toDB($_POST['userip']));
exit;
}
if (isset($_POST['useraction']) && $_POST['useraction'] == 'usersettings') {
header('location:'.e_BASE."usersettings.php?".$tp -> toDB($_POST['userid']));
exit;
}
if (isset($_POST['useraction']) && $_POST['useraction'] == 'userclass') {
header('location:'.e_ADMIN."userclass.php?".$tp -> toDB($_POST['userid'].".".e_QUERY));
exit;
}
$e_sub_cat = 'users';
$user = new users;
require_once("auth.php");
require_once(e_HANDLER."form_handler.php");
$rs = new form;
if (e_QUERY) {
$tmp = explode(".", e_QUERY);
$action = $tmp[0];
$sub_action = $tmp[1];
$id = $tmp[2];
$from = ($tmp[3] ? $tmp[3] : 0);
unset($tmp);
}
$from = (isset($from)) ? $from : 0;
$amount = 30;
if(isset($_POST['check_bounces'])){
$user->check_bounces();
}
// ------- Resend Email. --------------
if (isset($_POST['resend_mail'])) {
$user->resend($_POST['resend_id'],$_POST['resend_key'],$_POST['resend_name'],$_POST['resend_email']);
}
// ------- Resend Email. --------------
if(isset($_POST['resend_to_all'])){
$user->resend_to_all();
}
// ------- Test Email. --------------
if (isset($_POST['test_mail'])) {
require_once(e_HANDLER."mail_validation_class.php");
list($adminuser,$adminhost) = split ("@", SITEADMINEMAIL);
$validator = new email_validation_class;
$validator->localuser= $adminuser;
$validator->localhost= $adminhost;
$validator->timeout=5;
$validator->debug=1;
$validator->html_debug=1;
$text = "
";
ob_start();
$email_status = $validator->ValidateEmailBox($_POST['test_email']);
$text .= ob_get_contents();
ob_end_clean();
$text .= "
";
$caption = $_POST['test_email']." - ";
$caption .= ($email_status == 1)? "Valid": "Invalid";
if($email_status == 1){
$text .= "";
}
$ns->tablerender($caption, $text);
unset($id, $action, $sub_cation);
}
// ------- Update Options. --------------
if (isset($_POST['update_options'])) {
$pref['avatar_upload'] = (FILE_UPLOADS ? $_POST['avatar_upload'] : 0);
$pref['im_width'] = $_POST['im_width'];
$pref['im_height'] = $_POST['im_height'];
$pref['photo_upload'] = (FILE_UPLOADS ? $_POST['photo_upload'] : 0);
$pref['del_unv'] = $_POST['del_unv'];
$pref['profile_rate'] = $_POST['profile_rate'];
$pref['profile_comments'] = $_POST['profile_comments'];
$pref['track_online'] = $_POST['track_online'];
$pref['force_userupdate'] = $_POST['force_userupdate'];
save_prefs();
$user->show_message(USRLAN_1);
}
// ------- Prune Users. --------------
if (isset($_POST['prune'])) {
$e107cache->clear("online_menu_totals");
$text = USRLAN_56." ";
$bantype = $_POST['prune_type'];
if ($sql->db_Select("user", "user_id, user_name", "user_ban= {$bantype}"))
{
$uList = $sql->db_getList();
foreach($uList as $u)
{
$text .= $u['user_name']." ";
$sql->db_Delete("user", "user_id='{$u['user_id']}' ");
$sql->db_Delete("user_extended", "user_extended_id='{$u['user_id']}' ");
}
}
$ns->tablerender(USRLAN_57, "
".$text."
");
unset($text);
}
// ------- Quick Add User --------------
if (isset($_POST['adduser'])) {
$e107cache->clear("online_menu_totals");
if (!$_POST['ac'] == md5(ADMINPWCHANGE)) {
exit;
}
require_once(e_HANDLER."message_handler.php");
if (strstr($_POST['name'], "#") || strstr($_POST['name'], "=")) {
message_handler("P_ALERT", USRLAN_92);
$error = TRUE;
}
$_POST['name'] = trim(str_replace(" ", "", $_POST['name']));
if ($_POST['name'] == "Anonymous") {
message_handler("P_ALERT", USRLAN_65);
$error = TRUE;
}
if ($sql->db_Select("user", "*", "user_name='".$_POST['name']."' ")) {
message_handler("P_ALERT", USRLAN_66);
$error = TRUE;
}
if ($_POST['password1'] != $_POST['password2']) {
message_handler("P_ALERT", USRLAN_67);
$error = TRUE;
}
if ($_POST['name'] == "" || $_POST['password1'] == "" || $_POST['password2'] = "") {
message_handler("P_ALERT", USRLAN_68);
$error = TRUE;
}
if (!preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i', $_POST['email'])) {
message_handler("P_ALERT", USRLAN_69);
$error = TRUE;
}
if (!$error) {
if ($sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='1' ")) {
exit;
}
if ($sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."'")) {
exit;
}
$username = strip_tags($_POST['name']);
$loginname = strip_tags($_POST['loginname']);
$ip = $e107->getip();
// extract($_POST);
// for($a = 0; $a <= (count($_POST['userclass'])-1); $a++) {
// $svar .= $userclass[$a].".";
// }
$svar = implode(",", $_POST['userclass']);
admin_update($sql -> db_Insert("user", "0, '$username', '$loginname', '', '".md5($_POST['password1'])."', '$key', '".$_POST['email']."', '".$_POST['signature']."', '".$_POST['image']."', '".$_POST['timezone']."', '1', '".time()."', '".time()."', '".time()."', '0', '0', '0', '0', '".$ip."', '0', '0', '', '', '0', '0', '".$_POST['realname']."', '".$svar."', '', '', '".time()."', ''"), 'insert', USRLAN_70);
}
}
// ------- Ban User. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "ban")
{
// $sub_action = $_POST['userid'];
$sql->db_Select("user", "*", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
// extract($row);
if ($row['user_perms'] == "0")
{
$user->show_message(USRLAN_7);
}
else
{
if($sql->db_Update("user", "user_ban='1' WHERE user_id='".$_POST['userid']."' "))
{
$user->show_message(USRLAN_8);
}
if(trim($row['user_ip']) == "")
{
$user->show_message(USRLAN_135);
}
else
{
if($sql->db_Count("user", "(*)", "WHERE user_ip = '{$row['user_ip']}'") > 1)
{
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_136));
}
else
{
$sql -> db_Insert("banlist", "'".$row['user_ip']."', '".USERID."', '".$row['user_name']."' ");
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_137));
}
}
}
$action = "main";
if(!$sub_action){$sub_action = "user_id"; }
}
// ------- Unban User --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "unban") {
$sql->db_Select("user", "*", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
extract($row);
$sql->db_Update("user", "user_ban='0' WHERE user_id='".$_POST['userid']."' ");
$sql -> db_Delete("banlist", " banlist_ip='$user_ip' ");
$user->show_message(USRLAN_9);
$action = "main";
if(!$sub_action){$sub_action = "user_id"; }
}
// ------- Resend Email Confirmation. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == 'resend') {
$qry = (e_QUERY) ? "?".e_QUERY : "";
if ($sql->db_Select("user", "*", "user_id='".$_POST['userid']."' ")) {
$resend = $sql->db_Fetch();
$text .= "
\n";
$caption = USRLAN_112;
$ns->tablerender($caption, $text);
require_once("footer.php");
exit;
}
}
// ------- TEst Email confirmation. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == 'test') {
$qry = (e_QUERY) ? "?".e_QUERY : "";
if ($sql->db_Select("user", "*", "user_id='".$_POST['userid']."' ")) {
$test = $sql->db_Fetch();
$text .= "
\n";
$caption = USRLAN_118;
$ns->tablerender($caption, $text);
require_once("footer.php");
exit;
}
}
// ------- Delete User --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == 'deluser') {
if ($_POST['confirm']) {
if ($sql->db_Delete("user", "user_id='".$_POST['userid']."' AND user_perms != '0'")) {
$sql->db_Delete("user_extended", "user_extended_id='".$_POST['userid']."' ");
$user->show_message(USRLAN_10);
}
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
} else {
if ($sql->db_Select("user", "*", "user_id='".$_POST['userid']."' ")) {
$row = $sql->db_Fetch();
$qry = (e_QUERY) ? "?".e_QUERY : "";
$text .= "
";
$ns->tablerender(USRLAN_16, $text);
require_once("footer.php");
exit;
}
}
}
// ------- Make Admin.. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "admin") {
$sql->db_Select("user", "*", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
extract($row);
$sql->db_Update("user", "user_admin='1' WHERE user_id='".$_POST['userid']."' ");
$user->show_message($user_name." ".USRLAN_3."
".USRLAN_4."");
$action = "main";
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
}
// ------- Remove Admin --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "unadmin") {
$sql->db_Select("user", "*", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
extract($row);
if ($user_perms == "0") {
$user->show_message(USRLAN_5);
} else {
$sql->db_Update("user", "user_admin='0', user_perms='' WHERE user_id='".$_POST['userid']."'");
$user->show_message($user_name." ".USRLAN_6);
$action = "main";
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
}
}
// ------- Approve User. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "verify")
{
$uid = intval($_POST['userid']);
if ($sql->db_Update("user", "user_ban='0' WHERE user_id='{$uid}' "))
{
$user->show_message(USRLAN_86);
if(!$action){ $action = "main"; }
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
if($pref['user_reg_veri'] == 2)
{
if($sql->db_Select("user", "user_email, user_name", "user_id = '{$uid}'"))
{
$row = $sql->db_Fetch();
$message = USRLAN_114." ".$row['user_name'].",\n\n".USRLAN_122." ".SITENAME.".\n\n".USRLAN_123."\n\n";
$message .= str_replace("{SITEURL}", SITEURL, USRLAN_139);
require_once(e_HANDLER."mail.php");
if(sendemail($row['user_email'], USRLAN_113." ".SITENAME, $message))
{
// echo str_replace("\n","
",$message);
$user->show_message("Email sent to: ".$row['user_name']);
}
else
{
$user->show_message("Failed to send to: ".$row['user_name']);
}
}
}
}
}
if (isset($action) && $action == "uset") {
$user->show_message(USRLAN_87);
$action = "main";
}
if (isset($action) && $action == "cu") {
$user->show_message(USRLAN_88);
$action = "main";
// $sub_action = "user_id";
}
/*
echo "action= ".$action."
";
echo "subaction= ".$sub_action."
";
echo "id= ".$id."
";
echo "from= ".$from."
";
echo "amount= ".$amount."
";
*/
$unverified = $sql -> db_Count("user", "(*)", "WHERE user_ban = 2");
if (!e_QUERY || ($action == "main")) {
$user->show_existing_users($action, $sub_action, $id, $from, $amount);
}
if (isset($action) && $action == "unverified") {
$user->show_existing_users($action, $sub_action, $id, $from, $amount);
}
if (isset($action) && $action == "options") {
$user->show_prefs();
}
if (isset($action) && $action == "prune") {
$user->show_prune();
}
if (isset($action) && $action == "create") {
$user->add_user();
}
require_once("footer.php");
class users{
function show_existing_users($action, $sub_action, $id, $from, $amount) {
// ##### Display scrolling list of existing news items ---------------------------------------------------------------------------------------------------------
global $sql, $rs, $ns, $tp, $mySQLdefaultdb,$pref;
// save the display choices.
if(isset($_POST['searchdisp'])){
$pref['admin_user_disp'] = implode("|",$_POST['searchdisp']);
save_prefs();
}
if(!$pref['admin_user_disp']){
$search_display = array("user_name","user_class");
}else{
$search_display = explode("|",$pref['admin_user_disp']);
}
if ($sql->db_Select("userclass_classes")) {
while ($row = $sql->db_Fetch())
{
$class[$row['userclass_id']] = $tp->toHTML($row['userclass_name'],"","defs");
}
}
$text = "
";
if (isset($_POST['searchquery']) && $_POST['searchquery'] != "")
{
$_POST['searchquery'] = trim($_POST['searchquery']);
$query = "WHERE ".
$query .= (strpos($_POST['searchquery'], "@") !== FALSE) ? "user_email REGEXP('".$_POST['searchquery']."') OR ": "";
$query .= (strpos($_POST['searchquery'], ".") !== FALSE) ? "user_ip REGEXP('".$_POST['searchquery']."') OR ": "";
foreach($search_display as $disp)
{
$query .= "$disp REGEXP('".$_POST['searchquery']."') OR ";
}
$query .= "user_login REGEXP('".$_POST['searchquery']."') OR ";
$query .= "user_name REGEXP('".$_POST['searchquery']."') ";
if($action == 'unverified')
{
$query .= " AND user_ban = 2 ";
}
$query .= " ORDER BY user_id";
} else {
$query = "";
if($action == 'unverified')
{
$query = "WHERE user_ban = 2 ";
}
$query .= "ORDER BY ".($sub_action ? $sub_action : "user_id")." ".($id ? $id : "DESC")." LIMIT $from, $amount";
}
// $user_total = db_Count($table, $fields = '(*)',
$qry_insert = "SELECT u.*, ue.* FROM #user AS u LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id ";
if ($user_total = $sql->db_Select_gen($qry_insert. $query)) {
$text .= "
ID |
".USRLAN_79." | ";
// Search Display Column header.
$display_lan = array('user_id' => DUSRLAN_1,
'user_id' => DUSRLAN_1,
'user_name' => DUSRLAN_2,
'user_loginname' => DUSRLAN_3,
'user_customtitle' => DUSRLAN_4,
'user_password' => DUSRLAN_5,
'user_sess' => DUSRLAN_6,
'user_email' => DUSRLAN_7,
'user_homepage' => DUSRLAN_8,
'user_icq' => DUSRLAN_9,
'user_aim' => DUSRLAN_10,
'user_msn' => DUSRLAN_11,
'user_location' => DUSRLAN_12,
'user_birthday' => DUSRLAN_13,
'user_signature' => DUSRLAN_14,
'user_image' => DUSRLAN_15,
'user_timezone' => DUSRLAN_16,
'user_hideemail' => DUSRLAN_17,
'user_join' => DUSRLAN_18,
'user_lastvisit' => DUSRLAN_19,
'user_currentvisit' => DUSRLAN_20,
'user_lastpost' => DUSRLAN_21,
'user_chats' => DUSRLAN_22,
'user_comments' => DUSRLAN_23,
'user_forums' => DUSRLAN_24,
'user_ip' => DUSRLAN_25,
'user_ban' => DUSRLAN_26,
'user_prefs' => DUSRLAN_27,
'user_new' => DUSRLAN_28,
'user_viewed' => DUSRLAN_29,
'user_visits' => DUSRLAN_30,
'user_admin' => DUSRLAN_31,
'user_login' => DUSRLAN_32,
'user_class' => DUSRLAN_33,
'user_perms' => DUSRLAN_34,
'user_realm' => DUSRLAN_35,
'user_pwchange' => DUSRLAN_36,
'user_xup' => DUSRLAN_37
);
foreach($search_display as $disp){
if (isset($display_lan[$disp])) {
$text .= "".$display_lan[$disp]." | ";
} else {
$text .= "".ucwords(str_replace("_"," ",$disp))." | ";
}
}
// ------------------------------
$text .= " ".LAN_OPTIONS." |
";
while ($row = $sql->db_Fetch()) {
extract($row);
$text .= "
";
// Display Chosen options -------------------------------------
$datefields = array("user_lastpost","user_lastvisit","user_join","user_currentvisit");
$boleanfields = array("user_admin","user_hideemail","user_ban");
foreach($search_display as $disp)
{
$text .= "";
$prev[$disp] = $row[$disp];
}
// -------------------------------------------------------------
$qry = (e_QUERY) ? "?".e_QUERY : "";
$text .= "
";
}
$text .= "
";
}
if($action == "unverified"){
$text .= "
";
}
$users = $sql->db_Count("user");
if ($users > $amount && !$_POST['searchquery']) {
$parms = "{$users},{$amount},{$from},".e_SELF."?".(e_QUERY ? "$action.$sub_action.$id." : "main.user_id.desc.")."[FROM]";
$text .= "
".$tp->parseTemplate("{NEXTPREV={$parms}}");
}
// Search - display options etc. .
$text .= "
\n
";
// ======================
$caption = USRLAN_77 ." (total: $users)";
$ns->tablerender($caption, $text);
}
function show_options($action) {
global $unverified;
// ##### Display options ---------------------------------------------------------------------------------------------------------
if ($action == "") {
$action = "main";
}
// ##### Display options ---------------------------------------------------------------------------------------------------------
$var['main']['text'] = USRLAN_71;
$var['main']['link'] = e_SELF;
$var['create']['text'] = USRLAN_72;
$var['create']['link'] = e_SELF."?create";
$var['prune']['text'] = USRLAN_73;
$var['prune']['link'] = e_SELF."?prune";
$var['options']['text'] = LAN_OPTIONS;
$var['options']['link'] = e_SELF."?options";
if($unverified)
{
$var['unveri']['text'] = USRLAN_138." ($unverified)";
$var['unveri']['link'] = e_SELF."?unverified";
}
// $var['mailing']['text']= USRLAN_121;
// $var['mailing']['link']="mailout.php";
show_admin_menu(USRLAN_76, $action, $var);
}
function show_prefs() {
global $ns, $pref;
$text = "
";
$ns->tablerender(USRLAN_52, $text);
}
function show_message($message) {
global $ns;
$ns->tablerender("", "
".$message."
");
}
function show_prune() {
global $ns, $sql;
$unactive = $sql->db_Select("user", "*", "user_ban=2");
$bounced = $sql->db_Select("user", "*", "user_ban=3");
$text = "
";
$ns->tablerender(USRLAN_55, $text);
}
function add_user() {
global $rs, $ns;
$text = "
". $rs->form_open("post", e_SELF, "adduserform")."
";
if (!is_object($sql)) $sql = new db;
if ($sql->db_Select("userclass_classes")) {
$text .= "
";
$c = 0;
while ($row = $sql->db_Fetch()) {
$class[$c][0] = $row['userclass_id'];
$class[$c][1] = $row['userclass_name'];
$class[$c][2] = $row['userclass_description'];
$c++;
}
for($a = 0; $a <= (count($class)-1); $a++) {
$text .= "
";
}
}
$text .= "
";
$ns->tablerender(USRLAN_59, $text);
}
function resend($id,$key,$name,$email,$lfile=''){
global $sql,$mailheader_e107id;
// Check for a Language field, and if present, send the email in the user's language.
if($lfile == ""){
if($sql -> db_Select("user_extended", "user_language", "user_extended_id = '$id'")){
$row = $sql -> db_Fetch();
$lfile = e_LANGUAGEDIR.$row['user_language']."/lan_signup.php";
}
}
if(is_readable($lfile)){
require_once($lfile);
}else{
$row['user_language'] = e_LANGUAGE;
require_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php");
}
define("RETURNADDRESS", (substr(SITEURL, -1) == "/" ? SITEURL."signup.php?activate.".$id.".".$key : SITEURL."/signup.php?activate.".$id.".".$key));
$message = LAN_EMAIL_01." ".$name."\n\n".LAN_SIGNUP_24." ".SITENAME.".\n".LAN_SIGNUP_21."...\n\n";
$message .= RETURNADDRESS . "\n\n".SITENAME."\n".SITEURL;
$mailheader_e107id = $id;
require_once(e_HANDLER."mail.php");
if(sendemail($email, LAN_404." ".SITENAME, $message)){
// echo str_replace("\n","
",$message);
$this->show_message(USRLAN_140.":
".$name." (".$row['user_language'].") ");
}else{
$this->show_message(USRLAN_141.": ".$name);
}
}
function resend_to_all(){
global $sql,$pref,$sql3;
$pause_count = 1;
$pause_amount = ($pref['mail_pause']) ? $pref['mail_pause'] : 10;
$pause_time = ($pref['mail_pausetime']) ? $pref['mail_pausetime'] : 1;
if($sql -> db_Select_gen("SELECT user_language FROM #user_extended LIMIT 1")){
$query = "SELECT u.*, ue.* FROM #user AS u LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id WHERE u.user_ban = 2 ORDER BY u.user_id DESC";
}else{
$query = "SELECT * FROM #user WHERE user_ban='2'";
}
if(!is_object($sql3)){
$sql3 = new db;
}
$sql3 -> db_Select_gen($query,TRUE);
while($row = $sql3-> db_Fetch()){
echo $row['user_id']." ".$row['user_sess']." ".$row['user_name']." ".$row['user_email']."
";
$this->resend($row['user_id'],$row['user_sess'],$row['user_name'],$row['user_email'],$row['user_language']);
if($pause_count > $pause_amount){
sleep($pause_time);
$pause_count = 1;
}
sleep(1);
$pause_count++;
}
}
// ---------------------------------------------------------------------
function check_bounces(){
global $sql,$pref;
include(e_HANDLER."pop3_class.php");
$obj= new receiveMail($pref['mail_bounce_user'],$pref['mail_bounce_pass'],$pref['mail_bounce_email'],$pref['mail_bounce_pop3'],'pop3','110');
$obj->connect();
$tot=$obj->getTotalMails();
$found = FALSE;
$DEL = ($pref['mail_bounce_delete']) ? TRUE : FALSE;
for($i=1;$i<=$tot;$i++) {
$head=$obj->getHeaders($i);
if($head['bounce']){
if (ereg('.*X-e107-id:(.*)MIME', $obj->getBody($i), $result)){
if($result[1]){
$id[] = intval($result[1]);
$found = TRUE;
}
}elseif(preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result)){
if($result[0] && $result[0] != $pref['mail_bounce_email']){
$emails[] = "'".$result[0]."'";
$found = TRUE;
}elseif($result[1] && $result[1] != $pref['mail_bounce_email']){
$emails[] = "'".$result[1]."'";
$found = TRUE;
}
}
if($DEL && $found){ $obj->deleteMails($i); }
}
}
$all_ids = implode(",",$id);
$all_emails = implode(",",$emails);
$obj->close_mailbox();
$found = count($id) + count($emails);
if($ed = $sql -> db_Update("user", "user_ban=3 WHERE (user_id IN (".$all_ids.") OR user_email IN (".$all_emails.")) AND user_sess !='' ")){
$this->show_message(LAN_UPDATED."
Found $tot, updated $ed / $found");
}else{
$this->show_message(LAN_UPDATED_FAILED."
Found $tot, not updated $ed / $found");
}
}
}
function users_adminmenu() {
global $user;
global $action;
$user->show_options($action);
}
?>