search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove exit statement and make sure no "additional" code gets executed
[phpbb.git] / phpBB / ucp.php
blobd4eb566301e7b3db0e990a0641ee3bc3f697b463
1 <?php
2 /**
3 *
4 * @package ucp
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 define('IN_PHPBB', true);
15 if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './');
16 if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
17 include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
18 require(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
19 require(PHPBB_ROOT_PATH . 'includes/functions_module.' . PHP_EXT);
20
21 // Basic parameter data
22 $id = request_var('i', '');
23 $mode = request_var('mode', '');
24
25 if ($mode == 'login' || $mode == 'logout' || $mode == 'confirm')
26 {
27 define('IN_LOGIN', true);
28 }
29
30 // Start session management
31 $user->session_begin();
32 $auth->acl($user->data);
33 $user->setup('ucp');
34
35 // Setting a variable to let the style designer know where he is...
36 $template->assign_var('S_IN_UCP', true);
37
38 $module = new p_master();
39
40 // Go through basic "global" modes
41 switch ($mode)
42 {
43 case 'activate':
44 $module->load('ucp', 'activate');
45 $module->display($user->lang['UCP_ACTIVATE']);
46
47 redirect(append_sid('index'));
48 break;
49
50 case 'resend_act':
51 $module->load('ucp', 'resend');
52 $module->display($user->lang['UCP_RESEND']);
53 break;
54
55 case 'sendpassword':
56 $module->load('ucp', 'remind');
57 $module->display($user->lang['UCP_REMIND']);
58 break;
59
60 case 'register':
61 if ($user->data['is_registered'] || isset($_REQUEST['not_agreed']))
62 {
63 redirect(append_sid('index'));
64 }
65
66 $module->load('ucp', 'register');
67 $module->display($user->lang['REGISTER']);
68 break;
69
70 case 'confirm':
71 $module->load('ucp', 'confirm');
72 break;
73
74 case 'login':
75 if ($user->data['is_registered'])
76 {
77 redirect(append_sid('index'));
78 }
79
80 login_box(request_var('redirect', 'index'));
81 break;
82
83 case 'logout':
84 if ($user->data['user_id'] != ANONYMOUS && isset($_GET['sid']) && !is_array($_GET['sid']) && $_GET['sid'] === $user->session_id)
85 {
86 $user->session_kill();
87 $user->session_begin();
88 $message = $user->lang['LOGOUT_REDIRECT'];
89 }
90 else
91 {
92 $message = ($user->data['user_id'] == ANONYMOUS) ? $user->lang['LOGOUT_REDIRECT'] : $user->lang['LOGOUT_FAILED'];
93 }
94 meta_refresh(3, append_sid('index'));
95
96 $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid('index') . '">', '</a> ');
97 trigger_error($message);
98
99 break;
100
101 case 'terms':
102 case 'privacy':
103
104 $message = ($mode == 'terms') ? 'TERMS_OF_USE_CONTENT' : 'PRIVACY_POLICY';
105 $title = ($mode == 'terms') ? 'TERMS_USE' : 'PRIVACY';
106
107 if (empty($user->lang[$message]))
108 {
109 if ($user->data['is_registered'])
110 {
111 redirect(append_sid('index'));
112 }
113
114 login_box();
115 }
116
117 $template->set_filenames(array(
118 'body' => 'ucp_agreement.html')
119 );
120
121 // Disable online list
122 page_header($user->lang[$title], false);
123
124 $template->assign_vars(array(
125 'S_AGREEMENT' => true,
126 'AGREEMENT_TITLE' => $user->lang[$title],
127 'AGREEMENT_TEXT' => sprintf($user->lang[$message], $config['sitename'], generate_board_url()),
128 'U_BACK' => append_sid('ucp', 'mode=login'),
129 'L_BACK' => $user->lang['BACK_TO_LOGIN'])
130 );
131
132 page_footer();
133
134 break;
135
136 case 'delete_cookies':
137
138 // Delete Cookies with dynamic names (do NOT delete poll cookies)
139 if (confirm_box(true))
140 {
141 $set_time = time() - 31536000;
142
143 foreach ($_COOKIE as $cookie_name => $cookie_data)
144 {
145 $cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);
146
147 // Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
148 if (strpos($cookie_name, 'poll_') !== 0)
149 {
150 $user->set_cookie($cookie_name, '', $set_time);
151 }
152 }
153
154 $user->set_cookie('track', '', $set_time);
155 $user->set_cookie('u', '', $set_time);
156 $user->set_cookie('k', '', $set_time);
157 $user->set_cookie('sid', '', $set_time);
158
159 // We destroy the session here, the user will be logged out nevertheless
160 $user->session_kill();
161 $user->session_begin();
162
163 meta_refresh(3, append_sid('index'));
164
165 $message = $user->lang['COOKIES_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid('index') . '">', '</a>');
166 trigger_error($message);
167 }
168 else
169 {
170 confirm_box(false, 'DELETE_COOKIES', '');
171 }
172
173 redirect(append_sid('index'));
174
175 break;
176
177 case 'switch_perm':
178
179 $user_id = request_var('u', 0);
180
181 $sql = 'SELECT *
182 FROM ' . USERS_TABLE . '
183 WHERE user_id = ' . (int) $user_id;
184 $result = $db->sql_query($sql);
185 $user_row = $db->sql_fetchrow($result);
186 $db->sql_freeresult($result);
187
188 if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'])
189 {
190 redirect(append_sid('index'));
191 }
192
193 include(PHPBB_ROOT_PATH . 'includes/acp/auth.' . PHP_EXT);
194
195 $auth_admin = new auth_admin();
196 if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id']))
197 {
198 redirect(append_sid('index'));
199 }
200
201 add_log('admin', 'LOG_ACL_TRANSFER_PERMISSIONS', $user_row['username']);
202
203 $message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid('index') . '">', '</a>');
204 trigger_error($message);
205
206 break;
207
208 case 'restore_perm':
209
210 if (!$user->data['user_perm_from'] || !$auth->acl_get('a_switchperm'))
211 {
212 redirect(append_sid('index'));
213 }
214
215 $auth->acl_cache($user->data);
216
217 $sql = 'UPDATE ' . USERS_TABLE . "
218 SET user_perm_from = 0
219 WHERE user_id = " . $user->data['user_id'];
220 $db->sql_query($sql);
221
222 $sql = 'SELECT username
223 FROM ' . USERS_TABLE . '
224 WHERE user_id = ' . $user->data['user_perm_from'];
225 $result = $db->sql_query($sql);
226 $username = $db->sql_fetchfield('username');
227 $db->sql_freeresult($result);
228
229 add_log('admin', 'LOG_ACL_RESTORE_PERMISSIONS', $username);
230
231 $message = $user->lang['PERMISSIONS_RESTORED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid('index') . '">', '</a>');
232 trigger_error($message);
233
234 break;
235
236 default:
237
238 // Only registered users can go beyond this point
239 if (!$user->data['is_registered'])
240 {
241 if ($user->data['is_bot'])
242 {
243 redirect(append_sid('index'));
244 }
245
246 login_box('', $user->lang['LOGIN_EXPLAIN_UCP']);
247 }
248
249 // Instantiate module system and generate list of available modules
250 $module->list_modules('ucp');
251
252 // Check if the zebra module is set
253 if ($module->is_active('zebra', 'friends'))
254 {
255 _display_friends();
256 }
257
258 // Do not display subscribed topics/forums if not allowed
259 if (!$config['allow_topic_notify'] && !$config['allow_forum_notify'])
260 {
261 $module->set_display('main', 'subscribed', false);
262 }
263
264 // Select the active module
265 $module->set_active($id, $mode);
266
267 // Load and execute the relevant module
268 $module->load_active();
269
270 // Assign data to the template engine for the list of modules
271 $module->assign_tpl_vars(append_sid('ucp'));
272
273 // Generate the page, do not display/query online list
274 $module->display($module->get_page_title(), false);
275
276 break;
277 }
278
279 /**
280 * Output listing of friends online
281 */
282 function _display_friends()
283 {
284 global $config, $db, $template, $user, $auth;
285
286 $update_time = $config['load_online_time'] * 60;
287
288 $sql = $db->sql_build_query('SELECT_DISTINCT', array(
289 'SELECT' => 'u.user_id, u.username, u.username_clean, u.user_colour, MAX(s.session_time) as online_time, MIN(s.session_viewonline) AS viewonline',
290
291 'FROM' => array(
292 USERS_TABLE => 'u',
293 ZEBRA_TABLE => 'z'
294 ),
295
296 'LEFT_JOIN' => array(
297 array(
298 'FROM' => array(SESSIONS_TABLE => 's'),
299 'ON' => 's.session_user_id = z.zebra_id'
300 )
301 ),
302
303 'WHERE' => 'z.user_id = ' . $user->data['user_id'] . '
304 AND z.friend = 1
305 AND u.user_id = z.zebra_id',
306
307 'GROUP_BY' => 'z.zebra_id, u.user_id, u.username_clean, u.user_colour, u.username',
308
309 'ORDER_BY' => 'u.username_clean ASC',
310 ));
311
312 $result = $db->sql_query($sql);
313
314 while ($row = $db->sql_fetchrow($result))
315 {
316 $which = (time() - $update_time < $row['online_time'] && ($row['viewonline'] || $auth->acl_get('u_viewonline'))) ? 'online' : 'offline';
317
318 $template->assign_block_vars("friends_{$which}", array(
319 'USER_ID' => $row['user_id'],
320
321 'U_PROFILE' => get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']),
322 'USER_COLOUR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),
323 'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
324 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']))
325 );
326 }
327 $db->sql_freeresult($result);
328 }
329
330 /**
331 * Function for assigning a template var if the zebra module got included
332 */
333 function _module_zebra($mode, &$module_row)
334 {
335 global $template;
336
337 $template->assign_var('S_ZEBRA_ENABLED', true);
338
339 if ($mode == 'friends')
340 {
341 $template->assign_var('S_ZEBRA_FRIENDS_ENABLED', true);
342 }
343
344 if ($mode == 'foes')
345 {
346 $template->assign_var('S_ZEBRA_FOES_ENABLED', true);
347 }
348 }
349
350 ?>
phpbb is a php-based BBS (buletin board system)