Profile-Actions.php 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927
  1. <?php
  2. /**
  3. * This file handles actions made on a user's profile.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2012 Simple Machines Forum contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. /**
  17. * Activate an account.
  18. *
  19. * @param int $memID the member ID
  20. */
  21. function activateAccount($memID)
  22. {
  23. global $sourcedir, $context, $user_profile, $modSettings, $user_info;
  24. isAllowedTo('moderate_forum');
  25. if (isset($_REQUEST['save']) && isset($user_profile[$memID]['is_activated']) && $user_profile[$memID]['is_activated'] != 1)
  26. {
  27. // If we are approving the deletion of an account, we do something special ;)
  28. if ($user_profile[$memID]['is_activated'] == 4)
  29. {
  30. require_once($sourcedir . '/Subs-Members.php');
  31. deleteMembers($context['id_member']);
  32. redirectexit();
  33. }
  34. // Let the integrations know of the activation.
  35. call_integration_hook('integrate_activate', array($user_profile[$memID]['member_name']));
  36. // Actually update this member now, as it guarantees the unapproved count can't get corrupted.
  37. updateMemberData($context['id_member'], array('is_activated' => $user_profile[$memID]['is_activated'] >= 10 ? 11 : 1, 'validation_code' => ''));
  38. // Log what we did?
  39. require_once($sourcedir . '/Logging.php');
  40. logAction('approve_member', array('member' => $memID), 'admin');
  41. // If we are doing approval, update the stats for the member just in case.
  42. if (in_array($user_profile[$memID]['is_activated'], array(3, 4, 13, 14)))
  43. updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0)));
  44. // Make sure we update the stats too.
  45. updateStats('member', false);
  46. }
  47. // Leave it be...
  48. redirectexit('action=profile;u=' . $memID . ';area=summary');
  49. }
  50. /**
  51. * Issue/manage an user's warning status.
  52. *
  53. * @param int $memID
  54. */
  55. function issueWarning($memID)
  56. {
  57. global $txt, $scripturl, $modSettings, $user_info, $mbname;
  58. global $context, $cur_profile, $memberContext, $smcFunc, $sourcedir;
  59. // Get all the actual settings.
  60. list ($modSettings['warning_enable'], $modSettings['user_limit']) = explode(',', $modSettings['warning_settings']);
  61. // This stores any legitimate errors.
  62. $issueErrors = array();
  63. // Doesn't hurt to be overly cautious.
  64. if (empty($modSettings['warning_enable']) || ($context['user']['is_owner'] && !$cur_profile['warning']) || !allowedTo('issue_warning'))
  65. fatal_lang_error('no_access', false);
  66. // Get the base (errors related) stuff done.
  67. loadLanguage('Errors');
  68. $context['custom_error_title'] = $txt['profile_warning_errors_occured'];
  69. // Make sure things which are disabled stay disabled.
  70. $modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110;
  71. $modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110;
  72. $modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110;
  73. $context['warning_limit'] = allowedTo('admin_forum') ? 0 : $modSettings['user_limit'];
  74. $context['member']['warning'] = $cur_profile['warning'];
  75. $context['member']['name'] = $cur_profile['real_name'];
  76. // What are the limits we can apply?
  77. $context['min_allowed'] = 0;
  78. $context['max_allowed'] = 100;
  79. if ($context['warning_limit'] > 0)
  80. {
  81. // Make sure we cannot go outside of our limit for the day.
  82. $request = $smcFunc['db_query']('', '
  83. SELECT SUM(counter)
  84. FROM {db_prefix}log_comments
  85. WHERE id_recipient = {int:selected_member}
  86. AND id_member = {int:current_member}
  87. AND comment_type = {string:warning}
  88. AND log_time > {int:day_time_period}',
  89. array(
  90. 'current_member' => $user_info['id'],
  91. 'selected_member' => $memID,
  92. 'day_time_period' => time() - 86400,
  93. 'warning' => 'warning',
  94. )
  95. );
  96. list ($current_applied) = $smcFunc['db_fetch_row']($request);
  97. $smcFunc['db_free_result']($request);
  98. $context['min_allowed'] = max(0, $cur_profile['warning'] - $current_applied - $context['warning_limit']);
  99. $context['max_allowed'] = min(100, $cur_profile['warning'] - $current_applied + $context['warning_limit']);
  100. }
  101. // Defaults.
  102. $context['warning_data'] = array(
  103. 'reason' => '',
  104. 'notify' => '',
  105. 'notify_subject' => '',
  106. 'notify_body' => '',
  107. );
  108. // Are we saving?
  109. if (isset($_POST['save']))
  110. {
  111. // Security is good here.
  112. checkSession('post');
  113. // This cannot be empty!
  114. $_POST['warn_reason'] = isset($_POST['warn_reason']) ? trim($_POST['warn_reason']) : '';
  115. if ($_POST['warn_reason'] == '' && !$context['user']['is_owner'])
  116. $issueErrors[] = 'warning_no_reason';
  117. $_POST['warn_reason'] = $smcFunc['htmlspecialchars']($_POST['warn_reason']);
  118. // If the value hasn't changed it's either no JS or a real no change (Which this will pass)
  119. if ($_POST['warning_level'] == 'SAME')
  120. $_POST['warning_level'] = $_POST['warning_level_nojs'];
  121. $_POST['warning_level'] = (int) $_POST['warning_level'];
  122. $_POST['warning_level'] = max(0, min(100, $_POST['warning_level']));
  123. if ($_POST['warning_level'] < $context['min_allowed'])
  124. $_POST['warning_level'] = $context['min_allowed'];
  125. elseif ($_POST['warning_level'] > $context['max_allowed'])
  126. $_POST['warning_level'] = $context['max_allowed'];
  127. // Do we actually have to issue them with a PM?
  128. $id_notice = 0;
  129. if (!empty($_POST['warn_notify']) && empty($issueErrors))
  130. {
  131. $_POST['warn_sub'] = trim($_POST['warn_sub']);
  132. $_POST['warn_body'] = trim($_POST['warn_body']);
  133. if (empty($_POST['warn_sub']) || empty($_POST['warn_body']))
  134. $issueErrors[] = 'warning_notify_blank';
  135. // Send the PM?
  136. else
  137. {
  138. require_once($sourcedir . '/Subs-Post.php');
  139. $from = array(
  140. 'id' => 0,
  141. 'name' => $context['forum_name'],
  142. 'username' => $context['forum_name'],
  143. );
  144. sendpm(array('to' => array($memID), 'bcc' => array()), $_POST['warn_sub'], $_POST['warn_body'], false, $from);
  145. // Log the notice!
  146. $smcFunc['db_insert']('',
  147. '{db_prefix}log_member_notices',
  148. array(
  149. 'subject' => 'string-255', 'body' => 'string-65534',
  150. ),
  151. array(
  152. $smcFunc['htmlspecialchars']($_POST['warn_sub']), $smcFunc['htmlspecialchars']($_POST['warn_body']),
  153. ),
  154. array('id_notice')
  155. );
  156. $id_notice = $smcFunc['db_insert_id']('{db_prefix}log_member_notices', 'id_notice');
  157. }
  158. }
  159. // Just in case - make sure notice is valid!
  160. $id_notice = (int) $id_notice;
  161. // What have we changed?
  162. $level_change = $_POST['warning_level'] - $cur_profile['warning'];
  163. // No errors? Proceed! Only log if you're not the owner.
  164. if (empty($issueErrors))
  165. {
  166. // Log what we've done!
  167. if (!$context['user']['is_owner'])
  168. $smcFunc['db_insert']('',
  169. '{db_prefix}log_comments',
  170. array(
  171. 'id_member' => 'int', 'member_name' => 'string', 'comment_type' => 'string', 'id_recipient' => 'int', 'recipient_name' => 'string-255',
  172. 'log_time' => 'int', 'id_notice' => 'int', 'counter' => 'int', 'body' => 'string-65534',
  173. ),
  174. array(
  175. $user_info['id'], $user_info['name'], 'warning', $memID, $cur_profile['real_name'],
  176. time(), $id_notice, $level_change, $_POST['warn_reason'],
  177. ),
  178. array('id_comment')
  179. );
  180. // Make the change.
  181. updateMemberData($memID, array('warning' => $_POST['warning_level']));
  182. // Leave a lovely message.
  183. $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : $txt['profile_warning_success'];
  184. }
  185. else
  186. {
  187. // Try to remember some bits.
  188. $context['warning_data'] = array(
  189. 'reason' => $_POST['warn_reason'],
  190. 'notify' => !empty($_POST['warn_notify']),
  191. 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '',
  192. 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '',
  193. );
  194. }
  195. // Show the new improved warning level.
  196. $context['member']['warning'] = $_POST['warning_level'];
  197. }
  198. if (isset($_POST['preview']))
  199. {
  200. $warning_body = !empty($_POST['warn_body']) ? trim(censorText($_POST['warn_body'])) : '';
  201. $context['preview_subject'] = !empty($_POST['warn_sub']) ? trim($smcFunc['htmlspecialchars']($_POST['warn_sub'])) : '';
  202. if (empty($_POST['warn_sub']) || empty($_POST['warn_body']))
  203. $issueErrors[] = 'warning_notify_blank';
  204. if (!empty($_POST['warn_body']))
  205. {
  206. require_once($sourcedir . '/Subs-Post.php');
  207. preparsecode($warning_body);
  208. $warning_body = parse_bbc($warning_body, true);
  209. }
  210. // Try to remember some bits.
  211. $context['warning_data'] = array(
  212. 'reason' => $_POST['warn_reason'],
  213. 'notify' => !empty($_POST['warn_notify']),
  214. 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '',
  215. 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '',
  216. 'body_preview' => $warning_body,
  217. );
  218. // print_r($context['warning_data']);die();
  219. }
  220. if (!empty($issueErrors))
  221. {
  222. // Fill in the suite of errors.
  223. $context['post_errors'] = array();
  224. foreach ($issueErrors as $error)
  225. $context['post_errors'][] = $txt[$error];
  226. }
  227. $context['page_title'] = $txt['profile_issue_warning'];
  228. // Let's use a generic list to get all the current warnings
  229. require_once($sourcedir . '/Subs-List.php');
  230. // Work our the various levels.
  231. $context['level_effects'] = array(
  232. 0 => $txt['profile_warning_effect_none'],
  233. $modSettings['warning_watch'] => $txt['profile_warning_effect_watch'],
  234. $modSettings['warning_moderate'] => $txt['profile_warning_effect_moderation'],
  235. $modSettings['warning_mute'] => $txt['profile_warning_effect_mute'],
  236. );
  237. $context['current_level'] = 0;
  238. foreach ($context['level_effects'] as $limit => $dummy)
  239. if ($context['member']['warning'] >= $limit)
  240. $context['current_level'] = $limit;
  241. $listOptions = array(
  242. 'id' => 'view_warnings',
  243. 'title' => $txt['profile_viewwarning_previous_warnings'],
  244. 'items_per_page' => $modSettings['defaultMaxMessages'],
  245. 'no_items_label' => $txt['profile_viewwarning_no_warnings'],
  246. 'base_href' => $scripturl . '?action=profile;area=issuewarning;sa=user;u=' . $memID,
  247. 'default_sort_col' => 'log_time',
  248. 'get_items' => array(
  249. 'function' => 'list_getUserWarnings',
  250. 'params' => array(
  251. $memID,
  252. ),
  253. ),
  254. 'get_count' => array(
  255. 'function' => 'list_getUserWarningCount',
  256. 'params' => array(
  257. $memID,
  258. ),
  259. ),
  260. 'columns' => array(
  261. 'issued_by' => array(
  262. 'header' => array(
  263. 'value' => $txt['profile_warning_previous_issued'],
  264. 'style' => 'width: 20%;',
  265. ),
  266. 'data' => array(
  267. 'function' => create_function('$warning', '
  268. return $warning[\'issuer\'][\'link\'];
  269. '
  270. ),
  271. ),
  272. 'sort' => array(
  273. 'default' => 'lc.member_name DESC',
  274. 'reverse' => 'lc.member_name',
  275. ),
  276. ),
  277. 'log_time' => array(
  278. 'header' => array(
  279. 'value' => $txt['profile_warning_previous_time'],
  280. 'style' => 'width: 30%;',
  281. ),
  282. 'data' => array(
  283. 'db' => 'time',
  284. ),
  285. 'sort' => array(
  286. 'default' => 'lc.log_time DESC',
  287. 'reverse' => 'lc.log_time',
  288. ),
  289. ),
  290. 'reason' => array(
  291. 'header' => array(
  292. 'value' => $txt['profile_warning_previous_reason'],
  293. ),
  294. 'data' => array(
  295. 'function' => create_function('$warning', '
  296. global $scripturl, $txt, $settings;
  297. $ret = \'
  298. <div class="floatleft">
  299. \' . $warning[\'reason\'] . \'
  300. </div>\';
  301. if (!empty($warning[\'id_notice\']))
  302. $ret .= \'
  303. <div class="floatright">
  304. <a href="\' . $scripturl . \'?action=moderate;area=notice;nid=\' . $warning[\'id_notice\'] . \'" onclick="window.open(this.href, \\\'\\\', \\\'scrollbars=yes,resizable=yes,width=400,height=250\\\');return false;" target="_blank" class="new_win" title="\' . $txt[\'profile_warning_previous_notice\'] . \'"><img src="\' . $settings[\'images_url\'] . \'/filter.png" alt="" /></a>
  305. </div>\';
  306. return $ret;'),
  307. ),
  308. ),
  309. 'level' => array(
  310. 'header' => array(
  311. 'value' => $txt['profile_warning_previous_level'],
  312. 'style' => 'width: 6%;',
  313. ),
  314. 'data' => array(
  315. 'db' => 'counter',
  316. ),
  317. 'sort' => array(
  318. 'default' => 'lc.counter DESC',
  319. 'reverse' => 'lc.counter',
  320. ),
  321. ),
  322. ),
  323. );
  324. // Create the list for viewing.
  325. require_once($sourcedir . '/Subs-List.php');
  326. createList($listOptions);
  327. // Are they warning because of a message?
  328. if (isset($_REQUEST['msg']) && 0 < (int) $_REQUEST['msg'])
  329. {
  330. $request = $smcFunc['db_query']('', '
  331. SELECT subject
  332. FROM {db_prefix}messages AS m
  333. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
  334. WHERE id_msg = {int:message}
  335. AND {query_see_board}
  336. LIMIT 1',
  337. array(
  338. 'message' => (int) $_REQUEST['msg'],
  339. )
  340. );
  341. if ($smcFunc['db_num_rows']($request) != 0)
  342. {
  343. $context['warning_for_message'] = (int) $_REQUEST['msg'];
  344. list ($context['warned_message_subject']) = $smcFunc['db_fetch_row']($request);
  345. }
  346. $smcFunc['db_free_result']($request);
  347. }
  348. // Didn't find the message?
  349. if (empty($context['warning_for_message']))
  350. {
  351. $context['warning_for_message'] = 0;
  352. $context['warned_message_subject'] = '';
  353. }
  354. // Any custom templates?
  355. $context['notification_templates'] = array();
  356. $request = $smcFunc['db_query']('', '
  357. SELECT recipient_name AS template_title, body
  358. FROM {db_prefix}log_comments
  359. WHERE comment_type = {string:warntpl}
  360. AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})',
  361. array(
  362. 'warntpl' => 'warntpl',
  363. 'generic' => 0,
  364. 'current_member' => $user_info['id'],
  365. )
  366. );
  367. while ($row = $smcFunc['db_fetch_assoc']($request))
  368. {
  369. // If we're not warning for a message skip any that are.
  370. if (!$context['warning_for_message'] && strpos($row['body'], '{MESSAGE}') !== false)
  371. continue;
  372. $context['notification_templates'][] = array(
  373. 'title' => $row['template_title'],
  374. 'body' => $row['body'],
  375. );
  376. }
  377. $smcFunc['db_free_result']($request);
  378. // Setup the "default" templates.
  379. foreach (array('spamming', 'offence', 'insulting') as $type)
  380. $context['notification_templates'][] = array(
  381. 'title' => $txt['profile_warning_notify_title_' . $type],
  382. 'body' => sprintf($txt['profile_warning_notify_template_outline' . (!empty($context['warning_for_message']) ? '_post' : '')], $txt['profile_warning_notify_for_' . $type]),
  383. );
  384. // Replace all the common variables in the templates.
  385. foreach ($context['notification_templates'] as $k => $name)
  386. $context['notification_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($context['member']['name']), '{MESSAGE}' => '[url=' . $scripturl . '?msg=' . $context['warning_for_message'] . ']' . un_htmlspecialchars($context['warned_message_subject']) . '[/url]', '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => $txt['regards_team']));
  387. }
  388. /**
  389. * Get the number of warnings a user has.
  390. *
  391. * @param int $memID
  392. * @return int Total number of warnings for the user
  393. */
  394. function list_getUserWarningCount($memID)
  395. {
  396. global $smcFunc;
  397. $request = $smcFunc['db_query']('', '
  398. SELECT COUNT(*)
  399. FROM {db_prefix}log_comments
  400. WHERE id_recipient = {int:selected_member}
  401. AND comment_type = {string:warning}',
  402. array(
  403. 'selected_member' => $memID,
  404. 'warning' => 'warning',
  405. )
  406. );
  407. list ($total_warnings) = $smcFunc['db_fetch_row']($request);
  408. $smcFunc['db_free_result']($request);
  409. return $total_warnings;
  410. }
  411. /**
  412. * Get the data about a users warnings.
  413. *
  414. * @param int $start
  415. * @param int $items_per_page
  416. * @param string $sort
  417. * @param int $memID the member ID
  418. * @return array the preview warnings
  419. */
  420. function list_getUserWarnings($start, $items_per_page, $sort, $memID)
  421. {
  422. global $smcFunc, $scripturl;
  423. $request = $smcFunc['db_query']('', '
  424. SELECT IFNULL(mem.id_member, 0) AS id_member, IFNULL(mem.real_name, lc.member_name) AS member_name,
  425. lc.log_time, lc.body, lc.counter, lc.id_notice
  426. FROM {db_prefix}log_comments AS lc
  427. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lc.id_member)
  428. WHERE lc.id_recipient = {int:selected_member}
  429. AND lc.comment_type = {string:warning}
  430. ORDER BY ' . $sort . '
  431. LIMIT ' . $start . ', ' . $items_per_page,
  432. array(
  433. 'selected_member' => $memID,
  434. 'warning' => 'warning',
  435. )
  436. );
  437. $previous_warnings = array();
  438. while ($row = $smcFunc['db_fetch_assoc']($request))
  439. {
  440. $previous_warnings[] = array(
  441. 'issuer' => array(
  442. 'id' => $row['id_member'],
  443. 'link' => $row['id_member'] ? ('<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['member_name'] . '</a>') : $row['member_name'],
  444. ),
  445. 'time' => timeformat($row['log_time']),
  446. 'reason' => $row['body'],
  447. 'counter' => $row['counter'] > 0 ? '+' . $row['counter'] : $row['counter'],
  448. 'id_notice' => $row['id_notice'],
  449. );
  450. }
  451. $smcFunc['db_free_result']($request);
  452. return $previous_warnings;
  453. }
  454. /**
  455. * Present a screen to make sure the user wants to be deleted
  456. *
  457. * @param int $memID the member ID
  458. */
  459. function deleteAccount($memID)
  460. {
  461. global $txt, $context, $user_info, $modSettings, $cur_profile, $smcFunc;
  462. if (!$context['user']['is_owner'])
  463. isAllowedTo('profile_remove_any');
  464. elseif (!allowedTo('profile_remove_any'))
  465. isAllowedTo('profile_remove_own');
  466. // Permissions for removing stuff...
  467. $context['can_delete_posts'] = !$context['user']['is_owner'] && allowedTo('moderate_forum');
  468. // Can they do this, or will they need approval?
  469. $context['needs_approval'] = $context['user']['is_owner'] && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum');
  470. $context['page_title'] = $txt['deleteAccount'] . ': ' . $cur_profile['real_name'];
  471. }
  472. /**
  473. * Actually delete an account.
  474. *
  475. * @param int $memID the member ID
  476. */
  477. function deleteAccount2($memID)
  478. {
  479. global $user_info, $sourcedir, $context, $cur_profile, $modSettings, $smcFunc;
  480. // Try get more time...
  481. @set_time_limit(600);
  482. // @todo Add a way to delete pms as well?
  483. if (!$context['user']['is_owner'])
  484. isAllowedTo('profile_remove_any');
  485. elseif (!allowedTo('profile_remove_any'))
  486. isAllowedTo('profile_remove_own');
  487. checkSession();
  488. $old_profile = &$cur_profile;
  489. // Too often, people remove/delete their own only account.
  490. if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1)
  491. {
  492. // Are you allowed to administrate the forum, as they are?
  493. isAllowedTo('admin_forum');
  494. $request = $smcFunc['db_query']('', '
  495. SELECT id_member
  496. FROM {db_prefix}members
  497. WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
  498. AND id_member != {int:selected_member}
  499. LIMIT 1',
  500. array(
  501. 'admin_group' => 1,
  502. 'selected_member' => $memID,
  503. )
  504. );
  505. list ($another) = $smcFunc['db_fetch_row']($request);
  506. $smcFunc['db_free_result']($request);
  507. if (empty($another))
  508. fatal_lang_error('at_least_one_admin', 'critical');
  509. }
  510. // This file is needed for the deleteMembers function.
  511. require_once($sourcedir . '/Subs-Members.php');
  512. // Do you have permission to delete others profiles, or is that your profile you wanna delete?
  513. if ($memID != $user_info['id'])
  514. {
  515. isAllowedTo('profile_remove_any');
  516. // Now, have you been naughty and need your posts deleting?
  517. // @todo Should this check board permissions?
  518. if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum'))
  519. {
  520. // Include RemoveTopics - essential for this type of work!
  521. require_once($sourcedir . '/RemoveTopic.php');
  522. // First off we delete any topics the member has started - if they wanted topics being done.
  523. if ($_POST['remove_type'] == 'topics')
  524. {
  525. // Fetch all topics started by this user within the time period.
  526. $request = $smcFunc['db_query']('', '
  527. SELECT t.id_topic
  528. FROM {db_prefix}topics AS t
  529. WHERE t.id_member_started = {int:selected_member}',
  530. array(
  531. 'selected_member' => $memID,
  532. )
  533. );
  534. $topicIDs = array();
  535. while ($row = $smcFunc['db_fetch_assoc']($request))
  536. $topicIDs[] = $row['id_topic'];
  537. $smcFunc['db_free_result']($request);
  538. // Actually remove the topics.
  539. // @todo This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had.
  540. removeTopics($topicIDs);
  541. }
  542. // Now delete the remaining messages.
  543. $request = $smcFunc['db_query']('', '
  544. SELECT m.id_msg
  545. FROM {db_prefix}messages AS m
  546. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic
  547. AND t.id_first_msg != m.id_msg)
  548. WHERE m.id_member = {int:selected_member}',
  549. array(
  550. 'selected_member' => $memID,
  551. )
  552. );
  553. // This could take a while... but ya know it's gonna be worth it in the end.
  554. while ($row = $smcFunc['db_fetch_assoc']($request))
  555. {
  556. if (function_exists('apache_reset_timeout'))
  557. @apache_reset_timeout();
  558. removeMessage($row['id_msg']);
  559. }
  560. $smcFunc['db_free_result']($request);
  561. }
  562. // Only delete this poor members account if they are actually being booted out of camp.
  563. if (isset($_POST['deleteAccount']))
  564. deleteMembers($memID);
  565. }
  566. // Do they need approval to delete?
  567. elseif (!empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum'))
  568. {
  569. // Setup their account for deletion ;)
  570. updateMemberData($memID, array('is_activated' => 4));
  571. // Another account needs approval...
  572. updateSettings(array('unapprovedMembers' => true), true);
  573. }
  574. // Also check if you typed your password correctly.
  575. else
  576. {
  577. deleteMembers($memID);
  578. require_once($sourcedir . '/LogInOut.php');
  579. LogOut(true);
  580. redirectexit();
  581. }
  582. }
  583. /**
  584. * Function for doing all the paid subscription stuff - kinda.
  585. *
  586. * @param int $memID
  587. */
  588. function subscriptions($memID)
  589. {
  590. global $context, $txt, $sourcedir, $modSettings, $smcFunc, $scripturl;
  591. // Load the paid template anyway.
  592. loadTemplate('ManagePaid');
  593. loadLanguage('ManagePaid');
  594. // Load all of the subscriptions.
  595. require_once($sourcedir . '/ManagePaid.php');
  596. loadSubscriptions();
  597. $context['member']['id'] = $memID;
  598. // Remove any invalid ones.
  599. foreach ($context['subscriptions'] as $id => $sub)
  600. {
  601. // Work out the costs.
  602. $costs = @unserialize($sub['real_cost']);
  603. $cost_array = array();
  604. if ($sub['real_length'] == 'F')
  605. {
  606. foreach ($costs as $duration => $cost)
  607. {
  608. if ($cost != 0)
  609. $cost_array[$duration] = $cost;
  610. }
  611. }
  612. else
  613. {
  614. $cost_array['fixed'] = $costs['fixed'];
  615. }
  616. if (empty($cost_array))
  617. unset($context['subscriptions'][$id]);
  618. else
  619. {
  620. $context['subscriptions'][$id]['member'] = 0;
  621. $context['subscriptions'][$id]['subscribed'] = false;
  622. $context['subscriptions'][$id]['costs'] = $cost_array;
  623. }
  624. }
  625. // Work out what gateways are enabled.
  626. $gateways = loadPaymentGateways();
  627. foreach ($gateways as $id => $gateway)
  628. {
  629. $gateways[$id] = new $gateway['display_class']();
  630. if (!$gateways[$id]->gatewayEnabled())
  631. unset($gateways[$id]);
  632. }
  633. // No gateways yet?
  634. if (empty($gateways))
  635. fatal_error($txt['paid_admin_not_setup_gateway']);
  636. // Get the current subscriptions.
  637. $request = $smcFunc['db_query']('', '
  638. SELECT id_sublog, id_subscribe, start_time, end_time, status, payments_pending, pending_details
  639. FROM {db_prefix}log_subscribed
  640. WHERE id_member = {int:selected_member}',
  641. array(
  642. 'selected_member' => $memID,
  643. )
  644. );
  645. $context['current'] = array();
  646. while ($row = $smcFunc['db_fetch_assoc']($request))
  647. {
  648. // The subscription must exist!
  649. if (!isset($context['subscriptions'][$row['id_subscribe']]))
  650. continue;
  651. $context['current'][$row['id_subscribe']] = array(
  652. 'id' => $row['id_sublog'],
  653. 'sub_id' => $row['id_subscribe'],
  654. 'hide' => $row['status'] == 0 && $row['end_time'] == 0 && $row['payments_pending'] == 0,
  655. 'name' => $context['subscriptions'][$row['id_subscribe']]['name'],
  656. 'start' => timeformat($row['start_time'], false),
  657. 'end' => $row['end_time'] == 0 ? $txt['not_applicable'] : timeformat($row['end_time'], false),
  658. 'pending_details' => $row['pending_details'],
  659. 'status' => $row['status'],
  660. 'status_text' => $row['status'] == 0 ? ($row['payments_pending'] ? $txt['paid_pending'] : $txt['paid_finished']) : $txt['paid_active'],
  661. );
  662. if ($row['status'] == 1)
  663. $context['subscriptions'][$row['id_subscribe']]['subscribed'] = true;
  664. }
  665. $smcFunc['db_free_result']($request);
  666. // Simple "done"?
  667. if (isset($_GET['done']))
  668. {
  669. $_GET['sub_id'] = (int) $_GET['sub_id'];
  670. // Must exist but let's be sure...
  671. if (isset($context['current'][$_GET['sub_id']]))
  672. {
  673. // What are the details like?
  674. $current_pending = @unserialize($context['current'][$_GET['sub_id']]['pending_details']);
  675. if (!empty($current_pending))
  676. {
  677. $current_pending = array_reverse($current_pending);
  678. foreach ($current_pending as $id => $sub)
  679. {
  680. // Just find one and change it.
  681. if ($sub[0] == $_GET['sub_id'] && $sub[3] == 'prepay')
  682. {
  683. $current_pending[$id][3] = 'payback';
  684. break;
  685. }
  686. }
  687. // Save the details back.
  688. $pending_details = serialize($current_pending);
  689. $smcFunc['db_query']('', '
  690. UPDATE {db_prefix}log_subscribed
  691. SET payments_pending = payments_pending + 1, pending_details = {string:pending_details}
  692. WHERE id_sublog = {int:current_subscription_id}
  693. AND id_member = {int:selected_member}',
  694. array(
  695. 'current_subscription_id' => $context['current'][$_GET['sub_id']]['id'],
  696. 'selected_member' => $memID,
  697. 'pending_details' => $pending_details,
  698. )
  699. );
  700. }
  701. }
  702. $context['sub_template'] = 'paid_done';
  703. return;
  704. }
  705. // If this is confirmation then it's simpler...
  706. if (isset($_GET['confirm']) && isset($_POST['sub_id']) && is_array($_POST['sub_id']))
  707. {
  708. // Hopefully just one.
  709. foreach ($_POST['sub_id'] as $k => $v)
  710. $ID_SUB = (int) $k;
  711. if (!isset($context['subscriptions'][$ID_SUB]) || $context['subscriptions'][$ID_SUB]['active'] == 0)
  712. fatal_lang_error('paid_sub_not_active');
  713. // Simplify...
  714. $context['sub'] = $context['subscriptions'][$ID_SUB];
  715. $period = 'xx';
  716. if ($context['sub']['flexible'])
  717. $period = isset($_POST['cur'][$ID_SUB]) && isset($context['sub']['costs'][$_POST['cur'][$ID_SUB]]) ? $_POST['cur'][$ID_SUB] : 'xx';
  718. // Check we have a valid cost.
  719. if ($context['sub']['flexible'] && $period == 'xx')
  720. fatal_lang_error('paid_sub_not_active');
  721. // Sort out the cost/currency.
  722. $context['currency'] = $modSettings['paid_currency_code'];
  723. $context['recur'] = $context['sub']['repeatable'];
  724. if ($context['sub']['flexible'])
  725. {
  726. // Real cost...
  727. $context['value'] = $context['sub']['costs'][$_POST['cur'][$ID_SUB]];
  728. $context['cost'] = sprintf($modSettings['paid_currency_symbol'], $context['value']) . '/' . $txt[$_POST['cur'][$ID_SUB]];
  729. // The period value for paypal.
  730. $context['paypal_period'] = strtoupper(substr($_POST['cur'][$ID_SUB], 0, 1));
  731. }
  732. else
  733. {
  734. // Real cost...
  735. $context['value'] = $context['sub']['costs']['fixed'];
  736. $context['cost'] = sprintf($modSettings['paid_currency_symbol'], $context['value']);
  737. // Recur?
  738. preg_match('~(\d*)(\w)~', $context['sub']['real_length'], $match);
  739. $context['paypal_unit'] = $match[1];
  740. $context['paypal_period'] = $match[2];
  741. }
  742. // Setup the gateway context.
  743. $context['gateways'] = array();
  744. foreach ($gateways as $id => $gateway)
  745. {
  746. $fields = $gateways[$id]->fetchGatewayFields($context['sub']['id'] . '+' . $memID, $context['sub'], $context['value'], $period, $scripturl . '?action=profile;u=' . $memID . ';area=subscriptions;sub_id=' . $context['sub']['id'] . ';done');
  747. if (!empty($fields['form']))
  748. $context['gateways'][] = $fields;
  749. }
  750. // Bugger?!
  751. if (empty($context['gateways']))
  752. fatal_error($txt['paid_admin_not_setup_gateway']);
  753. // Now we are going to assume they want to take this out ;)
  754. $new_data = array($context['sub']['id'], $context['value'], $period, 'prepay');
  755. if (isset($context['current'][$context['sub']['id']]))
  756. {
  757. // What are the details like?
  758. $current_pending = array();
  759. if ($context['current'][$context['sub']['id']]['pending_details'] != '')
  760. $current_pending = @unserialize($context['current'][$context['sub']['id']]['pending_details']);
  761. // Don't get silly.
  762. if (count($current_pending) > 9)
  763. $current_pending = array();
  764. $pending_count = 0;
  765. // Only record real pending payments as will otherwise confuse the admin!
  766. foreach ($current_pending as $pending)
  767. if ($pending[3] == 'payback')
  768. $pending_count++;
  769. if (!in_array($new_data, $current_pending))
  770. {
  771. $current_pending[] = $new_data;
  772. $pending_details = serialize($current_pending);
  773. $smcFunc['db_query']('', '
  774. UPDATE {db_prefix}log_subscribed
  775. SET payments_pending = {int:pending_count}, pending_details = {string:pending_details}
  776. WHERE id_sublog = {int:current_subscription_item}
  777. AND id_member = {int:selected_member}',
  778. array(
  779. 'pending_count' => $pending_count,
  780. 'current_subscription_item' => $context['current'][$context['sub']['id']]['id'],
  781. 'selected_member' => $memID,
  782. 'pending_details' => $pending_details,
  783. )
  784. );
  785. }
  786. }
  787. // Never had this before, lovely.
  788. else
  789. {
  790. $pending_details = serialize(array($new_data));
  791. $smcFunc['db_insert']('',
  792. '{db_prefix}log_subscribed',
  793. array(
  794. 'id_subscribe' => 'int', 'id_member' => 'int', 'status' => 'int', 'payments_pending' => 'int', 'pending_details' => 'string-65534',
  795. 'start_time' => 'int', 'vendor_ref' => 'string-255',
  796. ),
  797. array(
  798. $context['sub']['id'], $memID, 0, 0, $pending_details,
  799. time(), '',
  800. ),
  801. array('id_sublog')
  802. );
  803. }
  804. // Change the template.
  805. $context['sub_template'] = 'choose_payment';
  806. // Quit.
  807. return;
  808. }
  809. else
  810. $context['sub_template'] = 'user_subscription';
  811. }
  812. ?>