phpBB/ucp.php

   1 <?php
   2 /**
   3 *
   4 * @package ucp
   5 * @version $Id$
   6 * @copyright (c) 2005 phpBB Group
   7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
   8 *
   9 */
  10
  11 /**
  12 * @ignore
  13 */
  14 define('IN_PHPBB', true);
  15 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  16 $phpEx = substr(strrchr(__FILE__, '.'), 1);
  17 require($phpbb_root_path . 'common.' . $phpEx);
  18 require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
  19 require($phpbb_root_path . 'includes/functions_module.' . $phpEx);
  20
  21 // Basic parameter data
  22 $id     = request_var('i', '');
  23 $mode   = request_var('mode', '');
  24
  25 if ($mode == 'login' || $mode == 'logout' || $mode == 'confirm')
  26 {
  27         define('IN_LOGIN', true);
  28 }
  29
  30 // Start session management
  31 $user->session_begin();
  32 $auth->acl($user->data);
  33 $user->setup('ucp');
  34
  35 // Setting a variable to let the style designer know where he is...
  36 $template->assign_var('S_IN_UCP', true);
  37
  38 $module = new p_master();
  39 $default = false;
  40
  41 // Basic "global" modes
  42 switch ($mode)
  43 {
  44         case 'activate':
  45                 $module->load('ucp', 'activate');
  46                 $module->display($user->lang['UCP_ACTIVATE']);
  47
  48                 redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  49         break;
  50
  51         case 'resend_act':
  52                 $module->load('ucp', 'resend');
  53                 $module->display($user->lang['UCP_RESEND']);
  54         break;
  55
  56         case 'sendpassword':
  57                 $module->load('ucp', 'remind');
  58                 $module->display($user->lang['UCP_REMIND']);
  59         break;
  60
  61         case 'register':
  62                 if ($user->data['is_registered'] || isset($_REQUEST['not_agreed']))
  63                 {
  64                         redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  65                 }
  66
  67                 $module->load('ucp', 'register');
  68                 $module->display($user->lang['REGISTER']);
  69         break;
  70
  71         case 'confirm':
  72                 $module->load('ucp', 'confirm');
  73         break;
  74
  75         case 'login':
  76                 if ($user->data['is_registered'])
  77                 {
  78                         redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  79                 }
  80
  81                 login_box(request_var('redirect', "index.$phpEx"));
  82         break;
  83
  84         case 'logout':
  85                 if ($user->data['user_id'] != ANONYMOUS && isset($_GET['sid']) && !is_array($_GET['sid']) && $_GET['sid'] === $user->session_id)
  86                 {
  87                         $user->session_kill();
  88                         $user->session_begin();
  89                         $message = $user->lang['LOGOUT_REDIRECT'];
  90                 }
  91                 else
  92                 {
  93                         $message = ($user->data['user_id'] == ANONYMOUS) ? $user->lang['LOGOUT_REDIRECT'] : $user->lang['LOGOUT_FAILED'];
  94                 }
  95                 meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
  96
  97                 $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> ');
  98                 trigger_error($message);
  99
 100         break;
 101
 102         case 'terms':
 103         case 'privacy':
 104
 105                 $message = ($mode == 'terms') ? 'TERMS_OF_USE_CONTENT' : 'PRIVACY_POLICY';
 106                 $title = ($mode == 'terms') ? 'TERMS_USE' : 'PRIVACY';
 107
 108                 if (empty($user->lang[$message]))
 109                 {
 110                         if ($user->data['is_registered'])
 111                         {
 112                                 redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 113                         }
 114
 115                         login_box();
 116                 }
 117
 118                 $template->set_filenames(array(
 119                         'body'          => 'ucp_agreement.html')
 120                 );
 121
 122                 // Disable online list
 123                 page_header($user->lang[$title], false);
 124
 125                 $template->assign_vars(array(
 126                         'S_AGREEMENT'                   => true,
 127                         'AGREEMENT_TITLE'               => $user->lang[$title],
 128                         'AGREEMENT_TEXT'                => sprintf($user->lang[$message], $config['sitename'], generate_board_url()),
 129                         'U_BACK'                                => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
 130                         'L_BACK'                                => $user->lang['BACK_TO_LOGIN'],
 131                 ));
 132
 133                 page_footer();
 134
 135         break;
 136
 137         case 'delete_cookies':
 138
 139                 // Delete Cookies with dynamic names (do NOT delete poll cookies)
 140                 if (confirm_box(true))
 141                 {
 142                         $set_time = time() - 31536000;
 143
 144                         foreach ($_COOKIE as $cookie_name => $cookie_data)
 145                         {
 146                                 // Only delete board cookies, no other ones...
 147                                 if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0)
 148                                 {
 149                                         continue;
 150                                 }
 151
 152                                 $cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);
 153
 154                                 // Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
 155                                 if (strpos($cookie_name, 'poll_') !== 0)
 156                                 {
 157                                         $user->set_cookie($cookie_name, '', $set_time);
 158                                 }
 159                         }
 160
 161                         $user->set_cookie('track', '', $set_time);
 162                         $user->set_cookie('u', '', $set_time);
 163                         $user->set_cookie('k', '', $set_time);
 164                         $user->set_cookie('sid', '', $set_time);
 165
 166                         // We destroy the session here, the user will be logged out nevertheless
 167                         $user->session_kill();
 168                         $user->session_begin();
 169
 170                         meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
 171
 172                         $message = $user->lang['COOKIES_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
 173                         trigger_error($message);
 174                 }
 175                 else
 176                 {
 177                         confirm_box(false, 'DELETE_COOKIES', '');
 178                 }
 179
 180                 redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 181
 182         break;
 183
 184         case 'switch_perm':
 185
 186                 $user_id = request_var('u', 0);
 187
 188                 $sql = 'SELECT *
 189                         FROM ' . USERS_TABLE . '
 190                         WHERE user_id = ' . (int) $user_id;
 191                 $result = $db->sql_query($sql);
 192                 $user_row = $db->sql_fetchrow($result);
 193                 $db->sql_freeresult($result);
 194
 195                 if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm'))
 196                 {
 197                         redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 198                 }
 199
 200                 include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
 201
 202                 $auth_admin = new auth_admin();
 203                 if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id']))
 204                 {
 205                         redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 206                 }
 207
 208                 add_log('admin', 'LOG_ACL_TRANSFER_PERMISSIONS', $user_row['username']);
 209
 210                 $message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
 211                 trigger_error($message);
 212
 213         break;
 214
 215         case 'restore_perm':
 216
 217                 if (!$user->data['user_perm_from'] || !$auth->acl_get('a_switchperm'))
 218                 {
 219                         redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 220                 }
 221
 222                 $auth->acl_cache($user->data);
 223
 224                 $sql = 'SELECT username
 225                         FROM ' . USERS_TABLE . '
 226                         WHERE user_id = ' . $user->data['user_perm_from'];
 227                 $result = $db->sql_query($sql);
 228                 $username = $db->sql_fetchfield('username');
 229                 $db->sql_freeresult($result);
 230
 231                 add_log('admin', 'LOG_ACL_RESTORE_PERMISSIONS', $username);
 232
 233                 $message = $user->lang['PERMISSIONS_RESTORED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
 234                 trigger_error($message);
 235
 236         break;
 237
 238         default:
 239                 $default = true;
 240         break;
 241 }
 242
 243 // We use this approach because it does not impose large code changes
 244 if (!$default)
 245 {
 246         return true;
 247 }
 248
 249 // Only registered users can go beyond this point
 250 if (!$user->data['is_registered'])
 251 {
 252         if ($user->data['is_bot'])
 253         {
 254                 redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 255         }
 256
 257         login_box('', $user->lang['LOGIN_EXPLAIN_UCP']);
 258 }
 259
 260 // Instantiate module system and generate list of available modules
 261 $module->list_modules('ucp');
 262
 263 // Check if the zebra module is set
 264 if ($module->is_active('zebra', 'friends'))
 265 {
 266         // Output listing of friends online
 267         $update_time = $config['load_online_time'] * 60;
 268
 269         $sql = $db->sql_build_query('SELECT_DISTINCT', array(
 270                 'SELECT'        => 'u.user_id, u.username, u.username_clean, u.user_colour, MAX(s.session_time) as online_time, MIN(s.session_viewonline) AS viewonline',
 271
 272                 'FROM'          => array(
 273                         USERS_TABLE             => 'u',
 274                         ZEBRA_TABLE             => 'z'
 275                 ),
 276
 277                 'LEFT_JOIN'     => array(
 278                         array(
 279                                 'FROM'  => array(SESSIONS_TABLE => 's'),
 280                                 'ON'    => 's.session_user_id = z.zebra_id'
 281                         )
 282                 ),
 283
 284                 'WHERE'         => 'z.user_id = ' . $user->data['user_id'] . '
 285                         AND z.friend = 1
 286                         AND u.user_id = z.zebra_id',
 287
 288                 'GROUP_BY'      => 'z.zebra_id, u.user_id, u.username_clean, u.user_colour, u.username',
 289
 290                 'ORDER_BY'      => 'u.username_clean ASC',
 291         ));
 292
 293         $result = $db->sql_query($sql);
 294
 295         while ($row = $db->sql_fetchrow($result))
 296         {
 297                 $which = (time() - $update_time < $row['online_time'] && ($row['viewonline'] || $auth->acl_get('u_viewonline'))) ? 'online' : 'offline';
 298
 299                 $template->assign_block_vars("friends_{$which}", array(
 300                         'USER_ID'               => $row['user_id'],
 301
 302                         'U_PROFILE'             => get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']),
 303                         'USER_COLOUR'   => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),
 304                         'USERNAME'              => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
 305                         'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']))
 306                 );
 307         }
 308         $db->sql_freeresult($result);
 309 }
 310
 311 // Do not display subscribed topics/forums if not allowed
 312 if (!$config['allow_topic_notify'] && !$config['allow_forum_notify'])
 313 {
 314         $module->set_display('main', 'subscribed', false);
 315 }
 316
 317 // Select the active module
 318 $module->set_active($id, $mode);
 319
 320 // Load and execute the relevant module
 321 $module->load_active();
 322
 323 // Assign data to the template engine for the list of modules
 324 $module->assign_tpl_vars(append_sid("{$phpbb_root_path}ucp.$phpEx"));
 325
 326 // Generate the page, do not display/query online list
 327 $module->display($module->get_page_title(), false);
 328
 329 /**
 330 * Function for assigning a template var if the zebra module got included
 331 */
 332 function _module_zebra($mode, &$module_row)
 333 {
 334         global $template;
 335
 336         $template->assign_var('S_ZEBRA_ENABLED', true);
 337
 338         if ($mode == 'friends')
 339         {
 340                 $template->assign_var('S_ZEBRA_FRIENDS_ENABLED', true);
 341         }
 342
 343         if ($mode == 'foes')
 344         {
 345                 $template->assign_var('S_ZEBRA_FOES_ENABLED', true);
 346         }
 347 }
 348
 349 ?>