<?php
/***************************************************************************
* admin_users.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if (!empty($setmodules))
{
if (!$auth->acl_gets('a_user', 'a_useradd', 'a_userdel'))
{
return;
}
$module['USER']['MANAGE'] = basename(__FILE__) . $SID;
return;
}
define('IN_PHPBB', 1);
// Include files
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
// Set mode
$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : 'main';
// Begin program
if (isset($_POST['username']) || isset($_GET['u']) || isset($_POST['u']))
{
// Grab relevant userdata
if(isset($_REQUEST['u']))
{
$user_id = intval($_REQUEST['u']);
if(!($userdata = get_userdata($user_id)))
{
trigger_error($user->lang['No_user_id_specified']);
}
}
else
{
if(!$userdata = get_userdata($_POST['username']))
{
trigger_error($user->lang['No_user_id_specified']);
}
}
// Update entry in DB
if ($_POST['deleteuser'] && !$userdata['user_founder'])
{
if (!$auth->acl_get('a_userdel'))
{
trigger_error($user->lang['NO_ADMIN']);
}
$db->sql_transaction();
$sql = "UPDATE " . POSTS_TABLE . "
SET poster_id = " . ANONYMOUS . ", post_username = '$username'
WHERE poster_id = $user_id";
$db->sql_query($sql);
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_poster = " . ANONYMOUS . "
WHERE topic_poster = $user_id";
$db->sql_query($sql);
$sql = "DELETE FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
$db->sql_query($sql);
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = $user_id";
$db->sql_query($sql);
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE user_id = $user_id";
$db->sql_query($sql);
$sql = "DELETE FROM " . FORUMS_WATCH_TABLE . "
WHERE user_id = $user_id";
$db->sql_query($sql);
$sql = "DELETE FROM " . ACL_USERS_TABLE . "
WHERE user_id = $user_id";
$db->sql_query($sql);
$db->sql_transaction('commit');
trigger_error($user->lang['User_deleted']);
}
// Output relevant page
page_header($user->lang['Manage']);
?>
<form method="post" action="admin_users.<?php echo $phpEx . $SID; ?>&mode=<?php echo $mode; ?>&u=<?php echo $userdata['user_id']; ?>"><table width="90%" cellspacing="3" cellpadding="0" border="0" align="center">
<tr>
<td align="right"><b>Main</b> | <a href="admin_users.<?php echo $phpEx . $SID; ?>&u=<?php echo $userdata['user_id']; ?>&mode=profile">Profile</a> | <a href="admin_users.<?php echo $phpEx . $SID; ?>&u=<?php echo $userdata['user_id']; ?>&mode=pref">Preferences</a> | <a href="admin_users.<?php echo $phpEx . $SID; ?>&u=<?php echo $userdata['user_id']; ?>&mode=avatar">Avatar</a> | <a href="admin_users.<?php echo $phpEx . $SID; ?>&u=<?php echo $userdata['user_id']; ?>&mode=permissions">Permissions</a></td>
</tr>
<?php
switch ($mode)
{
case 'main':
?>
<tr>
<td><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0">
<tr>
<td class="row1">Username: <br /><span class="gensmall">Click profile to edit</span></td>
<td class="row2"><?php echo $userdata['username']; ?> [ <a href="admin_ban.<?php echo $phpEx . $SID; ?>&mode=user&ban=<?php echo $userdata['username']; ?>&bansubmit=true">Ban</a> ]</td>
</tr>
<tr>
<td class="row1">Registered: </td>
<td class="row2"><?php echo $user->format_date($userdata['user_regdate']); ?></td>
</tr>
<tr>
<td class="row1">Registered from IP: </td>
<td class="row2"><?php if ($userdata['user_ip']) { echo $userdata['user_ip']; ?> [ <a href="admin_users.<?php echo $phpEx . $SID; ?>&u=<?php echo $userdata['user_id']; ?>&mode=main&do=iplookup">Lookup</a> | <a href="admin_ban.<?php echo $phpEx . $SID; ?>&mode=ip&ban=<?php echo $userdata['user_ip']; ?>&bansubmit=true">Ban</a> ] <?php } else { echo 'Unknown'; } ?></td>
</tr>
<?php
if (isset($_GET['do']) && $_GET['do'] == 'iplookup')
{
if ($userdata['user_ip'] != '' && $domain = gethostbyaddr($userdata['user_ip']))
{
?>
<tr>
<th colspan="2">IP whois for <?php echo $domain; ?></th>
</tr>
<tr>
<td class="row1" colspan="2"><?php
if ($ipwhois = ipwhois($userdata['user_ip']))
{
echo '<br /><pre align="left">' . trim($ipwhois) . '</pre>';
}
?></td>
</tr>
<?php
}
}
?>
<tr>
<td class="row1">Total/Average posts by this user: </td>
<td class="row2"></td>
</tr>
<tr>
<td class="row1"></td>
<td class="row2"></td>
</tr>
</table></td>
</tr>
</table></form>
<?php
break;
case 'permissions':
$userauth = new auth();
$userauth->acl($userdata);
foreach ($acl_options['global'] as $option_name => $option_id)
{
$type = substr($option_name, 0, strpos('_', $option_name) +1);
$global[$type][$option_name] = $userauth->acl_get($option_name);
}
$sql = "SELECT forum_id, forum_name
FROM " . FORUMS_TABLE . "
ORDER BY left_id";
$result = $db->sql_query($sql);
$permissions = array();
while($row = $db->sql_fetchrow($result))
{
$forum_data[$row['forum_id']] = $row['forum_name'];
foreach ($acl_options['local'] as $option_name => $option_id)
{
$local[$row['forum_id']][$option_name] = $userauth->acl_get($option_name, $row['forum_id']);
}
}
?>
<tr>
<td colspan="2"><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center">
<tr>
<td class="cat" colspan="3" align="right">Select permission set: <select name="acl_type"><?php
$acl_types = '<option>Global Settings</option><option>---------------</option>';
$acl_types .= '<option value="a">' . $user->lang['ADMINISTRATOR'] . '</option><option value="u">' . $user->lang['USER'] . '</option>';
$acl_types .= '<option>Forum Settings</option><option>---------------</option>';
$acl_types .= make_forum_select(false, false, false);
echo $acl_types;
?></select> </td>
</tr>
<tr>
<th> <?php echo $user->lang['Option']; ?> </th>
<th> <?php echo $user->lang['Allow']; ?> </th>
<th> <?php echo $user->lang['Deny']; ?> </th>
</tr>
<?php
foreach ($global as $type => $auth_ary)
{
foreach ($auth_ary as $option => $allow)
{
if ($option != $type .'_')
{
$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
$l_can_cell = (!empty($user->lang['acl_' . $option])) ? $user->lang['acl_' . $option] : ucfirst(preg_replace('#.*?_#', '', $option));
$allow_type = ($allow == ACL_ALLOW) ? ' checked="checked"' : '';
$deny_type = ($allow == ACL_DENY) ? ' checked="checked"' : '';
?>
<tr>
<td class="<?php echo $row_class; ?>"><?php echo $l_can_cell; ?></td>
<td class="<?php echo $row_class; ?>" align="center"><input type="radio"<?php echo $allow_type; ?> /></td>
<td class="<?php echo $row_class; ?>" align="center"><input type="radio"<?php echo $deny_type; ?> /></td>
</tr>
<?php
}
}
}
?>
</table></td>
</tr>
<tr>
<?php
foreach ($local as $forum_id => $auth_ary)
{
?>
<td class="row1"><?php echo $forum_data[$forum_id]; ?></td>
<td><table cellspacing="1" cellpadding="0" border="0">
<?php
foreach ($auth_ary as $option => $allow)
{
echo '<tr><td>' . $user->lang['acl_' . $option] . ' => ' . (($allow) ? 'Allowed' : 'Denied') . '</td></tr>';
}
?>
</table></td>
</tr>
<?php
}
break;
}
page_footer();
}
// Do we have permission?
if (!$auth->acl_get('a_user'))
{
trigger_error($user->lang['No_admin']);
}
page_header($user->lang['Manage']);
?>
<h1><?php echo $user->lang['User_admin']; ?></h1>
<p><?php echo $user->lang['User_admin_explain']; ?></p>
<form method="post" name="post" action="admin_users.<?php echo $phpEx.$SID; ?>"><table class="bg" cellspacing="1" cellpadding="4" border="0" align="center">
<tr>
<th align="center"><?php echo $user->lang['Select_a_User']; ?></th>
</tr>
<tr>
<td class="row1" align="center"><input type="text" class="post" name="username" maxlength="50" size="20" /> <input type="submit" name="submituser" value="<?php echo $user->lang['Look_up_user']; ?>" class="mainoption" /> <input type="submit" name="usersubmit" value="<?php echo $user->lang['Find_username']; ?>" class="liteoption" onClick="window.open('<?php echo "../memberlist.$phpEx$SID&mode=searchuser&field=username"; ?>', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" /></td>
</tr>
</table></form>
<?php
page_footer();
// ---------
// FUNCTIONS
function ipwhois($ip)
{
$ipwhois = '';
$match = array(
'#RIPE\.NET#is' => 'whois.ripe.net',
'#whois\.apnic\.net#is' => 'whois.apnic.net',
'#nic\.ad\.jp#is' => 'whois.nic.ad.jp',
'#whois\.registro\.br#is' => 'whois.registro.br'
);
if (($fsk = fsockopen('whois.arin.net', 43)))
{
@fputs($fsk, "$ip\n");
while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);
}
fclose($fsk);
}
foreach (array_keys($match) as $server)
{
if (preg_match($server, $ipwhois))
{
$ipwhois = '';
if (($fsk = fsockopen($match[$server], 43)))
{
@fputs($fsk, "$ip\n");
while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);
}
fclose($fsk);
}
break;
}
}
return $ipwhois;
}
// FUNCTIONS
// ---------
?>