Rev Author Line No. Line
130 kaklik 1 <?php
2 /***************************************************************************
3 * admin_users.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: admin_users.php,v 1.57.2.35 2006/03/26 14:43:24 grahamje Exp $
10 *
11 *
12 ***************************************************************************/
13  
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22  
23 define('IN_PHPBB', 1);
24  
25 if( !empty($setmodules) )
26 {
27 $filename = basename(__FILE__);
28 $module['Users']['Manage'] = $filename;
29  
30 return;
31 }
32  
33 $phpbb_root_path = './../';
34 require($phpbb_root_path . 'extension.inc');
35 require('./pagestart.' . $phpEx);
36 require($phpbb_root_path . 'includes/bbcode.'.$phpEx);
37 require($phpbb_root_path . 'includes/functions_post.'.$phpEx);
38 require($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
39 require($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
40  
41 $html_entities_match = array('#<#', '#>#');
42 $html_entities_replace = array('&lt;', '&gt;');
43  
44 //
45 // Set mode
46 //
47 if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
48 {
49 $mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
50 $mode = htmlspecialchars($mode);
51 }
52 else
53 {
54 $mode = '';
55 }
56  
57 //
58 // Begin program
59 //
60 if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) )
61 {
62 //
63 // Ok, the profile has been modified and submitted, let's update
64 //
65 if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
66 {
67 $user_id = intval($HTTP_POST_VARS['id']);
68  
69 if (!($this_userdata = get_userdata($user_id)))
70 {
71 message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
72 }
73  
74 if( $HTTP_POST_VARS['deleteuser'] && ( $userdata['user_id'] != $user_id ) )
75 {
76 $sql = "SELECT g.group_id
77 FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
78 WHERE ug.user_id = $user_id
79 AND g.group_id = ug.group_id
80 AND g.group_single_user = 1";
81 if( !($result = $db->sql_query($sql)) )
82 {
83 message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
84 }
85  
86 $row = $db->sql_fetchrow($result);
87  
88 $sql = "UPDATE " . POSTS_TABLE . "
89 SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "'
90 WHERE poster_id = $user_id";
91 if( !$db->sql_query($sql) )
92 {
93 message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
94 }
95  
96 $sql = "UPDATE " . TOPICS_TABLE . "
97 SET topic_poster = " . DELETED . "
98 WHERE topic_poster = $user_id";
99 if( !$db->sql_query($sql) )
100 {
101 message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
102 }
103  
104 $sql = "UPDATE " . VOTE_USERS_TABLE . "
105 SET vote_user_id = " . DELETED . "
106 WHERE vote_user_id = $user_id";
107 if( !$db->sql_query($sql) )
108 {
109 message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
110 }
111  
112 $sql = "SELECT group_id
113 FROM " . GROUPS_TABLE . "
114 WHERE group_moderator = $user_id";
115 if( !($result = $db->sql_query($sql)) )
116 {
117 message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
118 }
119  
120 while ( $row_group = $db->sql_fetchrow($result) )
121 {
122 $group_moderator[] = $row_group['group_id'];
123 }
124  
125 if ( count($group_moderator) )
126 {
127 $update_moderator_id = implode(', ', $group_moderator);
128  
129 $sql = "UPDATE " . GROUPS_TABLE . "
130 SET group_moderator = " . $userdata['user_id'] . "
131 WHERE group_moderator IN ($update_moderator_id)";
132 if( !$db->sql_query($sql) )
133 {
134 message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
135 }
136 }
137  
138 $sql = "DELETE FROM " . USERS_TABLE . "
139 WHERE user_id = $user_id";
140 if( !$db->sql_query($sql) )
141 {
142 message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
143 }
144  
145 $sql = "DELETE FROM " . USER_GROUP_TABLE . "
146 WHERE user_id = $user_id";
147 if( !$db->sql_query($sql) )
148 {
149 message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
150 }
151  
152 $sql = "DELETE FROM " . GROUPS_TABLE . "
153 WHERE group_id = " . $row['group_id'];
154 if( !$db->sql_query($sql) )
155 {
156 message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
157 }
158  
159 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
160 WHERE group_id = " . $row['group_id'];
161 if( !$db->sql_query($sql) )
162 {
163 message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
164 }
165  
166 $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
167 WHERE user_id = $user_id";
168 if ( !$db->sql_query($sql) )
169 {
170 message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
171 }
172  
173 $sql = "DELETE FROM " . BANLIST_TABLE . "
174 WHERE ban_userid = $user_id";
175 if ( !$db->sql_query($sql) )
176 {
177 message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql);
178 }
179  
180 $sql = "DELETE FROM " . SESSIONS_TABLE . "
181 WHERE session_user_id = $user_id";
182 if ( !$db->sql_query($sql) )
183 {
184 message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql);
185 }
186  
187 $sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . "
188 WHERE user_id = $user_id";
189 if ( !$db->sql_query($sql) )
190 {
191 message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql);
192 }
193  
194 $sql = "SELECT privmsgs_id
195 FROM " . PRIVMSGS_TABLE . "
196 WHERE privmsgs_from_userid = $user_id
197 OR privmsgs_to_userid = $user_id";
198 if ( !($result = $db->sql_query($sql)) )
199 {
200 message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql);
201 }
202  
203 // This little bit of code directly from the private messaging section.
204 while ( $row_privmsgs = $db->sql_fetchrow($result) )
205 {
206 $mark_list[] = $row_privmsgs['privmsgs_id'];
207 }
208  
209 if ( count($mark_list) )
210 {
211 $delete_sql_id = implode(', ', $mark_list);
212  
213 $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
214 WHERE privmsgs_text_id IN ($delete_sql_id)";
215 $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
216 WHERE privmsgs_id IN ($delete_sql_id)";
217  
218 if ( !$db->sql_query($delete_sql) )
219 {
220 message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
221 }
222  
223 if ( !$db->sql_query($delete_text_sql) )
224 {
225 message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
226 }
227 }
228  
229 $message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
230  
231 message_die(GENERAL_MESSAGE, $message);
232 }
233  
234 $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
235 $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
236  
237 $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
238 $password_confirm = ( !empty($HTTP_POST_VARS['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password_confirm'] ) )) : '';
239  
240 $icq = ( !empty($HTTP_POST_VARS['icq']) ) ? trim(strip_tags( $HTTP_POST_VARS['icq'] ) ) : '';
241 $aim = ( !empty($HTTP_POST_VARS['aim']) ) ? trim(strip_tags( $HTTP_POST_VARS['aim'] ) ) : '';
242 $msn = ( !empty($HTTP_POST_VARS['msn']) ) ? trim(strip_tags( $HTTP_POST_VARS['msn'] ) ) : '';
243 $yim = ( !empty($HTTP_POST_VARS['yim']) ) ? trim(strip_tags( $HTTP_POST_VARS['yim'] ) ) : '';
244  
245 $website = ( !empty($HTTP_POST_VARS['website']) ) ? trim(strip_tags( $HTTP_POST_VARS['website'] ) ) : '';
246 $location = ( !empty($HTTP_POST_VARS['location']) ) ? trim(strip_tags( $HTTP_POST_VARS['location'] ) ) : '';
247 $occupation = ( !empty($HTTP_POST_VARS['occupation']) ) ? trim(strip_tags( $HTTP_POST_VARS['occupation'] ) ) : '';
248 $interests = ( !empty($HTTP_POST_VARS['interests']) ) ? trim(strip_tags( $HTTP_POST_VARS['interests'] ) ) : '';
249 $signature = ( !empty($HTTP_POST_VARS['signature']) ) ? trim(str_replace('<br />', "\n", $HTTP_POST_VARS['signature'] ) ) : '';
250  
251 validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
252  
253 $viewemail = ( isset( $HTTP_POST_VARS['viewemail']) ) ? ( ( $HTTP_POST_VARS['viewemail'] ) ? TRUE : 0 ) : 0;
254 $allowviewonline = ( isset( $HTTP_POST_VARS['hideonline']) ) ? ( ( $HTTP_POST_VARS['hideonline'] ) ? 0 : TRUE ) : TRUE;
255 $notifyreply = ( isset( $HTTP_POST_VARS['notifyreply']) ) ? ( ( $HTTP_POST_VARS['notifyreply'] ) ? TRUE : 0 ) : 0;
256 $notifypm = ( isset( $HTTP_POST_VARS['notifypm']) ) ? ( ( $HTTP_POST_VARS['notifypm'] ) ? TRUE : 0 ) : TRUE;
257 $popuppm = ( isset( $HTTP_POST_VARS['popup_pm']) ) ? ( ( $HTTP_POST_VARS['popup_pm'] ) ? TRUE : 0 ) : TRUE;
258 $attachsig = ( isset( $HTTP_POST_VARS['attachsig']) ) ? ( ( $HTTP_POST_VARS['attachsig'] ) ? TRUE : 0 ) : 0;
259  
260 $allowhtml = ( isset( $HTTP_POST_VARS['allowhtml']) ) ? intval( $HTTP_POST_VARS['allowhtml'] ) : $board_config['allow_html'];
261 $allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode'];
262 $allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies'];
263  
264 $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
265 $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
266 $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];
267 $user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat'];
268  
269 $user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
270 $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ;
271  
272 $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : '';
273 $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : '';
274 $user_avatar_loc = ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '';
275 $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
276 $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
277 $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
278  
279 $user_avatar = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar'] : '';
280 $user_avatar_type = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar_type'] : '';
281  
282 $user_status = ( !empty($HTTP_POST_VARS['user_status']) ) ? intval( $HTTP_POST_VARS['user_status'] ) : 0;
283 $user_allowpm = ( !empty($HTTP_POST_VARS['user_allowpm']) ) ? intval( $HTTP_POST_VARS['user_allowpm'] ) : 0;
284 $user_rank = ( !empty($HTTP_POST_VARS['user_rank']) ) ? intval( $HTTP_POST_VARS['user_rank'] ) : 0;
285 $user_allowavatar = ( !empty($HTTP_POST_VARS['user_allowavatar']) ) ? intval( $HTTP_POST_VARS['user_allowavatar'] ) : 0;
286  
287 if( isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
288 {
289 $username = stripslashes($username);
290 $email = stripslashes($email);
291 $password = '';
292 $password_confirm = '';
293  
294 $icq = stripslashes($icq);
295 $aim = htmlspecialchars(stripslashes($aim));
296 $msn = htmlspecialchars(stripslashes($msn));
297 $yim = htmlspecialchars(stripslashes($yim));
298  
299 $website = htmlspecialchars(stripslashes($website));
300 $location = htmlspecialchars(stripslashes($location));
301 $occupation = htmlspecialchars(stripslashes($occupation));
302 $interests = htmlspecialchars(stripslashes($interests));
303 $signature = htmlspecialchars(stripslashes($signature));
304  
305 $user_lang = stripslashes($user_lang);
306 $user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
307  
308 if ( !isset($HTTP_POST_VARS['cancelavatar']))
309 {
310 $user_avatar = $user_avatar_category . '/' . $user_avatar_local;
311 $user_avatar_type = USER_AVATAR_GALLERY;
312 }
313 }
314 }
315  
316 if( isset( $HTTP_POST_VARS['submit'] ) )
317 {
318 include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
319  
320 $error = FALSE;
321  
322 if (stripslashes($username) != $this_userdata['username'])
323 {
324 unset($rename_user);
325  
326 if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) )
327 {
328 $result = validate_username($username);
329 if ( $result['error'] )
330 {
331 $error = TRUE;
332 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
333 }
334 else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
335 {
336 $error = TRUE;
337 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Username_taken'];
338 }
339 }
340  
341 if (!$error)
342 {
343 $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
344 $rename_user = $username; // Used for renaming usergroup
345 }
346 }
347  
348 $passwd_sql = '';
349 if( !empty($password) && !empty($password_confirm) )
350 {
351 //
352 // Awww, the user wants to change their password, isn't that cute..
353 //
354 if($password != $password_confirm)
355 {
356 $error = TRUE;
357 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
358 }
359 else
360 {
361 $password = md5($password);
362 $passwd_sql = "user_password = '$password', ";
363 }
364 }
365 else if( $password && !$password_confirm )
366 {
367 $error = TRUE;
368 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
369 }
370 else if( !$password && $password_confirm )
371 {
372 $error = TRUE;
373 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
374 }
375  
376 if ($signature != '')
377 {
378 $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
379 if ( $allowhtml )
380 {
381 $sig_length_check = preg_replace('/(\<.*?)(=.*?)( .*?=.*?)?([ \/]?\>)/is', '\\1\\3\\4', $sig_length_check);
382 }
383  
384 // Only create a new bbcode_uid when there was no uid yet.
385 if ( $signature_bbcode_uid == '' )
386 {
387 $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : '';
388 }
389 $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
390  
391 if ( strlen($sig_length_check) > $board_config['max_sig_chars'] )
392 {
393 $error = TRUE;
394 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Signature_too_long'];
395 }
396 }
397  
398 //
399 // Avatar stuff
400 //
401 $avatar_sql = "";
402 if( isset($HTTP_POST_VARS['avatardel']) )
403 {
404 if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
405 {
406 if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
407 {
408 @unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
409 }
410 }
411 $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
412 }
413 else if( ( $user_avatar_loc != "" || !empty($user_avatar_url) ) && !$error )
414 {
415 //
416 // Only allow one type of upload, either a
417 // filename or a URL
418 //
419 if( !empty($user_avatar_loc) && !empty($user_avatar_url) )
420 {
421 $error = TRUE;
422 if( isset($error_msg) )
423 {
424 $error_msg .= "<br />";
425 }
426 $error_msg .= $lang['Only_one_avatar'];
427 }
428  
429 if( $user_avatar_loc != "" )
430 {
431 if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
432 {
433 if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0)
434 {
435 $error_type = false;
436  
437 //
438 // Opera appends the image name after the type, not big, not clever!
439 //
440 preg_match("'image\/[x\-]*([a-z]+)'", $user_avatar_filetype, $user_avatar_filetype);
441 $user_avatar_filetype = $user_avatar_filetype[1];
442  
443 switch( $user_avatar_filetype )
444 {
445 case "jpeg":
446 case "pjpeg":
447 case "jpg":
448 $imgtype = '.jpg';
449 break;
450 case "gif":
451 $imgtype = '.gif';
452 break;
453 case "png":
454 $imgtype = '.png';
455 break;
456 default:
457 $error = true;
458 $error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Avatar_filetype'] : $lang['Avatar_filetype'];
459 break;
460 }
461  
462 if( !$error )
463 {
464 list($width, $height) = @getimagesize($user_avatar_loc);
465  
466 if( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
467 {
468 $user_id = $this_userdata['user_id'];
469  
470 $avatar_filename = $user_id . $imgtype;
471  
472 if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
473 {
474 if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
475 {
476 @unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']);
477 }
478 }
479 @copy($user_avatar_loc, "./../" . $board_config['avatar_path'] . "/$avatar_filename");
480  
481 $avatar_sql = ", user_avatar = '$avatar_filename', user_avatar_type = " . USER_AVATAR_UPLOAD;
482 }
483 else
484 {
485 $l_avatar_size = sprintf($lang['Avatar_imagesize'], $board_config['avatar_max_width'], $board_config['avatar_max_height']);
486  
487 $error = true;
488 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
489 }
490 }
491 }
492 else
493 {
494 $l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
495  
496 $error = true;
497 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
498 }
499 }
500 else
501 {
502 $error = true;
503 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Avatar_filetype'] : $lang['Avatar_filetype'];
504 }
505 }
506 else if( !empty($user_avatar_url) )
507 {
508 //
509 // First check what port we should connect
510 // to, look for a :[xxxx]/ or, if that doesn't
511 // exist assume port 80 (http)
512 //
513 preg_match("/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/", $user_avatar_url, $url_ary);
514  
515 if( !empty($url_ary[4]) )
516 {
517 $port = (!empty($url_ary[3])) ? $url_ary[3] : 80;
518  
519 $fsock = @fsockopen($url_ary[2], $port, $errno, $errstr);
520 if( $fsock )
521 {
522 $base_get = "/" . $url_ary[4];
523  
524 //
525 // Uses HTTP 1.1, could use HTTP 1.0 ...
526 //
527 @fputs($fsock, "GET $base_get HTTP/1.1\r\n");
528 @fputs($fsock, "HOST: " . $url_ary[2] . "\r\n");
529 @fputs($fsock, "Connection: close\r\n\r\n");
530  
531 unset($avatar_data);
532 while( !@feof($fsock) )
533 {
534 $avatar_data .= @fread($fsock, $board_config['avatar_filesize']);
535 }
536 @fclose($fsock);
537  
538 if( preg_match("/Content-Length\: ([0-9]+)[^\/ ][\s]+/i", $avatar_data, $file_data1) && preg_match("/Content-Type\: image\/[x\-]*([a-z]+)[\s]+/i", $avatar_data, $file_data2) )
539 {
540 $file_size = $file_data1[1];
541 $file_type = $file_data2[1];
542  
543 switch( $file_type )
544 {
545 case "jpeg":
546 case "pjpeg":
547 case "jpg":
548 $imgtype = '.jpg';
549 break;
550 case "gif":
551 $imgtype = '.gif';
552 break;
553 case "png":
554 $imgtype = '.png';
555 break;
556 default:
557 $error = true;
558 $error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Avatar_filetype'] : $lang['Avatar_filetype'];
559 break;
560 }
561  
562 if( !$error && $file_size > 0 && $file_size < $board_config['avatar_filesize'] )
563 {
564 $avatar_data = substr($avatar_data, strlen($avatar_data) - $file_size, $file_size);
565  
566 $tmp_filename = tempnam ("/tmp", $this_userdata['user_id'] . "-");
567 $fptr = @fopen($tmp_filename, "wb");
568 $bytes_written = @fwrite($fptr, $avatar_data, $file_size);
569 @fclose($fptr);
570  
571 if( $bytes_written == $file_size )
572 {
573 list($width, $height) = @getimagesize($tmp_filename);
574  
575 if( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
576 {
577 $user_id = $this_userdata['user_id'];
578  
579 $avatar_filename = $user_id . $imgtype;
580  
581 if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "")
582 {
583 if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
584 {
585 @unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
586 }
587 }
588 @copy($tmp_filename, "./../" . $board_config['avatar_path'] . "/$avatar_filename");
589 @unlink($tmp_filename);
590  
591 $avatar_sql = ", user_avatar = '$avatar_filename', user_avatar_type = " . USER_AVATAR_UPLOAD;
592 }
593 else
594 {
595 $l_avatar_size = sprintf($lang['Avatar_imagesize'], $board_config['avatar_max_width'], $board_config['avatar_max_height']);
596  
597 $error = true;
598 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
599 }
600 }
601 else
602 {
603 //
604 // Error writing file
605 //
606 @unlink($tmp_filename);
607 message_die(GENERAL_ERROR, "Could not write avatar file to local storage. Please contact the board administrator with this message", "", __LINE__, __FILE__);
608 }
609 }
610 }
611 else
612 {
613 //
614 // No data
615 //
616 $error = true;
617 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['File_no_data'] : $lang['File_no_data'];
618 }
619 }
620 else
621 {
622 //
623 // No connection
624 //
625 $error = true;
626 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['No_connection_URL'] : $lang['No_connection_URL'];
627 }
628 }
629 else
630 {
631 $error = true;
632 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Incomplete_URL'] : $lang['Incomplete_URL'];
633 }
634 }
635 else if( !empty($user_avatar_name) )
636 {
637 $l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
638  
639 $error = true;
640 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $l_avatar_size : $l_avatar_size;
641 }
642 }
643 else if( $user_avatar_remoteurl != "" && $avatar_sql == "" && !$error )
644 {
645 if( !preg_match("#^http:\/\/#i", $user_avatar_remoteurl) )
646 {
647 $user_avatar_remoteurl = "http://" . $user_avatar_remoteurl;
648 }
649  
650 if( preg_match("#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+\/.*?\.(gif|jpg|png)$)#is", $user_avatar_remoteurl) )
651 {
652 $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", $user_avatar_remoteurl) . "', user_avatar_type = " . USER_AVATAR_REMOTE;
653 }
654 else
655 {
656 $error = true;
657 $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
658 }
659 }
660 else if( $user_avatar_local != "" && $avatar_sql == "" && !$error )
661 {
662 $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", phpbb_ltrim(basename($user_avatar_category), "'") . '/' . phpbb_ltrim(basename($user_avatar_local), "'")) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
663 }
664  
665 //
666 // Update entry in DB
667 //
668 if( !$error )
669 {
670 $sql = "UPDATE " . USERS_TABLE . "
671 SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
672 WHERE user_id = $user_id";
673  
674 if( $result = $db->sql_query($sql) )
675 {
676 if( isset($rename_user) )
677 {
678 $sql = "UPDATE " . GROUPS_TABLE . "
679 SET group_name = '".str_replace("\'", "''", $rename_user)."'
680 WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'";
681 if( !$result = $db->sql_query($sql) )
682 {
683 message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
684 }
685 }
686  
687 // Delete user session, to prevent the user navigating the forum (if logged in) when disabled
688 if (!$user_status)
689 {
690 $sql = "DELETE FROM " . SESSIONS_TABLE . "
691 WHERE session_user_id = " . $user_id;
692  
693 if ( !$db->sql_query($sql) )
694 {
695 message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
696 }
697 }
698  
699 // We remove all stored login keys since the password has been updated
700 // and change the current one (if applicable)
701 if ( !empty($passwd_sql) )
702 {
703 session_reset_keys($user_id, $user_ip);
704 }
705  
706 $message .= $lang['Admin_user_updated'];
707 }
708 else
709 {
710 message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);
711 }
712  
713 $message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
714  
715 message_die(GENERAL_MESSAGE, $message);
716 }
717 else
718 {
719 $template->set_filenames(array(
720 'reg_header' => 'error_body.tpl')
721 );
722  
723 $template->assign_vars(array(
724 'ERROR_MESSAGE' => $error_msg)
725 );
726  
727 $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
728  
729 $username = htmlspecialchars(stripslashes($username));
730 $email = stripslashes($email);
731 $password = '';
732 $password_confirm = '';
733  
734 $icq = stripslashes($icq);
735 $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
736 $msn = htmlspecialchars(stripslashes($msn));
737 $yim = htmlspecialchars(stripslashes($yim));
738  
739 $website = htmlspecialchars(stripslashes($website));
740 $location = htmlspecialchars(stripslashes($location));
741 $occupation = htmlspecialchars(stripslashes($occupation));
742 $interests = htmlspecialchars(stripslashes($interests));
743 $signature = htmlspecialchars(stripslashes($signature));
744  
745 $user_lang = stripslashes($user_lang);
746 $user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
747 }
748 }
749 else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) )
750 {
751 if( isset( $HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) )
752 {
753 $user_id = ( isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ? intval( $HTTP_POST_VARS[POST_USERS_URL]) : intval( $HTTP_GET_VARS[POST_USERS_URL]);
754 $this_userdata = get_userdata($user_id);
755 if( !$this_userdata )
756 {
757 message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
758 }
759 }
760 else
761 {
762 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
763 if( !$this_userdata )
764 {
765 message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
766 }
767 }
768  
769 //
770 // Now parse and display it as a template
771 //
772 $user_id = $this_userdata['user_id'];
773 $username = $this_userdata['username'];
774 $email = $this_userdata['user_email'];
775 $password = '';
776 $password_confirm = '';
777  
778 $icq = $this_userdata['user_icq'];
779 $aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] ));
780 $msn = htmlspecialchars($this_userdata['user_msnm']);
781 $yim = htmlspecialchars($this_userdata['user_yim']);
782  
783 $website = htmlspecialchars($this_userdata['user_website']);
784 $location = htmlspecialchars($this_userdata['user_from']);
785 $occupation = htmlspecialchars($this_userdata['user_occ']);
786 $interests = htmlspecialchars($this_userdata['user_interests']);
787  
788 $signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig'];
789 $signature = preg_replace($html_entities_match, $html_entities_replace, $signature);
790  
791 $viewemail = $this_userdata['user_viewemail'];
792 $notifypm = $this_userdata['user_notify_pm'];
793 $popuppm = $this_userdata['user_popup_pm'];
794 $notifyreply = $this_userdata['user_notify'];
795 $attachsig = $this_userdata['user_attachsig'];
796 $allowhtml = $this_userdata['user_allowhtml'];
797 $allowbbcode = $this_userdata['user_allowbbcode'];
798 $allowsmilies = $this_userdata['user_allowsmile'];
799 $allowviewonline = $this_userdata['user_allow_viewonline'];
800  
801 $user_avatar = $this_userdata['user_avatar'];
802 $user_avatar_type = $this_userdata['user_avatar_type'];
803 $user_style = $this_userdata['user_style'];
804 $user_lang = $this_userdata['user_lang'];
805 $user_timezone = $this_userdata['user_timezone'];
806 $user_dateformat = htmlspecialchars($this_userdata['user_dateformat']);
807  
808 $user_status = $this_userdata['user_active'];
809 $user_allowavatar = $this_userdata['user_allowavatar'];
810 $user_allowpm = $this_userdata['user_allow_pm'];
811  
812 $COPPA = false;
813  
814 $html_status = ($this_userdata['user_allowhtml'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
815 $bbcode_status = ($this_userdata['user_allowbbcode'] ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
816 $smilies_status = ($this_userdata['user_allowsmile'] ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
817 }
818  
819 if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
820 {
821 if( !$error )
822 {
823 $user_id = intval($HTTP_POST_VARS['id']);
824  
825 $template->set_filenames(array(
826 "body" => "admin/user_avatar_gallery.tpl")
827 );
828  
829 $dir = @opendir("../" . $board_config['avatar_gallery_path']);
830  
831 $avatar_images = array();
832 while( $file = @readdir($dir) )
833 {
834 if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) )
835 {
836 $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file);
837  
838 $avatar_row_count = 0;
839 $avatar_col_count = 0;
840  
841 while( $sub_file = @readdir($sub_dir) )
842 {
843 if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) )
844 {
845 $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file;
846  
847 $avatar_col_count++;
848 if( $avatar_col_count == 5 )
849 {
850 $avatar_row_count++;
851 $avatar_col_count = 0;
852 }
853 }
854 }
855 }
856 }
857  
858 @closedir($dir);
859  
860 if( isset($HTTP_POST_VARS['avatarcategory']) )
861 {
862 $category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
863 }
864 else
865 {
866 list($category, ) = each($avatar_images);
867 }
868 @reset($avatar_images);
869  
870 $s_categories = "";
871 while( list($key) = each($avatar_images) )
872 {
873 $selected = ( $key == $category ) ? "selected=\"selected\"" : "";
874 if( count($avatar_images[$key]) )
875 {
876 $s_categories .= '<option value="' . $key . '"' . $selected . '>' . ucfirst($key) . '</option>';
877 }
878 }
879  
880 $s_colspan = 0;
881 for($i = 0; $i < count($avatar_images[$category]); $i++)
882 {
883 $template->assign_block_vars("avatar_row", array());
884  
885 $s_colspan = max($s_colspan, count($avatar_images[$category][$i]));
886  
887 for($j = 0; $j < count($avatar_images[$category][$i]); $j++)
888 {
889 $template->assign_block_vars("avatar_row.avatar_column", array(
890 "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j])
891 );
892  
893 $template->assign_block_vars("avatar_row.avatar_option_column", array(
894 "S_OPTIONS_AVATAR" => $avatar_images[$category][$i][$j])
895 );
896 }
897 }
898  
899 $coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE;
900  
901 $s_hidden_fields = '<input type="hidden" name="mode" value="edit" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" /><input type="hidden" name="avatarcatname" value="' . $category . '" />';
902 $s_hidden_fields .= '<input type="hidden" name="id" value="' . $user_id . '" />';
903  
904 $s_hidden_fields .= '<input type="hidden" name="username" value="' . str_replace("\"", "&quot;", $username) . '" />';
905 $s_hidden_fields .= '<input type="hidden" name="email" value="' . str_replace("\"", "&quot;", $email) . '" />';
906 $s_hidden_fields .= '<input type="hidden" name="icq" value="' . str_replace("\"", "&quot;", $icq) . '" />';
907 $s_hidden_fields .= '<input type="hidden" name="aim" value="' . str_replace("\"", "&quot;", $aim) . '" />';
908 $s_hidden_fields .= '<input type="hidden" name="msn" value="' . str_replace("\"", "&quot;", $msn) . '" />';
909 $s_hidden_fields .= '<input type="hidden" name="yim" value="' . str_replace("\"", "&quot;", $yim) . '" />';
910 $s_hidden_fields .= '<input type="hidden" name="website" value="' . str_replace("\"", "&quot;", $website) . '" />';
911 $s_hidden_fields .= '<input type="hidden" name="location" value="' . str_replace("\"", "&quot;", $location) . '" />';
912 $s_hidden_fields .= '<input type="hidden" name="occupation" value="' . str_replace("\"", "&quot;", $occupation) . '" />';
913 $s_hidden_fields .= '<input type="hidden" name="interests" value="' . str_replace("\"", "&quot;", $interests) . '" />';
914 $s_hidden_fields .= '<input type="hidden" name="signature" value="' . str_replace("\"", "&quot;", $signature) . '" />';
915 $s_hidden_fields .= '<input type="hidden" name="viewemail" value="' . $viewemail . '" />';
916 $s_hidden_fields .= '<input type="hidden" name="notifypm" value="' . $notifypm . '" />';
917 $s_hidden_fields .= '<input type="hidden" name="popup_pm" value="' . $popuppm . '" />';
918 $s_hidden_fields .= '<input type="hidden" name="notifyreply" value="' . $notifyreply . '" />';
919 $s_hidden_fields .= '<input type="hidden" name="attachsig" value="' . $attachsig . '" />';
920 $s_hidden_fields .= '<input type="hidden" name="allowhtml" value="' . $allowhtml . '" />';
921 $s_hidden_fields .= '<input type="hidden" name="allowbbcode" value="' . $allowbbcode . '" />';
922 $s_hidden_fields .= '<input type="hidden" name="allowsmilies" value="' . $allowsmilies . '" />';
923 $s_hidden_fields .= '<input type="hidden" name="hideonline" value="' . !$allowviewonline . '" />';
924 $s_hidden_fields .= '<input type="hidden" name="style" value="' . $user_style . '" />';
925 $s_hidden_fields .= '<input type="hidden" name="language" value="' . $user_lang . '" />';
926 $s_hidden_fields .= '<input type="hidden" name="timezone" value="' . $user_timezone . '" />';
927 $s_hidden_fields .= '<input type="hidden" name="dateformat" value="' . str_replace("\"", "&quot;", $user_dateformat) . '" />';
928  
929 $s_hidden_fields .= '<input type="hidden" name="user_status" value="' . $user_status . '" />';
930 $s_hidden_fields .= '<input type="hidden" name="user_allowpm" value="' . $user_allowpm . '" />';
931 $s_hidden_fields .= '<input type="hidden" name="user_allowavatar" value="' . $user_allowavatar . '" />';
932 $s_hidden_fields .= '<input type="hidden" name="user_rank" value="' . $user_rank . '" />';
933  
934 $template->assign_vars(array(
935 "L_USER_TITLE" => $lang['User_admin'],
936 "L_USER_EXPLAIN" => $lang['User_admin_explain'],
937 "L_AVATAR_GALLERY" => $lang['Avatar_gallery'],
938 "L_SELECT_AVATAR" => $lang['Select_avatar'],
939 "L_RETURN_PROFILE" => $lang['Return_profile'],
940 "L_CATEGORY" => $lang['Select_category'],
941 "L_GO" => $lang['Go'],
942  
943 "S_OPTIONS_CATEGORIES" => $s_categories,
944 "S_COLSPAN" => $s_colspan,
945 "S_PROFILE_ACTION" => append_sid("admin_users.$phpEx?mode=$mode"),
946 "S_HIDDEN_FIELDS" => $s_hidden_fields)
947 );
948 }
949 }
950 else
951 {
952 $s_hidden_fields = '<input type="hidden" name="mode" value="save" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
953 $s_hidden_fields .= '<input type="hidden" name="id" value="' . $this_userdata['user_id'] . '" />';
954  
955 if( !empty($user_avatar_local) )
956 {
957 $s_hidden_fields .= '<input type="hidden" name="avatarlocal" value="' . $user_avatar_local . '" /><input type="hidden" name="avatarcatname" value="' . $user_avatar_category . '" />';
958 }
959  
960 if( $user_avatar_type )
961 {
962 switch( $user_avatar_type )
963 {
964 case USER_AVATAR_UPLOAD:
965 $avatar = '<img src="../' . $board_config['avatar_path'] . '/' . $user_avatar . '" alt="" />';
966 break;
967 case USER_AVATAR_REMOTE:
968 $avatar = '<img src="' . $user_avatar . '" alt="" />';
969 break;
970 case USER_AVATAR_GALLERY:
971 $avatar = '<img src="../' . $board_config['avatar_gallery_path'] . '/' . $user_avatar . '" alt="" />';
972 break;
973 }
974 }
975 else
976 {
977 $avatar = "";
978 }
979  
980 $sql = "SELECT * FROM " . RANKS_TABLE . "
981 WHERE rank_special = 1
982 ORDER BY rank_title";
983 if ( !($result = $db->sql_query($sql)) )
984 {
985 message_die(GENERAL_ERROR, 'Could not obtain ranks data', '', __LINE__, __FILE__, $sql);
986 }
987  
988 $rank_select_box = '<option value="0">' . $lang['No_assigned_rank'] . '</option>';
989 while( $row = $db->sql_fetchrow($result) )
990 {
991 $rank = $row['rank_title'];
992 $rank_id = $row['rank_id'];
993  
994 $selected = ( $this_userdata['user_rank'] == $rank_id ) ? ' selected="selected"' : '';
995 $rank_select_box .= '<option value="' . $rank_id . '"' . $selected . '>' . $rank . '</option>';
996 }
997  
998 $template->set_filenames(array(
999 "body" => "admin/user_edit_body.tpl")
1000 );
1001  
1002 //
1003 // Let's do an overall check for settings/versions which would prevent
1004 // us from doing file uploads....
1005 //
1006 $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
1007 $form_enctype = ( !@$ini_val('file_uploads') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
1008  
1009 $template->assign_vars(array(
1010 'USERNAME' => $username,
1011 'EMAIL' => $email,
1012 'YIM' => $yim,
1013 'ICQ' => $icq,
1014 'MSN' => $msn,
1015 'AIM' => $aim,
1016 'OCCUPATION' => $occupation,
1017 'INTERESTS' => $interests,
1018 'LOCATION' => $location,
1019 'WEBSITE' => $website,
1020 'SIGNATURE' => str_replace('<br />', "\n", $signature),
1021 'VIEW_EMAIL_YES' => ($viewemail) ? 'checked="checked"' : '',
1022 'VIEW_EMAIL_NO' => (!$viewemail) ? 'checked="checked"' : '',
1023 'HIDE_USER_YES' => (!$allowviewonline) ? 'checked="checked"' : '',
1024 'HIDE_USER_NO' => ($allowviewonline) ? 'checked="checked"' : '',
1025 'NOTIFY_PM_YES' => ($notifypm) ? 'checked="checked"' : '',
1026 'NOTIFY_PM_NO' => (!$notifypm) ? 'checked="checked"' : '',
1027 'POPUP_PM_YES' => ($popuppm) ? 'checked="checked"' : '',
1028 'POPUP_PM_NO' => (!$popuppm) ? 'checked="checked"' : '',
1029 'ALWAYS_ADD_SIGNATURE_YES' => ($attachsig) ? 'checked="checked"' : '',
1030 'ALWAYS_ADD_SIGNATURE_NO' => (!$attachsig) ? 'checked="checked"' : '',
1031 'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '',
1032 'NOTIFY_REPLY_NO' => ( !$notifyreply ) ? 'checked="checked"' : '',
1033 'ALWAYS_ALLOW_BBCODE_YES' => ($allowbbcode) ? 'checked="checked"' : '',
1034 'ALWAYS_ALLOW_BBCODE_NO' => (!$allowbbcode) ? 'checked="checked"' : '',
1035 'ALWAYS_ALLOW_HTML_YES' => ($allowhtml) ? 'checked="checked"' : '',
1036 'ALWAYS_ALLOW_HTML_NO' => (!$allowhtml) ? 'checked="checked"' : '',
1037 'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '',
1038 'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '',
1039 'AVATAR' => $avatar,
1040 'LANGUAGE_SELECT' => language_select($user_lang),
1041 'TIMEZONE_SELECT' => tz_select($user_timezone),
1042 'STYLE_SELECT' => style_select($user_style, 'style'),
1043 'DATE_FORMAT' => $user_dateformat,
1044 'ALLOW_PM_YES' => ($user_allowpm) ? 'checked="checked"' : '',
1045 'ALLOW_PM_NO' => (!$user_allowpm) ? 'checked="checked"' : '',
1046 'ALLOW_AVATAR_YES' => ($user_allowavatar) ? 'checked="checked"' : '',
1047 'ALLOW_AVATAR_NO' => (!$user_allowavatar) ? 'checked="checked"' : '',
1048 'USER_ACTIVE_YES' => ($user_status) ? 'checked="checked"' : '',
1049 'USER_ACTIVE_NO' => (!$user_status) ? 'checked="checked"' : '',
1050 'RANK_SELECT_BOX' => $rank_select_box,
1051  
1052 'L_USERNAME' => $lang['Username'],
1053 'L_USER_TITLE' => $lang['User_admin'],
1054 'L_USER_EXPLAIN' => $lang['User_admin_explain'],
1055 'L_NEW_PASSWORD' => $lang['New_password'],
1056 'L_PASSWORD_IF_CHANGED' => $lang['password_if_changed'],
1057 'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
1058 'L_PASSWORD_CONFIRM_IF_CHANGED' => $lang['password_confirm_if_changed'],
1059 'L_SUBMIT' => $lang['Submit'],
1060 'L_RESET' => $lang['Reset'],
1061 'L_ICQ_NUMBER' => $lang['ICQ'],
1062 'L_MESSENGER' => $lang['MSNM'],
1063 'L_YAHOO' => $lang['YIM'],
1064 'L_WEBSITE' => $lang['Website'],
1065 'L_AIM' => $lang['AIM'],
1066 'L_LOCATION' => $lang['Location'],
1067 'L_OCCUPATION' => $lang['Occupation'],
1068 'L_BOARD_LANGUAGE' => $lang['Board_lang'],
1069 'L_BOARD_STYLE' => $lang['Board_style'],
1070 'L_TIMEZONE' => $lang['Timezone'],
1071 'L_DATE_FORMAT' => $lang['Date_format'],
1072 'L_DATE_FORMAT_EXPLAIN' => $lang['Date_format_explain'],
1073 'L_YES' => $lang['Yes'],
1074 'L_NO' => $lang['No'],
1075 'L_INTERESTS' => $lang['Interests'],
1076 'L_ALWAYS_ALLOW_SMILIES' => $lang['Always_smile'],
1077 'L_ALWAYS_ALLOW_BBCODE' => $lang['Always_bbcode'],
1078 'L_ALWAYS_ALLOW_HTML' => $lang['Always_html'],
1079 'L_HIDE_USER' => $lang['Hide_user'],
1080 'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'],
1081  
1082 'L_SPECIAL' => $lang['User_special'],
1083 'L_SPECIAL_EXPLAIN' => $lang['User_special_explain'],
1084 'L_USER_ACTIVE' => $lang['User_status'],
1085 'L_ALLOW_PM' => $lang['User_allowpm'],
1086 'L_ALLOW_AVATAR' => $lang['User_allowavatar'],
1087  
1088 'L_AVATAR_PANEL' => $lang['Avatar_panel'],
1089 'L_AVATAR_EXPLAIN' => $lang['Admin_avatar_explain'],
1090 'L_DELETE_AVATAR' => $lang['Delete_Image'],
1091 'L_CURRENT_IMAGE' => $lang['Current_Image'],
1092 'L_UPLOAD_AVATAR_FILE' => $lang['Upload_Avatar_file'],
1093 'L_UPLOAD_AVATAR_URL' => $lang['Upload_Avatar_URL'],
1094 'L_AVATAR_GALLERY' => $lang['Select_from_gallery'],
1095 'L_SHOW_GALLERY' => $lang['View_avatar_gallery'],
1096 'L_LINK_REMOTE_AVATAR' => $lang['Link_remote_Avatar'],
1097  
1098 'L_SIGNATURE' => $lang['Signature'],
1099 'L_SIGNATURE_EXPLAIN' => sprintf($lang['Signature_explain'], $board_config['max_sig_chars'] ),
1100 'L_NOTIFY_ON_PRIVMSG' => $lang['Notify_on_privmsg'],
1101 'L_NOTIFY_ON_REPLY' => $lang['Always_notify'],
1102 'L_POPUP_ON_PRIVMSG' => $lang['Popup_on_privmsg'],
1103 'L_PREFERENCES' => $lang['Preferences'],
1104 'L_PUBLIC_VIEW_EMAIL' => $lang['Public_view_email'],
1105 'L_ITEMS_REQUIRED' => $lang['Items_required'],
1106 'L_REGISTRATION_INFO' => $lang['Registration_info'],
1107 'L_PROFILE_INFO' => $lang['Profile_info'],
1108 'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'],
1109 'L_EMAIL_ADDRESS' => $lang['Email_address'],
1110 'S_FORM_ENCTYPE' => $form_enctype,
1111  
1112 'HTML_STATUS' => $html_status,
1113 'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="../' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
1114 'SMILIES_STATUS' => $smilies_status,
1115  
1116 'L_DELETE_USER' => $lang['User_delete'],
1117 'L_DELETE_USER_EXPLAIN' => $lang['User_delete_explain'],
1118 'L_SELECT_RANK' => $lang['Rank_title'],
1119  
1120 'S_HIDDEN_FIELDS' => $s_hidden_fields,
1121 'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx"))
1122 );
1123  
1124 if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) )
1125 {
1126 if ( $form_enctype != '' )
1127 {
1128 $template->assign_block_vars('avatar_local_upload', array() );
1129 }
1130 $template->assign_block_vars('avatar_remote_upload', array() );
1131 }
1132  
1133 if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) )
1134 {
1135 $template->assign_block_vars('avatar_local_gallery', array() );
1136 }
1137  
1138 if( $board_config['allow_avatar_remote'] == TRUE )
1139 {
1140 $template->assign_block_vars('avatar_remote_link', array() );
1141 }
1142 }
1143  
1144 $template->pparse('body');
1145 }
1146 else
1147 {
1148 //
1149 // Default user selection box
1150 //
1151 $template->set_filenames(array(
1152 'body' => 'admin/user_select_body.tpl')
1153 );
1154  
1155 $template->assign_vars(array(
1156 'L_USER_TITLE' => $lang['User_admin'],
1157 'L_USER_EXPLAIN' => $lang['User_admin_explain'],
1158 'L_USER_SELECT' => $lang['Select_a_User'],
1159 'L_LOOK_UP' => $lang['Look_up_user'],
1160 'L_FIND_USERNAME' => $lang['Find_username'],
1161  
1162 'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"),
1163  
1164 'S_USER_ACTION' => append_sid("admin_users.$phpEx"),
1165 'S_USER_SELECT' => $select_list)
1166 );
1167 $template->pparse('body');
1168  
1169 }
1170  
1171 include('./page_footer_admin.'.$phpEx);
1172  
1173 ?>