $module['Users']['Userlist'] = $filename;
27         return;
28 }
30 $phpbb_root_path = './../';
31 require($phpbb_root_path . 'extension.inc');
32 require('./pagestart.' . $phpEx);
34 //
35 // Set mode
36 //
37 if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
38 {
39         $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
40 }
41 else
42 {
43         $mode = '';
44 }
46 //
47 // confirm
48 //
49 if( isset( $HTTP_POST_VARS['confirm'] ) || isset( $HTTP_GET_VARS['confirm'] ) )
50 {
51         $confirm = true;
52 }
53 else
54 {
55         $confirm = false;
56 }
58 //
59 // cancel
60 //
61 if( isset( $HTTP_POST_VARS['cancel'] ) || isset( $HTTP_GET_VARS['cancel'] ) )
62 {
63         $cancel = true;
64         $mode = '';
65 }
66 else
67 {
68         $cancel = false;
69 }
71 //
72 // get starting position
73 //
74 $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
76 //
77 // get show amount
78 //
79 if ( isset($HTTP_GET_VARS['show']) || isset($HTTP_POST_VARS['show']) )
80 {
81         $show = ( isset($HTTP_POST_VARS['show']) ) ? intval($HTTP_POST_VARS['show']) : intval($HTTP_GET_VARS['show']);
82 }
83 else
84 {
85         $show = $board_config['posts_per_page'];
86 }
88 //
89 // sort method
90 //
91 if ( isset($HTTP_GET_VARS['sort']) || isset($HTTP_POST_VARS['sort']) )
92 {
93         $sort = ( isset($HTTP_POST_VARS['sort']) ) ? htmlspecialchars($HTTP_POST_VARS['sort']) : htmlspecialchars($HTTP_GET_VARS['sort']);
94         $sort = str_replace("\'", "''", $sort);
95 }
96 else
97 {
98         $sort = 'user_regdate';
99 }
101 //
102 // sort order
103 //
104 if( isset($HTTP_POST_VARS['order']) )
106         $sort_order = ( $HTTP_POST_VARS['order'] == 'ASC' ) ? 'ASC' : 'DESC';
108 else if( isset($HTTP_GET_VARS['order']) )
110         $sort_order = ( $HTTP_GET_VARS['order'] == 'ASC' ) ? 'ASC' : 'DESC';
112 else
114         $sort_order = 'ASC';
117 //
118 // alphanumeric stuff
119 //
120 if ( isset($HTTP_GET_VARS['alphanum']) || isset($HTTP_POST_VARS['alphanum']) ) 
121
122         $alphanum = ( isset($HTTP_POST_VARS['alphanum']) ) ? htmlspecialchars($HTTP_POST_VARS['alphanum']) : htmlspecialchars($HTTP_GET_VARS['alphanum']);
123         $alphanum = str_replace("\'", "''", $alphanum);
124         switch( $dbms )
125         {
126                 case 'postgres':
127                         $alpha_where = ( $alphanum == 'num' ) ? "AND username !~ '^[A-Z]+'" : "AND username ILIKE '$alphanum%'";
128                         break;
130                 default:
131                         $alpha_where = ( $alphanum == 'num' ) ? "AND username NOT RLIKE '^[A-Z]'" : "AND username LIKE '$alphanum%'";
132                         break;
133         }
135 else
137         $alpahnum = '';
138         $alpha_where = '';
142 $user_ids = array();
143 //
144 // users id
145 // because it is an array we will intval() it when we use it
146 //
147 if ( isset($HTTP_POST_VARS[POST_USERS_URL]) || isset($HTTP_GET_VARS[POST_USERS_URL]) )
149         $user_ids = ( isset($HTTP_POST_VARS[POST_USERS_URL]) ) ? $HTTP_POST_VARS[POST_USERS_URL] : $HTTP_GET_VARS[POST_USERS_URL];
151 else
153         unset($user_ids);
157 switch( $mode )
159         case 'delete':
161                 //
162                 // see if cancel has been hit and redirect if it has
163                 // shouldn't get to this point if it has been hit but
164                 // do this just in case
165                 //
166                 if ( $cancel )
167                 {
168                         redirect($phpbb_root_path . 'admin/admin_userlist.'.$phpEx);
169                 }
171                 //
172                 // check confirm and either delete or show confirm message
173                 //
174                 if ( !$confirm )
175                 {
176                         // show message
177                         $i = 0;
178                         $hidden_fields = '';
179                         while( $i < count($user_ids) )
180                         {
181                                 $user_id = intval($user_ids[$i]);
182                                 $hidden_fields .= '<input type="hidden" name="' . POST_USERS_URL . '[]" value="' . $user_id . '">';
184                                 unset($user_id);
185                                 $i++;
186                         }
188                         $template->set_filenames(array(
189                                 'body' => 'confirm_body.tpl')
190                         );
191                         $template->assign_vars(array(
192                                 'MESSAGE_TITLE' => $lang['Delete'],
193                                 'MESSAGE_TEXT' => $lang['Confirm_user_deleted'],
194                                 
195                                 'U_INDEX' => '',
196                                 'L_INDEX' => '',
197                                 
198                                 'L_YES' => $lang['Yes'],
199                                 'L_NO' => $lang['No'],
200                                 
201                                 'S_CONFIRM_ACTION' => append_sid('admin_userlist.'.$phpEx.'?mode=delete'),
202                                 'S_HIDDEN_FIELDS' => $hidden_fields)
203                         );
204                 }
205                 else
206                 {
207                         // delete users
208                         $i = 0;
209                         while( $i < count($user_ids) )
210                         {
211                                 $user_id = intval($user_ids[$i]);
213                                 $sql = "SELECT u.username, g.group_id 
214                                         FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g  
215                                         WHERE ug.user_id = $user_id 
216                                                 AND g.group_id = ug.group_id 
217                                                 AND g.group_single_user = 1";
218                                 if( !($result = $db->sql_query($sql)) )
219                                 {
220                                         message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
221                                 }
223                                 $row = $db->sql_fetchrow($result);
224                                 
225                                 $sql = "UPDATE " . POSTS_TABLE . "
226                                         SET poster_id = " . DELETED . ", post_username = '" . $row['username'] . "' 
227                                         WHERE poster_id = $user_id";
228                                 if( !$db->sql_query($sql) )
229                                 {
230                                         message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
231                                 }
233                                 $sql = "UPDATE " . TOPICS_TABLE . "
234                                         SET topic_poster = " . DELETED . " 
235                                         WHERE topic_poster = $user_id";
236                                 if( !$db->sql_query($sql) )
237                                 {
238                                         message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
239                                 }
240                                 
241                                 $sql = "UPDATE " . VOTE_USERS_TABLE . "
242                                         SET vote_user_id = " . DELETED . "
243                                         WHERE vote_user_id = $user_id";
244                                 if( !$db->sql_query($sql) )
245                                 {
246                                         message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
247                                 }
248                                 
249                                 $sql = "SELECT group_id
250                                         FROM " . GROUPS_TABLE . "
251                                         WHERE group_moderator = $user_id";
252                                 if( !($result = $db->sql_query($sql)) )
253                                 {
254                                         message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
255                                 }
256                                 
257                                 while ( $row_group = $db->sql_fetchrow($result) )
258                                 {
259                                         $group_moderator[] = $row_group['group_id'];
260                                 }
261                                 
262                                 if ( count($group_moderator) )
263                                 {
264                                         $update_moderator_id = implode(', ', $group_moderator);
265                                         
266                                         $sql = "UPDATE " . GROUPS_TABLE . "
267                                                 SET group_moderator = " . $userdata['user_id'] . "
268                                                 WHERE group_moderator IN ($update_moderator_id)";
269                                         if( !$db->sql_query($sql) )
270                                         {
271                                                 message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
272                                         }
273                                 }
275                                 $sql = "DELETE FROM " . USERS_TABLE . "
276                                         WHERE user_id = $user_id";
277                                 if( !$db->sql_query($sql) )
278                                 {
279                                         message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
280                                 }
282                                 $sql = "DELETE FROM " . USER_GROUP_TABLE . "
283                                         WHERE user_id = $user_id";
284                                 if( !$db->sql_query($sql) )
285                                 {
286                                         message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
287                                 }
289                                 $sql = "DELETE FROM " . GROUPS_TABLE . "
290                                         WHERE group_id = " . $row['group_id'];
291                                 if( !$db->sql_query($sql) )
292                                 {
293                                         message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
294                                 }
296                                 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
297                                         WHERE group_id = " . $row['group_id'];
298                                 if( !$db->sql_query($sql) )
299                                 {
300                                         message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
301                                 }
303                                 $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
304                                         WHERE user_id = $user_id";
305                                 if ( !$db->sql_query($sql) )
306                                 {
307                                         message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
308                                 }
309                                 
310                                 $sql = "DELETE FROM " . BANLIST_TABLE . "
311                                         WHERE ban_userid = $user_id";
312                                 if ( !$db->sql_query($sql) )
313                                 {
314                                         message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql);
315                                 }
317                                 $sql = "SELECT privmsgs_id
318                                         FROM " . PRIVMSGS_TABLE . "
319                                         WHERE privmsgs_from_userid = $user_id 
320                                                 OR privmsgs_to_userid = $user_id";
321                                 if ( !($result = $db->sql_query($sql)) )
322                                 {
323                                         message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql);
324                                 }
326                                 // This little bit of code directly from the private messaging section.
327                                 while ( $row_privmsgs = $db->sql_fetchrow($result) )
328                                 {
329                                         $mark_list[] = $row_privmsgs['privmsgs_id'];
330                                 }
331                                 
332                                 if ( count($mark_list) )
333                                 {
334                                         $delete_sql_id = implode(', ', $mark_list);
335                                         
336                                         $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
337                                                 WHERE privmsgs_text_id IN ($delete_sql_id)";
338                                         $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
339                                                 WHERE privmsgs_id IN ($delete_sql_id)";
340                                         
341                                         if ( !$db->sql_query($delete_sql) )
342                                         {
343                                                 message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
344                                         }
345                                         
346                                         if ( !$db->sql_query($delete_text_sql) )
347                                         {
348                                                 message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
349                                         }
350                                 }
352                                 unset($user_id);
353                                 $i++;
354                         }
356                         $message = $lang['User_deleted_successfully'] . "<br /><br />" . sprintf($lang['Click_return_userlist'], "<a href=\"" . append_sid("admin_userlist.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
358                         message_die(GENERAL_MESSAGE, $message);
359                 }               
360                 break;
362         case 'ban':
364                 //
365                 // see if cancel has been hit and redirect if it has
366                 // shouldn't get to this point if it has been hit but
367                 // do this just in case
368                 //
369                 if ( $cancel )
370                 {
371                         redirect($phpbb_root_path . 'admin/admin_userlist.'.$phpEx);
372                 }
374                 //
375                 // check confirm and either ban or show confirm message
376                 //
377                 if ( !$confirm )
378                 {
379                         $i = 0;
380                         $hidden_fields = '';
381                         while( $i < count($user_ids) )
382                         {
383                                 $user_id = intval($user_ids[$i]);
384                                 $hidden_fields .= '<input type="hidden" name="' . POST_USERS_URL . '[]" value="' . $user_id . '">';
386                                 unset($user_id);
387                                 $i++;
388                         }
390                         $template->set_filenames(array(
391                                 'body' => 'confirm_body.tpl')
392                         );
393                         $template->assign_vars(array(
394                                 'MESSAGE_TITLE' => $lang['Ban'],
395                                 'MESSAGE_TEXT' => $lang['Confirm_user_ban'],
396                                 
397                                 'U_INDEX' => '',
398                                 'L_INDEX' => '',
399                                 
400                                 'L_YES' => $lang['Yes'],
401                                 'L_NO' => $lang['No'],
402                                 
403                                 'S_CONFIRM_ACTION' => append_sid('admin_userlist.'.$phpEx.'?mode=ban'),
404                                 'S_HIDDEN_FIELDS' => $hidden_fields)
405                         );      
406                 }
407                 else
408                 {
409                         // ban users
410                         $i = 0;
411                         while( $i < count($user_ids) )
412                         {
413                                 $user_id = intval($user_ids[$i]);
414         
415                                 $sql = "INSERT INTO " . BANLIST_TABLE . " ( ban_userid )
416                                         VALUES ( '$user_id' )";
417                                 if( !($result = $db->sql_query($sql)) )
418                                 {
419                                         message_die(GENERAL_ERROR, 'Could not obtain ban user', '', __LINE__, __FILE__, $sql);
420                                 }
422                                 unset($user_id);
423                                 $i++;
424                         }
426                         $message = $lang['User_banned_successfully'] . "<br /><br />" . sprintf($lang['Click_return_userlist'], "<a href=\"" . append_sid("admin_userlist.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
428                         message_die(GENERAL_MESSAGE, $message);
429                 }
430                 break;
432         case 'activate':
434                 //
435                 // activate or deactive the seleted users
436                 //
437                 $i = 0;
438                 while( $i < count($user_ids) )
439                 {
440                         $user_id = intval($user_ids[$i]);
441                         $sql = "SELECT user_active FROM " . USERS_TABLE . "
442                                 WHERE user_id = $user_id";
443                         if( !($result = $db->sql_query($sql)) )
444                         {
445                                 message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
446                         }
447                         $row = $db->sql_fetchrow($result);
448                         $db->sql_freeresult($result);
450                         $new_status = ( $row['user_active'] ) ? 0 : 1;
452                         $sql = "UPDATE " .  USERS_TABLE . " 
453                                 SET user_active = '$new_status'
454                                 WHERE user_id = $user_id";
455                         if( !($result = $db->sql_query($sql)) )
456                         {
457                                 message_die(GENERAL_ERROR, 'Could not update user status', '', __LINE__, __FILE__, $sql);
458                         }
459                         
460                         unset($user_id);
461                         $i++;
462                 }
464                 $message = $lang['User_status_updated'] . "<br /><br />" . sprintf($lang['Click_return_userlist'], "<a href=\"" . append_sid("admin_userlist.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
466                 message_die(GENERAL_MESSAGE, $message);
467                 break;
469         case 'group':
471                 //
472                 // add users to a group
473                 //
474                 if ( !$confirm )
475                 {
476                         // show form to select which group to add users to
477                         $i = 0;
478                         $hidden_fields = '';
479                         while( $i < count($user_ids) )
480                         {
481                                 $user_id = intval($user_ids[$i]);
482                                 $hidden_fields .= '<input type="hidden" name="' . POST_USERS_URL . '[]" value="' . $user_id . '">';
484                                 unset($user_id);
485                                 $i++;
486                         }
488                         $template->set_filenames(array(
489                                 'body' => 'admin/userlist_group.tpl')
490                         );
492                         $template->assign_vars(array(
493                                 'MESSAGE_TITLE' => $lang['Add_group'],
494                                 'MESSAGE_TEXT' => $lang['Add_group_explain'],
496                                 'L_GROUP' => $lang['Group'],
497                                 
498                                 'S_GROUP_VARIABLE' => POST_GROUPS_URL,
499                                 'S_ACTION' => append_sid($phpbb_root_path . 'admin/admin_userlist.'.$phpEx.'?mode=group'),
500                                 'L_GO' => $lang['Go'],
501                                 'L_CANCEL' => $lang['Cancel'],
502                                 'L_SELECT' => $lang['Select_one'],
503                                 'S_HIDDEN_FIELDS' => $hidden_fields)
504                         );
506                         $sql = "SELECT group_id, group_name FROM " . GROUPS_TABLE . "
507                                 WHERE group_single_user <> " . TRUE . " 
508                                 ORDER BY group_name";
509                         
510                         if( !($result = $db->sql_query($sql)) )
511                         {
512                                 message_die(GENERAL_ERROR, 'Could not query groups', '', __LINE__, __FILE__, $sql);
513                         }
515                         // loop through groups
516                         while ( $row = $db->sql_fetchrow($result) )
517                         {
518                                 $template->assign_block_vars('grouprow',array(
519                                         'GROUP_NAME' => $row['group_name'],
520                                         'GROUP_ID' => $row['group_id'])
521                                 );
522                         }
523                 }
524                 else
525                 {
526                         // add the users to the selected group
527                         $group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]);
529                         include($phpbb_root_path . 'includes/emailer.'.$phpEx);
530                         $emailer = new emailer($board_config['smtp_delivery']);
532                         $i = 0;
533                         while( $i < count($user_ids) )
534                         {
535                                 $user_id = intval($user_ids[$i]);
537                                 //
538                                 // For security, get the ID of the group moderator.
539                                 //
540                                 switch(SQL_LAYER)
541                                 {
542                                         /*case 'postgresql':
543                                                 $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod 
544                                                         FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa 
545                                                         WHERE g.group_id = $group_id
546                                                                 AND aa.group_id = g.group_id 
547                                                                 UNION (
548                                                                         SELECT g.group_moderator, g.group_type, NULL 
549                                                                         FROM " . GROUPS_TABLE . " g
550                                                                         WHERE g.group_id = $group_id
551                                                                                 AND NOT EXISTS (
552                                                                                 SELECT aa.group_id 
553                                                                                 FROM " . AUTH_ACCESS_TABLE . " aa 
554                                                                                 WHERE aa.group_id = g.group_id  
555                                                                         )
556                                                                 )";
557                                                 break;*/
559                                         case 'oracle':
560                                                 $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod 
561                                                         FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa 
562                                                         WHERE g.group_id = $group_id
563                                                                 AND aa.group_id = g.group_id(+)";
564                                                 break;
566                                         default:
567                                                 $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod 
568                                                         FROM ( " . GROUPS_TABLE . " g 
569                                                         LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id )
570                                                         WHERE g.group_id = $group_id";
571                                                 break;
572                                 }
573                                 if ( !($result = $db->sql_query($sql)) )
574                                 {
575                                         message_die(GENERAL_ERROR, 'Could not get moderator information', '', __LINE__, __FILE__, $sql);
576                                 }
578                                 $group_info = $db->sql_fetchrow($result);
580                                 $sql = "SELECT user_id, user_email, user_lang, user_level  
581                                         FROM " . USERS_TABLE . " 
582                                         WHERE user_id = $user_id";
583                                 if ( !($result = $db->sql_query($sql)) )
584                                 {
585                                         message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql);
586                                 }
587                                 $row = $db->sql_fetchrow($result);
588                                 
589                                 $sql = "SELECT ug.user_id, u.user_level 
590                                         FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u 
591                                         WHERE u.user_id = " . $row['user_id'] . " 
592                                                 AND ug.user_id = u.user_id 
593                                                 AND ug.group_id = $group_id";
594                                 if ( !($result = $db->sql_query($sql)) )
595                                 {
596                                         message_die(GENERAL_ERROR, 'Could not get user information', '', __LINE__, __FILE__, $sql);
597                                 }
599                                 if ( !($db->sql_fetchrow($result)) )
600                                 {
601                                         $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending) 
602                                                 VALUES (" . $row['user_id'] . ", $group_id, 0)";
603                                         if ( !$db->sql_query($sql) )
604                                         {
605                                                 message_die(GENERAL_ERROR, 'Could not add user to group', '', __LINE__, __FILE__, $sql);
606                                         }
607                                         
608                                         if ( $row['user_level'] != ADMIN && $row['user_level'] != MOD && $group_info['auth_mod'] )
609                                         {
610                                                 $sql = "UPDATE " . USERS_TABLE . " 
611                                                         SET user_level = " . MOD . " 
612                                                         WHERE user_id = " . $row['user_id'];
613                                                 if ( !$db->sql_query($sql) )
614                                                 {
615                                                         message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
616                                                 }
617                                         }
619                                         //
620                                         // Get the group name
621                                         // Email the user and tell them they're in the group
622                                         //
623                                         $group_sql = "SELECT group_name 
624                                                 FROM " . GROUPS_TABLE . " 
625                                                 WHERE group_id = $group_id";
626                                         if ( !($result = $db->sql_query($group_sql)) )
627                                         {
628                                                 message_die(GENERAL_ERROR, 'Could not get group information', '', __LINE__, __FILE__, $group_sql);
629                                         }
631                                         $group_name_row = $db->sql_fetchrow($result);
633                                         $group_name = $group_name_row['group_name'];
635                                         $script_name = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim($board_config['script_path']));
636                                         $script_name = ( $script_name != '' ) ? $script_name . '/groupcp.'.$phpEx : 'groupcp.'.$phpEx;
637                                         $server_name = trim($board_config['server_name']);
638                                         $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
639                                         $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';
641                                         $server_url = $server_protocol . $server_name . $server_port . $script_name;
643                                         $emailer->from($board_config['board_email']);
644                                         $emailer->replyto($board_config['board_email']);
646                                         $emailer->use_template('group_added', $row['user_lang']);
647                                         $emailer->email_address($row['user_email']);
648                                         $emailer->set_subject($lang['Group_added']);
650                                         $emailer->assign_vars(array(
651                                                 'SITENAME' => $board_config['sitename'], 
652                                                 'GROUP_NAME' => $group_name,
653                                                 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', 
655                                                 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id")
656                                         );
657                                         $emailer->send();
658                                         $emailer->reset();
659                                         
660                                 }
662                                 unset($user_id);
663                                 $i++;
664                         }
666                         $message = $lang['User_add_group_successfully'] . "<br /><br />" . sprintf($lang['Click_return_userlist'], "<a href=\"" . append_sid("admin_userlist.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
668                         message_die(GENERAL_MESSAGE, $message);
669                 }
670                 break;
672         default:
674                 //
675                 // get and display all of the users
676                 //
677                 $template->set_filenames(array(
678                   'body' => 'admin/userlist_body.tpl')
679                 );
681                 //
682                 // gets for alphanum
683                 //
684                 $alpha_range = array();
685                 $alpha_letters = array();
686                 $alpha_letters = range('A','Z');
687                 $alpha_start = array($lang['All'], '#');
688                 $alpha_range = array_merge($alpha_start, $alpha_letters);
690                 $i = 0;
691                 while( $i < count($alpha_range) )
692                 {
693                         
694                         if ( $alpha_range[$i] != $lang['All'] )
695                         {
696                                 if ( $alpha_range[$i] != '#' )
697                                 {
698                                         $temp = strtolower($alpha_range[$i]);
699                                 }
700                                 else
701                                 {
702                                         $temp = 'num';
703                                 }
704                                 $alphanum_search_url = append_sid($phpbb_root_path . "admin/admin_userlist.$phpEx?sort=$sort&amp;order=$sort_order&amp;show=$show&amp;alphanum=$temp");
705                         }
706                         else
707                         {
708                                 $alphanum_search_url = append_sid($phpbb_root_path . "admin/admin_userlist.$phpEx?sort=$sort&amp;order=$sort_order&amp;show=$show");
709                         }
711                         if ( ( $alphanum == $temp ) || ( $alpha_range[$i] == $lang['All'] && empty($alphanum) ) )
712                         {
713                                 $alpha_range[$i] = '<b>' . $alpha_range[$i] . '</b>';
714                         }
716                         $template->assign_block_vars('alphanumsearch', array(
717                                 'SEARCH_SIZE' => floor(100/count($alpha_range)) . '%',
718                                 'SEARCH_TERM' => $alpha_range[$i],
719                                 'SEARCH_LINK' => $alphanum_search_url)
720                         );
722                         $i++;
723                 }
725                 $hidden_fields = '<input type="hidden" name="start" value="' . $start . '">';
726                 $hidden_fields .= '<input type="hidden" name="alphanum" value="' . $alphanum . '">';
728                 //
729                 // set up template varibles
730                 //
731                 $template->assign_vars(array(
732                         'L_TITLE' => $lang['Userlist'],
733                         'L_DESCRIPTION' => $lang['Userlist_description'],
734                         
735                         'L_OPEN_CLOSE' => $lang['Open_close'],
736                         'L_ACTIVE' => $lang['Active'],
737                         'L_USERNAME' => $lang['Username'],
738                         'L_GROUP' => $lang['Group'],
739                         'L_RANK' => $lang['Rank'],
740                         'L_POSTS' => $lang['Posts'],
741                         'L_FIND_ALL_POSTS' => $lang['Find_all_posts'],
742                         'L_JOINED' => $lang['Joined'],
743                         'L_ACTIVTY' => $lang['Last_activity'],
744                         'L_MANAGE' => $lang['User_manage'],
745                         'L_PERMISSIONS' => $lang['Permissions'],
746                         'L_EMAIL' => $lang['Email'],
747                         'L_PM' => $lang['Private_Message'],
748                         'L_WEBSITE' => $lang['Website'],
749                                         
750                         'S_USER_VARIABLE' => POST_USERS_URL,
751                         'S_ACTION' => append_sid($phpbb_root_path . 'admin/admin_userlist.'.$phpEx),
752                         'L_GO' => $lang['Go'],
753                         'L_SELECT' => $lang['Select_one'],
754                         'L_DELETE' => $lang['Delete'],
755                         'L_BAN' => $lang['Ban'],
756                         'L_ACTIVATE_DEACTIVATE' => $lang['Activate_deactivate'],
757                         'L_ADD_GROUP' => $lang['Add_group'],
758                                         
759                         'S_SHOW' => $show,
760                         'L_SORT_BY' => $lang['Sort_by'],
761                         'L_USER_ID' => $lang['User_id'],
762                         'L_USER_LEVEL' => $lang['User_level'],
763                         'L_ASCENDING' => $lang['Ascending'],
764                         'L_DESCENDING' => $lang['Descending'],
765                         'L_SHOW' => $lang['Show'],
766                         'S_SORT' => $lang['Sort'],
767                         'S_HIDDEN_FIELDS' => $hidden_fields)
768                 );
770                 $order_by = "ORDER BY $sort $order ";
772                 $sql = "SELECT * 
773                         FROM " . USERS_TABLE . "
774                         WHERE user_id <> " . ANONYMOUS . " 
775                                 $alpha_where 
776                         $order_by
777                         LIMIT $start, $show";
779                 if( !($result = $db->sql_query($sql)) )
780                 {
781                         message_die(GENERAL_ERROR, 'Could not query users', '', __LINE__, __FILE__, $sql);
782                 }
784                 // loop through users
785                 $i = 1;
786                 while ( $row = $db->sql_fetchrow($result) )
787                 {
788                         //
789                         // users avatar
790                         //
791                         $avatar_img = '';
792                         if ( $row['user_avatar_type'] && $row['user_allowavatar'] )
793                         {
794                                 switch( $row['user_avatar_type'] )
795                                 {
796                                         case USER_AVATAR_UPLOAD:
797                                                 $avatar_img = ( $board_config['allow_avatar_upload'] ) ? '<img src="' . $phpbb_root_path . $board_config['avatar_path'] . '/' . $row['user_avatar'] . '" alt="" border="0" />' : '';
798                                                 break;
799                                         case USER_AVATAR_REMOTE:
800                                                 $avatar_img = ( $board_config['allow_avatar_remote'] ) ? '<img src="' . $row['user_avatar'] . '" alt="" border="0" />' : '';
801                                                 break;
802                                         case USER_AVATAR_GALLERY:
803                                                 $avatar_img = ( $board_config['allow_avatar_local'] ) ? '<img src="' . $phpbb_root_path . $board_config['avatar_gallery_path'] . '/' . $row['user_avatar'] . '" alt="" border="0" />' : '';
804                                                 break;
805                                 }
806                         }
807                                 
808                         //
809                         // users rank
810                         //
811                         $rank_sql = "SELECT *
812                                 FROM " . RANKS_TABLE . "
813                                 ORDER BY rank_special, rank_min";
814                         if ( !($rank_result = $db->sql_query($rank_sql)) )
815                         {
816                                 message_die(GENERAL_ERROR, 'Could not obtain ranks information', '', __LINE__, __FILE__, $sql);
817                         }
819                         while ( $rank_row = $db->sql_fetchrow($rank_result) )
820                         {
821                                 $ranksrow[] = $rank_row;
822                         }
823                         $db->sql_freeresult($rank_result);
825                         $poster_rank = '';
826                         $rank_image = '';
827                         if ( $row['user_rank'] )
828                         {
829                                 for($ji = 0; $ji < count($ranksrow); $ji++)
830                                 {
831                                         if ( $row['user_rank'] == $ranksrow[$ji]['rank_id'] && $ranksrow[$ji]['rank_special'] )
832                                         {
833                                                 $poster_rank = $ranksrow[$ji]['rank_title'];
834                                                 $rank_image = ( $ranksrow[$ji]['rank_image'] ) ? '<img src="' . $phpbb_root_path . $ranksrow[$ji]['rank_image'] . '" alt="' . $poster_rank . '" title="' . $poster_rank . '" border="0" /><br />' : '';
835                                         }
836                                 }
837                         }
838                         else
839                         {
840                                 for($ji = 0; $ji < count($ranksrow); $ji++)
841                                 {
842                                         if ( $row['user_posts'] >= $ranksrow[$ji]['rank_min'] && !$ranksrow[$ji]['rank_special'] )
843                                         {
844                                                 $poster_rank = $ranksrow[$ji]['rank_title'];
845                                                 $rank_image = ( $ranksrow[$ji]['rank_image'] ) ? '<img src="' . $phpbb_root_path . $ranksrow[$ji]['rank_image'] . '" alt="' . $poster_rank . '" title="' . $poster_rank . '" border="0" /><br />' : '';
846                                         }
847                                 }
848                         }
849                                 
850                         //
851                         // user's color depending on their level
852                         //
853                         $style_color = '';
854                         if ( $row['user_level'] == ADMIN )
855                         {
856                                 $row['username'] = '<b>' . $row['username'] . '</b>';
857                                 $style_color = 'style="color:#' . $theme['fontcolor3'] . '"';
858                         }
859                         else if ( $row['user_level'] == MOD )
860                         {
861                                 $row['username'] = '<b>' . $row['username'] . '</b>';
862                                 $style_color = 'style="color:#' . $theme['fontcolor2'] . '"';
863                         }
865                         //
866                         // setup user row template varibles
867                         //
868                         $template->assign_block_vars('user_row', array(
869                                 'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ),
870                                 'ROW_CLASS' => ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'],
872                                 'USER_ID' => $row['user_id'],
873                                 'ACTIVE' => ( $row['user_active'] == TRUE ) ? $lang['Yes'] : $lang['No'],
874                                 'STYLE_COLOR' => $style_color,
875                                 'USERNAME' => $row['username'],
876                                 'U_PROFILE' => append_sid($phpbb_root_path . 'profile.'.$phpEx.'?mode=viewprofile&amp;' . POST_USERS_URL . '=' . $row['user_id']),
878                                 'RANK' => $poster_rank,
879                                 'I_RANK' => $rank_image,
880                                 'I_AVATAR' => $avatar_img,
882                                 'JOINED' => create_date('d M Y', $row['user_regdate'], $board_config['board_timezone']),
883                                 'LAST_ACTIVITY' => ( !empty($row['user_session_time']) ) ? create_date('d M Y', $row['user_session_time'], $board_config['board_timezone']) : $lang['Never'],
885                                 'POSTS' => ( $row['user_posts'] ) ? $row['user_posts'] : 0,
886                                 'U_SEARCH' => append_sid($phpbb_root_path . 'search.'.$phpEx.'?search_author=' . urlencode(strip_tags($row['username'])) . '&amp;showresults=posts'),
888                                 'U_WEBSITE' => ( $row['user_website'] ) ? $row['user_website'] : '',
890                                 'EMAIL' => $row['user_email'],
891                                 'U_PM' => append_sid($phpbb_root_path . 'privmsg.' . $phpEx . '?mode=post&amp;' . POST_USERS_URL . '='. $row['user_id']),
892                                 'U_MANAGE' => append_sid($phpbb_root_path . 'admin/admin_users.'.$phpEx.'?mode=edit&amp;' . POST_USERS_URL . '=' . $row['user_id']),
893                                 'U_PERMISSIONS' => append_sid($phpbb_root_path . 'admin/admin_ug_auth.'.$phpEx.'?mode=user&amp;' . POST_USERS_URL . '=' . $row['user_id']))
894                         );
896                         //
897                         // get the users group information
898                         //
899                         $group_sql = "SELECT * FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
900                                 WHERE ug.user_id = " . $row['user_id'] . "
901                                  AND g.group_single_user <> 1
902                                  AND g.group_id = ug.group_id";
903                                 
904                         if( !($group_result = $db->sql_query($group_sql)) )
905                         {
906                                 message_die(GENERAL_ERROR, 'Could not query groups', '', __LINE__, __FILE__, $group_sql);
907                         }
908                         $g = 0;
909                         while ( $group_row = $db->sql_fetchrow($group_result) )
910                         {
911                                 //
912                                 // assign the group varibles
913                                 //
914                                 if ( $group_row['group_moderator'] == $row['user_id'] )
915                                 {
916                                         $group_status = $lang['Moderator'];
917                                 }
918                                 else if ( $group_row['user_pending'] == true )
919                                 {
920                                         $group_status = $lang['Pending'];
921                                 }
922                                 else
923                                 {
924                                         $group_status = $lang['Member'];
925                                 }
927                                 $template->assign_block_vars('user_row.group_row', array(
928                                         'GROUP_NAME' => $group_row['group_name'],
929                                         'GROUP_STATUS' => $group_status,
930                                         'U_GROUP' => $phpbb_root_path . 'groupcp.'.$phpEx.'?'.POST_GROUPS_URL.'='.$group_row['group_id'])
931                                 );
932                                 $g++;
933                         }
935                         if ( $g == 0 )
936                         {
937                                 $template->assign_block_vars('user_row.no_group_row', array(
938                                         'L_NONE' => $lang['None'])
939                                 );
940                         }
941                                 
942                         $i++;
943                 }
944                 $db->sql_freeresult($result);
946                 $count_sql = "SELECT count(user_id) AS total 
947                         FROM " . USERS_TABLE . " 
948                         WHERE user_id <> " . ANONYMOUS . " $alpha_where";
950                 if ( !($count_result = $db->sql_query($count_sql)) )
951                 {
952                         message_die(GENERAL_ERROR, 'Error getting total users', '', __LINE__, __FILE__, $sql);
953                 }
955                 if ( $total = $db->sql_fetchrow($count_result) )
956                 {
957                         $total_members = $total['total'];
959                         $pagination = generate_pagination($phpbb_root_path . "admin/admin_userlist.$phpEx?sort=$sort&amp;order=$sort_order&amp;show=$show" . ( ( isset($alphanum) ) ? "&amp;alphanum=$alphanum" : '' ), $total_members, $show, $start);
960                 }
962                 $template->assign_vars(array(
963                         'PAGINATION' => $pagination,
964                         'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $show ) + 1 ), ceil( $total_members / $show )))
965                 );
967                 break;
969 } // switch()
971 $template->pparse('body');
973 include('./page_footer_admin.'.$phpEx);
975 ?>