search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Codechange: Gruppierung der Ausgabe der Benutzerliste, Tabellen mit <thead> und ...
[wmmkf.git] / user.php
blob27bc672fcf84f0698c6dcf15b16d27f02f508958
1 <?php
2 ###############################################################################
3 # my little forum #
4 # Copyright (C) 2005 Alex #
5 # http://www.mylittlehomepage.net/ #
6 # #
7 # This program is free software; you can redistribute it and/or #
8 # modify it under the terms of the GNU General Public License #
9 # as published by the Free Software Foundation; either version 2 #
10 # of the License, or (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program; if not, write to the Free Software #
19 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #
20 ###############################################################################
21
22 include("inc.php");
23 include_once("functions/include.prepare.php");
24
25
26 if (!isset($_SESSION[$settings['session_prefix'].'user_id'])
27 && isset($_COOKIE['auto_login'])
28 && isset($settings['autologin'])
29 && $settings['autologin'] == 1)
30 {
31 $header = 'location: '.$settings['forum_address'].'login.php?referer=user.php';
32 $header .= (isset($_GET['id'])) ? '&id='.intval($_GET['id']) : '';
33 header($header);
34 die('<a href="login.php?referer=user.php">further...</a>');
35 }
36
37 if (!isset($_SESSION[$settings['session_prefix'].'user_id']))
38 {
39 header('location: '.$settings['forum_address'].'login.php');
40 die('<a href="login.php">further...</a>');
41 }
42
43 // import vars:
44 if (isset($_SESSION[$settings['session_prefix'].'user_id'])) $user_id = $_SESSION[$settings['session_prefix'].'user_id'];
45 if (isset($_SESSION[$settings['session_prefix'].'user_type'])) $user_type = $_SESSION[$settings['session_prefix'].'user_type'];
46 if (isset($_SESSION[$settings['session_prefix'].'user_name'])) $user_name = $_SESSION[$settings['session_prefix'].'user_name'];
47 if (isset($_GET['id'])) $id = intval($_GET['id']);
48 if (isset($_GET['action'])) $action = $_GET['action'];
49 if (isset($_POST['action'])) $action = $_POST['action'];
50 if (isset($_POST['userdata_submit'])) $userdata_submit = $_POST['userdata_submit'];
51 if (isset($_POST['pw_submit'])) $pw_submit = $_POST['pw_submit'];
52 if (isset($_POST['old_pw'])) $old_pw = $_POST['old_pw'];
53 if (isset($_POST['new_pw'])) $new_pw = $_POST['new_pw'];
54 if (isset($_POST['new_pw_conf'])) $new_pw_conf = $_POST['new_pw_conf'];
55 if (isset($_POST['user_real_name'])) $user_real_name = $_POST['user_real_name'];
56 if (isset($_POST['hide_email'])) $hide_email = $_POST['hide_email'];
57 if (isset($_POST['user_hp'])) $user_hp = $_POST['user_hp'];
58 if (isset($_POST['user_place'])) $user_place = $_POST['user_place'];
59 if (isset($_POST['profile'])) $profile = $_POST['profile'];
60 if (isset($_POST['signature'])) $signature = $_POST['signature'];
61 if (isset($_POST['user_view'])) $user_view = $_POST['user_view'];
62 if (isset($_POST['user_delete_submit'])) $user_delete_submit = $_POST['user_delete_submit'];
63 if (isset($_POST['pw_delete'])) $pw_delete = $_POST['pw_delete'];
64 if (isset($_POST['new_posting_notify'])) $new_posting_notify = $_POST['new_posting_notify'];
65 if (isset($_POST['new_user_notify'])) $new_user_notify = $_POST['new_user_notify'];
66 if (isset($_POST['personal_messages'])) $personal_messages = $_POST['personal_messages'];
67 if (isset($_GET['page'])) $page = $_GET['page'];
68 if (isset($_GET['order'])) $order = $_GET['order'];
69 if (isset($_GET['descasc'])) $descasc = $_GET['descasc'];
70 if (isset($_POST['user_time_difference'])) $user_time_difference = $_POST['user_time_difference'];
71
72 if (empty($page)) $page = 0;
73 $category = empty($category) ? 0 : intval($category);
74
75 unset($errors);
76
77 // Check if user locked:
78 $lockedUserQuery = "SELECT
79 user_lock
80 FROM ".$db_settings['userdata_table']."
81 WHERE user_id = ".intval($_SESSION[$settings['session_prefix'].'user_id'])."
82 LIMIT 1";
83 $lock_result = mysql_query($lockedUserQuery, $connid);
84 if (!$lock_result) die($lang['db_error']);
85 $lock_result_array = mysql_fetch_assoc($lock_result);
86 mysql_free_result($lock_result);
87 if ($lock_result_array['user_lock'] > 0) $action = "locked";
88
89 if (isset($_GET['user_lock'])
90 && isset($_SESSION[$settings['session_prefix'].'user_type'])
91 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
92 || $_SESSION[$settings['session_prefix'].'user_type'] == "mod"))
93 {
94 $getUserLockedQuery = "SELECT
95 user_lock,
96 user_type
97 FROM ". $db_settings['userdata_table'] ."
98 WHERE user_id = ". intval($_GET['user_lock']) ."
99 LIMIT 1";
100 $lock_result = mysql_query($getUserLockedQuery, $connid);
101 if (!$lock_result) die($lang['db_error']);
102 $field = mysql_fetch_assoc($lock_result);
103 mysql_free_result($lock_result);
104 if ($field['user_type'] == "user")
105 {
106 $new_lock = ($field['user_lock'] == 0) ? 1 : 0;
107 $changeUserLockQuery = "UPDATE ". $db_settings['userdata_table'] ." SET
108 user_lock = '". $new_lock ."',
109 last_login = last_login,
110 registered = registered
111 WHERE user_id = '". intval($_GET['user_lock']) ."'
112 LIMIT 1";
113 $update_result = mysql_query($changeUserLockQuery, $connid);
114 }
115 $action="show users";
116 }
117
118 # show form for own forum settings or redirect to user data of a given user-ID
119 if ($action == "usersettings"
120 or $action == 'submit usersettings')
121 {
122 if ($settings['user_control_refresh'] == 0
123 and $settings['user_control_css'] == 0)
124 {
125 if ((isset($id) and intval($id) > 0)
126 or (isset($user_id) and intval($user_id) > 0))
127 {
128 $action = "get userdata";
129 }
130 else $action = "show users";
131 }
132 }
133
134 if (isset($_POST['change_email_submit']))
135 {
136 $new_email = trim($_POST['new_email']);
137 $pw_new_email = $_POST['pw_new_email'];
138 # Check data:
139 $getUserHasNewEmailaddress = "SELECT
140 user_id,
141 user_name,
142 user_pw,
143 user_email
144 FROM ". $db_settings['userdata_table'] ."
145 WHERE user_id = ". intval($user_id) ."
146 LIMIT 1";
147 $email_result = mysql_query($getUserHasNewEmailaddress, $connid);
148 if (!$email_result) die($lang['db_error']);
149 $field = mysql_fetch_assoc($email_result);
150 mysql_free_result($email_result);
151 if ($pw_new_email=='' || $new_email=='')
152 {
153 $errors[] = $lang['error_form_uncompl'];
154 }
155 if (empty($errors))
156 {
157 if (mb_strlen($new_email) > $settings['email_maxlength'])
158 {
159 $errors[] = $lang['email_marking'] . " " .$lang['error_input_too_long'];
160 }
161 if ($new_email == $field["user_email"])
162 {
163 $errors[] = $lang['error_email_equal'];
164 }
165 if (!preg_match($validator['email'], $new_email))
166 {
167 $errors[] = $lang['error_email_wrong'];
168 }
169 if ($field["user_pw"] != md5(trim($pw_new_email)))
170 {
171 $errors[] = $lang['pw_wrong'];
172 }
173 }
174 if (empty($errors))
175 {
176 $activate_code = md5(uniqid(rand()));
177 # send mail with activation key:
178 $lang['change_email_txt'] = strip_tags($lang['change_email_txt']);
179 $lang['new_user_email_txt'] = str_replace("[name]", $field['user_name'], $lang['change_email_txt']);
180 $lang['new_user_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."register.php?id=".$field['user_id']."&key=".$activate_code, $lang['new_user_email_txt']);
181 $header = "From: ".$settings['forum_name']." <".$settings['forum_email'].">\n";
182 $header .= "X-Mailer: Php/" . phpversion(). "\n";
183 $header .= "X-Sender-ip: ".$_SERVER["REMOTE_ADDR"]."\n";
184 $header .= "Content-Type: text/plain";
185 $new_user_mailto = $field['user_name']." <".$new_email.">";
186 if($settings['mail_parameter']!='')
187 {
188 @mail($new_user_mailto, strip_tags($lang['new_user_email_sj']), $lang['new_user_email_txt'], $header, $settings['mail_parameter']) or $errors[] = $lang['error_meilserv'];
189 }
190 else
191 {
192 @mail($new_user_mailto, strip_tags($lang['new_user_email_sj']), $lang['new_user_email_txt'], $header) or $errors[] = $lang['error_meilserv'];
193 }
194 if(empty($errors))
195 {
196 $updateUserEmailQuery = "UPDATE ". $db_settings['userdata_table'] ." SET
197 user_email = '". mysql_real_escape_string($new_email) ."',
198 last_login = last_login,
199 registered = registered,
200 activate_code = '". mysql_real_escape_string($activate_code) ."'
201 WHERE user_id = ". intval($user_id);
202 @mysql_query($updateUserEmailQuery, $connid) or die($lang['db_error']);
203 header("location: ".$settings['forum_address']."login.php");
204 die("<a href=\"login.php\">further...</a>");
205 }
206 else $action="email";
207 }
208 else $action="email";
209 }
210
211 if (isset($_SESSION[$settings['session_prefix'].'user_id']))
212 {
213 $uid = (!empty($id)) ? $id : $_SESSION[$settings['session_prefix'].'user_id'];
214 if (!empty($uid) and intval($uid) > 0)
215 {
216 $singleUserNameQuery = "SELECT
217 user_name
218 FROM ". $db_settings['userdata_table'] ."
219 WHERE user_id = ". intval($uid) ."
220 LIMIT 1";
221 $userNameResult = @mysql_query($singleUserNameQuery, $connid) or die($lang['db_error']);
222 if (!$userNameResult) die($lang['db_error']);
223 $userName = mysql_fetch_assoc($userNameResult);
224 mysql_free_result($userNameResult);
225 }
226 }
227
228 if (isset($_SESSION[$settings['session_prefix'].'user_id'])
229 && empty($action))
230 {
231 if (isset($id)) $action = "get userdata";
232 else $action = "show users";
233 }
234 else if (isset($_SESSION[$settings['session_prefix'].'user_id'])
235 && isset($action))
236 {
237 # Aktionen vor der Ausgabe von HTML
238 switch ($action)
239 {
240 case "get userdata":
241 break;
242 case "edit submited":
243 # Check the posted data:
244 $user_real_name = trim($user_real_name);
245 $user_hp = trim($user_hp);
246 $user_place = trim($user_place);
247 $profile = trim($profile);
248 $signature = trim($signature);
249 #if (isset($user_hp) && substr($user_hp,0,7) == "http://") $user_hp = substr($user_hp,7);
250 if (empty($user_view) or $user_view == "") $user_view = $standard;
251 if (empty($new_posting_notify)) $new_posting_notify = 0;
252 if (empty($new_user_notify)) $new_user_notify = 0;
253 #if (isset($user_hp) && $user_hp != "" && !ereg(".",$user_hp)) $errors[] = $lang['error_hp_wrong'];
254 if (mb_strlen($user_real_name) > $settings['name_maxlength']) $errors[] = $lang['user_real_name'] . " " .$lang['error_input_too_long'];
255 if (mb_strlen($user_hp) > $settings['hp_maxlength']) $errors[] = $lang['user_hp'] . " " .$lang['error_input_too_long'];
256 if (mb_strlen($user_place) > $settings['place_maxlength']) $errors[] = $lang['user_place'] . " " .$lang['error_input_too_long'];
257 if (mb_strlen($profile) > $settings['profile_maxlength'])
258 {
259 $lang['err_prof_too_long'] = str_replace("[length]", mb_strlen($profile), $lang['err_prof_too_long']);
260 $lang['err_prof_too_long'] = str_replace("[maxlength]", $settings['profile_maxlength'], $lang['err_prof_too_long']);
261 $errors[] = $lang['err_prof_too_long'];
262 }
263 if (mb_strlen($signature) > $settings['signature_maxlength'])
264 {
265 $lang['err_sig_too_long'] = str_replace("[length]", mb_strlen($signature), $lang['err_sig_too_long']);
266 $lang['err_sig_too_long'] = str_replace("[maxlength]", $settings['signature_maxlength'], $lang['err_sig_too_long']);
267 $errors[] = $lang['err_sig_too_long'];
268 }
269
270 $text_arr = explode(" ",$user_real_name);
271 for ($i=0; $i<count($text_arr); $i++)
272 {
273 trim($text_arr[$i]);
274 $laenge = mb_strlen($text_arr[$i]);
275 if ($laenge > $settings['name_word_maxlength'])
276 {
277 $error_nwtl = str_replace("[word]", htmlspecialchars(mb_substr($text_arr[$i],0,$settings['name_word_maxlength']))."...", $lang['error_name_word_too_long']);
278 $errors[] = $error_nwtl;
279 }
280 }
281 $text_arr = explode(" ",$user_place);
282 for ($i=0; $i<count($text_arr); $i++)
283 {
284 trim($text_arr[$i]);
285 $laenge = mb_strlen($text_arr[$i]);
286 if ($laenge > $settings['place_word_maxlength'])
287 {
288 $error_pwtl = str_replace("[word]", htmlspecialchars(mb_substr($text_arr[$i],0,$settings['place_word_maxlength']))."...", $lang['error_place_word_too_long']);
289 $errors[] = $error_pwtl;
290 }
291 }
292 $text_arr = str_replace("\n", " ", $profile);
293 if ($settings['bbcode'] == 1)
294 {
295 $text_arr = preg_replace("#\[b\](.+?)\[/b\]#is", "\\1", $text_arr);
296 $text_arr = preg_replace("#\[i\](.+?)\[/i\]#is", "\\1", $text_arr);
297 $text_arr = preg_replace("#\[u\](.+?)\[/u\]#is", "\\1", $text_arr);
298 $text_arr = preg_replace("#\[link\](.+?)\[/link\]#is", "\\1", $text_arr);
299 $text_arr = preg_replace("#\[link=(.+?)\](.+?)\[/link\]#is", "\\2", $text_arr);
300 }
301 if ($settings['bbcode'] == 1 && $settings['bbcode_img'] == 1)
302 {
303 $text_arr = preg_replace("#\[img\](.+?)\[/img\]#is", "[img]", $text_arr);
304 $text_arr = preg_replace("#\[img-l\](.+?)\[/img\]#is", "[img] ", $text_arr);
305 $text_arr = preg_replace("#\[img-r\](.+?)\[/img\]#is", "[img]", $text_arr);
306 }
307 $text_arr = explode(" ",$text_arr);
308 for ($i=0; $i<count($text_arr); $i++)
309 {
310 trim($text_arr[$i]);
311 $laenge = mb_strlen($text_arr[$i]);
312 if ($laenge > $settings['text_word_maxlength'])
313 {
314 $error_twtl = str_replace("[word]", htmlspecialchars(substr($text_arr[$i],0,$settings['text_word_maxlength']))."...", $lang['err_prof_word_too_long']);
315 $errors[] = $error_twtl;
316 }
317 }
318 $text_arr = str_replace("\n", " ", $signature);
319 if ($settings['bbcode'] == 1)
320 {
321 $text_arr = preg_replace("#\[b\](.+?)\[/b\]#is", "\\1", $text_arr);
322 $text_arr = preg_replace("#\[i\](.+?)\[/i\]#is", "\\1", $text_arr);
323 $text_arr = preg_replace("#\[u\](.+?)\[/u\]#is", "\\1", $text_arr);
324 $text_arr = preg_replace("#\[link\](.+?)\[/link\]#is", "\\1", $text_arr);
325 $text_arr = preg_replace("#\[link=(.+?)\](.+?)\[/link\]#is", "\\2", $text_arr);
326 }
327 if ($settings['bbcode'] == 1 && $settings['bbcode_img'] == 1)
328 {
329 $text_arr = preg_replace("#\[img\](.+?)\[/img\]#is", "[img]", $text_arr);
330 $text_arr = preg_replace("#\[img-l\](.+?)\[/img\]#is", "[img] ", $text_arr);
331 $text_arr = preg_replace("#\[img-r\](.+?)\[/img\]#is", "[img]", $text_arr);
332 }
333 $text_arr = explode(" ",$text_arr);
334 for ($i=0; $i<count($text_arr); $i++)
335 {
336 trim($text_arr[$i]);
337 $laenge = strlen($text_arr[$i]);
338 if ($laenge > $settings['text_word_maxlength'])
339 {
340 $error_twtl = str_replace("[word]", htmlspecialchars(substr($text_arr[$i],0,$settings['text_word_maxlength']))."...", $lang['err_sig_word_too_long']);
341 $errors[] = $error_twtl;
342 }
343 }
344 # End of checking
345
346 if (empty($hide_email)) $hide_email = 0;
347 if (empty($errors))
348 {
349 $updateUserData = "UPDATE ". $db_settings['userdata_table'] ." SET
350 user_real_name = '". mysql_real_escape_string($user_real_name) ."',
351 hide_email = '". $hide_email ."',
352 user_hp = '". mysql_real_escape_string($user_hp) ."',
353 user_place = '". mysql_real_escape_string($user_place) ."',
354 profile = '". mysql_real_escape_string($profile) ."',
355 signature = '". mysql_real_escape_string($signature) ."',
356 last_login = last_login,
357 registered = registered,
358 user_view = '". $user_view ."',
359 new_posting_notify = '". $new_posting_notify ."',
360 new_user_notify = '". $new_user_notify ."',
361 personal_messages = '". $personal_messages ."',
362 time_difference = '". $user_time_difference ."'
363 WHERE user_id = '". intval($user_id) ."'
364 LIMIT 1";
365 $update_result = mysql_query($updateUserData, $connid);
366 $_SESSION[$settings['session_prefix'].'user_view'] = $user_view;
367 $_SESSION[$settings['session_prefix'].'user_time_difference'] = $user_time_difference;
368 header("location: ".$settings['forum_address']."user.php?id=".$_SESSION[$settings['session_prefix'].'user_id']);
369 die("<a href=\"user.php?id=".$_SESSION[$settings['session_prefix'].'user_id']."\">further...</a>");
370 }
371 else $action="edit";
372 break;
373 case "pw submited":
374 $getUserPassword = "SELECT
375 user_pw
376 FROM ". $db_settings['userdata_table'] ."
377 WHERE user_id = ". intval($user_id) ."
378 LIMIT 1";
379 $pw_result = mysql_query($getUserPassword, $connid);
380 if (!$pw_result) die($lang['db_error']);
381 $field = mysql_fetch_assoc($pw_result);
382 mysql_free_result($pw_result);
383
384 trim($old_pw);
385 trim($new_pw);
386 trim($new_pw_conf);
387
388 if ($old_pw=="" or $new_pw=="" or $new_pw_conf =="")
389 {
390 $errors[] = $lang['error_form_uncompl'];
391 }
392 else
393 {
394 if ($field["user_pw"] != md5($old_pw))
395 {
396 $errors[] = $lang['error_old_pw_wrong'];
397 }
398 if ($new_pw_conf != $new_pw)
399 {
400 $errors[] = $lang['error_pw_conf_wrong'];
401 }
402 }
403 # Update, if no errors:
404 if (empty($errors))
405 {
406 $updateUserPassword = "UPDATE ". $db_settings['userdata_table'] ." SET
407 user_pw = '". md5($new_pw) ."',
408 last_login = last_login,
409 registered = registered
410 WHERE user_id = ". intval($user_id);
411 $pw_update_result = mysql_query($updateUserPassword, $connid);
412 header('location: '. $settings['forum_address'] .'user.php?id='. $_SESSION[$settings['session_prefix'].'user_id']);
413 die('<a href="user.php?id='. $_SESSION[$settings['session_prefix'].'user_id'] .'">further...</a>');
414 }
415 else $action = "pw";
416 break;
417 case "pm_sent":
418 # data of the sender of an PM
419 $getUserPMSender = "SELECT
420 user_name,
421 user_email
422 FROM ". $db_settings['userdata_table'] ."
423 WHERE user_id = ". intval($user_id) ."
424 LIMIT 1";
425 $pms_result = mysql_query($getUserPMSender, $connid);
426 if (!$pms_result) die($lang['db_error']);
427 $sender = mysql_fetch_assoc($pms_result);
428 mysql_free_result($pms_result);
429 # data of the receiver of an PM
430 $getUserPMReceiver = "SELECT
431 user_name,
432 user_email,
433 personal_messages
434 FROM ". $db_settings['userdata_table'] ."
435 WHERE user_id = ". intval($_POST['recipient_id']) ."
436 LIMIT 1";
437 $pmr_result = mysql_query($getUserPMReceiver, $connid);
438 if (!$pmr_result) die($lang['db_error']);
439 $recipient = mysql_fetch_assoc($pmr_result);
440 mysql_free_result($pmr_result);
441
442 if ($_POST['pm_text'] == "")
443 {
444 $errors[] = $lang['error_pers_msg_no_text'];
445 }
446 if ($recipient['personal_messages'] == "")
447 {
448 $errors[] = $lang['error_pers_msg_deactivated'];
449 }
450
451 if (empty($errors))
452 {
453 $lang['pers_msg_mail_add'] = str_replace("[forum_address]", $settings['forum_address'], $lang['pers_msg_mail_add']);
454 $ip = $_SERVER["REMOTE_ADDR"];
455 $mail_subject = $_POST['pm_subject'];
456 $mail_text = $_POST['pm_text'];
457 $mail_text .= "\n\n".strip_tags($lang['pers_msg_mail_add']);
458 $header = "From: ".$sender['user_name']." <".$sender['user_email'].">\n";
459 $header .= "Reply-To: ".$sender['user_name']." <".$sender['user_email'].">\n";
460 $header .= "X-Mailer: PHP/" . phpversion(). "\n";
461 $header .= "X-Sender-IP: $ip\n";
462 $header .= "Content-Type: text/plain";
463 if ($settings['mail_parameter']!='')
464 {
465 if (!@mail($recipient['user_name']." <".$recipient['user_email'].">", $mail_subject, $mail_text, $header, $settings['mail_parameter']))
466 {
467 $errors[] = $lang['error_meilserv'];
468 }
469 }
470 else
471 {
472 if (!@mail($recipient['user_name']." <".$recipient['user_email'].">", $mail_subject, $mail_text, $header))
473 {
474 $errors[] = $lang['error_meilserv'];
475 }
476 }
477
478 if(empty($errors))
479 {
480 $lang['conf_email_txt'] = str_replace("[forum_address]", $settings['forum_address'], strip_tags($lang['conf_email_txt']));
481 $lang['conf_email_txt'] = str_replace("[sender_name]", $sender['user_name'], $lang['conf_email_txt']);
482 $lang['conf_email_txt'] = str_replace("[recipient_name]", $recipient['user_name'], $lang['conf_email_txt']);
483 $lang['conf_email_txt'] = str_replace("[subject]", $_POST['pm_subject'], $lang['conf_email_txt']);
484 $lang['conf_email_txt'] .= "\n\n".stripslashes($_POST['pm_text']);
485 $conf_mailto = $sender['user_name']." <".$sender['user_email'].">";
486 $ip = $_SERVER["REMOTE_ADDR"];
487 $conf_header = "From: ".$settings['forum_name']." <".$settings['forum_email'].">\n";
488 $conf_header .= "X-Mailer: PHP/" . phpversion(). "\n";
489 $conf_header .= "X-Sender-IP: $ip\n";
490 $conf_header .= "Content-Type: text/plain";
491 if ($settings['mail_parameter']!='')
492 {
493 @mail($conf_mailto, strip_tags($lang['conf_sj']), $lang['conf_email_txt'], $conf_header, $settings['mail_parameter']);
494 }
495 else
496 {
497 @mail($conf_mailto, strip_tags($lang['conf_sj']), $lang['conf_email_txt'], $conf_header);
498 }
499 }
500
501 if (empty($errors))
502 {
503 header("location: ".$settings['forum_address']."user.php?id=".$_POST['recipient_id']);
504 die("<a href=\"user.php?id=".$_POST['recipient_id']."\">further...</a>");
505 }
506 else
507 {
508 $id = $_POST['recipient_id'];
509 $action="personal_message";
510 }
511 }
512 else
513 {
514 $id = $_POST['recipient_id'];
515 $action="personal_message";
516 }
517 break;
518 case "submit usersettings":
519 foreach ($_POST['usersetting'] as $key=>$val)
520 {
521 $putUserForumSetting = "INSERT INTO ". $db_settings['usersettings_table'] ." SET
522 user_id = ". intval($user_id) .",
523 name = '". mysql_real_escape_string($key) ."',
524 value = '". mysql_real_escape_string($val) ."'
525 ON DUPLICATE KEY UPDATE value = '". mysql_real_escape_string($val) ."'";
526 @mysql_query($putUserForumSetting, $connid);
527 }
528 $action = "usersettings";
529 # break;
530 case "usersettings":
531 $getSingleUserQuery = "SELECT
532 user_id,
533 user_type,
534 user_name
535 FROM ". $db_settings['userdata_table'] ."
536 WHERE user_id = ". intval($user_id);
537 $result = mysql_query($getSingleUserQuery, $connid);
538 if (!$result) die($lang['db_error']);
539 $field = mysql_fetch_assoc($result);
540 mysql_free_result($result);
541 $getUserSettingsQuery = "SELECT
542 name,
543 value,
544 type
545 FROM ". $db_settings['us_templates_table'] ."
546 ORDER BY name ASC";
547 $all_settings = mysql_query($getUserSettingsQuery, $connid);
548 if (!$all_settings) die($lang['db_error']);
549 $userOwnSettingsQuery = "SELECT
550 name,
551 value
552 FROM ". $db_settings['usersettings_table'] ."
553 WHERE user_id = ". intval($user_id) ."
554 ORDER BY name ASC";
555 $own_settings = mysql_query($userOwnSettingsQuery, $connid);
556 if (!$own_settings) die($lang['db_error']);
557 $ownSet = array();
558 while ($row = mysql_fetch_assoc($own_settings))
559 {
560 $ownSet[] = $row;
561 }
562 mysql_free_result($own_settings);
563 break;
564 case "edit subscriptions":
565 $blablabla = '';
566 foreach ($_POST as $key => $val)
567 {
568 # the name of the form field was not empty and begun with "id-"
569 if (strpos($key, "id-") !== false)
570 {
571 $kCont = explode("-", $key);
572 $vCont = explode("-", $val);
573 # identic ID in key and value
574 if ($kCont[1] == $vCont[1])
575 {
576 # subscription to a posting
577 if ($vCont[0] === "posting")
578 {
579 # <input type="radio" name="id-235" value="posting-235-214" />
580 # delete thread subscription where a posting subscription is setted
581 $changeThreadSubscribeQuery = "DELETE ". $db_settings['usersubscripts_table'] ."
582 WHERE tid = ". intval($vCont[2]) ."
583 AND user_id = ". intval($user_id) ."
584 LIMIT 1";
585 # set posting subscription
586 $updateSubscribeQuery = "UPDATE ". $db_settings['forum_table'] ." SET
587 email_notify = 1
588 WHERE id = ". intval($vCont[1]) ."
589 AND user_id = ". intval($user_id);
590 }
591 # subscription to a thread
592 else if ($vCont[0] === "thread")
593 {
594 # <input type="radio" name="id-214" value="thread-214-214" />
595 # delete posting subscriptions where the whole thread should be subscribed
596 $updateSubscribeQuery = "UPDATE ". $db_settings['forum_table'] ." SET
597 email_notify = 0
598 WHERE tid = ". intval($vCont[2]) ."
599 AND user_id = ". intval($user_id);
600 # set thread subscription
601 $changeThreadSubscribeQuery = "INSERT INTO ". $db_settings['usersubscripts_table'] ." SET
602 user_id = ". intval($user_id) .",
603 tid = ". intval($vCont[2]) ."
604 ON DUPLICATE KEY UPDATE
605 user_id = user_id,
606 tid = tid";
607 }
608 else if ($vCont[0] === "none")
609 {
610 # <input type="radio" name="id-235" value="none-235-214" />
611 # <input type="radio" name="id-214" value="none-214-214" />
612 # delete every possible subscription where subscription is setted to "none"
613 $getSearchPostingSubscriptionQuery = "SELECT
614 email_notify
615 FROM ". $db_settings['forum_table'] ."
616 WHERE id = ". intval($vCont[1]) ."
617 AND user_id = ". intval($user_id);
618 $resultSPS = mysql_query($getSearchPostingSubscriptionQuery, $connid);
619 if (!$resultSPS) $querySubscribe = 'reading of '.$db_settings['forum_table'].' failed';
620 else $subscriptPosting = mysql_fetch_assoc($resultSPS);
621 $getSearchThreadSubscriptionQuery = "SELECT
622 user_id,
623 tid
624 FROM ". $db_settings['usersubscripts_table'] ."
625 WHERE tid = ". intval($vCont[2]) ."
626 AND user_id = ". intval($user_id);
627 $resultSTS = mysql_query($getSearchThreadSubscriptionQuery, $connid);
628 if (!$resultSTS) $querySubscribe = 'reading of '.$db_settings['usersubscripts_table'].' failed';
629 else $subscriptThread = mysql_fetch_assoc($resultSTS);
630 if (!empty($subscriptPosting)
631 and $subscriptPosting['email_notify'] == 1)
632 {
633 $updateSubscribeQuery = "UPDATE ". $db_settings['forum_table'] ." SET
634 email_notify = 0
635 WHERE id = ". intval($vCont[1]) ."
636 AND user_id = ". intval($user_id) ."
637 LIMIT 1";
638 }
639 else if (!empty($subscriptThread)
640 and ($subscriptThread['user_id'] == $user_id
641 and $subscriptThread['tid'] == $vCont[2]))
642 {
643 $updateSubscribeQuery = "DELETE FROM ". $db_settings['usersubscripts_table'] ."
644 WHERE tid = ". intval($vCont[2]) ."
645 AND user_id = ". intval($user_id) ."
646 LIMIT 1";
647 }
648 }
649 if (!empty($updateSubscribeQuery))
650 {
651 $resultSS = mysql_query($updateSubscribeQuery, $connid);
652 if (!$resultSS) die($lang['db_error']);
653 unset($updateSubscribeQuery);
654 }
655 if (!empty($changeThreadSubscribeQuery))
656 {
657 $resultTS = mysql_query($changeThreadSubscribeQuery, $connid);
658 if (!resultTS) die($lang['db_error']);
659 unset($changeThreadSubscribeQuery);
660 }
661 }
662 }
663 }
664 $action = "subscriptions";
665 break;
666 }
667 }
668 else
669 {
670 header("location: ".$settings['forum_address']."index.php");
671 die("<a href=\"index.php\">further...</a>");
672 }
673
674 $wo = strip_tags($lang['user_area_title']);
675
676 $topnav = '<a class="textlink" href="';
677 if (!empty($_SESSION[$settings['session_prefix'].'curr_view']))
678 {
679 if ($_SESSION[$settings['session_prefix'].'curr_view'] == 'thread')
680 {
681 $topnav .= 'forum.php';
682 }
683 else
684 {
685 $topnav .= $_SESSION[$settings['session_prefix'].'curr_view'].'.php';
686 }
687 }
688 else if (!empty($_COOKIE['curr_view']) and in_array($_COOKIE['curr_view'], $possViews))
689 {
690 $topnav .= $_COOKIE['curr_view'].'.php';
691 }
692 else
693 {
694 $topnav .= 'forum.php';
695 }
696 $topnav .= '">'.$lang['back_to_overview_linkname'].'</a>&nbsp;';
697 if (!empty($action))
698 {
699 if ($action == "show users")
700 {
701 $topnav .= '<span class="current-page">'.$lang['reg_users_hl'];
702 if (!empty($_GET['letter']))
703 {
704 $topnav .= ' ('.htmlspecialchars($_GET['letter']).')';
705 }
706 $topnav .= '</span>';
707 }
708 else
709 {
710 $topnav .= '<a class="textlink" href="user.php">'.$lang['reg_users_hl'].'</a>&nbsp;';
711 if ($action == "get userdata")
712 {
713 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
714 $topnav .= '<span class="current-page">'.$lang['user_info_hl'].'</span>';
715 }
716 if ($action == "usersettings")
717 {
718 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
719 $topnav .= '<a class="textlink" href="user.php';
720 $topnav .= '?id='.intval($uid);
721 $topnav .= '">'.$lang['user_info_hl'].'</a>&nbsp;';
722 $topnav .= '<span class="current-page">'.$lang['edit_users_settings'].'</span>';
723 }
724 if ($action == "edit")
725 {
726 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
727 $topnav .= '<a class="textlink" href="user.php';
728 $topnav .= '?id='.intval($uid);
729 $topnav .= '">'.$lang['user_info_hl'].'</a>&nbsp;';
730 $topnav .= '<span class="current-page">'.$lang['edit_userdata_ln'].'</span>';
731 }
732 if ($action == "pw")
733 {
734 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
735 $topnav .= '<a class="textlink" href="user.php';
736 $topnav .= '?id='.intval($uid);
737 $topnav .= '">'.$lang['user_info_hl'].'</a>&nbsp;';
738 $topnav .= '<span class="current-page">'.$lang['edit_pw_ln'].'</span>';
739 }
740 if ($action == "email")
741 {
742 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
743 $topnav .= '<a class="textlink" href="user.php';
744 $topnav .= '?id='.intval($uid);
745 $topnav .= '">'.$lang['user_info_hl'].'</a>&nbsp;';
746 $topnav .= '<span class="current-page">'.$lang['change_email_hl'].'</span>';
747 }
748 if ($action == "personal_message")
749 {
750 $lang['pers_msg_ln'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['pers_msg_ln']);
751 $topnav .= '<span class="current-page">'.$lang['pers_msg_ln'].'</span>';
752 }
753 if ($action == "subscriptions")
754 {
755 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
756 $topnav .= '<a class="textlink" href="user.php';
757 $topnav .= '?id='.intval($uid);
758 $topnav .= '">'.$lang['user_info_hl'].'</a>&nbsp;';
759 $topnav .= '<span class="current-page">'.$lang['edit_subscription_ln'].'</span>';
760 }
761 }
762 }
763
764 if ($action == "show users")
765 {
766 if (empty($descasc)) $descasc="ASC";
767 if (empty($order)) $order="user_name";
768
769 if (isset($_GET['letter']) && $_GET['letter']!="")
770 {
771 $pid_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table']." WHERE user_name LIKE '".$_GET['letter']."%'", $connid);
772 }
773 else
774 {
775 $pid_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table'], $connid);
776 }
777 list($thread_count) = mysql_fetch_row($pid_result);
778 mysql_free_result($pid_result);
779
780 $abs_pid_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table'], $connid);
781 list($abs_thread_count) = mysql_fetch_row($abs_pid_result);
782 mysql_free_result($abs_pid_result);
783
784 $lang['num_reg_users'] = str_replace("[number]", $abs_thread_count, $lang['num_reg_users']);
785
786 $alphabet = range('A', 'Z');
787 $subnav_2 = $lang['num_reg_users'] . '&nbsp;&nbsp;<form action="'.basename($_SERVER["PHP_SELF"]).'" method="get" style="display: inline;"><select class="kat" size="1" name="letter" onchange="this.form.submit();">'."\n";
788 $subnav_2 .= '<option value="">A-Z</option>'."\n";
789 foreach ($alphabet as $letter)
790 {
791 $subnav_2 .= '<option value="'.$letter.'"';
792 $subnav_2 .= (isset($_GET['letter']) && $_GET['letter'] == $letter) ? ' selected="selected"' : '';
793 $subnav_2 .= '>'.$letter.'</option>'."\n";
794 }
795 $subnav_2 .= '</select>&nbsp;<input type="image" name="" value=""';
796 $subnav_2 .= ' src="img/submit.png" alt="&raquo;" /></form>'."\n";
797 $subnav_2 .= nav($page, $settings['users_per_page'], $thread_count, $order, $descasc, $category);
798 }
799
800 parse_template();
801 echo $header;
802
803 #echo "<h2>SESSION</h2>\n";
804 #echo "<pre>".print_r($_SESSION, true)."</pre>\n";
805 #echo "<h2>COOKIE</h2>\n";
806 #echo "<pre>".print_r($_COOKIE, true)."</pre>\n";
807 #echo "<h2>GET</h2>\n";
808 #echo "<pre>".print_r($_GET, true)."</pre>\n";
809 #echo "<h2>POST</h2>\n";
810 #echo "<pre>".print_r($_POST, true)."</pre>\n";
811 #echo "<h2>Infos</h2>\n";
812 #echo "<pre>".print_r($curr_view, true)."</pre>\n";
813 #echo "<pre>".print_r($userName, true)."</pre>\n";
814
815 $output = '';
816
817 switch ($action)
818 {
819 case "get userdata":
820 $id = (empty($id)) ? $user_id : $id;
821
822 $singleUserQuery = "SELECT
823 user_id,
824 user_type,
825 user_name,
826 user_real_name,
827 user_email,
828 hide_email,
829 user_hp,
830 user_place,
831 logins,
832 signature,
833 profile,
834 UNIX_TIMESTAMP(registered + INTERVAL ". $time_difference ." HOUR) AS since_date,
835 UNIX_TIMESTAMP(last_login + INTERVAL ". $time_difference ." HOUR) AS login_date
836 FROM ". $db_settings['userdata_table'] ."
837 WHERE user_id = ". intval($id);
838 $result = mysql_query($singleUserQuery, $connid);
839 if (!$result) die($lang['db_error']);
840 $field = mysql_fetch_assoc($result);
841 mysql_free_result($result);
842
843 # count postings:
844 $count_postings_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($id), $connid);
845 list($postings_count) = mysql_fetch_row($count_postings_result);
846 mysql_free_result($count_postings_result);
847
848 if ($field["user_name"] != "")
849 {
850 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['user_info_hl']);
851 $output .= '<h2>'.$lang['user_info_hl'].'</h2>'."\n";
852 if ($user_id == $id)
853 {
854 $output .= outputUsersettingsMenu($id);
855 }
856 $output .= '<table class="info admin">'."\n";
857 $output .= ' <tr>'."\n";
858 $output .= ' <td>'.$lang['username_marking'].'</td>'."\n";
859 $output .= ' <td>'. htmlspecialchars($field["user_name"]);
860 $output .= ($field["user_type"]=="admin") ? '<span class="xsmall">&nbsp;('. $lang['ud_admin'] .')</span>' : '';
861 $output .= ($field["user_type"]=="mod") ? '<span class="xsmall">&nbsp;('. $lang['ud_mod'] .')</span>' : '';
862 $output .= '</td>'."\n";
863 $output .= ' </tr>';
864 if ($field["user_real_name"]!="")
865 {
866 $output .= '<tr>'."\n";
867 $output .= ' <td>'.$lang['user_real_name'].'</td>'."\n";
868 $output .= ' <td>'. htmlspecialchars($field['user_real_name']) .'</td>'."\n";
869 $output .= ' </tr>';
870 }
871 if ($field["hide_email"]!=1)
872 {
873 $output .= '<tr>'."\n";
874 $output .= ' <td>'. $lang['user_email_marking'] .'</td>'."\n";
875 $output .= ' <td><a href="contact.php?uid='. $field['user_id'] .'">';
876 $output .= '<img src="img/email.png" alt="'. outputLangDebugInAttributes($lang['email_alt']) .'" title="';
877 $output .= str_replace('[name]', htmlspecialchars($field['user_name']), outputLangDebugInAttributes($lang['email_to_user_linktitle']));
878 $output .= '" width="13" height="10" /></a></td>'."\n";
879 $output .= ' </tr>';
880 }
881 if ($field["user_hp"]!="")
882 {
883 $field['user_hp'] = amendProtocol($field['user_hp']);
884 $output .= '<tr>'."\n";
885 $output .= ' <td>'.$lang['user_hp'].'</td>'."\n";
886 $output .= ' <td><a href="'.$field['user_hp'].'">';
887 $output .= '<img src="img/homepage.png" alt="';
888 $output .= outputLangDebugInAttributes($lang['homepage_alt']) .'" title="'. htmlspecialchars($field['user_hp']);
889 $output .= '" width="13" height="13" /></a></td>'."\n";
890 $output .= ' </tr>';
891 }
892 if ($field["user_place"]!=="")
893 {
894 $output .= '<tr>'."\n";
895 $output .= ' <td>'. $lang['user_place'] .'</td>'."\n";
896 $output .= ' <td>'. htmlspecialchars($field['user_place']) .'</td>'."\n";
897 $output .= ' </tr>';
898 }
899 $days_reg = floor((time() - $field["since_date"])/86400);
900 if ($days_reg < 1) $days_reg = 1;
901 $lang['user_since_text'] = str_replace('[reg-days]', $days_reg, $lang['user_since_text']);
902 $lang['user_last_login_text'] = str_replace('[logins]',$field['logins'],$lang['user_last_login_text']);
903 $lang['user_last_login_text'] = str_replace('[log-per-day]',round($field['logins']/$days_reg,2),$lang['user_last_login_text']);
904 $output .= '<tr>'."\n";
905 $output .= ' <td>'. $lang['user_since'] .'</td>'."\n";
906 $output .= ' <td>'. strftime($lang['time_format'],$field['since_date']);
907 $output .= $lang['user_since_text'] .'</td>'."\n";
908 $output .= ' </tr><tr>'."\n";
909 $output .= ' <td>'. $lang['user_last_login'] .'</td>'."\n";
910 $output .= ' <td>'. strftime($lang['time_format'],$field["login_date"]);
911 $output .= $lang['user_last_login_text'] .'</td>'."\n";
912 $output .= ' </tr><tr>'."\n";
913 $output .= ' <td>'. $lang['user_postings'] .'</td>'."\n";
914 $output .= ' <td>'. $postings_count;
915 if ($postings_count > 0)
916 {
917 $lang['user_posting_text'] = str_replace('[post-percent]', round($postings_count*100/$posting_count,1), $lang['user_posting_text']);
918 $lang['user_posting_text'] = str_replace('[post-per-day]', round($postings_count/$days_reg,2), $lang['user_posting_text']);
919 $output .= $lang['user_posting_text'].'&nbsp;&nbsp;<span class="small">';
920 $output .= '[ <a href="search.php?show_postings='.$field["user_id"];
921 $output .= '">'. $lang['show_postings_ln'] .'</a> ]</span>';
922 }
923 $output .= '</td>'."\n";
924 $output .= ' </tr>';
925 if ($field["profile"]!=="")
926 {
927 $ftext = $field['profile'];
928 # $ftext = htmlspecialchars($ftext);
929 # $ftext = nl2br($ftext);
930 $ftext = zitat($ftext);
931 if ($settings['autolink'] == 1) $ftext = make_link($ftext);
932 if ($settings['bbcode'] == 1) $ftext = bbcode($ftext);
933 if ($settings['smilies'] == 1) $ftext = smilies($ftext);
934 $output .= '<tr>'."\n";
935 $output .= ' <td>'. $lang['user_profile'] .'</td>'."\n";
936 $output .= ' <td>'. $ftext .'</td>'."\n";
937 $output .= ' </tr>';
938 }
939 if ($field["signature"]!=="")
940 {
941 $ftext = $field['signature'];
942 # $ftext = htmlspecialchars($ftext);
943 # $ftext = nl2br($ftext);
944 if ($settings['autolink'] == 1) $ftext = make_link($ftext);
945 if ($settings['bbcode'] == 1) $ftext = bbcode($ftext);
946 if ($settings['smilies'] == 1) $ftext = smilies($ftext);
947 $output .= '<tr>'."\n";
948 $output .= ' <td>'. $lang['user_signature'] .'</td>'."\n";
949 $output .= ' <td><p class="signature">'. $ftext .'</p></td>'."\n";
950 $output .= ' </tr>';
951 }
952 $output .= '</table>'."\n";
953 if ($user_id != $id)
954 {
955 $lang['pers_msg_ln'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['pers_msg_ln']);
956 $output .= '<ul class="linklist">'."\n";
957 $output .= ' <li><a class="textlink" href="user.php?action=personal_message';
958 $output .= '&amp;id='. $id .'">'. $lang['pers_msg_ln'] .'</a></li>'."\n";
959 $output .= '</ul>'."\n";
960 }
961 }
962 else
963 {
964 $output .= '<p class="caution">'. $lang['user_doesnt_exist'] .'</p>'."\n";
965 }
966 break;
967 case "usersettings":
968 if ($field["user_name"] != "")
969 {
970 $lang['user_settings_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['user_settings_hl']);
971 $output .= '<h2>'.$lang['user_settings_hl'].'</h2>'."\n";
972 if (isset($errors))
973 {
974 $output .= errorMessages($errors);
975 }
976 $output .= outputUsersettingsMenu($uid, 'usersettings');
977 $output .= '<form action="user.php" method="post">'."\n";
978 $output .= '<table class="info admin">'."\n";
979 while ($allSet = mysql_fetch_assoc($all_settings))
980 {
981 if (($settings['user_control_refresh'] == 1
982 and $allSet['name'] == 'control_refresh')
983 or ($settings['user_control_css'] == 1
984 and mb_substr($allSet['name'], 0, 5) == 'mark_')
985 or ($settings['user_control_sort_thread_threads'] == 1
986 and $allSet['name'] == 'sort_threadview_threads'))
987 {
988 if (!empty($ownSet))
989 {
990 foreach ($ownSet as $mySetting)
991 {
992 if ($mySetting['name'] == $allSet['name'])
993 {
994 $set = $mySetting['value'];
995 break;
996 }
997 }
998 }
999 $output .= '<tr>'."\n";
1000 $output .= '<td>';
1001 $output .= ($allSet['type'] == 'string') ? '<label for="'. $allSet['name'] .'">' : '';
1002 $output .= $allSet['name'];
1003 $output .= ($allSet['type'] == 'string') ? '</label>' : '';
1004 $output .= '</td>'."\n";
1005 $output .= '<td>';
1006 if ($allSet['type']=="string")
1007 {
1008 $output .= '<input type="text" name="usersetting['. $allSet['name'] .']" value="';
1009 $output .= (!empty($set)) ? htmlspecialchars($set) : htmlspecialchars($allSet['value']);
1010 $output .= '" id="'. $allSet['name'] .'" />'."\n";
1011 }
1012 else
1013 {
1014 $output .= '<input type="radio" name="usersetting['. $allSet['name'] .']" value="false"';
1015 $output .= (empty($set) or $set == 'false') ? ' checked="checked"' : '';
1016 $output .= ' id="'. $allSet['name'] .'-no" /><label for="'. $allSet['name'] .'-no">';
1017 $output .= $lang['no'] .'</label>'."\n";
1018 $output .= '<input type="radio" name="usersetting['. $allSet['name'] .']" value="true"';
1019 $output .= (!empty($set) and $set == 'true') ? ' checked="checked"' : '';
1020 $output .= ' id="'. $allSet['name'] .'-yes" /><label for="'. $allSet['name'] .'-yes">';
1021 $output .= $lang['yes'] .'</label>'."\n";
1022 }
1023 $output .= '</td>'."\n";
1024 $output .= '</tr>';
1025 }
1026 }
1027 $output .= "\n".'</table>'."\n";
1028 $output .= '<p><input type="hidden" name="action" value="submit usersettings" />';
1029 $output .= '<input type="submit" name="us-submit" value="';
1030 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']) .'" /></p>';
1031 $output .= '</form>'."\n";
1032 mysql_free_result($all_settings);
1033 }
1034 break;
1035 case "show users":
1036 if (empty($page)) $page = 0;
1037 if (empty($order)) $order="user_name";
1038 if (empty($descasc)) $descasc="ASC";
1039 $ul = $page * $settings['users_per_page'];
1040 $getAllUsersQuery = "SELECT
1041 user_id,
1042 user_name,
1043 user_type,
1044 user_email,
1045 hide_email,
1046 user_hp,
1047 user_lock
1048 FROM ". $db_settings['userdata_table'];
1049 if (isset($_GET['letter']))
1050 {
1051 $getAllUsersQuery .= "
1052 WHERE user_name LIKE '". mysql_real_escape_string($_GET['letter']) ."%'";
1053 }
1054 $getAllUserQuery .= "
1055 ORDER BY ". $order ." ". $descasc."
1056 LIMIT ". $ul .", ". $settings['users_per_page'];
1057 $result = mysql_query($getAllUsersQuery, $connid);
1058 if (!$result) die($lang['db_error']);
1059
1060 # Schauen, wer online ist:
1061 if ($settings['count_users_online'] == 1)
1062 {
1063 $useronline_result = mysql_query("SELECT user_id FROM ".$db_settings['useronline_table'], $connid);
1064 if (!$useronline_result) die($lang['db_error']);
1065 while ($uid_field = mysql_fetch_assoc($useronline_result))
1066 {
1067 $useronline_array[] = $uid_field['user_id'];
1068 }
1069 mysql_free_result($useronline_result);
1070 }
1071 if ($thread_count > 0)
1072 {
1073 $currDescAsc = strtolower($descasc);
1074 $output .= '<table class="normaltab">'."\n";
1075 $output .= '<tr class="titlerow">'."\n";
1076 $output .= '<th><a href="user.php?action=show+users&amp;order=user_name&amp;descasc=';
1077 $output .= ($descasc=="ASC" && $order=="user_name") ? 'DESC' : 'ASC';
1078 $output .= '&amp;ul='. $ul .'" title="'. outputLangDebugInAttributes($lang['order_linktitle']) .'">'. $lang['userlist_name'] .'</a>';
1079 if ($order=="user_name")
1080 {
1081 $output .= outputImageDescAsc($currDescAsc);
1082 }
1083 $output .= '</th>'."\n";
1084 $output .= '<th><a href="user.php?action=show+users&amp;order=user_type&amp;descasc=';
1085 $output .= ($descasc=="ASC" && $order=="user_type") ? 'DESC' : 'ASC';
1086 $output .= '&amp;ul='. $ul .'" title="'. outputLangDebugInAttributes($lang['order_linktitle']) .'">'. $lang['userlist_type'] .'</a>';
1087 if ($order=="user_type")
1088 {
1089 $output .= outputImageDescAsc($currDescAsc);
1090 }
1091 $output .= '</th>'."\n";
1092 $output .= '<th>'. $lang['userlist_email'] .'</th>'."\n";
1093 $output .= '<th>'. $lang['userlist_hp'] .'</th>'."\n";
1094 if ($settings['count_users_online'] == 1)
1095 {
1096 $output .= '<th>'. $lang['userlist_online'] .'</th>'."\n";
1097 }
1098 if (isset($_SESSION[$settings['session_prefix'].'user_type'])
1099 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
1100 || $_SESSION[$settings['session_prefix'].'user_type'] == "mod"))
1101 {
1102 $output .= '<th><a href="user.php?action=show+users&amp;order=user_lock&amp;descasc=';
1103 $output .= ($descasc=="ASC" && $order=="user_lock") ? 'DESC' : 'ASC';
1104 $output .= '&amp;ul='. $ul .'" title="'. outputLangDebugInAttributes($lang['order_linktitle']) .'">'. $lang['lock'] .'</a>';
1105 if ($order=="user_lock")
1106 {
1107 $output .= outputImageDescAsc($currDescAsc);
1108 }
1109 $output .= '</th>'."\n";
1110 }
1111 $output .= '</tr>';
1112 $i=0;
1113 while ($field = mysql_fetch_assoc($result))
1114 {
1115 $rowClass = ($i % 2 == 0) ? "a" : "b";
1116 $output .= '<tr class="'.$rowClass.'">'."\n";
1117 $output .= ' <td><a href="user.php?id='.$field['user_id'].'" title="';
1118 $output .= str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['show_userdata_linktitle']));
1119 $output .= '"><b>'. htmlspecialchars($field['user_name']) .'</b></a></td>'."\n";
1120 $output .= ' <td class="info">';
1121 if ($field["user_type"] == "admin") $output .= $lang['ud_admin'];
1122 elseif ($field["user_type"] == "mod") $output .= $lang['ud_mod'];
1123 else $output .= $lang['ud_user'];
1124 $output .= '</td>'."\n";
1125 $output .= ' <td class="info">';
1126 if ($field["hide_email"]!=1)
1127 {
1128 $output .= '<a href="contact.php?uid='.$field['user_id'].'"><img src="img/email.png"';
1129 $output .= ' alt="'.outputLangDebugInAttributes($lang['email_alt']).'" title="';
1130 $output .= str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['email_to_user_linktitle']));
1131 $output .= '" width="13" height="10" /></a>';
1132 }
1133 else $output .= "&nbsp;";
1134 $output .= '</td>'."\n";
1135 $output .= ' <td class="info">';
1136 if ($field["user_hp"] != '')
1137 {
1138 $field["user_hp"] = amendProtocol($field["user_hp"]);
1139 $output .= '<a href="'.$field["user_hp"].'"><img src="img/homepage.png" alt="';
1140 $output .= outputLangDebugInAttributes($lang['homepage_alt']).'" title="';
1141 $output .= htmlspecialchars($field["user_hp"]).'" width="13" height="13" /></a>'."\n";
1142 }
1143 else $output .= "&nbsp;";
1144 $output .= '</td>'."\n";
1145 if ($settings['count_users_online'] == 1)
1146 {
1147 $output .= ' <td class="info">';
1148 if ($settings['count_users_online'] == 1
1149 && in_array($field['user_id'], $useronline_array))
1150 {
1151 $output .= '<span class="online">'.$lang['online'].'</span>';
1152 }
1153 else $output .= "&nbsp;";
1154 $output .= '</td>'."\n";
1155 }
1156 if (isset($_SESSION[$settings['session_prefix'].'user_type'])
1157 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
1158 || $_SESSION[$settings['session_prefix'].'user_type'] == "mod"))
1159 {
1160 $output .= ' <td class="info">';
1161 if ($field["user_type"]=="user")
1162 {
1163 if ($field["user_lock"] == 0)
1164 {
1165 $output .= '<a href="user.php?user_lock='.$field["user_id"];
1166 $output .= '&amp;order='.$order.'&amp;descasc='.$descasc.'&amp;page='.$page;
1167 $output .= '" title="'.str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['lock_user_lt']));
1168 $output .= '">'.$lang['unlocked'].'</a>';
1169 }
1170 else
1171 {
1172 $output .= '<a style="color: red;" href="user.php?user_lock=';
1173 $output .= $field["user_id"].'&amp;order='.$order.'&amp;descasc='.$descasc;
1174 $output .= '&amp;page='.$page.'" title="'.str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['unlock_user_lt']));
1175 $output .= '">'.$lang['locked'].'</a>';
1176 }
1177 }
1178 else $output .= "&nbsp;";
1179 $output .= '</td>'."\n";
1180 }
1181 $output .= ' </tr>';
1182 $i++;
1183 }
1184 $output .= "\n".'</table>'."\n";
1185 }
1186 else
1187 {
1188 $output .= '<p><i>'.$lang['no_users'].'</i></p>'."\n";
1189 }
1190 break;
1191 case "edit":
1192 $singleUserDataQuery = "SELECT
1193 user_name,
1194 user_real_name,
1195 user_email,
1196 hide_email,
1197 user_hp,
1198 user_place,
1199 signature,
1200 profile,
1201 user_view,
1202 new_posting_notify,
1203 new_user_notify,
1204 personal_messages,
1205 time_difference
1206 FROM ". $db_settings['userdata_table'] ."
1207 WHERE user_id = ". intval($user_id);
1208 $result = mysql_query($singleUserDataQuery, $connid);
1209 if (!$result) die($lang['db_error']);
1210 $field = mysql_fetch_assoc($result);
1211 mysql_free_result($result);
1212
1213 if (empty($userdata_submit))
1214 {
1215 $hide_email = $field["hide_email"];
1216 $user_real_name = $field["user_real_name"];
1217 $user_hp = $field["user_hp"];
1218 $user_place = $field["user_place"];
1219 $profile = $field["profile"];
1220 $signature = $field["signature"];
1221 $user_view = $field["user_view"];
1222 $user_time_difference = $field["time_difference"];
1223 $new_posting_notify = $field["new_posting_notify"];
1224 $new_user_notify = $field["new_user_notify"];
1225 $personal_messages = $field["personal_messages"];
1226 }
1227 $lang['edit_userdata_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['edit_userdata_hl']);
1228 $output .= '<h2>'. $lang['edit_userdata_hl'] .'</h2>'."\n";
1229 if (isset($errors))
1230 {
1231 $output .= errorMessages($errors);
1232 }
1233 $output .= outputUsersettingsMenu($uid, 'edit');
1234 $output .= '<form action="user.php" method="post">'."\n";
1235 $output .= '<input type="hidden" name="action" value="edit submited">'."\n";
1236 $output .= '<table class="info admin">'."\n".' <tr>'."\n";
1237 $output .= ' <td>'. $lang['username_marking'] .'</td>'."\n";
1238 $output .= ' <td>'. htmlspecialchars($field["user_name"]) .'</td>'."\n";
1239 $output .= ' </tr><tr>'."\n";
1240 $output .= ' <td>'. $lang['user_email_marking'] .'</td>'."\n";
1241 $output .= ' <td>'. htmlspecialchars($field["user_email"]);
1242 $output .= '&nbsp;&nbsp;<span class="small">[ <a class="sln" href="user.php?';
1243 $output .= 'action=email">'. $lang['edit_email_ln'] .'</a> ]</span></td>'."\n";
1244 $output .= ' </tr><tr>'."\n";
1245 $output .= ' <td><b>'.$lang['user_show_email'].'</b><br />';
1246 $output .= '<span class="info">'.$lang['user_show_email_exp'].'</span></td>'."\n";
1247 $output .= ' <td><input type="radio" name="hide_email" id="hidemail-0" value="0"';
1248 $output .= ($hide_email=="0") ? ' checked="checked"' : '';
1249 $output .= '><label for="hidemail-0">'.$lang['yes'].'</label><br />';
1250 $output .= '<input type="radio" name="hide_email" id="hidemail-1" value="1"';
1251 $output .= ($hide_email=="1") ? ' checked="checked"' : '';
1252 $output .= '><label for="hidemail-1">'.$lang['no'].'</label></td>'."\n";
1253 $output .= ' </tr><tr>'."\n";
1254 $output .= ' <td><label for="real-name">'.$lang['user_real_name'].'</label><br />';
1255 $output .= '<span class="info">'.$lang['optional_marking'].'</span></td>'."\n";
1256 $output .= ' <td><input type="text" size="40" name="user_real_name" value="';
1257 $output .= htmlspecialchars($user_real_name).'" maxlength="';
1258 $output .= $settings['name_maxlength'].'" id="real-name" /></td>'."\n";
1259 $output .= ' </tr><tr>'."\n";
1260 $output .= ' <td><label for="homepage">'.$lang['user_hp'].'</label><br />';
1261 $output .= '<span class="info">'.$lang['optional_marking'].'</span></td>'."\n";
1262 $output .= ' <td><input type="text" size="40" name="user_hp" value="';
1263 $output .= htmlspecialchars($user_hp).'" maxlength="';
1264 $output .= $settings['hp_maxlength'].'" id="homepage" /></td>'."\n";
1265 $output .= ' </tr><tr>'."\n";
1266 $output .= ' <td><label for="userplace">'.$lang['user_place'].'</label><br />';
1267 $output .= '<span class="info">'.$lang['optional_marking'].'</span></td>'."\n";
1268 $output .= ' <td><input type="text" size="40" name="user_place" value="';
1269 $output .= htmlspecialchars($user_place).'" maxlength="';
1270 $output .= $settings['place_maxlength'].'" id="userplace" /></td>'."\n";
1271 $output .= ' </tr><tr>'."\n";
1272 $output .= ' <td><label for="userprofile">'.$lang['user_profile'].'</label><br />';
1273 $output .= '<span class="info">'.$lang['user_profile_exp'].'<br />';
1274 $output .= $lang['optional_marking'].'</span></td>'."\n";
1275 $output .= ' <td><textarea cols="65" rows="10" name="profile" id="userprofile">';
1276 $output .= htmlspecialchars($profile).'</textarea></td>'."\n";
1277 $output .= ' </tr><tr>'."\n";
1278 $output .= ' <td><label for="usersignature">'.$lang['user_signature'].'</label><br />';
1279 $output .= '<span class="info">'.$lang['user_sig_exp'].'<br />';
1280 $output .= $lang['optional_marking'].'</span></td>'."\n";
1281 $output .= ' <td><textarea cols="65" rows="4" name="signature" id="usersignature">';
1282 $output .= htmlspecialchars($signature).'</textarea></td>'."\n";
1283 $output .= ' </tr>';
1284 if ($settings['thread_view'] != 0
1285 && $settings['board_view'] != 0
1286 || $settings['board_view'] != 0
1287 && $settings['mix_view'] != 0
1288 || $settings['thread_view'] != 0
1289 && $settings['mix_view'] != 0)
1290 {
1291 $output .= '<tr>'."\n";
1292 $output .= ' <td>'.$lang['user_standard_view'].'</td>'."\n";
1293 $output .= ' <td>'."\n";
1294 if ($settings['thread_view'] == 1)
1295 {
1296 $output .= '<input type="radio" name="user_view" value="thread" id="view-thread"';
1297 $output .= ($user_view=="thread") ? ' checked="checked"' : '';
1298 $output .= ' /><label for="view-thread">'.$lang['thread_view_linkname'].'</label><br />'."\n";
1299 }
1300 if ($settings['board_view'] == 1)
1301 {
1302 $output .= '<input type="radio" name="user_view" value="board" id="view-board"';
1303 $output .= ($user_view=="board") ? ' checked="checked"' : '';
1304 $output .= ' /><label for="view-board">'.$lang['board_view_linkname'].'</label><br />'."\n";
1305 }
1306 if ($settings['mix_view'] == 1)
1307 {
1308 $output .= '<input type="radio" name="user_view" value="mix" id="view-mix"';
1309 $output .= ($user_view=="mix") ? ' checked="checked"' : '';
1310 $output .= ' /><label for="view-mix">'.$lang['mix_view_linkname']."</label>\n";
1311 }
1312 $output .= '</td>'."\n";
1313 $output .= ' </tr>'."\n";
1314 }
1315 $output .= '<tr>'."\n";
1316 $output .= ' <td>'.$lang['user_pers_msg'].'<br />';
1317 $output .= '<span class="info">'.$lang['user_pers_msg_exp'].'</span></td>'."\n";
1318 $output .= ' <td><input type="radio" name="personal_messages" value="1" id="persmess-1"';
1319 $output .= ($personal_messages=="1") ? ' checked="checked"' : '';
1320 $output .= ' /><label for="persmess-1">'.$lang['user_pers_msg_act'].'</label><br />'."\n";
1321 $output .= '<input type="radio" name="personal_messages" value="0" id="persmess-0"';
1322 $output .= ($personal_messages=="0") ? ' checked="checked"' : '';
1323 $output .= '><label for="persmess-0">'.$lang['user_pers_msg_deact'].'</label></td>'."\n";
1324 $output .= ' </tr><tr>'."\n";
1325 $output .= ' <td><label for="timediff">'.$lang['user_time_diff'].'</label><br />';
1326 $output .= '<span class="info">'.$lang['user_time_diff_exp'].'</span></td>'."\n";
1327 $output .= ' <td><select name="user_time_difference" size="1" id="timediff">'."\n";
1328 for ($h = -24; $h <= 24; $h++)
1329 {
1330 $output .= '<option value="'.$h.'"';
1331 $output .= ($user_time_difference==$h) ? ' selected="selected"' : '';
1332 $output .= '>'.$h.'</option>'."\n";
1333 }
1334 $output .= '</select>';
1335 # $output .= '&nbsp;&nbsp;Test: <select size="1">'.outputTimeZonesOptions().'</select>';
1336 $output .= '</td>'."\n";
1337 if ($user_type=="admin" || $user_type=="mod")
1338 {
1339 $output .= '<tr>'."\n";
1340 $output .= ' <td>'.$lang['admin_mod_notif'].'<br />';
1341 $output .= '<span class="info">'.$lang['admin_mod_notif_exp'].'</span></td>'."\n";
1342 $output .= ' <td><input type="checkbox" name="new_posting_notify" value="1"';
1343 $output .= ($new_posting_notify=="1") ? ' checked="checked"' : '';
1344 $output .= ' id="notice-post" /><label for="notice-post">'.$lang['admin_mod_notif_np'].'</label><br />';
1345 $output .= '<input type="checkbox" name="new_user_notify" value="1"';
1346 $output .= ($new_user_notify=="1") ? ' checked="checked"' : '';
1347 $output .= ' id="notice-user" /><label for="notice-user">'.$lang['admin_mod_notif_nu'].'</label></td>'."\n";
1348 }
1349 $output .= ' </tr>'."\n".'</table>'."\n";
1350 $output .= '<p><input type="submit" name="userdata_submit" value="';
1351 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']).'" /></p></form>'."\n";
1352 if ($settings['bbcode'] == 1)
1353 {
1354 $output .= '<p class="xsmall">'.$lang['bbcode_marking_user'];
1355 if ($settings['bbcode_img']==1)
1356 {
1357 $output .= '<br />'.$lang['bbcode_img_marking_user'];
1358 }
1359 $output .= '</p>'."\n";
1360 }
1361 break;
1362 case "pw":
1363 $lang['change_pw_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['change_pw_hl']);
1364 $output .= '<h2>'.$lang['change_pw_hl'].'</h2>'."\n";
1365 if (isset($errors))
1366 {
1367 $output .= errorMessages($errors);
1368 }
1369 $output .= outputUsersettingsMenu($uid, 'pw');
1370 $output .= '<form action="user.php" method="post">'."\n";
1371 $output .= '<input type="hidden" name="action" value="pw submited">'."\n";
1372 $output .= '<table class="info admin">'."\n".' <tr>'."\n";
1373 $output .= ' <td><label for="old-pw">'.$lang['old_pw'].'</label></td>'."\n";
1374 $output .= ' <td><input type="password" size="25" name="old_pw" id="old-pw" maxlength="50"></td>'."\n";
1375 $output .= ' </tr><tr>'."\n";
1376 $output .= ' <td><label for ="new-pw">'.$lang['new_pw'].'</label></td>'."\n";
1377 $output .= ' <td><input type="password" size="25" name="new_pw" id="new-pw" maxlength="50"></td>'."\n";
1378 $output .= ' </tr><tr>'."\n";
1379 $output .= ' <td><label for="pw-conf">'.$lang['new_pw_conf'].'</label></td>'."\n";
1380 $output .= ' <td><input type="password" size="25" name="new_pw_conf" id="pw-conf" maxlength="50"></td>'."\n";
1381 $output .= ' </tr>'."\n".'</table>'."\n";
1382 $output .= '<p><input type="submit" name="pw_submit" value="'.outputLangDebugInAttributes($lang['userdata_subm_button']);
1383 $output .= '" title="'.outputLangDebugInAttributes($lang['new_pw_subm_button_title']).'"></p>'."\n";
1384 $output .= '</form>'."\n";
1385 break;
1386 case "email":
1387 $output .= '<h2>'.$lang['change_email_hl'].'</h2>'."\n";
1388 $output .= '<p class="caution">'.$lang['caution'].'</p>'."\n";
1389 $output .= '<p>'.$lang['change_email_exp'].'</p>'."\n";
1390 if (isset($errors))
1391 {
1392 $output .= errorMessages($errors);
1393 }
1394 $output .= '<form action="user.php" method="post">'."\n";
1395 $output .= ' <p><label for="new-email">'.$lang['new_email'].'</label><br />'."\n";
1396 $output .= '<input type="text" size="25" name="new_email" id="new-email" value="';
1397 $output .= (isset($new_email)) ? htmlspecialchars($new_email) : '';
1398 $output .= '" maxlength="'.$settings['email_maxlength'].'"></p>'."\n";
1399 $output .= ' <p><label for="pw-email">'.$lang['password_marking'].'</label><br />'."\n";
1400 $output .= '<input type="password" size="25" name="pw_new_email" id="pw-email" maxlength="50"></p>'."\n";
1401 $output .= ' <p><input type="submit" name="change_email_submit" value="';
1402 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']).'"></p>'."\n";
1403 $output .= '</form>'."\n";
1404 break;
1405 case "personal_message":
1406 $pma_result = mysql_query("SELECT user_name, personal_messages FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid);
1407 if (!$pma_result) die($lang['db_error']);
1408 $field = mysql_fetch_assoc($pma_result);
1409 mysql_free_result($pma_result);
1410
1411 $lang['pers_msg_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['pers_msg_hl']);
1412 $output .= '<h2>'.$lang['pers_msg_hl'].'</h2>'."\n";
1413 if (isset($errors))
1414 {
1415 $output .= errorMessages($errors);
1416 }
1417 if ($field["personal_messages"] == 1)
1418 {
1419 $output .= '<form action="'.$_SERVER["SCRIPT_NAME"].'" method="post"><div>'."\n";
1420 $output .= '<input type="hidden" name="action" value="pm_sent" />'."\n";
1421 $output .= '<input type="hidden" name="recipient_id" value="'.intval($id).'" />'."\n";
1422 $output .= ' <p><label for="mess-subject">'.$lang['pers_msg_sj'].'</label><br />'."\n";
1423 $output .= '<input class="fs" type="text" name="pm_subject" value="';
1424 $output .= (isset($_POST['pm_subject'])) ? htmlspecialchars($_POST['pm_subject']) : '';
1425 $output .= '" size="50" id="mess-subject" /></p>'."\n";
1426 $output .= ' <p><label for="mess-text">'.$lang['pers_msg_txt'].'</label><br />'."\n";
1427 $output .= '<textarea name="pm_text" id="mess-text" cols="60" rows="15">';
1428 $output .= (isset($_POST['pm_text'])) ? htmlspecialchars($_POST['pm_text']) : '';
1429 $output .= '</textarea></p>'."\n";
1430 $output .= ' <p><input type="submit" name="pm_ok" value="';
1431 $output .= outputLangDebugInAttributes($lang['pers_msg_subm_button']).'" /></p>';
1432 $output .= '</div></form>'."\n";
1433 }
1434 else
1435 {
1436 $lang['pers_msg_deactivated'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['pers_msg_deactivated']);
1437 $output .= $lang['pers_msg_deactivated'];
1438 }
1439 break;
1440 case 'subscriptions':
1441 # no categories defined
1442 if ($categories === false)
1443 {
1444 $threadsQueryWhere = '';
1445 }
1446 # there are categories and all categories should be shown
1447 else if (is_array($categories))
1448 {
1449 $threadsQueryWhere = " AND category IN (". $category_ids_query .")";
1450 }
1451 $searchPostSubscrQuery = "SELECT
1452 id,
1453 tid,
1454 pid,
1455 DATE_FORMAT(time + INTERVAL ". $time_difference ." HOUR, '". $lang['time_format_sql'] ."') AS Uhrzeit,
1456 DATE_FORMAT(time + INTERVAL ". $time_difference ." HOUR, '%Y%m%d%H%i%s') AS sort,
1457 subject,
1458 name,
1459 email_notify
1460 FROM ". $db_settings['forum_table'] ."
1461 WHERE user_id = ". $_SESSION[$settings['session_prefix'] .'user_id']."
1462 AND email_notify = 1". $threadsQueryWhere ."
1463 ORDER BY time DESC";
1464 $resultSearchPostSubscr = mysql_query($searchPostSubscrQuery, $connid);
1465 $searchThreadSubscrQuery = "SELECT
1466 t1.user_id,
1467 t1.tid,
1468 t2.id,
1469 t2.pid,
1470 DATE_FORMAT(t2.time + INTERVAL ". $time_difference ." HOUR, '". $lang['time_format_sql'] ."') AS Uhrzeit,
1471 DATE_FORMAT(t2.time + INTERVAL ". $time_difference ." HOUR, '%Y%m%d%H%i%s') AS sort,
1472 t2.subject,
1473 t2.name,
1474 t2.email_notify
1475 FROM ". $db_settings['usersubscripts_table'] ." AS t1,
1476 ". $db_settings['forum_table'] ." AS t2
1477 WHERE t1.user_id = ". $_SESSION[$settings['session_prefix'].'user_id'] ."
1478 AND t1.tid = t2.tid
1479 AND t2.pid = 0";
1480 $resultSearchThreadSubscr = mysql_query($searchThreadSubscrQuery, $connid);
1481 if (isset($errors))
1482 {
1483 $output .= errorMessages($errors);
1484 }
1485 $subscriptions = array();
1486 while ($raw = mysql_fetch_assoc($resultSearchPostSubscr))
1487 {
1488 $raw['thread_notify'] = 0;
1489 $subscriptions[] = $raw;
1490 }
1491 while ($rew = mysql_fetch_assoc($resultSearchThreadSubscr))
1492 {
1493 $rew['thread_notify'] = 1;
1494 $subscriptions[] = $rew;
1495 }
1496 if (!empty($subscriptions))
1497 {
1498 foreach ($subscriptions as $key=>$row)
1499 {
1500 $sortDate[$key] = $row['sort'];
1501 }
1502 # delete possible posting subscriptions
1503 # in case of a thread subscription
1504 $subscriptions = processSubscriptFilter($subscriptions);
1505 array_multisort($sortDate, SORT_DESC, $subscriptions);
1506 $lang['edit_subscriptions_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['edit_subscriptions_hl']);
1507 $output .= '<h2>'. $lang['edit_subscriptions_hl'] .'</h2>'."\n";
1508 $output .= outputUsersettingsMenu($uid, 'subscriptions');
1509 $output .= '<form action="user.php" method="post">'."\n";
1510 $output .= '<input type="hidden" name="action" value="edit subscriptions">'."\n";
1511 $output .= '<table class="normaltab">'."\n";
1512 $output .= ' <tr class="titlerow">'."\n";
1513 $output .= ' <th>'. $lang['edit_subscriptions_th_title'] .'</th>'."\n";
1514 $output .= ' <th>'. $lang['edit_subscriptions_th_posting'] .'</th>'."\n";
1515 $output .= ' <th>'. $lang['edit_subscriptions_th_thread'] .'</th>'."\n";
1516 $output .= ' <th>'. $lang['no'] .'</th>'."\n".'</tr>';
1517 $i=0;
1518 foreach ($subscriptions as $row)
1519 {
1520 if (!isset($row['delete']))
1521 {
1522 $item = ($row['pid'] == 0) ? 'thread' : 'reply';
1523 $rowClass = ($i % 2 == 0) ? "a" : "b";
1524 $output .= '<tr class="'.$rowClass.'">'."\n";
1525 $output .= ' <td>';
1526 $output .= '<span class="'.$item.'">'.$row['subject'].'</span> - '.$row['name'].', '.$row['Uhrzeit'].'</td>';
1527 $output .= ' <td>';
1528 $output .= '<input type="radio" name="id-'.$row['id'].'" value="posting-'.$row['id'].'-'.$row['tid'].'"';
1529 $output .= ($row['email_notify'] == 1) ? ' checked="checked"' : '';
1530 $output .= ($row['thread_notify'] == 1) ? ' disabled="disabled"' : '';
1531 $output .= ' />';
1532 $output .= '</td><td>';
1533 $output .= '<input type="radio" name="id-'.$row['id'].'" value="thread-'.$row['id'].'-'.$row['tid'].'"';
1534 $output .= ($row['thread_notify'] == 1) ? ' checked="checked"' : '';
1535 $output .= ' />';
1536 $output .= '</td><td>'."\n";
1537 $output .= '<input type="radio" name="id-'.$row['id'].'" value="none-'.$row['id'].'-'.$row['tid'].'" />';
1538 $output .= '</td>'."\n";
1539 $output .= ' </tr>';
1540 $i++;
1541 }
1542 }
1543 $output .= "\n".'</table>'."\n";
1544 $output .= '<p><input type="submit" name="subscriptions_submit" value="';
1545 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']).'" /></p></form>'."\n";
1546 }
1547 else
1548 {
1549 # no subscribed postings or threads
1550 $output .= '<p>'.$lang['edit_subscriptions_none'].'</p>'."\n";
1551 }
1552 break;
1553 case "locked":
1554 # import posting template
1555 $output = file_get_contents('data/templates/locked.gen.html');
1556 $output = str_replace('{locked_hl}', $lang['user_locked_hl'], $output);
1557 $output = str_replace('{locked_txt}', str_replace("[name]", htmlspecialchars($user_name), $lang['usr_locked_txt']), $output);
1558 break;
1559 }
1560 echo $output;
1561 echo $footer;
1562 ?>
a fork of mylittleforum version 1