/* Decoded by unphp.net */ ?>{$lang['user_head']}", $lang['opt_user'] ); $wait_for_delete = ''; $i = 0; $db->query("SELECT u.* FROM " . USERPREFIX . "_users_delete d LEFT JOIN " . USERPREFIX . "_users u ON (d.user_id=u.user_id)"); while ($row = $db->get_row()) { $i ++; $last_login = langdate($langformatdatefull, $row['lastdate']); $user_name = "" . $row['name'] . ""; if ($row['news_num'] == 0) { $news_link = "$row[news_num]"; } else { $row['name'] = urlencode($row['name']); if ($config['allow_alt_url']) { $url_user = $config['http_home_url'] . "user/" . urlencode($row['name']) . "/news/"; } else { $url_user = $config['http_home_url'] . "index.php?subaction=allnews&user=" . $row['name']; } $row['news_num'] = number_format($row['news_num'], 0, ',', ' '); $news_link = << {$row['news_num']} HTML; } if ($row['comm_num'] == 0) { $comms_link = $row['comm_num']; } else { $row['comm_num'] = number_format($row['comm_num'], 0, ',', ' '); $comms_link = << {$row['comm_num']} HTML; } $user_delete = "
  • {$lang['user_del']}
    • "; if ($row['banned'] == 'yes') $user_level = "" . $lang['user_ban'] . ""; else $user_level = $user_group[$row['user_group']]['group_prefix'] . $user_group[$row['user_group']]['group_name'] . $user_group[$row['user_group']]['group_suffix'] . ""; if ($row['user_group'] == 1) $user_delete = ""; $pmname = urlencode($row['name']); $menu_link = << HTML; if (count(explode("@", $row['foto'])) == 2) { $avatar = 'https://www.gravatar.com/avatar/' . md5(trim($row['foto'])) . '?s=' . intval($user_group[$row['user_group']]['max_foto']); } else { if ($row['foto']) { if (strpos($row['foto'], "//") === 0) $avatar = "http:" . $row['foto']; else $avatar = $row['foto']; $avatar = @parse_url($avatar); if ($avatar['host']) { $avatar = $row['foto']; } else $avatar = $config['http_home_url'] . "uploads/fotos/" . $row['foto']; } else $avatar = "engine/skins/images/noavatar.png"; } $wait_for_delete .= "
    {$user_name}
    {$user_level}
    "; $wait_for_delete .= langdate($langformatdatefull, $row['reg_date']); $wait_for_delete .= " $last_login {$news_link} {$comms_link} {$menu_link} "; } if( $wait_for_delete ) { echo <<
    {$lang['selfdel_wait_2']} ({$i})
    {$wait_for_delete}
    {$lang['user_name']}  
    HTML; } echo ''; $grouplist = get_groups( 4 ); $group_list = get_groups(); $_REQUEST['search_name'] = isset($_REQUEST['search_name']) ? $_REQUEST['search_name'] : ''; $_REQUEST['search_mail'] = isset($_REQUEST['search_mail']) ? $_REQUEST['search_mail'] : ''; $_REQUEST['toregdate'] = isset($_REQUEST['toregdate']) ? $_REQUEST['toregdate'] : ''; $_REQUEST['fromregdate'] = isset($_REQUEST['fromregdate']) ? $_REQUEST['fromregdate'] : ''; $_REQUEST['fromentdate'] = isset($_REQUEST['fromentdate']) ? $_REQUEST['fromentdate'] : ''; $_REQUEST['toentdate'] = isset($_REQUEST['toentdate']) ? $_REQUEST['toentdate'] : ''; $search_name = $db->safesql( trim( htmlspecialchars( strip_tags( $_REQUEST['search_name'] ), ENT_QUOTES, $config['charset'] ) ) ); $search_mail = $db->safesql( trim( htmlspecialchars( strip_tags( $_REQUEST['search_mail'] ) ) ) ); $toregdate = $db->safesql( trim( htmlspecialchars( strip_tags( $_REQUEST['toregdate'] ) ) ) ); $fromregdate = $db->safesql( trim( htmlspecialchars( strip_tags( $_REQUEST['fromregdate'] ) ) ) ); $fromentdate = $db->safesql( trim( htmlspecialchars( strip_tags( $_REQUEST['fromentdate'] ) ) ) ); $toentdate = $db->safesql( trim( htmlspecialchars( strip_tags( $_REQUEST['toentdate'] ) ) ) ); $search_news_f = isset($_REQUEST['search_news_f']) ? intval( $_REQUEST['search_news_f'] ) : 0; $search_news_t = isset($_REQUEST['search_news_t']) ? intval( $_REQUEST['search_news_t'] ) : 0; $search_coms_f = isset($_REQUEST['search_coms_f']) ? intval( $_REQUEST['search_coms_f'] ) : 0; $search_coms_t = isset($_REQUEST['search_coms_t']) ? intval( $_REQUEST['search_coms_t'] ) : 0; if ( !$search_news_f ) $search_news_f = ""; if ( !$search_news_t ) $search_news_t = ""; if ( !$search_coms_f ) $search_coms_f = ""; if ( !$search_coms_t ) $search_coms_t = ""; if ( isset($_REQUEST['news_per_page']) AND intval($_REQUEST['news_per_page']) > 0 ) $news_per_page = intval( $_REQUEST['news_per_page'] ); else $news_per_page = 50; echo <<
    {$lang['user_auser']}
    HTML; if( isset($_REQUEST['search_reglevel']) AND $_REQUEST['search_reglevel'] ) { $search_reglevel = $_REQUEST['search_reglevel']; $group_list = get_groups( $_REQUEST['search_reglevel'] ); } else { $search_reglevel = false; $group_list = get_groups(); } if( isset($_REQUEST['search_banned']) AND $_REQUEST['search_banned'] == "yes" ) { $search_banned = "yes"; $ifch = "checked"; } else {$search_banned = ""; $ifch = "";} $disabled_news = isset($_REQUEST['disabled_news']) ? intval($_REQUEST['disabled_news']) : 0; $disabled_comments = isset($_REQUEST['disabled_comments']) ? intval($_REQUEST['disabled_comments']) : 0; if( $disabled_news ) $ifch1 = "checked"; else $ifch1 = ""; if( $disabled_comments ) $ifch2 = "checked"; else $ifch2 = ""; if( isset($_REQUEST['search_full_name']) AND $_REQUEST['search_full_name'] ) { $search_full_name = 1; $ifsfn = "checked"; } else { $search_full_name = ""; $ifsfn = ""; } $search_order_user = array ('----' => '', 'asc' => '', 'desc' => '' ); if( ! empty( $_REQUEST['search_order_u'] ) ) { $search_order_user[$_REQUEST['search_order_u']] = 'selected'; if ($_REQUEST['search_order_u'] == "desc" or $_REQUEST['search_order_u'] == "asc") $search_order_u = $_REQUEST['search_order_u']; } else { $search_order_user['----'] = 'selected'; } $search_order_reg = array ('----' => '', 'asc' => '', 'desc' => '' ); if( ! empty( $_REQUEST['search_order_r'] ) ) { $search_order_reg[$_REQUEST['search_order_r']] = 'selected'; if ($_REQUEST['search_order_r'] == "desc" or $_REQUEST['search_order_r'] == "asc") $search_order_r = $_REQUEST['search_order_r']; } else { $search_order_reg['----'] = 'selected'; } $search_order_last = array ('----' => '', 'asc' => '', 'desc' => '' ); if( ! empty( $_REQUEST['search_order_l'] ) ) { $search_order_last[$_REQUEST['search_order_l']] = 'selected'; if ($_REQUEST['search_order_l'] == "desc" or $_REQUEST['search_order_l'] == "asc") $search_order_l = $_REQUEST['search_order_l']; } else { $search_order_last['----'] = 'selected'; } $search_order_news = array ('----' => '', 'asc' => '', 'desc' => '' ); if( ! empty( $_REQUEST['search_order_n'] ) ) { $search_order_news[$_REQUEST['search_order_n']] = 'selected'; if ($_REQUEST['search_order_n'] == "desc" or $_REQUEST['search_order_n'] == "asc") $search_order_n = $_REQUEST['search_order_n']; } else { $search_order_news['----'] = 'selected'; } $search_order_coms = array ('----' => '', 'asc' => '', 'desc' => '' ); if( ! empty( $_REQUEST['search_order_c'] ) ) { $search_order_coms[$_REQUEST['search_order_c']] = 'selected'; if ($_REQUEST['search_order_c'] == "desc" or $_REQUEST['search_order_c'] == "asc") $search_order_c = $_REQUEST['search_order_c']; } else { $search_order_coms['----'] = 'selected'; } $start_from = isset($_REQUEST['start_from']) ? intval( $_REQUEST['start_from'] ) : 0; echo <<
    {$lang['user_se']}
    {$lang['edit_fdate']}  {$lang['edit_tdate']} 
    {$lang['edit_fdate']}  {$lang['edit_tdate']} 
    {$lang['edit_fdate']}  {$lang['edit_tdate']} 
    {$lang['edit_fdate']}  {$lang['edit_tdate']} 
    HTML; $where = array (); if( ! empty( $_REQUEST['search'] ) ) { if( $search_full_name ) $where[] = "name='{$search_name}'"; else $where[] = "name LIKE '%{$search_name}%'"; } if( ! empty( $search_mail ) ) { $where[] = "email LIKE '%$search_mail%'"; } if( ! empty( $search_banned ) ) { $search_banned = $db->safesql( $search_banned ); $where[] = "banned='$search_banned'"; } if( ! empty( $fromregdate ) ) { $where[] = "reg_date>='" . strtotime( $fromregdate ) . "'"; } if( ! empty( $toregdate ) ) { $where[] = "reg_date<='" . strtotime( $toregdate ) . "'"; } if( ! empty( $fromentdate ) ) { $where[] = "lastdate>='" . strtotime( $fromentdate ) . "'"; } if( ! empty( $toentdate ) ) { $where[] = "lastdate<='" . strtotime( $toentdate ) . "'"; } if( ! empty( $search_news_f ) ) { $search_news_f = intval( $search_news_f ); $where[] = "news_num>='$search_news_f'"; } if( ! empty( $search_news_t ) ) { $search_news_t = intval( $search_news_t ); $where[] = "news_num<'$search_news_t'"; } if( ! empty( $search_coms_f ) ) { $search_coms_f = intval( $search_coms_f ); $where[] = "comm_num>='$search_coms_f'"; } if( ! empty( $search_coms_t ) ) { $search_coms_t = intval( $search_coms_t ); $where[] = "comm_num<'$search_coms_t'"; } if( $search_reglevel ) { $search_reglevel = intval( $search_reglevel ); $where[] = "user_group='$search_reglevel'"; } if( $disabled_news ) { $where[] = "(restricted='1' OR restricted='3')"; } if( $disabled_comments ) { $where[] = "(restricted='2' OR restricted='3')"; } $where = implode( " AND ", $where ); if( ! $where ) { $where = "user_group < '4'"; $hint_search = "
    {$lang['hint_user']}
    "; } else $hint_search = ""; $order_by = array (); if( ! empty( $search_order_u ) ) { $order_by[] = "name $search_order_u"; } if( ! empty( $search_order_r ) ) { $order_by[] = "reg_date $search_order_r"; } if( ! empty( $search_order_l ) ) { $order_by[] = "lastdate $search_order_l"; } if( ! empty( $search_order_n ) ) { $order_by[] = "news_num $search_order_n"; } if( ! empty( $search_order_c ) ) { $order_by[] = "comm_num $search_order_c"; } $order_by = implode( ", ", $order_by ); if( ! $order_by ) { $order_by = "reg_date asc"; } $query_count = "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE $where"; $result_count = $db->super_query( $query_count ); $all_count_news = $result_count['count']; echo << {$hint_search}
    {$lang['user_list']} ({$all_count_news})
    HTML; $start_from = isset($_REQUEST['start_from']) ? intval( $_REQUEST['start_from'] ) : 0; $i = $start_from; $db->query( "SELECT * FROM " . USERPREFIX . "_users WHERE {$where} ORDER BY {$order_by} LIMIT {$start_from},{$news_per_page}" ); $i = 0; while ( $row = $db->get_row() ) { $i ++; $last_login = langdate( $langformatdatefull, $row['lastdate'] ); $user_name = "" . $row['name'] . ""; if( $row['news_num'] == 0 ) { $news_link = "$row[news_num]"; } else { $row['name'] = urlencode( $row['name'] ); if( $config['allow_alt_url'] ) { $url_user = $config['http_home_url']."user/".urlencode( $row['name'] )."/news/"; } else { $url_user = $config['http_home_url']."index.php?subaction=allnews&user=".$row['name']; } $row['news_num'] = number_format( $row['news_num'], 0, ',', ' '); $news_link = <<{$row['news_num']} HTML; } if( $row['comm_num'] == 0 ) { $comms_link = $row['comm_num']; } else { $row['comm_num'] = number_format( $row['comm_num'], 0, ',', ' '); $comms_link = <<{$row['comm_num']} HTML; } $user_delete = "
  • {$lang['user_del']}
    • "; if( $row['banned'] == 'yes' ) $user_level = "" . $lang['user_ban'] . ""; else $user_level = $user_group[$row['user_group']]['group_prefix'].$user_group[$row['user_group']]['group_name'].$user_group[$row['user_group']]['group_suffix'].""; if( $row['user_group'] == 1 ) $user_delete = ""; $pmname = urlencode($row['name']); $menu_link = << HTML; if ( count(explode("@", $row['foto'])) == 2 ) { $avatar = 'https://www.gravatar.com/avatar/' . md5(trim($row['foto'])) . '?s=' . intval($user_group[$row['user_group']]['max_foto']); } else { if( $row['foto'] ) { if (strpos($row['foto'], "//") === 0) $avatar = "http:".$row['foto']; else $avatar = $row['foto']; $avatar = @parse_url ( $avatar ); if( $avatar['host'] ) { $avatar = $row['foto']; } else $avatar = $config['http_home_url'] . "uploads/fotos/" . $row['foto']; } else $avatar = "engine/skins/images/noavatar.png"; } echo ""; } $db->free(); // pagination $npp_nav = ""; if( $all_count_news > $news_per_page ) { if( $start_from > 0 ) { $previous = $start_from - $news_per_page; $npp_nav .= "
  • <<
    • "; } $enpages_count = @ceil( $all_count_news / $news_per_page ); $enpages_start_from = 0; $enpages = ""; if( $enpages_count <= 10 ) { for($j = 1; $j <= $enpages_count; $j ++) { if( $enpages_start_from != $start_from ) { $enpages .= "
  • $j
    • "; } else { $enpages .= "
  • $j
    • "; } $enpages_start_from += $news_per_page; } $npp_nav .= $enpages; } else { $start = 1; $end = 10; if( $start_from > 0 ) { if( ($start_from / $news_per_page) > 4 ) { $start = @ceil( $start_from / $news_per_page ) - 3; $end = $start + 9; if( $end > $enpages_count ) { $start = $enpages_count - 10; $end = $enpages_count - 1; } $enpages_start_from = ($start - 1) * $news_per_page; } } if( $start > 2 ) { $enpages .= "
  • 1
  • ...
    • "; } for($j = $start; $j <= $end; $j ++) { if( $enpages_start_from != $start_from ) { $enpages .= "
  • $j
    • "; } else { $enpages .= "
  • $j
    • "; } $enpages_start_from += $news_per_page; } $enpages_start_from = ($enpages_count - 1) * $news_per_page; $enpages .= "
  • ...
  • $enpages_count
    • "; $npp_nav .= $enpages; } if( $all_count_news > $i ) { $how_next = $all_count_news - $i; if( $how_next > $news_per_page ) { $how_next = $news_per_page; } $npp_nav .= "
  • >>
    • "; } $npp_nav = ""; } // pagination echo <<
    {$lang['user_name']}  
    {$user_name}
    {$user_level}
    		 "; echo (langdate( $langformatdatefull, $row['reg_date'] )); echo " $last_login {$news_link} {$comms_link} {$menu_link}
    {$npp_nav}
    HTML; echofooter(); } elseif( $action == "export" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } $login = intval($_POST['login']); $name = intval($_POST['name']); $mail = intval($_POST['mail']); if( isset($_POST['toregdate']) ) { $toregdate = intval(strtotime( (string)$_POST['toregdate'] )); } else $toregdate = 0; if( isset($_POST['fromregdate']) ) { $fromregdate = intval(strtotime( (string)$_POST['fromregdate'] )); } else $fromregdate = 0; if( isset($_POST['fromentdate']) ) { $fromentdate = intval(strtotime( (string)$_POST['fromentdate'] )); } else $fromentdate = 0; if( isset($_POST['toentdate']) ) { $toentdate = intval(strtotime( (string)$_POST['toentdate'] )); } else $toentdate = 0; $where = array(); $where[] = "banned != 'yes'"; if (isset ($_POST['groups'])) { $groups = array (); if( count( $_POST['groups'] ) ) { foreach ( $_POST['groups'] as $value ) { if(intval($value)) $groups[] = intval($value); } if( count( $groups ) ) { $groups = implode( "','", $groups ); $where[] = "user_group IN ('" . $groups . "')"; } } } if( $fromregdate ) { $where[] = "reg_date>='" . $fromregdate . "'"; } if( $toregdate ) { $where[] = "reg_date<='" . $toregdate . "'"; } if( $fromentdate ) { $where[] = "lastdate>='" . $fromentdate . "'"; } if( $toentdate ) { $where[] = "lastdate<='" . $toentdate . "'"; } $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '108', '')" ); $db->query("SELECT email, name, fullname FROM " . USERPREFIX . "_users WHERE ".implode (" AND ", $where)." ORDER BY user_id DESC"); if( $_POST['format'] == "exel" ) { $rows = ""; if($login) $rows .= "{$lang['u_export_title_2']}"; if($name) $rows .= "{$lang['u_export_title_3']}"; if($mail) $rows .= "{$lang['u_export_title_4']}"; $rows .= ""; while( $row = $db->get_row() ) { $cells = ""; if($login) $cells .= "{$row['name']}"; if($name) $cells .= "{$row['fullname']}"; if($mail) $cells .= "{$row['email']}"; $rows .= "{$cells}"; } $db->free(); $db->close(); $rows .= "
    "; $rows = << {$rows} HTML; header( "Pragma: public" ); header( "Expires: 0" ); header( "Cache-Control: must-revalidate, post-check=0, pre-check=0"); header( "Cache-Control: private", false); header( "Content-Type: application/x-msexcel; charset={$config['charset']}" ); header( 'Content-Disposition: attachment; filename="users.xls"' ); header( "Content-Transfer-Encoding: binary" ); header( "Connection: close"); print( $rows ); die(); } else { header( "Pragma: public" ); header( "Expires: 0" ); header( "Cache-Control: must-revalidate, post-check=0, pre-check=0"); header( "Cache-Control: private", false); header( "Content-Type: text/csv; charset=utf-8" ); header( 'Content-Disposition: attachment; filename="users.csv"' ); $config['charset'] = strtolower( $config['charset'] ); $output = fopen('php://output', 'w'); fputs($output, $bom =( chr(0xEF) . chr(0xBB) . chr(0xBF) )); $header_column = array(); if($login) $header_column[] = $lang['u_export_title_2']; if($name) $header_column[] = $lang['u_export_title_3']; if($mail) $header_column[] = $lang['u_export_title_4']; fputcsv($output, $header_column, ";"); while( $row = $db->get_row() ) { $cells = array(); if($login) $cells[] = $row['name']; if($name) $cells[] = $row['fullname']; if($mail) $cells[] = $row['email']; fputcsv($output, $cells, ";"); } fclose($output); $db->free(); $db->close(); die(); } } elseif( $action == "adduser" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( !check_referer($_SERVER['PHP_SELF']."?mod=editusers") ) { msg( "error", $lang['index_denied'], $lang['no_referer'], "javascript:history.go(-1)" ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } if( ! $_POST['regusername'] ) { msg( "error", $lang['user_err'], $lang['user_err_1'], "javascript:history.go(-1)" ); } if( preg_match( "/[\||\'|\<|\>|\[|\]|\%|\"|\!|\?|\$|\@|\#|\/|\|\&\~\*\{\+]/", $_POST['regusername'] ) ) msg( "error", $lang['user_err'], $lang['user_err_6'], "javascript:history.go(-1)" ); if( ! $_POST['regpassword'] ) { msg( "error", $lang['user_err'], $lang['user_err_2'], "javascript:history.go(-1)" ); } if( empty( $_POST['regemail'] ) OR @count(explode("@", $_POST['regemail'])) != 2) { msg( "error", $lang['user_err_1'], $lang['user_err_1'], "javascript:history.go(-1)" ); } $regusername = $db->safesql($_POST['regusername']); $not_allow_symbol = array (""", "`", " ", ' ', ' ', " ", " ", '\', ",", "/", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'", " " ); $regemail = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $_POST['regemail'] ) ) ) ) ); $row = $db->super_query( "SELECT name, email FROM " . USERPREFIX . "_users WHERE name = '{$regusername}' OR email = '{$regemail}'" ); if( isset($row['email']) AND $row['email'] == $regemail ) { msg( "error", $lang['user_err'], $lang['user_err_4'], "javascript:history.go(-1)" ); } if( isset($row['name']) AND $row['name'] ) { msg( "error", $lang['user_err'], $lang['user_err_3'], "javascript:history.go(-1)" ); } $add_time = time(); $regpassword = $db->safesql( password_hash($_POST['regpassword'], PASSWORD_DEFAULT) ); $reglevel = intval( $_POST['reglevel'] ); if ( $member_id['user_group'] != 1 AND $reglevel < 2 ) $reglevel = 4; $db->query( "INSERT INTO " . USERPREFIX . "_users (name, password, email, user_group, reg_date, lastdate, info, signature, favorites, xfields) values ('$regusername', '$regpassword', '$regemail', '$reglevel', '$add_time', '$add_time','','','','')" ); $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '63', '{$regusername}')" ); clear_cache('stats'); msg( "success", $lang['user_addok'], "$lang[user_ok] $regusername $lang[user_ok_1] {$user_group[$reglevel]['group_name']}", "?mod=editusers&action=list" ); } elseif( $action == "edituser" ) { if( isset( $_REQUEST['user'] ) ) { $user = $db->safesql( strip_tags( urldecode( $_GET['user'] ) ) ); $skin = isset($_REQUEST['skin']) ? trim( totranslit($_REQUEST['skin'], false, false) ) : ''; if ( $skin ) $skin = "&skin=".$skin; if( $user ) { $row = $db->super_query( "SELECT user_id FROM " . USERPREFIX . "_users WHERE name = '$user'" ); if( isset($row['user_id']) AND $row['user_id'] ) { header( "Location: ?mod=editusers&action=edituser&id=" . $row['user_id'].$skin ); die(); } else { header( "Location: ?mod=editusers".$skin ); die(); } } } $skin = isset($_REQUEST['skin']) ? trim( totranslit($_REQUEST['skin'], false, false) ) : ''; if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { if($member_id['user_id'] != $id) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } $id = $member_id['user_id']; } $row = $db->super_query( "SELECT " . USERPREFIX . "_users.*, " . USERPREFIX . "_banned.days, " . USERPREFIX . "_banned.descr, " . USERPREFIX . "_banned.date as banned_date FROM " . USERPREFIX . "_users LEFT JOIN " . USERPREFIX . "_banned ON " . USERPREFIX . "_users.user_id=" . USERPREFIX . "_banned.users_id WHERE user_id = '$id'" ); if( ! $row['user_id'] ) { if($skin) die( $lang['user_nouser'] ); else msg( "error", $lang['index_denied'], $lang['user_nouser'], "javascript:history.go(-1)" ); } if ($member_id['user_group'] != 1 AND $row['user_group'] == 1 ) { if($skin) die( $lang['edit_not_admin'] ); else msg( "error", $lang['index_denied'], $lang['edit_not_admin'], "javascript:history.go(-1)" ); } $parse = new ParseFilter(); $parse->safe_mode = true; $row['fullname'] = $parse->decodeBBCodes( $row['fullname'], false ); $row['land'] = $parse->decodeBBCodes( $row['land'], false ); $row['info'] = $parse->decodeBBCodes( $row['info'], false ); $row['signature'] = $parse->decodeBBCodes( $row['signature'], false ); $row['descr'] = $parse->decodeBBCodes( $row['descr'], false ); $last_date = langdate( $langformatdatefull, $row['lastdate'] ); $reg_date = langdate( $langformatdatefull, $row['reg_date'] ); if( !$row['cat_allow_addnews']) $cat_allow_addnews_value = "selected"; else $cat_allow_addnews_value = ""; if( !$row['cat_add'] ) $cat_add_value = "selected"; else $cat_add_value = ""; $cat_allow_addnews_list = CategoryNewsSelection( explode( ',', $row['cat_allow_addnews'] ), 0, false ); $cat_add_list = CategoryNewsSelection( explode( ',', $row['cat_add'] ), 0, false ); if( $row['time_limit'] != "" ) $row['time_limit'] = date( "Y-m-d H:i", $row['time_limit'] ); if ( ($row['lastdate'] + 1200) > time() ) { $status ="".$lang['stats_online_1'].""; } else { $status ="".$lang['stats_online_2'].""; } if ( count(explode("@", $row['foto'])) == 2 ) { $avatar = 'https://www.gravatar.com/avatar/' . md5(trim($row['foto'])) . '?s=' . intval($user_group[$row['user_group']]['max_foto']); $gravatar = $row['foto']; } else { if( $row['foto'] ) { if (strpos($row['foto'], "//") === 0) $avatar = "http:".$row['foto']; else $avatar = $row['foto']; $avatar = @parse_url ( $avatar ); if( $avatar['host'] ) { $avatar = $row['foto']; } else $avatar = $config['http_home_url'] . "uploads/fotos/" . $row['foto']; } else { $avatar = "engine/skins/images/noavatar.png"; } $gravatar = ""; } if( $row['banned'] == "yes" ) $ifch = "checked"; else $ifch = ""; $row['days'] = intval( $row['days'] ); if( $row['banned'] == "yes" and $row['days'] ) $endban = $lang['ban_edate'] . " " . langdate( $langformatdatefull, $row['banned_date'] ); else $endban = ""; $restricted_selected = array (0 => '', 1 => '', 2 => '', 3 => '' ); $restricted_selected[$row['restricted']] = 'selected'; if( $row['restricted'] and $row['restricted_days'] ) $end_restricted = $lang['edit_tdate'] . " " . langdate( $langformatdatefull, $row['restricted_date'] ); else $end_restricted = ""; if( $row['restricted'] ) $lang['restricted_none'] = $lang['restricted_clear']; $group_list = get_groups( $row['user_group'] ); $timezoneselect = "{$lang['news_subscribe']}"; if( $row['comments_reply_subscribe'] ) $row['comments_reply_subscribe'] = "checked"; else $row['comments_reply_subscribe'] = ""; $commsubscribe = "
    "; $unsubscribe = "
    "; if( !$row['allow_mail'] ) $mailbox = "checked"; else $mailbox = ""; if ( !$skin ) { $ignore_list = array(); $temp_result = $db->query( "SELECT * FROM " . USERPREFIX . "_ignore_list WHERE user='{$row['user_id']}'" ); while ( $temp_row = $db->get_row( $temp_result ) ) { if( $config['allow_alt_url'] ) { $user_name = "" . $temp_row['user_from'] . ""; } else { $user_name = "" . $temp_row['user_from'] . ""; } $ignore_list[] = "{$user_name}"; } $db->free( $temp_result ); if (count($ignore_list)) $ignore_list = implode(", ", $ignore_list).""; else $ignore_list = ""; if( $config['twofactor_auth'] ) { $checked_auth = array('0' => "", '1' => "", '2' => ""); if ($row['twofactor_auth']) $checked_auth[$row['twofactor_auth']] = " selected "; if ($member_id['user_id'] === $row['user_id']) $allow_change = 1; else $allow_change = 0; if ($row['twofactor_auth'] == 2) $allow_change = 0; $twofactor_auth = ""; } else { $twofactor_auth = ""; } if($member_id['user_id'] != $row['user_id']) { $del_button = ""; } else $del_button = ""; $xfieldsaction = "list"; $adminmode = true; $xfieldsadd = false; $xfieldsid = $row['xfields']; include (DLEPlugins::Check(ENGINE_DIR . '/inc/userfields.php')); echoheader( "{$lang['user_head']}", $lang['user_edhead']." {$row['name']}" ); echo <<
    {$lang['user_edhead']} {$row['name']}
    {$timezoneselect}
    HTML; if( $user_group[$member_id['user_group']]['admin_editusers'] ) { echo <<
    HTML; } echo <<
    {$twofactor_auth}
    HTML; if( $user_group[$member_id['user_group']]['admin_editusers'] ) { echo <<
    {$endban}
    {$end_restricted}
    {$lang['hint_galaddnews']}
    {$lang['hint_gadc']}
    HTML; } echo <<
    HTML; if( $user_group[$member_id['user_group']]['admin_editusers'] ) { echo <<
    HTML; } $row['news_num'] = number_format( $row['news_num'], 0, ',', ' '); $row['comm_num'] = number_format( $row['comm_num'], 0, ',', ' '); $send_pm_link = "" . $lang['news_pmnew'] . ""; $comments_link = "" . $lang['see_user_comments'] . ""; if( $config['allow_alt_url'] ) { $news_link = "" . $lang['see_user_news'] . ""; } else { $news_link = "" . $lang['see_user_news'] . ""; } echo <<
    {$ignore_list}
    {$output}
    {$newssubscribe}
    {$commsubscribe}
    {$unsubscribe}
    {$del_button}
    {$row['name']}
    {$user_group[$row['user_group']]['group_name']}

    • {$row['news_num']}{$lang['stats_news']}

    • {$row['comm_num']}{$lang['stats_comments']}

    E-Mail
    {$row['email']}
    {$lang['stats_reg']}
    {$reg_date}
    {$lang['stats_last']}
    {$last_date}
    {$lang['stats_status']}
    {$status}
    IP
    {$row['logged_ip']}
    {$lang['stats_name']}
    {$row['fullname']}
    {$send_pm_link}
    {$news_link}
    {$comments_link}
    HTML; echofooter(); } else { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { die( $lang['index_denied'] ); } $css_path = $config['http_home_url']."templates/".$skin."/frame.css"; $theme = $config['http_home_url']."templates/".$skin; $ignore_list = array(); $temp_result = $db->query( "SELECT * FROM " . USERPREFIX . "_ignore_list WHERE user='{$row['user_id']}'" ); while ( $temp_row = $db->get_row( $temp_result ) ) { if( $config['allow_alt_url'] ) { $user_name = "" . $temp_row['user_from'] . ""; } else { $user_name = "" . $temp_row['user_from'] . ""; } $ignore_list[] = "{$user_name} \"\""; } $db->free( $temp_result ); if (count($ignore_list)) $ignore_list = implode(", ", $ignore_list).""; else $ignore_list = ""; $_SERVER['PHP_SELF'] = htmlspecialchars( $_SERVER['PHP_SELF'], ENT_QUOTES, $config['charset'] ); echo << {$lang['user_edhead']} HTML; $xfieldsaction = "admin"; $xfieldsid = $row['xfields']; include (DLEPlugins::Check(ENGINE_DIR . '/inc/userfields.php')); echo << {$output}
    {$lang['user_name']} {$row['name']}
    IP: {$row['logged_ip']}
    {$lang['user_news']} {$row['news_num']}
    {$lang['user_last']} {$last_date}
    {$lang['user_reg']} {$reg_date}
    {$lang['user_mail']}
    {$lang['user_newlogin']}
    {$lang['user_newpass']}
    {$lang['user_acc']}
    {$lang['user_gtlimit']}
    {$lang['user_banned']}
    {$lang['ban_date']} {$endban}
    {$lang['ban_descr']}
    {$lang['restricted']}
    {$lang['restricted_date']} {$end_restricted}
    {$lang['user_del_comments']}
    {$lang['opt_fullname']}
    {$lang['opt_land']}
    Gravatar:
    {$lang['user_avatar']}
    {$lang['user_del_avatar']}
    {$lang['extra_minfo']}
    {$lang['extra_signature']}
    {$lang['opt_sys_at']} {$timezoneselect}
    {$lang['allowed_ip']}
    {$lang['ignore_list']} {$ignore_list}
    {$newssubscribe}
    {$commsubscribe}
    {$unsubscribe}
     
    HTML; } } elseif( $action == "doedituser" ) { if( !$id ) { die( $lang['user_nouser'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { if($member_id['user_id'] != $id) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } $id = $member_id['user_id']; } if( !check_referer($_SERVER['PHP_SELF']."?mod=editusers") ) { if($_POST['popup']) die( $lang['no_referer'] ); else msg( "error", $lang['index_denied'], $lang['no_referer'], "javascript:history.go(-1)" ); } $row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id = '$id'" ); $xfieldsid = stripslashes( $row['xfields'] ); if( !$row['user_id'] ) { if($_POST['popup']) die( "User not found" ); else msg( "error", $lang['user_nouser'], $lang['user_nouser'], "javascript:history.go(-1)" ); } $sets=array(); $not_allow_symbol = array (""", "`", " ", ' ', ' ', " ", " ", '\', ",", "/", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'", " " ); $parse = new ParseFilter(); $parse->safe_mode = true; if ($member_id['user_group'] != 1 AND $row['user_group'] == 1 ) { if($_POST['popup']) die( $lang['edit_not_admin'] ); else msg( "error", $lang['user_err'], $lang['edit_not_admin'], "javascript:history.go(-1)" ); } if($_POST['editmail']) { $editmail = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $_POST['editmail'] ) ) ) ) ); if( empty( $editmail ) OR strlen( $editmail ) > 50 OR @count(explode("@", $editmail)) != 2) { if($_POST['popup']) die( $lang['mail_error'] ); else msg( "error", $lang['user_err'], $lang['mail_error'], "javascript:history.go(-1)" ); } if ($editmail != $row['email']) { if ( $db->num_rows( $db->query( "SELECT user_id FROM " . USERPREFIX . "_users WHERE email = '$editmail'" ) ) ) { if($_POST['popup']) die( $lang['user_err_4'] ); else msg( "error", $lang['user_err'], $lang['user_err_4'], "javascript:history.go(-1)" ); } $sets[] = "email='{$editmail}'"; $db->query( "UPDATE " . PREFIX . "_subscribe SET email='{$editmail}' WHERE user_id = '{$id}'" ); } } if( $user_group[$member_id['user_group']]['admin_editusers'] ) { $editlevel = intval( $_POST['editlevel'] ); if ($member_id['user_group'] != 1 AND $editlevel < 2 ){ if($_POST['popup']) die( $lang['admin_not_access'] ); else msg( "error", $lang['user_err'], $lang['admin_not_access'], "javascript:history.go(-1)" ); } if( $row['user_id'] == $member_id['user_id'] AND $editlevel != $row['user_group'] ) $editlevel = $row['user_group']; if( $editlevel == 5 ) $editlevel = 4; $sets[] = "user_group='{$editlevel}'"; $time_limit = trim( $_POST['time_limit'] ) ? strtotime( $_POST['time_limit'] ) : ""; if( !$user_group[$editlevel]['time_limit'] ) $time_limit = ""; $sets[] = "time_limit='$time_limit'"; if( isset($_POST['cat_add']) ) { $list = array(); foreach ( $_POST['cat_add'] as $value ) { if( intval($value) > 0 ) $list[] = intval($value); } $sets[] = "cat_add='".$db->safesql( implode( ',', $list) )."'"; } if( isset($_POST['cat_allow_addnews']) ) { $list = array(); foreach ( $_POST['cat_allow_addnews'] as $value ) { if( intval($value) > 0 ) $list[] = intval($value); } $sets[] = "cat_allow_addnews='".$db->safesql( implode( ',', $list) )."'"; } if( $_POST['editlogin'] ) { $editlogin = strtr($_POST['editlogin'], array_flip(get_html_translation_table(HTML_ENTITIES, ENT_QUOTES, $config['charset']))); $editlogin = trim($editlogin, chr(0xC2).chr(0xA0)); $editlogin = preg_replace('#\s+#i', ' ', $editlogin); $editlogin = $db->safesql( $parse->process( htmlspecialchars( trim( $editlogin ), ENT_QUOTES, $config['charset'] ) ) ); if( preg_match( "/[\||\'|\<|\>|\[|\]|\%|\"|\!|\?|\$|\@|\#|\/|\|\&\~\*\{\+]/", $editlogin ) OR dle_strlen($editlogin, $config['charset'] ) > 40 OR dle_strlen($editlogin, $config['charset']) < 3 OR strpos( strtolower ($editlogin) , '.php' ) !== false) { if(isset($_POST['popup']) AND $_POST['popup']) die( $lang['user_err_6'] ); else msg( "error", $lang['user_err'], $lang['user_err_6'], "javascript:history.go(-1)" ); } if( trim( $editlogin ) != "" ) { $find_user = $db->super_query( "SELECT user_id FROM " . USERPREFIX . "_users WHERE name='{$editlogin}'" ); if( !isset($find_user['user_id']) ) { $row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$id}'" ); $db->query( "UPDATE " . PREFIX . "_post SET autor='{$editlogin}' WHERE autor='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_comments SET autor='{$editlogin}' WHERE autor='{$row['name']}' AND is_register='1'" ); $db->query( "UPDATE " . USERPREFIX . "_pm SET user_from='{$editlogin}' WHERE user_from='{$row['name']}'" ); $db->query( "UPDATE " . USERPREFIX . "_ignore_list SET user_from='{$editlogin}' WHERE user_from='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_vote_result SET name='{$editlogin}' WHERE name='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_images SET author='{$editlogin}' WHERE author='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_files SET author='{$editlogin}' WHERE author='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_comments_files SET author='{$editlogin}' WHERE author='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_comment_rating_log SET `member`='{$editlogin}' WHERE `member`='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_logs SET `member`='{$editlogin}' WHERE `member`='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_post_extras SET editor='{$editlogin}' WHERE editor='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_subscribe SET name='{$editlogin}' WHERE name='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_complaint SET `from`='{$editlogin}' WHERE `from`='{$row['name']}'" ); $sets[] = "name='{$editlogin}'"; } else { if($_POST['popup']) die( $lang['user_edit_found'] ); else msg( "error", $lang['user_err'], $lang['user_edit_found'], "javascript:history.go(-1)" ); } } } if ( isset($_POST['banned']) AND $_POST['banned'] AND $row['user_group'] != 1 ) $banned = "yes"; else $banned = ""; $sets[] = "banned='{$banned}'"; if( $banned ) { $banned_descr = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['banned_descr'] ), false ) ); $this_time = time(); $banned_date = intval( $_POST['banned_date'] ); $this_time = $banned_date ? $this_time + ($banned_date * 60 * 60 * 24) : 0; $row = $db->super_query( "SELECT users_id, days FROM " . USERPREFIX . "_banned WHERE users_id = '$id'" ); if( !$row['users_id'] ) { $db->query( "INSERT INTO " . USERPREFIX . "_banned (users_id, descr, date, days) values ('$id', '$banned_descr', '$this_time', '$banned_date')" ); } else { if( $row['days'] != $banned_date ) $db->query( "UPDATE " . USERPREFIX . "_banned set descr='$banned_descr', days='$banned_date', date='$this_time' WHERE users_id = '$id'" ); else $db->query( "UPDATE " . USERPREFIX . "_banned set descr='$banned_descr' WHERE users_id = '$id'" ); } $db->query( "DELETE FROM " . PREFIX . "_subscribe WHERE user_id='{$id}'" ); @unlink( ENGINE_DIR . '/cache/system/banned.php' ); } else { $db->query( "DELETE FROM " . USERPREFIX . "_banned WHERE users_id = '{$id}'" ); @unlink( ENGINE_DIR . '/cache/system/banned.php' ); } if( $_POST['restricted'] ) { $restricted = intval( $_POST['restricted'] ); $restricted_days = intval( $_POST['restricted_days'] ); $sets[] = "restricted='{$restricted}'"; if( $restricted_days != $_POST['prev_restricted'] ) { $restricted_date = time(); $restricted_date = $restricted_days ? $restricted_date + ($restricted_days * 60 * 60 * 24) : ''; $sets[] = "restricted_days='$restricted_days', restricted_date='$restricted_date'"; } } else { $sets[] = "restricted='0', restricted_days='0', restricted_date=''"; } if( isset($_POST['del_comments']) AND $_POST['del_comments'] ) { $db->query( "UPDATE " . USERPREFIX . "_users set comm_num='0' WHERE user_id ='{$id}'" ); deletecommentsbyuserid($id); } } if( trim( $_POST['editpass'] ) != "" ) { $editpass = $db->safesql( password_hash($_POST['editpass'], PASSWORD_DEFAULT) ); if( !$editpass ) { die("PHP extension Crypt must be loaded for password_hash to function"); } $sets[] = "password='{$editpass}'"; } if( isset($_POST['allow_mail']) AND $_POST['allow_mail'] ) $allow_mail = 0; else $allow_mail = 1; $sets[] = "allow_mail='{$allow_mail}'"; $timezones = array('Pacific/Midway','US/Samoa','US/Hawaii','US/Alaska','US/Pacific','America/Tijuana','US/Arizona','US/Mountain','America/Chihuahua','America/Mazatlan','America/Mexico_City','America/Monterrey','US/Central','US/Eastern','US/East-Indiana','America/Lima','America/Caracas','Canada/Atlantic','America/La_Paz','America/Santiago','Canada/Newfoundland','America/Buenos_Aires','America/Godthab','Atlantic/Stanley','Atlantic/Azores','Africa/Casablanca','Europe/Dublin','Europe/Lisbon','Europe/London','Europe/Amsterdam','Europe/Belgrade','Europe/Berlin','Europe/Bratislava','Europe/Brussels','Europe/Budapest','Europe/Copenhagen','Europe/Madrid','Europe/Paris','Europe/Prague','Europe/Rome','Europe/Sarajevo','Europe/Stockholm','Europe/Vienna','Europe/Warsaw','Europe/Zagreb','Europe/Athens','Europe/Bucharest','Europe/Helsinki','Europe/Istanbul','Asia/Jerusalem','Europe/Kiev','Europe/Minsk','Europe/Riga','Europe/Sofia','Europe/Tallinn','Europe/Vilnius','Asia/Baghdad','Asia/Kuwait','Africa/Nairobi','Asia/Tehran','Europe/Kaliningrad','Europe/Moscow','Europe/Volgograd','Europe/Samara','Asia/Baku','Asia/Muscat','Asia/Tbilisi','Asia/Yerevan','Asia/Kabul','Asia/Yekaterinburg','Asia/Tashkent','Asia/Kolkata','Asia/Kathmandu','Asia/Almaty','Asia/Novosibirsk','Asia/Jakarta','Asia/Krasnoyarsk','Asia/Hong_Kong','Asia/Kuala_Lumpur','Asia/Singapore','Asia/Taipei','Asia/Ulaanbaatar','Asia/Urumqi','Asia/Irkutsk','Asia/Seoul','Asia/Tokyo','Australia/Adelaide','Australia/Darwin','Asia/Yakutsk','Australia/Brisbane','Pacific/Port_Moresby','Australia/Sydney','Asia/Vladivostok','Asia/Sakhalin','Asia/Magadan','Pacific/Auckland','Pacific/Fiji'); $timezone = $db->safesql( (string)$_POST['timezone'] ); if (!in_array($timezone, $timezones)) $timezone = ''; $sets[] = "timezone='{$timezone}'"; if ($_POST['allowed_ip']) { $_POST['allowed_ip'] = str_replace( " ", "", trim( $_POST['allowed_ip'] ) ); $allowed_ip = str_replace( " ", "|", $_POST['allowed_ip'] ); $temp_array = explode ("|", $allowed_ip); $allowed_ip = array(); if (count($temp_array)) { foreach ( $temp_array as $value ) { $value = explode ('/', trim($value) ); $value1 = $value[0]; $value[0] = str_replace( "*", "0", $value[0] ); if ( filter_var( $value[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ) { $value[0] = filter_var( $value[0] , FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } elseif ( filter_var( $value[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ) { $value[0] = filter_var( $value[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); } else $value[0] = false; if( $value[0] ) { $value[0] = $value1; if( intval($value[1]) ) { $allowed_ip[] = trim($value[0])."/".intval($value[1]); } else $allowed_ip[] = trim($value[0]); } } } if ( count($allowed_ip) ) $allowed_ip = $db->safesql( $parse->process( implode("|", $allowed_ip) ) ); else $allowed_ip = ""; } else $allowed_ip = ""; $_POST['editfullname'] = isset($_POST['editfullname']) ? $_POST['editfullname'] : ''; $_POST['editland'] = isset($_POST['editland']) ? $_POST['editland'] : ''; $_POST['editinfo'] = isset($_POST['editinfo']) ? $_POST['editinfo'] : ''; $_POST['editsignature'] = isset($_POST['editsignature']) ? $_POST['editsignature'] : ''; $_POST['news_subscribe'] = isset($_POST['news_subscribe']) ? $_POST['news_subscribe'] : 0; $_POST['comments_reply_subscribe'] = isset($_POST['comments_reply_subscribe']) ? $_POST['comments_reply_subscribe'] : 0; $_POST['twofactor_auth'] = isset($_POST['twofactor_auth']) ? intval($_POST['twofactor_auth']) : 0; $sets[] = "allowed_ip='{$allowed_ip}'"; $sets[] = "fullname='".$db->safesql( $parse->process( $_POST['editfullname'] ) )."'"; $sets[] = "land='".$db->safesql( $parse->process( $_POST['editland'] ) )."'"; $sets[] = "info='".$db->safesql( $parse->BB_Parse( $parse->process( $_POST['editinfo'] ), false ) )."'"; $sets[] = "signature='".$db->safesql( $parse->BB_Parse( $parse->process( $_POST['editsignature'] ), false ) )."'"; $sets[] = "news_subscribe='".intval($_POST['news_subscribe'])."'"; $sets[] = "comments_reply_subscribe='".intval($_POST['comments_reply_subscribe'])."'"; if ( !isset($_POST['popup']) OR !$_POST['popup'] ) { if ($_POST['twofactor_auth'] == 2) { if ($row['twofactor_secret']) $sets[] = "twofactor_auth='2'"; else $sets[] = "twofactor_auth='0'"; } else { $sets[] = "twofactor_auth='" . intval($_POST['twofactor_auth']) . "', twofactor_secret=''"; } } if ( isset($_POST['unsubscribe']) AND $_POST['unsubscribe'] ) $db->query( "DELETE FROM " . PREFIX . "_subscribe WHERE user_id = '{$row['user_id']}'" ); if ( isset($_POST['gravatar']) AND $_POST['gravatar'] ) { $gravatar = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $_POST['gravatar'] ) ) ) ) ); if ( count(explode("@", $gravatar)) == 2 AND strlen( $gravatar ) < 50 ) { $sets[] = "foto='{$gravatar}'"; } else $sets[] = "foto=''"; } else { if (count(explode("@", $row['foto'])) == 2) $sets[] = "foto=''"; } $image = $_FILES['image']['tmp_name']; $image_size = $_FILES['image']['size']; $file_parts = pathinfo( $_FILES['image']['name'] ); if( is_uploaded_file( $image ) and ! $stop ) { if( intval( $user_group[$member_id['user_group']]['max_foto'] ) > 0 ) { if( !$config['avatar_size'] OR $image_size < ($config['avatar_size'] * 1024) ) { $driver = DLEFiles::getDefaultStorage(); $config['avatar_remote'] = intval($config['avatar_remote']); if ($config['avatar_remote'] > -1) $driver = $config['avatar_remote']; DLEFiles::init( $driver, $config['local_on_fail'] ); $thumb = new thumbnail( $_FILES['image']['tmp_name'] ); if ( !$thumb->error) { if( !$config['tinypng_avatar'] ) { $thumb->tinypng = false; } $thumb->tinypng_resize = true; $thumb->size_auto( $user_group[$member_id['user_group']]['max_foto'] ); if( $row['foto'] ) { $url = @parse_url ( $row['foto'] ); $row['foto'] = basename($url['path']); DLEFiles::Delete( "fotos/".totranslit($row['foto']) ); $db->query( "UPDATE " . USERPREFIX . "_users set foto='' WHERE user_id = '{$id}'" ); } $foto_name = $thumb->save( "fotos/foto_" . $row['user_id'] . '_' . $_TIME . "." . $file_parts['extension'] ); if ( $foto_name AND !$thumb->error) { if ( $driver AND !DLEFiles::$remote_error ) { $foto_name = $db->safesql( DLEFiles::GetBaseURL() . "fotos/" . $foto_name ); } else { if (strpos($config['http_home_url'], "//") === 0) $avatar_url = $config['http_home_url']; elseif (strpos($config['http_home_url'], "/") === 0) $avatar_url = "//".$_SERVER['HTTP_HOST'].$config['http_home_url']; else $avatar_url = $config['http_home_url']; $avatar_url = str_ireplace("https:", "", $avatar_url); $avatar_url = str_ireplace("http:", "", $avatar_url); $foto_name = $db->safesql( $avatar_url . "uploads/fotos/" . $foto_name ); } $db->query( "UPDATE " . USERPREFIX . "_users SET foto='{$foto_name}' WHERE user_id = '{$id}'" ); } } } } } if( isset($_POST['del_foto']) AND $_POST['del_foto'] == "yes" ) { $row = $db->super_query( "SELECT foto FROM " . USERPREFIX . "_users WHERE user_id='$id'" ); if(isset($row['foto']) AND $row['foto']) { $sets[] = "foto=''"; $url = @parse_url ( $row['foto'] ); $row['foto'] = basename($url['path']); $driver = DLEFiles::getDefaultStorage(); $config['avatar_remote'] = intval($config['avatar_remote']); if ($config['avatar_remote'] > -1) $driver = $config['avatar_remote']; DLEFiles::init( $driver ); DLEFiles::Delete( "fotos/".totranslit($row['foto']) ); } } $xfieldsaction = "init"; $xfieldsadd = false; include (DLEPlugins::Check(ENGINE_DIR . '/inc/userfields.php')); $filecontents = array (); if( !empty( $postedxfields ) ) { foreach ( $postedxfields as $xfielddataname => $xfielddatavalue ) { if( trim($xfielddatavalue) == "" ) { continue; } $xfielddatavalue = $db->safesql( $parse->BB_Parse( $parse->process( trim($xfielddatavalue) ), false ) ); $xfielddataname = $db->safesql( str_replace( $not_allow_symbol, '', $xfielddataname) ); $xfielddataname = str_replace( "|", "|", $xfielddataname ); $xfielddatavalue = str_replace( "|", "|", $xfielddatavalue ); $filecontents[] = "$xfielddataname|$xfielddatavalue"; } $filecontents = implode( "||", $filecontents ); $sets[] = "xfields='{$filecontents}'"; } else $filecontents = ''; $db->query( "UPDATE " . USERPREFIX . "_users SET ".implode(", ", $sets)." WHERE user_id='{$id}'" ); $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '64', '{$row['name']}')" ); if(isset($_POST['popup']) AND $_POST['popup']) { $_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $config['charset'] ); $_SERVER['REQUEST_URI'] = str_replace("&","&", $_SERVER['REQUEST_URI'] ); header( "Location: {$_SERVER['REQUEST_URI']}" ); die(); } else msg( "success", $lang['user_editok'], $lang['opt_peok'], "?mod=editusers&action=edituser&id=".$id ); } elseif( $action == "dodeleteuser" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } if( ! $id ) { if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") die( $lang['user_nouser'] ); else msg( "error", $lang['user_err'], $lang['user_nouser'] ); } if( $id == 1 ) { if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") die( $lang['user_undel'] ); else msg( "error", $lang['user_err'], $lang['user_undel'] ); } $row = $db->super_query("SELECT email, name, user_id, user_group, foto, news_num FROM " . USERPREFIX . "_users WHERE user_id='{$id}'" ); if( !isset($row['user_id']) OR !$row['user_id'] ) { if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") die( $lang['user_nouser'] ); else msg( "error", $lang['user_err'], $lang['user_nouser'] ); } if( $member_id['user_id'] == $row['user_id']) { if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") die( $lang['no_self'] ); else msg( "error", $lang['user_err'], $lang['no_self'] ); } if ($member_id['user_group'] != 1 AND $row['user_group'] == 1 ) { if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") die( $lang['user_undel'] ); else msg( "error", $lang['user_err'], $lang['user_undel'] ); } if( !isset($_REQUEST['new_username']) AND $row['news_num']) { if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") { $css_path = $config['http_home_url'] . "templates/" . trim(totranslit($_REQUEST['skin'], false, false)) . "/frame.css"; echo <<
    {$lang['set_new_name']}
    {$lang['edit_selauthor_2']}
    HTML; die(); } else { echoheader("{$lang['header_box_title']}", $lang['edit_selauthor_1']); if (isset($_REQUEST['self_delete_user']) and $_REQUEST['self_delete_user'] == 'self_delete_user') { $self = ''; } else $self = ''; echo <<
    {$lang['edit_selauthor_1']}
    {$lang['set_new_name']}
    {$lang['edit_selauthor_2']} {$self}
    HTML; echofooter(); die(); } } elseif( isset($_REQUEST['new_username']) AND $_REQUEST['new_username'] AND $row['news_num']) { $new_username = $db->safesql( trim( strip_tags( urldecode( $_REQUEST['new_username'] ) ) ) ); $row_new_user = $db->super_query( "SELECT user_id, name, news_num FROM " . USERPREFIX . "_users WHERE name = '{$new_username}' AND user_id != '{$row['user_id']}' " ); if( !$row_new_user['user_id'] ) { if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") die( $lang['edit_selauthor_3'] ); else msg( "error", $lang['user_err'], $lang['edit_selauthor_3'] ); } $db->query( "UPDATE " . PREFIX . "_post SET autor='{$row_new_user['name']}' WHERE autor='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_post_extras SET user_id='{$row_new_user['user_id']}' WHERE user_id='{$row['user_id']}'" ); $db->query( "UPDATE " . PREFIX . "_images SET author='{$row_new_user['name']}' WHERE author='{$row['name']}'" ); $db->query( "UPDATE " . PREFIX . "_files SET author='{$row_new_user['name']}' WHERE author='{$row['name']}'" ); $db->query( "UPDATE " . USERPREFIX . "_users SET news_num=news_num+{$row['news_num']} WHERE user_id='{$row_new_user['user_id']}'" ); clear_cache( array('news_', 'comm_', 'full_') ); } deleteuserbyid($id); $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '65', '{$row['name']}')" ); clear_cache(array('stats')); if( isset($_REQUEST['self_delete_user']) AND $_REQUEST['self_delete_user'] == 'self_delete_user') { if (strpos($config['http_home_url'], "//") === 0) { $config['http_home_url'] = isSSL() ? $config['http_home_url'] = "https:" . $config['http_home_url'] : $config['http_home_url'] = "http:" . $config['http_home_url']; } elseif (strpos($config['http_home_url'], "/") === 0) { $config['http_home_url'] = isSSL() ? $config['http_home_url'] = "https://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'] : "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; } elseif (isSSL() and stripos($config['http_home_url'], 'http://') !== false) { $config['http_home_url'] = str_replace("http://", "https://", $config['http_home_url']); } $mail = new dle_mail($config, false); $lang['selfdel_wait_5'] = str_replace('{name}', $row['name'], $lang['selfdel_wait_5']); $lang['selfdel_wait_5'] = str_replace('{site}', $config['http_home_url'], $lang['selfdel_wait_5']); $mail->send($row['email'], $lang['selfdel_wait_4'], $lang['selfdel_wait_5']); } if (isset($_REQUEST['popup']) AND $_REQUEST['popup'] == "yes") { die( $lang['user_ok']." ".$lang['user_delok_1'] ); } else { msg( "success", $lang['user_delok'], "{$lang['user_ok']} {$lang['user_delok_1']}", "?mod=editusers&action=list" ); } } elseif( $action == "dodelcomments" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( ! $id ) { die( $lang['user_nouser'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } $row = $db->super_query( "SELECT name FROM " . USERPREFIX . "_users WHERE user_id='{$id}'" ); $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '97', '".$db->safesql($row['name'])."')" ); if($_GET['moderation'] == "only") { $result = $db->query( "SELECT id FROM " . PREFIX . "_comments WHERE user_id='{$id}' AND is_register='1' AND approve='0'" ); } else { $result = $db->query( "SELECT id FROM " . PREFIX . "_comments WHERE user_id='{$id}' AND is_register='1'" ); } while ( $row = $db->get_array( $result ) ) { deletecomments( $row['id'] ); } $db->free( $result ); if($_GET['moderation'] != "only") { $db->query( "UPDATE " . USERPREFIX . "_users SET comm_num='0' WHERE user_id ='$id'" ); } clear_cache(array('news_', 'comm_', 'full_', 'stats')); msg( "success", $lang['user_delok'], $lang['comm_alldel'], "?mod=editusers&action=list" ); } elseif( $action == "dodelnews" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( ! $id ) { die( $lang['user_nouser'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } $row = $db->super_query( "SELECT name FROM " . USERPREFIX . "_users WHERE user_id='{$id}'" ); $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '98', '".$db->safesql($row['name'])."')" ); if($_GET['moderation'] == "only") { $result = $db->query( "SELECT id FROM " . PREFIX . "_post WHERE autor='".$db->safesql($row['name'])."' AND approve='0'" ); } else { $result = $db->query( "SELECT news_id as id FROM " . PREFIX . "_post_extras WHERE user_id='{$id}'" ); } while ( $row = $db->get_array( $result ) ) { deletenewsbyid( $row['id'] ); } if($_GET['moderation'] != "only") { $db->query( "UPDATE " . USERPREFIX . "_users SET news_num='0' WHERE user_id ='{$id}'" ); } $db->free( $result ); clear_cache(array('news_', 'full_', 'comm_', 'related_', 'tagscloud_', 'archives_', 'calendar_', 'topnews_', 'rss', 'stats')); msg( "success", $lang['user_delok'], $lang['news_alldel'], "?mod=editusers&action=list" ); } elseif( $action == "dochangenews" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } $newuser = $db->safesql( trim( urldecode ( $_GET['newuser'] ) ) ); $old_user_id = intval($_GET['id']); $row = $db->super_query( "SELECT user_id, name FROM " . USERPREFIX . "_users WHERE name = '{$newuser}'" ); if( $row['user_id'] ) { $new_user_id = $row['user_id']; $new_user_name = $db->safesql($row['name']); $row = $db->super_query( "SELECT name FROM " . USERPREFIX . "_users WHERE user_id = '{$old_user_id}'" ); $old_user_name = $db->safesql($row['name']); if($new_user_id AND $new_user_name AND $old_user_id AND $old_user_name ) { $db->query( "UPDATE " . PREFIX . "_post SET autor='{$new_user_name}' WHERE autor='{$old_user_name}'" ); $db->query( "UPDATE " . PREFIX . "_post_extras SET user_id='{$new_user_id}' WHERE user_id='{$old_user_id}'" ); $db->query( "UPDATE " . PREFIX . "_images SET author='{$new_user_name}' WHERE author='{$old_user_name}'" ); $db->query( "UPDATE " . PREFIX . "_files SET author='{$new_user_name}' WHERE author='{$old_user_name}'" ); $db->query( "UPDATE " . USERPREFIX . "_users SET news_num='0' WHERE user_id='{$old_user_id}'" ); $row = $db->super_query( "SELECT COUNT(*) as count FROM " . PREFIX . "_post_extras WHERE user_id='{$new_user_id}'" ); $db->query( "UPDATE " . USERPREFIX . "_users SET news_num='{$row['count']}' WHERE user_id='{$new_user_id}'" ); clear_cache(array('news_', 'full_', 'related_', 'topnews_')); msg( "success", $lang['edit_selauthor_4'], $lang['news_allchange']." {$new_user_name}", "?mod=editusers&action=list" ); } else { msg( "error", $lang['addnews_error'], $lang['user_nouser'], "javascript:history.go(-1)" ); } } else { msg( "error", $lang['addnews_error'], $lang['user_nouser'], "javascript:history.go(-1)" ); } } elseif( $action == "dorebuildnews" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } $user_id = intval($_GET['id']); $row = $db->super_query( "SELECT user_id FROM " . USERPREFIX . "_users WHERE user_id = '{$user_id}'" ); if( !$row['user_id'] ) { msg( "error", $lang['addnews_error'], $lang['user_nouser'], "javascript:history.go(-1)" ); } $row = $db->super_query( "SELECT COUNT(*) as count FROM " . PREFIX . "_post_extras WHERE user_id='{$user_id}'" ); $db->query( "UPDATE " . USERPREFIX . "_users SET news_num='{$row['count']}' WHERE user_id='{$user_id}'" ); msg( "success", $lang['r_ok1'], $lang['r_ok1'], "?mod=editusers&action=list" ); } elseif( $action == "dorebuildcomments" ) { if( !$user_group[$member_id['user_group']]['admin_editusers'] ) { msg( "error", $lang['index_denied'], $lang['index_denied'] ); } if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die( "Hacking attempt! User not found" ); } $user_id = intval($_GET['id']); $row = $db->super_query( "SELECT user_id FROM " . USERPREFIX . "_users WHERE user_id = '{$user_id}'" ); if( !$row['user_id'] ) { msg( "error", $lang['addnews_error'], $lang['user_nouser'], "javascript:history.go(-1)" ); } $row = $db->super_query( "SELECT COUNT(*) as count FROM " . PREFIX . "_comments WHERE user_id='{$user_id}'" ); $db->query( "UPDATE " . USERPREFIX . "_users SET comm_num='{$row['count']}' WHERE user_id='{$user_id}'" ); msg( "success", $lang['r_ok2'], $lang['r_ok2'], "?mod=editusers&action=list" ); } elseif ($action == "dorejectrequests") { if (!$user_group[$member_id['user_group']]['admin_editusers']) { msg("error", $lang['index_denied'], $lang['index_denied']); } if (!isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } $user_id = intval($_REQUEST['id']); $row = $db->super_query("SELECT email, name, user_id FROM " . USERPREFIX . "_users WHERE user_id = '{$user_id}'"); if (!isset($row['user_id']) OR !$row['user_id']) { msg("error", $lang['addnews_error'], $lang['user_nouser'], "javascript:history.go(-1)"); } $db->query("DELETE FROM " . USERPREFIX . "_users_delete WHERE user_id='{$row['user_id']}'"); if( $_POST['text'] ) { $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $parse->allowbbcodes = false; $message = <<safesql($parse->BB_Parse($parse->process(trim($message)), false)); $db->query("INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('{$lang['selfdel_wait_4']}', '{$message}', '{$row['user_id']}', '{$member_id['name']}', '{$_TIME}', '0', 'inbox')"); $newpmid = $db->insert_id(); $db->query("UPDATE " . USERPREFIX . "_users SET pm_all=pm_all+1, pm_unread=pm_unread+1 WHERE user_id='{$row['user_id']}'"); if ($config['mail_pm']) { $mail_template = $db->super_query("SELECT * FROM " . PREFIX . "_email WHERE name='pm' LIMIT 0,1"); $mail = new dle_mail($config, $mail_template['use_html']); if (strpos($config['http_home_url'], "//") === 0) $slink = "https:" . $config['http_home_url']; elseif (strpos($config['http_home_url'], "/") === 0) $slink = "https://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; else $slink = $config['http_home_url']; $slink = $slink . "index.php?do=pm&doaction=readpm&pmid=" . $newpmid; $mail_template['template'] = stripslashes($mail_template['template']); $mail_template['template'] = str_replace("{%username%}", $row['name'], $mail_template['template']); $mail_template['template'] = str_replace("{%date%}", langdate("j F Y H:i", $_TIME), $mail_template['template']); $mail_template['template'] = str_replace("{%fromusername%}", $member_id['name'], $mail_template['template']); $mail_template['template'] = str_replace("{%title%}", $lang['selfdel_wait_4'], $mail_template['template']); $mail_template['template'] = str_replace("{%url%}", $slink, $mail_template['template']); $message = stripslashes(stripslashes($message)); if (!$mail_template['use_html']) { $message = str_replace("
    ", " ", $message); $message = str_replace('"', '"', $message); $message = strip_tags($message); } $mail_template['template'] = str_replace("{%text%}", $message, $mail_template['template']); $mail->send($row['email'], $lang['selfdel_wait_4'], $mail_template['template']); } die('ok'); } header("Location: ?mod=editusers"); die(); } else { header("Location: ?mod=editusers"); die(); } ?>