MMF/simple-machines-forum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
simple-machines-forum/Sources/ManageMembers.php

1347 lines
No EOL
46 KiB
PHP
Raw Permalink Blame History

<?php
/**
* Show a list of members or a selection of members.
*
* Simple Machines Forum (SMF)
*
* @package SMF
* @author Simple Machines https://www.simplemachines.org
* @copyright 2022 Simple Machines and individual contributors
* @license https://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.1.0
*/
if (!defined('SMF'))
die('No direct access...');
/**
* The main entrance point for the Manage Members screen.
* As everyone else, it calls a function based on the given sub-action.
* Called by ?action=admin;area=viewmembers.
* Requires the moderate_forum permission.
*
* Uses ManageMembers template
* Uses ManageMembers language file.
*/
function ViewMembers()
{
global $txt, $scripturl, $context, $modSettings, $smcFunc;
$subActions = array(
'all' => array('ViewMemberlist', 'moderate_forum'),
'approve' => array('AdminApprove', 'moderate_forum'),
'browse' => array('MembersAwaitingActivation', 'moderate_forum'),
'search' => array('SearchMembers', 'moderate_forum'),
'query' => array('ViewMemberlist', 'moderate_forum'),
);
// Load the essentials.
loadLanguage('ManageMembers');
loadTemplate('ManageMembers');
// Fetch our activation counts.
GetMemberActivationCounts();
// For the page header... do we show activation?
$context['show_activate'] = (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 1) || !empty($context['awaiting_activation']);
// What about approval?
$context['show_approve'] = (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 2) || !empty($context['awaiting_approval']) || !empty($modSettings['approveAccountDeletion']);
// Setup the admin tabs.
$context[$context['admin_menu_name']]['tab_data'] = array(
'title' => $txt['admin_members'],
'help' => 'view_members',
'description' => $txt['admin_members_list'],
'tabs' => array(),
);
$context['tabs'] = array(
'viewmembers' => array(
'label' => $txt['view_all_members'],
'description' => $txt['admin_members_list'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=all',
'selected_actions' => array('all'),
),
'search' => array(
'label' => $txt['mlist_search'],
'description' => $txt['admin_members_list'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=search',
'selected_actions' => array('search', 'query'),
),
);
$context['last_tab'] = 'search';
// Do we have approvals
if ($context['show_approve'])
{
$context['tabs']['approve'] = array(
'label' => sprintf($txt['admin_browse_awaiting_approval'], $context['awaiting_approval']),
'description' => $txt['admin_browse_approve_desc'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve',
);
$context['last_tab'] = 'approve';
}
// Do we have activations to show?
if ($context['show_activate'])
{
$context['tabs']['activate'] = array(
'label' => sprintf($txt['admin_browse_awaiting_activate'], $context['awaiting_activation']),
'description' => $txt['admin_browse_activate_desc'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=activate',
);
$context['last_tab'] = 'activate';
}
// Call our hook now, letting customizations add to the subActions and/or modify $context as needed.
call_integration_hook('integrate_manage_members', array(&$subActions));
// Default to sub action 'index' or 'settings' depending on permissions.
$context['current_subaction'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'all';
// We know the sub action, now we know what you're allowed to do.
isAllowedTo($subActions[$context['current_subaction']][1]);
// Set the last tab.
$context['tabs'][$context['last_tab']]['is_last'] = true;
// Find the active tab.
if (isset($context['tabs'][$context['current_subaction']]))
$context['tabs'][$context['current_subaction']]['is_selected'] = true;
elseif (isset($context['current_subaction']))
foreach ($context['tabs'] as $id_tab => $tab_data)
if (!empty($tab_data['selected_actions']) && in_array($context['current_subaction'], $tab_data['selected_actions']))
$context['tabs'][$id_tab]['is_selected'] = true;
call_helper($subActions[$context['current_subaction']][0]);
}
/**
* View all members list. It allows sorting on several columns, and deletion of
* selected members. It also handles the search query sent by
* ?action=admin;area=viewmembers;sa=search.
* Called by ?action=admin;area=viewmembers;sa=all or ?action=admin;area=viewmembers;sa=query.
* Requires the moderate_forum permission.
*
* Uses a standard list (@see createList())
*/
function ViewMemberlist()
{
global $txt, $scripturl, $context, $modSettings, $sourcedir, $smcFunc, $user_info;
// Are we performing a delete?
if (isset($_POST['delete_members']) && !empty($_POST['delete']) && allowedTo('profile_remove_any'))
{
checkSession();
// Clean the input.
foreach ($_POST['delete'] as $key => $value)
{
// Don't delete yourself, idiot.
if ($value != $user_info['id'])
$delete[$key] = (int) $value;
}
if (!empty($delete))
{
// Delete all the selected members.
require_once($sourcedir . '/Subs-Members.php');
deleteMembers($delete, true);
}
}
// Check input after a member search has been submitted.
if ($context['current_subaction'] == 'query')
{
// Retrieving the membergroups and postgroups.
$context['membergroups'] = array(
array(
'id' => 0,
'name' => $txt['membergroups_members'],
'can_be_additional' => false
)
);
$context['postgroups'] = array();
$request = $smcFunc['db_query']('', '
SELECT id_group, group_name, min_posts
FROM {db_prefix}membergroups
WHERE id_group != {int:moderator_group}
ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
array(
'moderator_group' => 3,
'newbie_group' => 4,
)
);
while ($row = $smcFunc['db_fetch_assoc']($request))
{
if ($row['min_posts'] == -1)
$context['membergroups'][] = array(
'id' => $row['id_group'],
'name' => $row['group_name'],
'can_be_additional' => true
);
else
$context['postgroups'][] = array(
'id' => $row['id_group'],
'name' => $row['group_name']
);
}
$smcFunc['db_free_result']($request);
// Some data about the form fields and how they are linked to the database.
$params = array(
'mem_id' => array(
'db_fields' => array('id_member'),
'type' => 'int',
'range' => true
),
'age' => array(
'db_fields' => array('birthdate'),
'type' => 'age',
'range' => true
),
'posts' => array(
'db_fields' => array('posts'),
'type' => 'int',
'range' => true
),
'reg_date' => array(
'db_fields' => array('date_registered'),
'type' => 'date',
'range' => true
),
'last_online' => array(
'db_fields' => array('last_login'),
'type' => 'date',
'range' => true
),
'activated' => array(
'db_fields' => array('CASE WHEN is_activated IN (1, 11) THEN 1 ELSE 0 END'),
'type' => 'checkbox',
'values' => array('0', '1'),
),
'membername' => array(
'db_fields' => array('member_name', 'real_name'),
'type' => 'string'
),
'email' => array(
'db_fields' => array('email_address'),
'type' => 'string'
),
'website' => array(
'db_fields' => array('website_title', 'website_url'),
'type' => 'string'
),
'ip' => array(
'db_fields' => array('member_ip'),
'type' => 'inet'
),
'membergroups' => array(
'db_fields' => array('id_group'),
'type' => 'groups'
),
'postgroups' => array(
'db_fields' => array('id_group'),
'type' => 'groups'
)
);
$range_trans = array(
'--' => '<',
'-' => '<=',
'=' => '=',
'+' => '>=',
'++' => '>'
);
call_integration_hook('integrate_view_members_params', array(&$params));
$search_params = array();
if ($context['current_subaction'] == 'query' && !empty($_REQUEST['params']) && empty($_POST['types']))
$search_params = $smcFunc['json_decode'](base64_decode($_REQUEST['params']), true);
elseif (!empty($_POST))
{
$search_params['types'] = $_POST['types'];
foreach ($params as $param_name => $param_info)
if (isset($_POST[$param_name]))
$search_params[$param_name] = $_POST[$param_name];
}
$search_url_params = isset($search_params) ? base64_encode($smcFunc['json_encode']($search_params)) : null;
// @todo Validate a little more.
// Loop through every field of the form.
$query_parts = array();
$where_params = array();
foreach ($params as $param_name => $param_info)
{
// Not filled in?
if (!isset($search_params[$param_name]) || $search_params[$param_name] === '')
continue;
// Make sure numeric values are really numeric.
if (in_array($param_info['type'], array('int', 'age')))
$search_params[$param_name] = (int) $search_params[$param_name];
// Date values have to match a date format that PHP recognizes.
elseif ($param_info['type'] == 'date')
{
$search_params[$param_name] = strtotime($search_params[$param_name] . ' ' . getUserTimezone());
if (!is_int($search_params[$param_name]))
continue;
}
elseif ($param_info['type'] == 'inet')
{
$search_params[$param_name] = ip2range($search_params[$param_name]);
if (empty($search_params[$param_name]))
continue;
}
// Those values that are in some kind of range (<, <=, =, >=, >).
if (!empty($param_info['range']))
{
// Default to '=', just in case...
if (empty($range_trans[$search_params['types'][$param_name]]))
$search_params['types'][$param_name] = '=';
// Handle special case 'age'.
if ($param_info['type'] == 'age')
{
// All people that were born between $lowerlimit and $upperlimit are currently the specified age.
$datearray = getdate(time());
$upperlimit = sprintf('%04d-%02d-%02d', $datearray['year'] - $search_params[$param_name], $datearray['mon'], $datearray['mday']);
$lowerlimit = sprintf('%04d-%02d-%02d', $datearray['year'] - $search_params[$param_name] - 1, $datearray['mon'], $datearray['mday']);
if (in_array($search_params['types'][$param_name], array('-', '--', '=')))
{
$query_parts[] = ($param_info['db_fields'][0]) . ' > {string:' . $param_name . '_minlimit}';
$where_params[$param_name . '_minlimit'] = ($search_params['types'][$param_name] == '--' ? $upperlimit : $lowerlimit);
}
if (in_array($search_params['types'][$param_name], array('+', '++', '=')))
{
$query_parts[] = ($param_info['db_fields'][0]) . ' <= {string:' . $param_name . '_pluslimit}';
$where_params[$param_name . '_pluslimit'] = ($search_params['types'][$param_name] == '++' ? $lowerlimit : $upperlimit);
// Make sure that members that didn't set their birth year are not queried.
$query_parts[] = ($param_info['db_fields'][0]) . ' > {date:dec_zero_date}';
$where_params['dec_zero_date'] = '0004-12-31';
}
}
// Special case - equals a date.
elseif ($param_info['type'] == 'date')
{
if ($search_params['types'][$param_name] == '=')
{
$query_parts[] = $param_info['db_fields'][0] . ' >= ' . $search_params[$param_name] . ' AND ' . $param_info['db_fields'][0] . ' < ' . ($search_params[$param_name] + 86400);
}
// Less than or equal to
elseif ($search_params['types'][$param_name] == '-')
{
$query_parts[] = $param_info['db_fields'][0] . ' < ' . ($search_params[$param_name] + 86400);
}
// Greater than
elseif ($search_params['types'][$param_name] == '++')
{
$query_parts[] = $param_info['db_fields'][0] . ' >= ' . ($search_params[$param_name] + 86400);
}
else
$query_parts[] = $param_info['db_fields'][0] . ' ' . $range_trans[$search_params['types'][$param_name]] . ' ' . $search_params[$param_name];
}
else
$query_parts[] = $param_info['db_fields'][0] . ' ' . $range_trans[$search_params['types'][$param_name]] . ' ' . $search_params[$param_name];
}
// Checkboxes.
elseif ($param_info['type'] == 'checkbox')
{
// Each checkbox or no checkbox at all is checked -> ignore.
if (!is_array($search_params[$param_name]) || count($search_params[$param_name]) == 0 || count($search_params[$param_name]) == count($param_info['values']))
continue;
$query_parts[] = ($param_info['db_fields'][0]) . ' IN ({array_string:' . $param_name . '_check})';
$where_params[$param_name . '_check'] = $search_params[$param_name];
}
// INET.
elseif ($param_info['type'] == 'inet')
{
if (count($search_params[$param_name]) === 1)
{
$query_parts[] = '(' . $param_info['db_fields'][0] . ' = {inet:' . $param_name . '})';
$where_params[$param_name] = $search_params[$param_name][0];
}
elseif (count($search_params[$param_name]) === 2)
{
$query_parts[] = '(' . $param_info['db_fields'][0] . ' <= {inet:' . $param_name . '_high} and ' . $param_info['db_fields'][0] . ' >= {inet:' . $param_name . '_low})';
$where_params[$param_name . '_low'] = $search_params[$param_name]['low'];
$where_params[$param_name . '_high'] = $search_params[$param_name]['high'];
}
}
elseif ($param_info['type'] != 'groups')
{
// Replace the wildcard characters ('*' and '?') into MySQL ones.
$parameter = strtolower(strtr($smcFunc['htmlspecialchars']($search_params[$param_name], ENT_QUOTES), array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_')));
if ($smcFunc['db_case_sensitive'])
$query_parts[] = '(LOWER(' . implode(') LIKE {string:' . $param_name . '_normal} OR LOWER(', $param_info['db_fields']) . ') LIKE {string:' . $param_name . '_normal})';
else
$query_parts[] = '(' . implode(' LIKE {string:' . $param_name . '_normal} OR ', $param_info['db_fields']) . ' LIKE {string:' . $param_name . '_normal})';
$where_params[$param_name . '_normal'] = '%' . $parameter . '%';
}
}
// Set up the membergroup query part.
$mg_query_parts = array();
// Primary membergroups, but only if at least was was not selected.
if (!empty($search_params['membergroups'][1]) && count($context['membergroups']) != count($search_params['membergroups'][1]))
{
$mg_query_parts[] = 'mem.id_group IN ({array_int:group_check})';
$where_params['group_check'] = $search_params['membergroups'][1];
}
// Additional membergroups (these are only relevant if not all primary groups where selected!).
if (!empty($search_params['membergroups'][2]) && (empty($search_params['membergroups'][1]) || count($context['membergroups']) != count($search_params['membergroups'][1])))
foreach ($search_params['membergroups'][2] as $mg)
{
$mg_query_parts[] = 'FIND_IN_SET({int:add_group_' . $mg . '}, mem.additional_groups) != 0';
$where_params['add_group_' . $mg] = $mg;
}
// Combine the one or two membergroup parts into one query part linked with an OR.
if (!empty($mg_query_parts))
$query_parts[] = '(' . implode(' OR ', $mg_query_parts) . ')';
// Get all selected post count related membergroups.
if (!empty($search_params['postgroups']) && count($search_params['postgroups']) != count($context['postgroups']))
{
$query_parts[] = 'id_post_group IN ({array_int:post_groups})';
$where_params['post_groups'] = $search_params['postgroups'];
}
// Construct the where part of the query.
$where = empty($query_parts) ? '1=1' : implode('
AND ', $query_parts);
}
else
$search_url_params = null;
// Construct the additional URL part with the query info in it.
$context['params_url'] = $context['current_subaction'] == 'query' ? ';sa=query;params=' . $search_url_params : '';
// Get the title and sub template ready..
$context['page_title'] = $txt['admin_members'];
$listOptions = array(
'id' => 'member_list',
'title' => $txt['members_list'],
'items_per_page' => $modSettings['defaultMaxMembers'],
'base_href' => $scripturl . '?action=admin;area=viewmembers' . $context['params_url'],
'default_sort_col' => 'user_name',
'get_items' => array(
'file' => $sourcedir . '/Subs-Members.php',
'function' => 'list_getMembers',
'params' => array(
isset($where) ? $where : '1=1',
isset($where_params) ? $where_params : array(),
),
),
'get_count' => array(
'file' => $sourcedir . '/Subs-Members.php',
'function' => 'list_getNumMembers',
'params' => array(
isset($where) ? $where : '1=1',
isset($where_params) ? $where_params : array(),
),
),
'columns' => array(
'id_member' => array(
'header' => array(
'value' => $txt['member_id'],
),
'data' => array(
'db' => 'id_member',
),
'sort' => array(
'default' => 'id_member',
'reverse' => 'id_member DESC',
),
),
'user_name' => array(
'header' => array(
'value' => $txt['username'],
),
'data' => array(
'sprintf' => array(
'format' => '<a href="' . strtr($scripturl, array('%' => '%%')) . '?action=profile;u=%1$d">%2$s</a>',
'params' => array(
'id_member' => false,
'member_name' => false,
),
),
),
'sort' => array(
'default' => 'member_name',
'reverse' => 'member_name DESC',
),
),
'display_name' => array(
'header' => array(
'value' => $txt['display_name'],
),
'data' => array(
'sprintf' => array(
'format' => '<a href="' . strtr($scripturl, array('%' => '%%')) . '?action=profile;u=%1$d">%2$s</a>',
'params' => array(
'id_member' => false,
'real_name' => false,
),
),
),
'sort' => array(
'default' => 'real_name',
'reverse' => 'real_name DESC',
),
),
'email' => array(
'header' => array(
'value' => $txt['email_address'],
),
'data' => array(
'sprintf' => array(
'format' => '<a href="mailto:%1$s">%1$s</a>',
'params' => array(
'email_address' => true,
),
),
),
'sort' => array(
'default' => 'email_address',
'reverse' => 'email_address DESC',
),
),
'ip' => array(
'header' => array(
'value' => $txt['ip_address'],
),
'data' => array(
'sprintf' => array(
'format' => '<a href="' . strtr($scripturl, array('%' => '%%')) . '?action=trackip;searchip=%1$s">%1$s</a>',
'params' => array(
'member_ip' => false,
),
),
),
'sort' => array(
'default' => 'member_ip',
'reverse' => 'member_ip DESC',
),
),
'last_active' => array(
'header' => array(
'value' => $txt['viewmembers_online'],
),
'data' => array(
'function' => function($rowData) use ($txt)
{
// Calculate number of days since last online.
if (empty($rowData['last_login']))
$difference = $txt['never'];
else
{
$num_days_difference = jeffsdatediff($rowData['last_login']);
// Today.
if (empty($num_days_difference))
$difference = $txt['viewmembers_today'];
// Yesterday.
elseif ($num_days_difference == 1)
$difference = sprintf('1 %1$s', $txt['viewmembers_day_ago']);
// X days ago.
else
$difference = sprintf('%1$d %2$s', $num_days_difference, $txt['viewmembers_days_ago']);
}
// Show it in italics if they're not activated...
if ($rowData['is_activated'] % 10 != 1)
$difference = sprintf('<em title="%1$s">%2$s</em>', $txt['not_activated'], $difference);
return $difference;
},
),
'sort' => array(
'default' => 'last_login DESC',
'reverse' => 'last_login',
),
),
'posts' => array(
'header' => array(
'value' => $txt['member_postcount'],
),
'data' => array(
'db' => 'posts',
),
'sort' => array(
'default' => 'posts',
'reverse' => 'posts DESC',
),
),
'check' => array(
'header' => array(
'value' => '<input type="checkbox" onclick="invertAll(this, this.form);">',
'class' => 'centercol',
),
'data' => array(
'function' => function($rowData) use ($user_info)
{
return '<input type="checkbox" name="delete[]" value="' . $rowData['id_member'] . '"' . ($rowData['id_member'] == $user_info['id'] || $rowData['id_group'] == 1 || in_array(1, explode(',', $rowData['additional_groups'])) ? ' disabled' : '') . '>';
},
'class' => 'centercol',
),
),
),
'form' => array(
'href' => $scripturl . '?action=admin;area=viewmembers' . $context['params_url'],
'include_start' => true,
'include_sort' => true,
),
'additional_rows' => array(
array(
'position' => 'below_table_data',
'value' => '<input type="submit" name="delete_members" value="' . $txt['admin_delete_members'] . '" data-confirm="' . $txt['confirm_delete_members'] . '" class="button you_sure">',
),
),
);
// Without enough permissions, don't show 'delete members' checkboxes.
if (!allowedTo('profile_remove_any'))
unset($listOptions['cols']['check'], $listOptions['form'], $listOptions['additional_rows']);
require_once($sourcedir . '/Subs-List.php');
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'member_list';
}
/**
* Search the member list, using one or more criteria.
* Called by ?action=admin;area=viewmembers;sa=search.
* Requires the moderate_forum permission.
* form is submitted to action=admin;area=viewmembers;sa=query.
*
* @uses template_search_members()
*/
function SearchMembers()
{
global $context, $txt, $smcFunc;
// Get a list of all the membergroups and postgroups that can be selected.
$context['membergroups'] = array(
array(
'id' => 0,
'name' => $txt['membergroups_members'],
'can_be_additional' => false
)
);
$context['postgroups'] = array();
$request = $smcFunc['db_query']('', '
SELECT id_group, group_name, min_posts
FROM {db_prefix}membergroups
WHERE id_group != {int:moderator_group}
ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
array(
'moderator_group' => 3,
'newbie_group' => 4,
)
);
while ($row = $smcFunc['db_fetch_assoc']($request))
{
if ($row['min_posts'] == -1)
$context['membergroups'][] = array(
'id' => $row['id_group'],
'name' => $row['group_name'],
'can_be_additional' => true
);
else
$context['postgroups'][] = array(
'id' => $row['id_group'],
'name' => $row['group_name']
);
}
$smcFunc['db_free_result']($request);
$context['page_title'] = $txt['admin_members'];
$context['sub_template'] = 'search_members';
}
/**
* List all members who are awaiting approval / activation, sortable on different columns.
* It allows instant approval or activation of (a selection of) members.
* Called by ?action=admin;area=viewmembers;sa=browse;type=approve
* or ?action=admin;area=viewmembers;sa=browse;type=activate.
* The form submits to ?action=admin;area=viewmembers;sa=approve.
* Requires the moderate_forum permission.
*
* @uses template_admin_browse()
*/
function MembersAwaitingActivation()
{
global $txt, $context, $scripturl, $modSettings;
global $sourcedir;
// Not a lot here!
$context['page_title'] = $txt['admin_members'];
$context['sub_template'] = 'admin_browse';
$context['browse_type'] = isset($_REQUEST['type']) ? $_REQUEST['type'] : (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 1 ? 'activate' : 'approve');
if (isset($context['tabs'][$context['browse_type']]))
$context['tabs'][$context['browse_type']]['is_selected'] = true;
// Allowed filters are those we can have, in theory.
$context['allowed_filters'] = $context['browse_type'] == 'approve' ? array(3, 4, 5) : array(0, 2);
$context['current_filter'] = isset($_REQUEST['filter']) && in_array($_REQUEST['filter'], $context['allowed_filters']) && !empty($context['activation_numbers'][$_REQUEST['filter']]) ? (int) $_REQUEST['filter'] : -1;
// Sort out the different sub areas that we can actually filter by.
$context['available_filters'] = array();
foreach ($context['activation_numbers'] as $type => $amount)
{
// We have some of these...
if (in_array($type, $context['allowed_filters']) && $amount > 0)
$context['available_filters'][] = array(
'type' => $type,
'amount' => $amount,
'desc' => isset($txt['admin_browse_filter_type_' . $type]) ? $txt['admin_browse_filter_type_' . $type] : '?',
'selected' => $type == $context['current_filter']
);
}
// If the filter was not sent, set it to whatever has people in it!
if ($context['current_filter'] == -1 && !empty($context['available_filters'][0]['amount']))
$context['current_filter'] = $context['available_filters'][0]['type'];
// This little variable is used to determine if we should flag where we are looking.
$context['show_filter'] = ($context['current_filter'] != 0 && $context['current_filter'] != 3) || count($context['available_filters']) > 1;
// The columns that can be sorted.
$context['columns'] = array(
'id_member' => array('label' => $txt['admin_browse_id']),
'member_name' => array('label' => $txt['admin_browse_username']),
'email_address' => array('label' => $txt['admin_browse_email']),
'member_ip' => array('label' => $txt['admin_browse_ip']),
'date_registered' => array('label' => $txt['admin_browse_registered']),
);
// Are we showing duplicate information?
if (isset($_GET['showdupes']))
$_SESSION['showdupes'] = (int) $_GET['showdupes'];
$context['show_duplicates'] = !empty($_SESSION['showdupes']);
// Determine which actions we should allow on this page.
if ($context['browse_type'] == 'approve')
{
// If we are approving deleted accounts we have a slightly different list... actually a mirror ;)
if ($context['current_filter'] == 4)
$context['allowed_actions'] = array(
'reject' => $txt['admin_browse_w_approve_deletion'],
'ok' => $txt['admin_browse_w_reject'],
);
else
$context['allowed_actions'] = array(
'ok' => $txt['admin_browse_w_approve'] .' '. $txt['admin_browse_no_email'],
'okemail' => $txt['admin_browse_w_approve'] . ' ' . $txt['admin_browse_w_email'],
'require_activation' => $txt['admin_browse_w_approve_require_activate'],
'reject' => $txt['admin_browse_w_reject'],
'rejectemail' => $txt['admin_browse_w_reject'] . ' ' . $txt['admin_browse_w_email'],
);
}
elseif ($context['browse_type'] == 'activate')
$context['allowed_actions'] = array(
'ok' => $txt['admin_browse_w_activate'],
'okemail' => $txt['admin_browse_w_activate'] . ' ' . $txt['admin_browse_w_email'],
'delete' => $txt['admin_browse_w_delete'],
'deleteemail' => $txt['admin_browse_w_delete'] . ' ' . $txt['admin_browse_w_email'],
'remind' => $txt['admin_browse_w_remind'] . ' ' . $txt['admin_browse_w_email'],
);
// Create an option list for actions allowed to be done with selected members.
$allowed_actions = '
<option selected value="">' . $txt['admin_browse_with_selected'] . ':</option>
<option value="" disabled>-----------------------------</option>';
foreach ($context['allowed_actions'] as $key => $desc)
$allowed_actions .= '
<option value="' . $key . '">' . $desc . '</option>';
// Setup the Javascript function for selecting an action for the list.
$javascript = '
function onSelectChange()
{
if (document.forms.postForm.todo.value == "")
return;
var message = "";';
// We have special messages for approving deletion of accounts - it's surprisingly logical - honest.
if ($context['current_filter'] == 4)
$javascript .= '
if (document.forms.postForm.todo.value.indexOf("reject") != -1)
message = "' . $txt['admin_browse_w_delete'] . '";
else
message = "' . $txt['admin_browse_w_reject'] . '";';
// Otherwise a nice standard message.
else
$javascript .= '
if (document.forms.postForm.todo.value.indexOf("delete") != -1)
message = "' . $txt['admin_browse_w_delete'] . '";
else if (document.forms.postForm.todo.value.indexOf("reject") != -1)
message = "' . $txt['admin_browse_w_reject'] . '";
else if (document.forms.postForm.todo.value == "remind")
message = "' . $txt['admin_browse_w_remind'] . '";
else
message = "' . ($context['browse_type'] == 'approve' ? $txt['admin_browse_w_approve'] : $txt['admin_browse_w_activate']) . '";';
$javascript .= '
if (confirm(message + " ' . $txt['admin_browse_warn'] . '"))
document.forms.postForm.submit();
}';
$listOptions = array(
'id' => 'approve_list',
'items_per_page' => $modSettings['defaultMaxMembers'],
'base_href' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=' . $context['browse_type'] . (!empty($context['show_filter']) ? ';filter=' . $context['current_filter'] : ''),
'default_sort_col' => 'date_registered',
'get_items' => array(
'file' => $sourcedir . '/Subs-Members.php',
'function' => 'list_getMembers',
'params' => array(
'is_activated = {int:activated_status}',
array('activated_status' => $context['current_filter']),
$context['show_duplicates'],
),
),
'get_count' => array(
'file' => $sourcedir . '/Subs-Members.php',
'function' => 'list_getNumMembers',
'params' => array(
'is_activated = {int:activated_status}',
array('activated_status' => $context['current_filter']),
),
),
'columns' => array(
'id_member' => array(
'header' => array(
'value' => $txt['member_id'],
),
'data' => array(
'db' => 'id_member',
),
'sort' => array(
'default' => 'id_member',
'reverse' => 'id_member DESC',
),
),
'user_name' => array(
'header' => array(
'value' => $txt['username'],
),
'data' => array(
'sprintf' => array(
'format' => '<a href="' . strtr($scripturl, array('%' => '%%')) . '?action=profile;u=%1$d">%2$s</a>',
'params' => array(
'id_member' => false,
'member_name' => false,
),
),
),
'sort' => array(
'default' => 'member_name',
'reverse' => 'member_name DESC',
),
),
'email' => array(
'header' => array(
'value' => $txt['email_address'],
),
'data' => array(
'sprintf' => array(
'format' => '<a href="mailto:%1$s">%1$s</a>',
'params' => array(
'email_address' => true,
),
),
),
'sort' => array(
'default' => 'email_address',
'reverse' => 'email_address DESC',
),
),
'ip' => array(
'header' => array(
'value' => $txt['ip_address'],
),
'data' => array(
'sprintf' => array(
'format' => '<a href="' . strtr($scripturl, array('%' => '%%')) . '?action=trackip;searchip=%1$s">%1$s</a>',
'params' => array(
'member_ip' => false,
),
),
),
'sort' => array(
'default' => 'member_ip',
'reverse' => 'member_ip DESC',
),
),
'hostname' => array(
'header' => array(
'value' => $txt['hostname'],
),
'data' => array(
'function' => function($rowData)
{
return host_from_ip(inet_dtop($rowData['member_ip']));
},
'class' => 'smalltext',
),
),
'date_registered' => array(
'header' => array(
'value' => $context['current_filter'] == 4 ? $txt['viewmembers_online'] : $txt['date_registered'],
),
'data' => array(
'function' => function($rowData) use ($context)
{
return timeformat($rowData['' . ($context['current_filter'] == 4 ? 'last_login' : 'date_registered') . '']);
},
),
'sort' => array(
'default' => $context['current_filter'] == 4 ? 'mem.last_login DESC' : 'date_registered DESC',
'reverse' => $context['current_filter'] == 4 ? 'mem.last_login' : 'date_registered',
),
),
'duplicates' => array(
'header' => array(
'value' => $txt['duplicates'],
// Make sure it doesn't go too wide.
'style' => 'width: 20%;',
),
'data' => array(
'function' => function($rowData) use ($scripturl, $txt)
{
$member_links = array();
foreach ($rowData['duplicate_members'] as $member)
{
if ($member['id'])
$member_links[] = '<a href="' . $scripturl . '?action=profile;u=' . $member['id'] . '" ' . (!empty($member['is_banned']) ? 'class="red"' : '') . '>' . $member['name'] . '</a>';
else
$member_links[] = $member['name'] . ' (' . $txt['guest'] . ')';
}
return implode(', ', $member_links);
},
'class' => 'smalltext',
),
),
'check' => array(
'header' => array(
'value' => '<input type="checkbox" onclick="invertAll(this, this.form);">',
'class' => 'centercol',
),
'data' => array(
'sprintf' => array(
'format' => '<input type="checkbox" name="todoAction[]" value="%1$d">',
'params' => array(
'id_member' => false,
),
),
'class' => 'centercol',
),
),
),
'javascript' => $javascript,
'form' => array(
'href' => $scripturl . '?action=admin;area=viewmembers;sa=approve;type=' . $context['browse_type'],
'name' => 'postForm',
'include_start' => true,
'include_sort' => true,
'hidden_fields' => array(
'orig_filter' => $context['current_filter'],
),
),
'additional_rows' => array(
array(
'position' => 'below_table_data',
'value' => '
[<a href="' . $scripturl . '?action=admin;area=viewmembers;sa=browse;showdupes=' . ($context['show_duplicates'] ? 0 : 1) . ';type=' . $context['browse_type'] . (!empty($context['show_filter']) ? ';filter=' . $context['current_filter'] : '') . ';' . $context['session_var'] . '=' . $context['session_id'] . '">' . ($context['show_duplicates'] ? $txt['dont_check_for_duplicate'] : $txt['check_for_duplicate']) . '</a>]
<select name="todo" onchange="onSelectChange();">
' . $allowed_actions . '
</select>
<noscript><input type="submit" value="' . $txt['go'] . '" class="button"><br class="clear_right"></noscript>
',
'class' => 'floatright',
),
),
);
// Pick what column to actually include if we're showing duplicates.
if ($context['show_duplicates'])
unset($listOptions['columns']['email']);
else
unset($listOptions['columns']['duplicates']);
// Only show hostname on duplicates as it takes a lot of time.
if (!$context['show_duplicates'] || !empty($modSettings['disableHostnameLookup']))
unset($listOptions['columns']['hostname']);
// Is there any need to show filters?
if (isset($context['available_filters']) && count($context['available_filters']) > 1)
{
$filterOptions = '
<strong>' . $txt['admin_browse_filter_by'] . ':</strong>
<select name="filter" onchange="this.form.submit();">';
foreach ($context['available_filters'] as $filter)
$filterOptions .= '
<option value="' . $filter['type'] . '"' . ($filter['selected'] ? ' selected' : '') . '>' . $filter['desc'] . ' - ' . $filter['amount'] . ' ' . ($filter['amount'] == 1 ? $txt['user'] : $txt['users']) . '</option>';
$filterOptions .= '
</select>
<noscript><input type="submit" value="' . $txt['go'] . '" name="filter" class="button"></noscript>';
$listOptions['additional_rows'][] = array(
'position' => 'top_of_list',
'value' => $filterOptions,
'class' => 'righttext',
);
}
// What about if we only have one filter, but it's not the "standard" filter - show them what they are looking at.
if (!empty($context['show_filter']) && !empty($context['available_filters']))
$listOptions['additional_rows'][] = array(
'position' => 'above_column_headers',
'value' => '<strong>' . $txt['admin_browse_filter_show'] . ':</strong> ' . ((isset($context['current_filter']) && isset($txt['admin_browse_filter_type_' . $context['current_filter']])) ? $txt['admin_browse_filter_type_' . $context['current_filter']] : $context['available_filters'][0]['desc']),
'class' => 'filter_row generic_list_wrapper smalltext',
);
// Now that we have all the options, create the list.
require_once($sourcedir . '/Subs-List.php');
createList($listOptions);
}
/**
* This function handles the approval, rejection, activation or deletion of members.
* Called by ?action=admin;area=viewmembers;sa=approve.
* Requires the moderate_forum permission.
* Redirects to ?action=admin;area=viewmembers;sa=browse
* with the same parameters as the calling page.
*/
function AdminApprove()
{
global $scripturl, $modSettings, $sourcedir, $language, $user_info, $smcFunc;
// First, check our session.
checkSession();
require_once($sourcedir . '/Subs-Post.php');
// We also need to the login languages here - for emails.
loadLanguage('Login');
// Sort out where we are going...
$current_filter = (int) $_REQUEST['orig_filter'];
// If we are applying a filter do just that - then redirect.
if (isset($_REQUEST['filter']) && $_REQUEST['filter'] != $_REQUEST['orig_filter'])
redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $_REQUEST['filter'] . ';start=' . $_REQUEST['start']);
// Nothing to do?
if (!isset($_POST['todoAction']) && !isset($_POST['time_passed']))
redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
// Are we dealing with members who have been waiting for > set amount of time?
if (isset($_POST['time_passed']))
{
$timeBefore = time() - 86400 * (int) $_POST['time_passed'];
$condition = '
AND date_registered < {int:time_before}';
}
// Coming from checkboxes - validate the members passed through to us.
else
{
$members = array();
foreach ($_POST['todoAction'] as $id)
$members[] = (int) $id;
$condition = '
AND id_member IN ({array_int:members})';
}
// Get information on each of the members, things that are important to us, like email address...
$request = $smcFunc['db_query']('', '
SELECT id_member, member_name, real_name, email_address, validation_code, lngfile
FROM {db_prefix}members
WHERE is_activated = {int:activated_status}' . $condition . '
ORDER BY lngfile',
array(
'activated_status' => $current_filter,
'time_before' => empty($timeBefore) ? 0 : $timeBefore,
'members' => empty($members) ? array() : $members,
)
);
$member_count = $smcFunc['db_num_rows']($request);
// If no results then just return!
if ($member_count == 0)
redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
$member_info = array();
$members = array();
// Fill the info array.
while ($row = $smcFunc['db_fetch_assoc']($request))
{
$members[] = $row['id_member'];
$member_info[] = array(
'id' => $row['id_member'],
'username' => $row['member_name'],
'name' => $row['real_name'],
'email' => $row['email_address'],
'language' => empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'],
'code' => $row['validation_code']
);
}
$smcFunc['db_free_result']($request);
// Are we activating or approving the members?
if ($_POST['todo'] == 'ok' || $_POST['todo'] == 'okemail')
{
// Approve/activate this member.
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET validation_code = {string:blank_string}, is_activated = {int:is_activated}
WHERE is_activated = {int:activated_status}' . $condition,
array(
'is_activated' => 1,
'time_before' => empty($timeBefore) ? 0 : $timeBefore,
'members' => empty($members) ? array() : $members,
'activated_status' => $current_filter,
'blank_string' => '',
)
);
// Do we have to let the integration code know about the activations?
if (!empty($modSettings['integrate_activate']))
{
foreach ($member_info as $member)
call_integration_hook('integrate_activate', array($member['username']));
}
// Check for email.
if ($_POST['todo'] == 'okemail')
{
foreach ($member_info as $member)
{
$replacements = array(
'NAME' => $member['name'],
'USERNAME' => $member['username'],
'PROFILELINK' => $scripturl . '?action=profile;u=' . $member['id'],
'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
);
$emaildata = loadEmailTemplate('admin_approve_accept', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accapp' . $member['id'], $emaildata['is_html'], 0);
}
}
}
// Maybe we're sending it off for activation?
elseif ($_POST['todo'] == 'require_activation')
{
require_once($sourcedir . '/Subs-Members.php');
// We have to do this for each member I'm afraid.
foreach ($member_info as $member)
{
// Generate a random activation code.
$validation_code = generateValidationCode();
// Set these members for activation - I know this includes two id_member checks but it's safer than bodging $condition ;).
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET validation_code = {string:validation_code}, is_activated = {int:not_activated}
WHERE is_activated = {int:activated_status}
' . $condition . '
AND id_member = {int:selected_member}',
array(
'not_activated' => 0,
'activated_status' => $current_filter,
'selected_member' => $member['id'],
'validation_code' => $validation_code,
'time_before' => empty($timeBefore) ? 0 : $timeBefore,
'members' => empty($members) ? array() : $members,
)
);
$replacements = array(
'USERNAME' => $member['name'],
'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $validation_code,
'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'],
'ACTIVATIONCODE' => $validation_code,
);
$emaildata = loadEmailTemplate('admin_approve_activation', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accact' . $member['id'], $emaildata['is_html'], 0);
}
}
// Are we rejecting them?
elseif ($_POST['todo'] == 'reject' || $_POST['todo'] == 'rejectemail')
{
require_once($sourcedir . '/Subs-Members.php');
deleteMembers($members);
// Send email telling them they aren't welcome?
if ($_POST['todo'] == 'rejectemail')
{
foreach ($member_info as $member)
{
$replacements = array(
'USERNAME' => $member['name'],
);
$emaildata = loadEmailTemplate('admin_approve_reject', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accrej', $emaildata['is_html'], 1);
}
}
}
// A simple delete?
elseif ($_POST['todo'] == 'delete' || $_POST['todo'] == 'deleteemail')
{
require_once($sourcedir . '/Subs-Members.php');
deleteMembers($members);
// Send email telling them they aren't welcome?
if ($_POST['todo'] == 'deleteemail')
{
foreach ($member_info as $member)
{
$replacements = array(
'USERNAME' => $member['name'],
);
$emaildata = loadEmailTemplate('admin_approve_delete', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accdel', $emaildata['is_html'], 1);
}
}
}
// Remind them to activate their account?
elseif ($_POST['todo'] == 'remind')
{
foreach ($member_info as $member)
{
$replacements = array(
'USERNAME' => $member['name'],
'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $member['code'],
'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'],
'ACTIVATIONCODE' => $member['code'],
);
$emaildata = loadEmailTemplate('admin_approve_remind', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accrem' . $member['id'], $emaildata['is_html'], 1);
}
}
// @todo current_language is never set, no idea what this is for. Remove?
// Back to the user's language!
if (isset($current_language) && $current_language != $user_info['language'])
{
loadLanguage('index');
loadLanguage('ManageMembers');
}
// Log what we did?
if (!empty($modSettings['modlog_enabled']) && in_array($_POST['todo'], array('ok', 'okemail', 'require_activation', 'remind')))
{
$log_action = $_POST['todo'] == 'remind' ? 'remind_member' : 'approve_member';
require_once($sourcedir . '/Logging.php');
foreach ($member_info as $member)
logAction($log_action, array('member' => $member['id']), 'admin');
}
// Although updateStats *may* catch this, best to do it manually just in case (Doesn't always sort out unapprovedMembers).
if (in_array($current_filter, array(3, 4, 5)))
updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > $member_count ? $modSettings['unapprovedMembers'] - $member_count : 0)));
// Update the member's stats. (but, we know the member didn't change their name.)
updateStats('member', false);
// If they haven't been deleted, update the post group statistics on them...
if (!in_array($_POST['todo'], array('delete', 'deleteemail', 'reject', 'rejectemail', 'remind')))
updateStats('postgroups', $members);
redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
}
/**
* Nifty function to calculate the number of days ago a given date was.
* Requires a unix timestamp as input, returns an integer.
* Named in honour of Jeff Lewis, the original creator of...this function.
*
* @param int $old The timestamp of the old date
* @return int The number of days since $old, based on the forum time
*/
function jeffsdatediff($old)
{
// Get the current time as the user would see it...
$forumTime = time();
// Calculate the seconds that have passed since midnight.
$sinceMidnight = date('H', $forumTime) * 60 * 60 + date('i', $forumTime) * 60 + date('s', $forumTime);
// Take the difference between the two times.
$dis = time() - $old;
// Before midnight?
if ($dis < $sinceMidnight)
return 0;
else
$dis -= $sinceMidnight;
// Divide out the seconds in a day to get the number of days.
return ceil($dis / (24 * 60 * 60));
}
/**
* Fetches all the activation counts for ViewMembers.
*
*/
function GetMemberActivationCounts()
{
global $smcFunc, $context;
// Get counts on every type of activation - for sections and filtering alike.
$request = $smcFunc['db_query']('', '
SELECT COUNT(*) AS total_members, is_activated
FROM {db_prefix}members
WHERE is_activated != {int:is_activated}
GROUP BY is_activated',
array(
'is_activated' => 1,
)
);
$context['activation_numbers'] = array();
$context['awaiting_activation'] = 0;
$context['awaiting_approval'] = 0;
while ($row = $smcFunc['db_fetch_assoc']($request))
$context['activation_numbers'][$row['is_activated']] = $row['total_members'];
$smcFunc['db_free_result']($request);
foreach ($context['activation_numbers'] as $activation_type => $total_members)
{
if (in_array($activation_type, array(0, 2)))
$context['awaiting_activation'] += $total_members;
elseif (in_array($activation_type, array(3, 4, 5)))
$context['awaiting_approval'] += $total_members;
}
}
?>
Reference in a new issue View git blame Copy permalink