2 ###############################################################################
4 # Copyright (C) 2005 Alex #
5 # http://www.mylittlehomepage.net/ #
7 # This program is free software; you can redistribute it and/or #
8 # modify it under the terms of the GNU General Public License #
9 # as published by the Free Software Foundation; either version 2 #
10 # of the License, or (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program; if not, write to the Free Software #
19 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #
20 ###############################################################################
23 include_once("functions/include.prepare.php");
26 if (!isset($_SESSION[$settings['session_prefix'].'user_id'])
27 && isset($_COOKIE['auto_login'])
28 && isset($settings['autologin'])
29 && $settings['autologin'] == 1)
31 $header = 'location: '.$settings['forum_address'].'login.php?referer=user.php';
32 $header .= (isset($_GET['id'])) ?
'&id='.intval($_GET['id']) : '';
34 die('<a href="login.php?referer=user.php">further...</a>');
37 if (!isset($_SESSION[$settings['session_prefix'].'user_id']))
39 header('location: '.$settings['forum_address'].'login.php');
40 die('<a href="login.php">further...</a>');
44 if (isset($_SESSION[$settings['session_prefix'].'user_id'])) $user_id = $_SESSION[$settings['session_prefix'].'user_id'];
45 if (isset($_SESSION[$settings['session_prefix'].'user_type'])) $user_type = $_SESSION[$settings['session_prefix'].'user_type'];
46 if (isset($_SESSION[$settings['session_prefix'].'user_name'])) $user_name = $_SESSION[$settings['session_prefix'].'user_name'];
47 if (isset($_GET['id'])) $id = intval($_GET['id']);
48 if (isset($_GET['action'])) $action = $_GET['action'];
49 if (isset($_POST['action'])) $action = $_POST['action'];
50 if (isset($_POST['userdata_submit'])) $userdata_submit = $_POST['userdata_submit'];
51 if (isset($_POST['pw_submit'])) $pw_submit = $_POST['pw_submit'];
52 if (isset($_POST['old_pw'])) $old_pw = $_POST['old_pw'];
53 if (isset($_POST['new_pw'])) $new_pw = $_POST['new_pw'];
54 if (isset($_POST['new_pw_conf'])) $new_pw_conf = $_POST['new_pw_conf'];
55 if (isset($_POST['user_real_name'])) $user_real_name = $_POST['user_real_name'];
56 if (isset($_POST['hide_email'])) $hide_email = $_POST['hide_email'];
57 if (isset($_POST['user_hp'])) $user_hp = $_POST['user_hp'];
58 if (isset($_POST['user_place'])) $user_place = $_POST['user_place'];
59 if (isset($_POST['profile'])) $profile = $_POST['profile'];
60 if (isset($_POST['signature'])) $signature = $_POST['signature'];
61 if (isset($_POST['user_view'])) $user_view = $_POST['user_view'];
62 if (isset($_POST['user_delete_submit'])) $user_delete_submit = $_POST['user_delete_submit'];
63 if (isset($_POST['pw_delete'])) $pw_delete = $_POST['pw_delete'];
64 if (isset($_POST['new_posting_notify'])) $new_posting_notify = $_POST['new_posting_notify'];
65 if (isset($_POST['new_user_notify'])) $new_user_notify = $_POST['new_user_notify'];
66 if (isset($_POST['personal_messages'])) $personal_messages = $_POST['personal_messages'];
67 if (isset($_GET['page'])) $page = $_GET['page'];
68 if (isset($_GET['order'])) $order = $_GET['order'];
69 if (isset($_GET['descasc'])) $descasc = $_GET['descasc'];
70 if (isset($_POST['user_time_difference'])) $user_time_difference = $_POST['user_time_difference'];
72 if (empty($page)) $page = 0;
73 $category = empty($category) ?
0 : intval($category);
77 // Check if user locked:
78 $lockedUserQuery = "SELECT
80 FROM ".$db_settings['userdata_table']."
81 WHERE user_id = ".intval($_SESSION[$settings['session_prefix'].'user_id'])."
83 $lock_result = mysql_query($lockedUserQuery, $connid);
84 if (!$lock_result) die($lang['db_error']);
85 $lock_result_array = mysql_fetch_assoc($lock_result);
86 mysql_free_result($lock_result);
87 if ($lock_result_array['user_lock'] > 0) $action = "locked";
89 if (isset($_GET['user_lock'])
90 && isset($_SESSION[$settings['session_prefix'].'user_type'])
91 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
92 ||
$_SESSION[$settings['session_prefix'].'user_type'] == "mod"))
94 $getUserLockedQuery = "SELECT
97 FROM ". $db_settings['userdata_table'] ."
98 WHERE user_id = ". intval($_GET['user_lock']) ."
100 $lock_result = mysql_query($getUserLockedQuery, $connid);
101 if (!$lock_result) die($lang['db_error']);
102 $field = mysql_fetch_assoc($lock_result);
103 mysql_free_result($lock_result);
104 if ($field['user_type'] == "user")
106 $new_lock = ($field['user_lock'] == 0) ?
1 : 0;
107 $changeUserLockQuery = "UPDATE ". $db_settings['userdata_table'] ." SET
108 user_lock = '". $new_lock ."',
109 last_login = last_login,
110 registered = registered
111 WHERE user_id = '". intval($_GET['user_lock']) ."'
113 $update_result = mysql_query($changeUserLockQuery, $connid);
115 $action="show users";
118 # show form for own forum settings or redirect to user data of a given user-ID
119 if ($action == "usersettings"
120 or $action == 'submit usersettings')
122 if ($settings['user_control_refresh'] == 0
123 and $settings['user_control_css'] == 0)
125 if ((isset($id) and intval($id) > 0)
126 or (isset($user_id) and intval($user_id) > 0))
128 $action = "get userdata";
130 else $action = "show users";
134 if (isset($_POST['change_email_submit']))
136 $new_email = trim($_POST['new_email']);
137 $pw_new_email = $_POST['pw_new_email'];
139 $getUserHasNewEmailaddress = "SELECT
144 FROM ". $db_settings['userdata_table'] ."
145 WHERE user_id = ". intval($user_id) ."
147 $email_result = mysql_query($getUserHasNewEmailaddress, $connid);
148 if (!$email_result) die($lang['db_error']);
149 $field = mysql_fetch_assoc($email_result);
150 mysql_free_result($email_result);
151 if ($pw_new_email=='' ||
$new_email=='')
153 $errors[] = $lang['error_form_uncompl'];
157 if (mb_strlen($new_email) > $settings['email_maxlength'])
159 $errors[] = $lang['email_marking'] . " " .$lang['error_input_too_long'];
161 if ($new_email == $field["user_email"])
163 $errors[] = $lang['error_email_equal'];
165 if (!preg_match($validator['email'], $new_email))
167 $errors[] = $lang['error_email_wrong'];
169 if ($field["user_pw"] != md5(trim($pw_new_email)))
171 $errors[] = $lang['pw_wrong'];
176 $activate_code = md5(uniqid(rand()));
177 # send mail with activation key:
178 $lang['change_email_txt'] = strip_tags($lang['change_email_txt']);
179 $lang['new_user_email_txt'] = str_replace("[name]", $field['user_name'], $lang['change_email_txt']);
180 $lang['new_user_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."register.php?id=".$field['user_id']."&key=".$activate_code, $lang['new_user_email_txt']);
181 $header = "From: ".$settings['forum_name']." <".$settings['forum_email'].">\n";
182 $header .= "X-Mailer: Php/" . phpversion(). "\n";
183 $header .= "X-Sender-ip: ".$_SERVER["REMOTE_ADDR"]."\n";
184 $header .= "Content-Type: text/plain";
185 $new_user_mailto = $field['user_name']." <".$new_email.">";
186 if($settings['mail_parameter']!='')
188 @mail
($new_user_mailto, strip_tags($lang['new_user_email_sj']), $lang['new_user_email_txt'], $header, $settings['mail_parameter']) or $errors[] = $lang['error_meilserv'];
192 @mail
($new_user_mailto, strip_tags($lang['new_user_email_sj']), $lang['new_user_email_txt'], $header) or $errors[] = $lang['error_meilserv'];
196 $updateUserEmailQuery = "UPDATE ". $db_settings['userdata_table'] ." SET
197 user_email = '". mysql_real_escape_string($new_email) ."',
198 last_login = last_login,
199 registered = registered,
200 activate_code = '". mysql_real_escape_string($activate_code) ."'
201 WHERE user_id = ". intval($user_id);
202 @mysql_query
($updateUserEmailQuery, $connid) or die($lang['db_error']);
203 header("location: ".$settings['forum_address']."login.php");
204 die("<a href=\"login.php\">further...</a>");
206 else $action="email";
208 else $action="email";
211 if (isset($_SESSION[$settings['session_prefix'].'user_id']))
213 $uid = (!empty($id)) ?
$id : $_SESSION[$settings['session_prefix'].'user_id'];
214 if (!empty($uid) and intval($uid) > 0)
216 $singleUserNameQuery = "SELECT
218 FROM ". $db_settings['userdata_table'] ."
219 WHERE user_id = ". intval($uid) ."
221 $userNameResult = @mysql_query
($singleUserNameQuery, $connid) or die($lang['db_error']);
222 if (!$userNameResult) die($lang['db_error']);
223 $userName = mysql_fetch_assoc($userNameResult);
224 mysql_free_result($userNameResult);
228 if (isset($_SESSION[$settings['session_prefix'].'user_id'])
231 if (isset($id)) $action = "get userdata";
232 else $action = "show users";
234 else if (isset($_SESSION[$settings['session_prefix'].'user_id'])
237 # Aktionen vor der Ausgabe von HTML
242 case "edit submited":
243 # Check the posted data:
244 $user_real_name = trim($user_real_name);
245 $user_hp = trim($user_hp);
246 $user_place = trim($user_place);
247 $profile = trim($profile);
248 $signature = trim($signature);
249 #if (isset($user_hp) && substr($user_hp,0,7) == "http://") $user_hp = substr($user_hp,7);
250 if (empty($user_view) or $user_view == "") $user_view = $standard;
251 if (empty($new_posting_notify)) $new_posting_notify = 0;
252 if (empty($new_user_notify)) $new_user_notify = 0;
253 #if (isset($user_hp) && $user_hp != "" && !ereg(".",$user_hp)) $errors[] = $lang['error_hp_wrong'];
254 if (mb_strlen($user_real_name) > $settings['name_maxlength']) $errors[] = $lang['user_real_name'] . " " .$lang['error_input_too_long'];
255 if (mb_strlen($user_hp) > $settings['hp_maxlength']) $errors[] = $lang['user_hp'] . " " .$lang['error_input_too_long'];
256 if (mb_strlen($user_place) > $settings['place_maxlength']) $errors[] = $lang['user_place'] . " " .$lang['error_input_too_long'];
257 if (mb_strlen($profile) > $settings['profile_maxlength'])
259 $lang['err_prof_too_long'] = str_replace("[length]", mb_strlen($profile), $lang['err_prof_too_long']);
260 $lang['err_prof_too_long'] = str_replace("[maxlength]", $settings['profile_maxlength'], $lang['err_prof_too_long']);
261 $errors[] = $lang['err_prof_too_long'];
263 if (mb_strlen($signature) > $settings['signature_maxlength'])
265 $lang['err_sig_too_long'] = str_replace("[length]", mb_strlen($signature), $lang['err_sig_too_long']);
266 $lang['err_sig_too_long'] = str_replace("[maxlength]", $settings['signature_maxlength'], $lang['err_sig_too_long']);
267 $errors[] = $lang['err_sig_too_long'];
270 $text_arr = explode(" ",$user_real_name);
271 for ($i=0; $i<count($text_arr); $i++
)
274 $laenge = mb_strlen($text_arr[$i]);
275 if ($laenge > $settings['name_word_maxlength'])
277 $error_nwtl = str_replace("[word]", htmlspecialchars(mb_substr($text_arr[$i],0,$settings['name_word_maxlength']))."...", $lang['error_name_word_too_long']);
278 $errors[] = $error_nwtl;
281 $text_arr = explode(" ",$user_place);
282 for ($i=0; $i<count($text_arr); $i++
)
285 $laenge = mb_strlen($text_arr[$i]);
286 if ($laenge > $settings['place_word_maxlength'])
288 $error_pwtl = str_replace("[word]", htmlspecialchars(mb_substr($text_arr[$i],0,$settings['place_word_maxlength']))."...", $lang['error_place_word_too_long']);
289 $errors[] = $error_pwtl;
292 $text_arr = str_replace("\n", " ", $profile);
293 if ($settings['bbcode'] == 1)
295 $text_arr = preg_replace("#\[b\](.+?)\[/b\]#is", "\\1", $text_arr);
296 $text_arr = preg_replace("#\[i\](.+?)\[/i\]#is", "\\1", $text_arr);
297 $text_arr = preg_replace("#\[u\](.+?)\[/u\]#is", "\\1", $text_arr);
298 $text_arr = preg_replace("#\[link\](.+?)\[/link\]#is", "\\1", $text_arr);
299 $text_arr = preg_replace("#\[link=(.+?)\](.+?)\[/link\]#is", "\\2", $text_arr);
301 if ($settings['bbcode'] == 1 && $settings['bbcode_img'] == 1)
303 $text_arr = preg_replace("#\[img\](.+?)\[/img\]#is", "[img]", $text_arr);
304 $text_arr = preg_replace("#\[img-l\](.+?)\[/img\]#is", "[img] ", $text_arr);
305 $text_arr = preg_replace("#\[img-r\](.+?)\[/img\]#is", "[img]", $text_arr);
307 $text_arr = explode(" ",$text_arr);
308 for ($i=0; $i<count($text_arr); $i++
)
311 $laenge = mb_strlen($text_arr[$i]);
312 if ($laenge > $settings['text_word_maxlength'])
314 $error_twtl = str_replace("[word]", htmlspecialchars(substr($text_arr[$i],0,$settings['text_word_maxlength']))."...", $lang['err_prof_word_too_long']);
315 $errors[] = $error_twtl;
318 $text_arr = str_replace("\n", " ", $signature);
319 if ($settings['bbcode'] == 1)
321 $text_arr = preg_replace("#\[b\](.+?)\[/b\]#is", "\\1", $text_arr);
322 $text_arr = preg_replace("#\[i\](.+?)\[/i\]#is", "\\1", $text_arr);
323 $text_arr = preg_replace("#\[u\](.+?)\[/u\]#is", "\\1", $text_arr);
324 $text_arr = preg_replace("#\[link\](.+?)\[/link\]#is", "\\1", $text_arr);
325 $text_arr = preg_replace("#\[link=(.+?)\](.+?)\[/link\]#is", "\\2", $text_arr);
327 if ($settings['bbcode'] == 1 && $settings['bbcode_img'] == 1)
329 $text_arr = preg_replace("#\[img\](.+?)\[/img\]#is", "[img]", $text_arr);
330 $text_arr = preg_replace("#\[img-l\](.+?)\[/img\]#is", "[img] ", $text_arr);
331 $text_arr = preg_replace("#\[img-r\](.+?)\[/img\]#is", "[img]", $text_arr);
333 $text_arr = explode(" ",$text_arr);
334 for ($i=0; $i<count($text_arr); $i++
)
337 $laenge = strlen($text_arr[$i]);
338 if ($laenge > $settings['text_word_maxlength'])
340 $error_twtl = str_replace("[word]", htmlspecialchars(substr($text_arr[$i],0,$settings['text_word_maxlength']))."...", $lang['err_sig_word_too_long']);
341 $errors[] = $error_twtl;
346 if (empty($hide_email)) $hide_email = 0;
349 $updateUserData = "UPDATE ". $db_settings['userdata_table'] ." SET
350 user_real_name = '". mysql_real_escape_string($user_real_name) ."',
351 hide_email = '". $hide_email ."',
352 user_hp = '". mysql_real_escape_string($user_hp) ."',
353 user_place = '". mysql_real_escape_string($user_place) ."',
354 profile = '". mysql_real_escape_string($profile) ."',
355 signature = '". mysql_real_escape_string($signature) ."',
356 last_login = last_login,
357 registered = registered,
358 user_view = '". $user_view ."',
359 new_posting_notify = '". $new_posting_notify ."',
360 new_user_notify = '". $new_user_notify ."',
361 personal_messages = '". $personal_messages ."',
362 time_difference = '". $user_time_difference ."'
363 WHERE user_id = '". intval($user_id) ."'
365 $update_result = mysql_query($updateUserData, $connid);
366 $_SESSION[$settings['session_prefix'].'user_view'] = $user_view;
367 $_SESSION[$settings['session_prefix'].'user_time_difference'] = $user_time_difference;
368 header("location: ".$settings['forum_address']."user.php?id=".$_SESSION[$settings['session_prefix'].'user_id']);
369 die("<a href=\"user.php?id=".$_SESSION[$settings['session_prefix'].'user_id']."\">further...</a>");
374 $getUserPassword = "SELECT
376 FROM ". $db_settings['userdata_table'] ."
377 WHERE user_id = ". intval($user_id) ."
379 $pw_result = mysql_query($getUserPassword, $connid);
380 if (!$pw_result) die($lang['db_error']);
381 $field = mysql_fetch_assoc($pw_result);
382 mysql_free_result($pw_result);
388 if ($old_pw=="" or $new_pw=="" or $new_pw_conf =="")
390 $errors[] = $lang['error_form_uncompl'];
394 if ($field["user_pw"] != md5($old_pw))
396 $errors[] = $lang['error_old_pw_wrong'];
398 if ($new_pw_conf != $new_pw)
400 $errors[] = $lang['error_pw_conf_wrong'];
403 # Update, if no errors:
406 $updateUserPassword = "UPDATE ". $db_settings['userdata_table'] ." SET
407 user_pw = '". md5($new_pw) ."',
408 last_login = last_login,
409 registered = registered
410 WHERE user_id = ". intval($user_id);
411 $pw_update_result = mysql_query($updateUserPassword, $connid);
412 header('location: '. $settings['forum_address'] .'user.php?id='. $_SESSION[$settings['session_prefix'].'user_id']);
413 die('<a href="user.php?id='. $_SESSION[$settings['session_prefix'].'user_id'] .'">further...</a>');
418 # data of the sender of an PM
419 $getUserPMSender = "SELECT
422 FROM ". $db_settings['userdata_table'] ."
423 WHERE user_id = ". intval($user_id) ."
425 $pms_result = mysql_query($getUserPMSender, $connid);
426 if (!$pms_result) die($lang['db_error']);
427 $sender = mysql_fetch_assoc($pms_result);
428 mysql_free_result($pms_result);
429 # data of the receiver of an PM
430 $getUserPMReceiver = "SELECT
434 FROM ". $db_settings['userdata_table'] ."
435 WHERE user_id = ". intval($_POST['recipient_id']) ."
437 $pmr_result = mysql_query($getUserPMReceiver, $connid);
438 if (!$pmr_result) die($lang['db_error']);
439 $recipient = mysql_fetch_assoc($pmr_result);
440 mysql_free_result($pmr_result);
442 if ($_POST['pm_text'] == "")
444 $errors[] = $lang['error_pers_msg_no_text'];
446 if ($recipient['personal_messages'] == "")
448 $errors[] = $lang['error_pers_msg_deactivated'];
453 $lang['pers_msg_mail_add'] = str_replace("[forum_address]", $settings['forum_address'], $lang['pers_msg_mail_add']);
454 $ip = $_SERVER["REMOTE_ADDR"];
455 $mail_subject = $_POST['pm_subject'];
456 $mail_text = $_POST['pm_text'];
457 $mail_text .= "\n\n".strip_tags($lang['pers_msg_mail_add']);
458 $header = "From: ".$sender['user_name']." <".$sender['user_email'].">\n";
459 $header .= "Reply-To: ".$sender['user_name']." <".$sender['user_email'].">\n";
460 $header .= "X-Mailer: PHP/" . phpversion(). "\n";
461 $header .= "X-Sender-IP: $ip\n";
462 $header .= "Content-Type: text/plain";
463 if ($settings['mail_parameter']!='')
465 if (!@mail
($recipient['user_name']." <".$recipient['user_email'].">", $mail_subject, $mail_text, $header, $settings['mail_parameter']))
467 $errors[] = $lang['error_meilserv'];
472 if (!@mail
($recipient['user_name']." <".$recipient['user_email'].">", $mail_subject, $mail_text, $header))
474 $errors[] = $lang['error_meilserv'];
480 $lang['conf_email_txt'] = str_replace("[forum_address]", $settings['forum_address'], strip_tags($lang['conf_email_txt']));
481 $lang['conf_email_txt'] = str_replace("[sender_name]", $sender['user_name'], $lang['conf_email_txt']);
482 $lang['conf_email_txt'] = str_replace("[recipient_name]", $recipient['user_name'], $lang['conf_email_txt']);
483 $lang['conf_email_txt'] = str_replace("[subject]", $_POST['pm_subject'], $lang['conf_email_txt']);
484 $lang['conf_email_txt'] .= "\n\n".stripslashes($_POST['pm_text']);
485 $conf_mailto = $sender['user_name']." <".$sender['user_email'].">";
486 $ip = $_SERVER["REMOTE_ADDR"];
487 $conf_header = "From: ".$settings['forum_name']." <".$settings['forum_email'].">\n";
488 $conf_header .= "X-Mailer: PHP/" . phpversion(). "\n";
489 $conf_header .= "X-Sender-IP: $ip\n";
490 $conf_header .= "Content-Type: text/plain";
491 if ($settings['mail_parameter']!='')
493 @mail
($conf_mailto, strip_tags($lang['conf_sj']), $lang['conf_email_txt'], $conf_header, $settings['mail_parameter']);
497 @mail
($conf_mailto, strip_tags($lang['conf_sj']), $lang['conf_email_txt'], $conf_header);
503 header("location: ".$settings['forum_address']."user.php?id=".$_POST['recipient_id']);
504 die("<a href=\"user.php?id=".$_POST['recipient_id']."\">further...</a>");
508 $id = $_POST['recipient_id'];
509 $action="personal_message";
514 $id = $_POST['recipient_id'];
515 $action="personal_message";
518 case "submit usersettings":
519 foreach ($_POST['usersetting'] as $key=>$val)
521 $putUserForumSetting = "INSERT INTO ". $db_settings['usersettings_table'] ." SET
522 user_id = ". intval($user_id) .",
523 name = '". mysql_real_escape_string($key) ."',
524 value = '". mysql_real_escape_string($val) ."'
525 ON DUPLICATE KEY UPDATE value = '". mysql_real_escape_string($val) ."'";
526 @mysql_query
($putUserForumSetting, $connid);
528 $action = "usersettings";
531 $getSingleUserQuery = "SELECT
535 FROM ". $db_settings['userdata_table'] ."
536 WHERE user_id = ". intval($user_id);
537 $result = mysql_query($getSingleUserQuery, $connid);
538 if (!$result) die($lang['db_error']);
539 $field = mysql_fetch_assoc($result);
540 mysql_free_result($result);
541 $getUserSettingsQuery = "SELECT
545 FROM ". $db_settings['us_templates_table'] ."
547 $all_settings = mysql_query($getUserSettingsQuery, $connid);
548 if (!$all_settings) die($lang['db_error']);
549 $userOwnSettingsQuery = "SELECT
552 FROM ". $db_settings['usersettings_table'] ."
553 WHERE user_id = ". intval($user_id) ."
555 $own_settings = mysql_query($userOwnSettingsQuery, $connid);
556 if (!$own_settings) die($lang['db_error']);
558 while ($row = mysql_fetch_assoc($own_settings))
562 mysql_free_result($own_settings);
564 case "edit subscriptions":
566 foreach ($_POST as $key => $val)
568 # the name of the form field was not empty and begun with "id-"
569 if (strpos($key, "id-") !== false)
571 $kCont = explode("-", $key);
572 $vCont = explode("-", $val);
573 # identic ID in key and value
574 if ($kCont[1] == $vCont[1])
576 # subscription to a posting
577 if ($vCont[0] === "posting")
579 # <input type="radio" name="id-235" value="posting-235-214" />
580 # delete thread subscription where a posting subscription is setted
581 $changeThreadSubscribeQuery = "DELETE ". $db_settings['usersubscripts_table'] ."
582 WHERE tid = ". intval($vCont[2]) ."
583 AND user_id = ". intval($user_id) ."
585 # set posting subscription
586 $updateSubscribeQuery = "UPDATE ". $db_settings['forum_table'] ." SET
588 WHERE id = ". intval($vCont[1]) ."
589 AND user_id = ". intval($user_id);
591 # subscription to a thread
592 else if ($vCont[0] === "thread")
594 # <input type="radio" name="id-214" value="thread-214-214" />
595 # delete posting subscriptions where the whole thread should be subscribed
596 $updateSubscribeQuery = "UPDATE ". $db_settings['forum_table'] ." SET
598 WHERE tid = ". intval($vCont[2]) ."
599 AND user_id = ". intval($user_id);
600 # set thread subscription
601 $changeThreadSubscribeQuery = "INSERT INTO ". $db_settings['usersubscripts_table'] ." SET
602 user_id = ". intval($user_id) .",
603 tid = ". intval($vCont[2]) ."
604 ON DUPLICATE KEY UPDATE
608 else if ($vCont[0] === "none")
610 # <input type="radio" name="id-235" value="none-235-214" />
611 # <input type="radio" name="id-214" value="none-214-214" />
612 # delete every possible subscription where subscription is setted to "none"
613 $getSearchPostingSubscriptionQuery = "SELECT
615 FROM ". $db_settings['forum_table'] ."
616 WHERE id = ". intval($vCont[1]) ."
617 AND user_id = ". intval($user_id);
618 $resultSPS = mysql_query($getSearchPostingSubscriptionQuery, $connid);
619 if (!$resultSPS) $querySubscribe = 'reading of '.$db_settings['forum_table'].' failed';
620 else $subscriptPosting = mysql_fetch_assoc($resultSPS);
621 $getSearchThreadSubscriptionQuery = "SELECT
624 FROM ". $db_settings['usersubscripts_table'] ."
625 WHERE tid = ". intval($vCont[2]) ."
626 AND user_id = ". intval($user_id);
627 $resultSTS = mysql_query($getSearchThreadSubscriptionQuery, $connid);
628 if (!$resultSTS) $querySubscribe = 'reading of '.$db_settings['usersubscripts_table'].' failed';
629 else $subscriptThread = mysql_fetch_assoc($resultSTS);
630 if (!empty($subscriptPosting)
631 and $subscriptPosting['email_notify'] == 1)
633 $updateSubscribeQuery = "UPDATE ". $db_settings['forum_table'] ." SET
635 WHERE id = ". intval($vCont[1]) ."
636 AND user_id = ". intval($user_id) ."
639 else if (!empty($subscriptThread)
640 and ($subscriptThread['user_id'] == $user_id
641 and $subscriptThread['tid'] == $vCont[2]))
643 $updateSubscribeQuery = "DELETE FROM ". $db_settings['usersubscripts_table'] ."
644 WHERE tid = ". intval($vCont[2]) ."
645 AND user_id = ". intval($user_id) ."
649 if (!empty($updateSubscribeQuery))
651 $resultSS = mysql_query($updateSubscribeQuery, $connid);
652 if (!$resultSS) die($lang['db_error']);
653 unset($updateSubscribeQuery);
655 if (!empty($changeThreadSubscribeQuery))
657 $resultTS = mysql_query($changeThreadSubscribeQuery, $connid);
658 if (!resultTS
) die($lang['db_error']);
659 unset($changeThreadSubscribeQuery);
664 $action = "subscriptions";
670 header("location: ".$settings['forum_address']."index.php");
671 die("<a href=\"index.php\">further...</a>");
674 $wo = strip_tags($lang['user_area_title']);
676 $topnav = '<a class="textlink" href="';
677 if (!empty($_SESSION[$settings['session_prefix'].'curr_view']))
679 if ($_SESSION[$settings['session_prefix'].'curr_view'] == 'thread')
681 $topnav .= 'forum.php';
685 $topnav .= $_SESSION[$settings['session_prefix'].'curr_view'].'.php';
688 else if (!empty($_COOKIE['curr_view']) and in_array($_COOKIE['curr_view'], $possViews))
690 $topnav .= $_COOKIE['curr_view'].'.php';
694 $topnav .= 'forum.php';
696 $topnav .= '">'.$lang['back_to_overview_linkname'].'</a> ';
699 if ($action == "show users")
701 $topnav .= '<span class="current-page">'.$lang['reg_users_hl'];
702 if (!empty($_GET['letter']))
704 $topnav .= ' ('.htmlspecialchars($_GET['letter']).')';
706 $topnav .= '</span>';
710 $topnav .= '<a class="textlink" href="user.php">'.$lang['reg_users_hl'].'</a> ';
711 if ($action == "get userdata")
713 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
714 $topnav .= '<span class="current-page">'.$lang['user_info_hl'].'</span>';
716 if ($action == "usersettings")
718 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
719 $topnav .= '<a class="textlink" href="user.php';
720 $topnav .= '?id='.intval($uid);
721 $topnav .= '">'.$lang['user_info_hl'].'</a> ';
722 $topnav .= '<span class="current-page">'.$lang['edit_users_settings'].'</span>';
724 if ($action == "edit")
726 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
727 $topnav .= '<a class="textlink" href="user.php';
728 $topnav .= '?id='.intval($uid);
729 $topnav .= '">'.$lang['user_info_hl'].'</a> ';
730 $topnav .= '<span class="current-page">'.$lang['edit_userdata_ln'].'</span>';
734 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
735 $topnav .= '<a class="textlink" href="user.php';
736 $topnav .= '?id='.intval($uid);
737 $topnav .= '">'.$lang['user_info_hl'].'</a> ';
738 $topnav .= '<span class="current-page">'.$lang['edit_pw_ln'].'</span>';
740 if ($action == "email")
742 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
743 $topnav .= '<a class="textlink" href="user.php';
744 $topnav .= '?id='.intval($uid);
745 $topnav .= '">'.$lang['user_info_hl'].'</a> ';
746 $topnav .= '<span class="current-page">'.$lang['change_email_hl'].'</span>';
748 if ($action == "personal_message")
750 $lang['pers_msg_ln'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['pers_msg_ln']);
751 $topnav .= '<span class="current-page">'.$lang['pers_msg_ln'].'</span>';
753 if ($action == "subscriptions")
755 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['user_info_hl']);
756 $topnav .= '<a class="textlink" href="user.php';
757 $topnav .= '?id='.intval($uid);
758 $topnav .= '">'.$lang['user_info_hl'].'</a> ';
759 $topnav .= '<span class="current-page">'.$lang['edit_subscription_ln'].'</span>';
764 if ($action == "show users")
766 if (empty($descasc)) $descasc="ASC";
767 if (empty($order)) $order="user_name";
769 if (isset($_GET['letter']) && $_GET['letter']!="")
771 $pid_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table']." WHERE user_name LIKE '".$_GET['letter']."%'", $connid);
775 $pid_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table'], $connid);
777 list($thread_count) = mysql_fetch_row($pid_result);
778 mysql_free_result($pid_result);
780 $abs_pid_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table'], $connid);
781 list($abs_thread_count) = mysql_fetch_row($abs_pid_result);
782 mysql_free_result($abs_pid_result);
784 $lang['num_reg_users'] = str_replace("[number]", $abs_thread_count, $lang['num_reg_users']);
786 $alphabet = range('A', 'Z');
787 $subnav_2 = $lang['num_reg_users'] . ' <form action="'.basename($_SERVER["PHP_SELF"]).'" method="get" style="display: inline;"><select class="kat" size="1" name="letter" onchange="this.form.submit();">'."\n";
788 $subnav_2 .= '<option value="">A-Z</option>'."\n";
789 foreach ($alphabet as $letter)
791 $subnav_2 .= '<option value="'.$letter.'"';
792 $subnav_2 .= (isset($_GET['letter']) && $_GET['letter'] == $letter) ?
' selected="selected"' : '';
793 $subnav_2 .= '>'.$letter.'</option>'."\n";
795 $subnav_2 .= '</select> <input type="image" name="" value=""';
796 $subnav_2 .= ' src="img/submit.png" alt="»" /></form>'."\n";
797 $subnav_2 .= nav($page, $settings['users_per_page'], $thread_count, $order, $descasc, $category);
803 #echo "<h2>SESSION</h2>\n";
804 #echo "<pre>".print_r($_SESSION, true)."</pre>\n";
805 #echo "<h2>COOKIE</h2>\n";
806 #echo "<pre>".print_r($_COOKIE, true)."</pre>\n";
807 #echo "<h2>GET</h2>\n";
808 #echo "<pre>".print_r($_GET, true)."</pre>\n";
809 #echo "<h2>POST</h2>\n";
810 #echo "<pre>".print_r($_POST, true)."</pre>\n";
811 #echo "<h2>Infos</h2>\n";
812 #echo "<pre>".print_r($curr_view, true)."</pre>\n";
813 #echo "<pre>".print_r($userName, true)."</pre>\n";
820 $id = (empty($id)) ?
$user_id : $id;
822 $singleUserQuery = "SELECT
834 UNIX_TIMESTAMP(registered + INTERVAL ". $time_difference ." HOUR) AS since_date,
835 UNIX_TIMESTAMP(last_login + INTERVAL ". $time_difference ." HOUR) AS login_date
836 FROM ". $db_settings['userdata_table'] ."
837 WHERE user_id = ". intval($id);
838 $result = mysql_query($singleUserQuery, $connid);
839 if (!$result) die($lang['db_error']);
840 $field = mysql_fetch_assoc($result);
841 mysql_free_result($result);
844 $count_postings_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($id), $connid);
845 list($postings_count) = mysql_fetch_row($count_postings_result);
846 mysql_free_result($count_postings_result);
848 if ($field["user_name"] != "")
850 $lang['user_info_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['user_info_hl']);
851 $output .= '<h2>'.$lang['user_info_hl'].'</h2>'."\n";
854 $output .= outputUsersettingsMenu($id);
856 $output .= '<table class="info admin">'."\n";
857 $output .= ' <tr>'."\n";
858 $output .= ' <td>'.$lang['username_marking'].'</td>'."\n";
859 $output .= ' <td>'. htmlspecialchars($field["user_name"]);
860 $output .= ($field["user_type"]=="admin") ?
'<span class="xsmall"> ('. $lang['ud_admin'] .')</span>' : '';
861 $output .= ($field["user_type"]=="mod") ?
'<span class="xsmall"> ('. $lang['ud_mod'] .')</span>' : '';
862 $output .= '</td>'."\n";
864 if ($field["user_real_name"]!="")
866 $output .= '<tr>'."\n";
867 $output .= ' <td>'.$lang['user_real_name'].'</td>'."\n";
868 $output .= ' <td>'. htmlspecialchars($field['user_real_name']) .'</td>'."\n";
871 if ($field["hide_email"]!=1)
873 $output .= '<tr>'."\n";
874 $output .= ' <td>'. $lang['user_email_marking'] .'</td>'."\n";
875 $output .= ' <td><a href="contact.php?uid='. $field['user_id'] .'">';
876 $output .= '<img src="img/email.png" alt="'. outputLangDebugInAttributes($lang['email_alt']) .'" title="';
877 $output .= str_replace('[name]', htmlspecialchars($field['user_name']), outputLangDebugInAttributes($lang['email_to_user_linktitle']));
878 $output .= '" width="13" height="10" /></a></td>'."\n";
881 if ($field["user_hp"]!="")
883 $field['user_hp'] = amendProtocol($field['user_hp']);
884 $output .= '<tr>'."\n";
885 $output .= ' <td>'.$lang['user_hp'].'</td>'."\n";
886 $output .= ' <td><a href="'.$field['user_hp'].'">';
887 $output .= '<img src="img/homepage.png" alt="';
888 $output .= outputLangDebugInAttributes($lang['homepage_alt']) .'" title="'. htmlspecialchars($field['user_hp']);
889 $output .= '" width="13" height="13" /></a></td>'."\n";
892 if ($field["user_place"]!=="")
894 $output .= '<tr>'."\n";
895 $output .= ' <td>'. $lang['user_place'] .'</td>'."\n";
896 $output .= ' <td>'. htmlspecialchars($field['user_place']) .'</td>'."\n";
899 $days_reg = floor((time() - $field["since_date"])/86400);
900 if ($days_reg < 1) $days_reg = 1;
901 $lang['user_since_text'] = str_replace('[reg-days]', $days_reg, $lang['user_since_text']);
902 $lang['user_last_login_text'] = str_replace('[logins]',$field['logins'],$lang['user_last_login_text']);
903 $lang['user_last_login_text'] = str_replace('[log-per-day]',round($field['logins']/$days_reg,2),$lang['user_last_login_text']);
904 $output .= '<tr>'."\n";
905 $output .= ' <td>'. $lang['user_since'] .'</td>'."\n";
906 $output .= ' <td>'. strftime($lang['time_format'],$field['since_date']);
907 $output .= $lang['user_since_text'] .'</td>'."\n";
908 $output .= ' </tr><tr>'."\n";
909 $output .= ' <td>'. $lang['user_last_login'] .'</td>'."\n";
910 $output .= ' <td>'. strftime($lang['time_format'],$field["login_date"]);
911 $output .= $lang['user_last_login_text'] .'</td>'."\n";
912 $output .= ' </tr><tr>'."\n";
913 $output .= ' <td>'. $lang['user_postings'] .'</td>'."\n";
914 $output .= ' <td>'. $postings_count;
915 if ($postings_count > 0)
917 $lang['user_posting_text'] = str_replace('[post-percent]', round($postings_count*100/$posting_count,1), $lang['user_posting_text']);
918 $lang['user_posting_text'] = str_replace('[post-per-day]', round($postings_count/$days_reg,2), $lang['user_posting_text']);
919 $output .= $lang['user_posting_text'].' <span class="small">';
920 $output .= '[ <a href="search.php?show_postings='.$field["user_id"];
921 $output .= '">'. $lang['show_postings_ln'] .'</a> ]</span>';
923 $output .= '</td>'."\n";
925 if ($field["profile"]!=="")
927 $ftext = $field['profile'];
928 # $ftext = htmlspecialchars($ftext);
929 # $ftext = nl2br($ftext);
930 $ftext = zitat($ftext);
931 if ($settings['autolink'] == 1) $ftext = make_link($ftext);
932 if ($settings['bbcode'] == 1) $ftext = bbcode($ftext);
933 if ($settings['smilies'] == 1) $ftext = smilies($ftext);
934 $output .= '<tr>'."\n";
935 $output .= ' <td>'. $lang['user_profile'] .'</td>'."\n";
936 $output .= ' <td>'. $ftext .'</td>'."\n";
939 if ($field["signature"]!=="")
941 $ftext = $field['signature'];
942 # $ftext = htmlspecialchars($ftext);
943 # $ftext = nl2br($ftext);
944 if ($settings['autolink'] == 1) $ftext = make_link($ftext);
945 if ($settings['bbcode'] == 1) $ftext = bbcode($ftext);
946 if ($settings['smilies'] == 1) $ftext = smilies($ftext);
947 $output .= '<tr>'."\n";
948 $output .= ' <td>'. $lang['user_signature'] .'</td>'."\n";
949 $output .= ' <td><p class="signature">'. $ftext .'</p></td>'."\n";
952 $output .= '</table>'."\n";
955 $lang['pers_msg_ln'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['pers_msg_ln']);
956 $output .= '<ul class="linklist">'."\n";
957 $output .= ' <li><a class="textlink" href="user.php?action=personal_message';
958 $output .= '&id='. $id .'">'. $lang['pers_msg_ln'] .'</a></li>'."\n";
959 $output .= '</ul>'."\n";
964 $output .= '<p class="caution">'. $lang['user_doesnt_exist'] .'</p>'."\n";
968 if ($field["user_name"] != "")
970 $lang['user_settings_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['user_settings_hl']);
971 $output .= '<h2>'.$lang['user_settings_hl'].'</h2>'."\n";
974 $output .= errorMessages($errors);
976 $output .= outputUsersettingsMenu($uid, 'usersettings');
977 $output .= '<form action="user.php" method="post">'."\n";
978 $output .= '<table class="info admin">'."\n";
979 while ($allSet = mysql_fetch_assoc($all_settings))
981 if (($settings['user_control_refresh'] == 1
982 and $allSet['name'] == 'control_refresh')
983 or ($settings['user_control_css'] == 1
984 and mb_substr($allSet['name'], 0, 5) == 'mark_')
985 or ($settings['user_control_sort_thread_threads'] == 1
986 and $allSet['name'] == 'sort_threadview_threads'))
990 foreach ($ownSet as $mySetting)
992 if ($mySetting['name'] == $allSet['name'])
994 $set = $mySetting['value'];
999 $output .= '<tr>'."\n";
1001 $output .= ($allSet['type'] == 'string') ?
'<label for="'. $allSet['name'] .'">' : '';
1002 $output .= $allSet['name'];
1003 $output .= ($allSet['type'] == 'string') ?
'</label>' : '';
1004 $output .= '</td>'."\n";
1006 if ($allSet['type']=="string")
1008 $output .= '<input type="text" name="usersetting['. $allSet['name'] .']" value="';
1009 $output .= (!empty($set)) ?
htmlspecialchars($set) : htmlspecialchars($allSet['value']);
1010 $output .= '" id="'. $allSet['name'] .'" />'."\n";
1014 $output .= '<input type="radio" name="usersetting['. $allSet['name'] .']" value="false"';
1015 $output .= (empty($set) or $set == 'false') ?
' checked="checked"' : '';
1016 $output .= ' id="'. $allSet['name'] .'-no" /><label for="'. $allSet['name'] .'-no">';
1017 $output .= $lang['no'] .'</label>'."\n";
1018 $output .= '<input type="radio" name="usersetting['. $allSet['name'] .']" value="true"';
1019 $output .= (!empty($set) and $set == 'true') ?
' checked="checked"' : '';
1020 $output .= ' id="'. $allSet['name'] .'-yes" /><label for="'. $allSet['name'] .'-yes">';
1021 $output .= $lang['yes'] .'</label>'."\n";
1023 $output .= '</td>'."\n";
1027 $output .= "\n".'</table>'."\n";
1028 $output .= '<p><input type="hidden" name="action" value="submit usersettings" />';
1029 $output .= '<input type="submit" name="us-submit" value="';
1030 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']) .'" /></p>';
1031 $output .= '</form>'."\n";
1032 mysql_free_result($all_settings);
1036 if (empty($page)) $page = 0;
1037 if (empty($order)) $order="user_name";
1038 if (empty($descasc)) $descasc="ASC";
1039 $ul = $page * $settings['users_per_page'];
1040 $getAllUsersQuery = "SELECT
1048 FROM ". $db_settings['userdata_table'];
1049 if (isset($_GET['letter']))
1051 $getAllUsersQuery .= "
1052 WHERE user_name LIKE '". mysql_real_escape_string($_GET['letter']) ."%'";
1054 $getAllUserQuery .= "
1055 ORDER BY ". $order ." ". $descasc."
1056 LIMIT ". $ul .", ". $settings['users_per_page'];
1057 $result = mysql_query($getAllUsersQuery, $connid);
1058 if (!$result) die($lang['db_error']);
1060 # Schauen, wer online ist:
1061 if ($settings['count_users_online'] == 1)
1063 $useronline_result = mysql_query("SELECT user_id FROM ".$db_settings['useronline_table'], $connid);
1064 if (!$useronline_result) die($lang['db_error']);
1065 while ($uid_field = mysql_fetch_assoc($useronline_result))
1067 $useronline_array[] = $uid_field['user_id'];
1069 mysql_free_result($useronline_result);
1071 if ($thread_count > 0)
1073 $currDescAsc = strtolower($descasc);
1074 $output .= '<table class="normaltab">'."\n";
1075 $output .= '<tr class="titlerow">'."\n";
1076 $output .= '<th><a href="user.php?action=show+users&order=user_name&descasc=';
1077 $output .= ($descasc=="ASC" && $order=="user_name") ?
'DESC' : 'ASC';
1078 $output .= '&ul='. $ul .'" title="'. outputLangDebugInAttributes($lang['order_linktitle']) .'">'. $lang['userlist_name'] .'</a>';
1079 if ($order=="user_name")
1081 $output .= outputImageDescAsc($currDescAsc);
1083 $output .= '</th>'."\n";
1084 $output .= '<th><a href="user.php?action=show+users&order=user_type&descasc=';
1085 $output .= ($descasc=="ASC" && $order=="user_type") ?
'DESC' : 'ASC';
1086 $output .= '&ul='. $ul .'" title="'. outputLangDebugInAttributes($lang['order_linktitle']) .'">'. $lang['userlist_type'] .'</a>';
1087 if ($order=="user_type")
1089 $output .= outputImageDescAsc($currDescAsc);
1091 $output .= '</th>'."\n";
1092 $output .= '<th>'. $lang['userlist_email'] .'</th>'."\n";
1093 $output .= '<th>'. $lang['userlist_hp'] .'</th>'."\n";
1094 if ($settings['count_users_online'] == 1)
1096 $output .= '<th>'. $lang['userlist_online'] .'</th>'."\n";
1098 if (isset($_SESSION[$settings['session_prefix'].'user_type'])
1099 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
1100 ||
$_SESSION[$settings['session_prefix'].'user_type'] == "mod"))
1102 $output .= '<th><a href="user.php?action=show+users&order=user_lock&descasc=';
1103 $output .= ($descasc=="ASC" && $order=="user_lock") ?
'DESC' : 'ASC';
1104 $output .= '&ul='. $ul .'" title="'. outputLangDebugInAttributes($lang['order_linktitle']) .'">'. $lang['lock'] .'</a>';
1105 if ($order=="user_lock")
1107 $output .= outputImageDescAsc($currDescAsc);
1109 $output .= '</th>'."\n";
1113 while ($field = mysql_fetch_assoc($result))
1115 $rowClass = ($i %
2 == 0) ?
"a" : "b";
1116 $output .= '<tr class="'.$rowClass.'">'."\n";
1117 $output .= ' <td><a href="user.php?id='.$field['user_id'].'" title="';
1118 $output .= str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['show_userdata_linktitle']));
1119 $output .= '"><b>'. htmlspecialchars($field['user_name']) .'</b></a></td>'."\n";
1120 $output .= ' <td class="info">';
1121 if ($field["user_type"] == "admin") $output .= $lang['ud_admin'];
1122 elseif ($field["user_type"] == "mod") $output .= $lang['ud_mod'];
1123 else $output .= $lang['ud_user'];
1124 $output .= '</td>'."\n";
1125 $output .= ' <td class="info">';
1126 if ($field["hide_email"]!=1)
1128 $output .= '<a href="contact.php?uid='.$field['user_id'].'"><img src="img/email.png"';
1129 $output .= ' alt="'.outputLangDebugInAttributes($lang['email_alt']).'" title="';
1130 $output .= str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['email_to_user_linktitle']));
1131 $output .= '" width="13" height="10" /></a>';
1133 else $output .= " ";
1134 $output .= '</td>'."\n";
1135 $output .= ' <td class="info">';
1136 if ($field["user_hp"] != '')
1138 $field["user_hp"] = amendProtocol($field["user_hp"]);
1139 $output .= '<a href="'.$field["user_hp"].'"><img src="img/homepage.png" alt="';
1140 $output .= outputLangDebugInAttributes($lang['homepage_alt']).'" title="';
1141 $output .= htmlspecialchars($field["user_hp"]).'" width="13" height="13" /></a>'."\n";
1143 else $output .= " ";
1144 $output .= '</td>'."\n";
1145 if ($settings['count_users_online'] == 1)
1147 $output .= ' <td class="info">';
1148 if ($settings['count_users_online'] == 1
1149 && in_array($field['user_id'], $useronline_array))
1151 $output .= '<span class="online">'.$lang['online'].'</span>';
1153 else $output .= " ";
1154 $output .= '</td>'."\n";
1156 if (isset($_SESSION[$settings['session_prefix'].'user_type'])
1157 && ($_SESSION[$settings['session_prefix'].'user_type'] == "admin"
1158 ||
$_SESSION[$settings['session_prefix'].'user_type'] == "mod"))
1160 $output .= ' <td class="info">';
1161 if ($field["user_type"]=="user")
1163 if ($field["user_lock"] == 0)
1165 $output .= '<a href="user.php?user_lock='.$field["user_id"];
1166 $output .= '&order='.$order.'&descasc='.$descasc.'&page='.$page;
1167 $output .= '" title="'.str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['lock_user_lt']));
1168 $output .= '">'.$lang['unlocked'].'</a>';
1172 $output .= '<a style="color: red;" href="user.php?user_lock=';
1173 $output .= $field["user_id"].'&order='.$order.'&descasc='.$descasc;
1174 $output .= '&page='.$page.'" title="'.str_replace("[name]", htmlspecialchars($field["user_name"]), outputLangDebugInAttributes($lang['unlock_user_lt']));
1175 $output .= '">'.$lang['locked'].'</a>';
1178 else $output .= " ";
1179 $output .= '</td>'."\n";
1181 $output .= ' </tr>';
1184 $output .= "\n".'</table>'."\n";
1188 $output .= '<p><i>'.$lang['no_users'].'</i></p>'."\n";
1192 $singleUserDataQuery = "SELECT
1206 FROM ". $db_settings['userdata_table'] ."
1207 WHERE user_id = ". intval($user_id);
1208 $result = mysql_query($singleUserDataQuery, $connid);
1209 if (!$result) die($lang['db_error']);
1210 $field = mysql_fetch_assoc($result);
1211 mysql_free_result($result);
1213 if (empty($userdata_submit))
1215 $hide_email = $field["hide_email"];
1216 $user_real_name = $field["user_real_name"];
1217 $user_hp = $field["user_hp"];
1218 $user_place = $field["user_place"];
1219 $profile = $field["profile"];
1220 $signature = $field["signature"];
1221 $user_view = $field["user_view"];
1222 $user_time_difference = $field["time_difference"];
1223 $new_posting_notify = $field["new_posting_notify"];
1224 $new_user_notify = $field["new_user_notify"];
1225 $personal_messages = $field["personal_messages"];
1227 $lang['edit_userdata_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['edit_userdata_hl']);
1228 $output .= '<h2>'. $lang['edit_userdata_hl'] .'</h2>'."\n";
1231 $output .= errorMessages($errors);
1233 $output .= outputUsersettingsMenu($uid, 'edit');
1234 $output .= '<form action="user.php" method="post">'."\n";
1235 $output .= '<input type="hidden" name="action" value="edit submited">'."\n";
1236 $output .= '<table class="info admin">'."\n".' <tr>'."\n";
1237 $output .= ' <td>'. $lang['username_marking'] .'</td>'."\n";
1238 $output .= ' <td>'. htmlspecialchars($field["user_name"]) .'</td>'."\n";
1239 $output .= ' </tr><tr>'."\n";
1240 $output .= ' <td>'. $lang['user_email_marking'] .'</td>'."\n";
1241 $output .= ' <td>'. htmlspecialchars($field["user_email"]);
1242 $output .= ' <span class="small">[ <a class="sln" href="user.php?';
1243 $output .= 'action=email">'. $lang['edit_email_ln'] .'</a> ]</span></td>'."\n";
1244 $output .= ' </tr><tr>'."\n";
1245 $output .= ' <td><b>'.$lang['user_show_email'].'</b><br />';
1246 $output .= '<span class="info">'.$lang['user_show_email_exp'].'</span></td>'."\n";
1247 $output .= ' <td><input type="radio" name="hide_email" id="hidemail-0" value="0"';
1248 $output .= ($hide_email=="0") ?
' checked="checked"' : '';
1249 $output .= '><label for="hidemail-0">'.$lang['yes'].'</label><br />';
1250 $output .= '<input type="radio" name="hide_email" id="hidemail-1" value="1"';
1251 $output .= ($hide_email=="1") ?
' checked="checked"' : '';
1252 $output .= '><label for="hidemail-1">'.$lang['no'].'</label></td>'."\n";
1253 $output .= ' </tr><tr>'."\n";
1254 $output .= ' <td><label for="real-name">'.$lang['user_real_name'].'</label><br />';
1255 $output .= '<span class="info">'.$lang['optional_marking'].'</span></td>'."\n";
1256 $output .= ' <td><input type="text" size="40" name="user_real_name" value="';
1257 $output .= htmlspecialchars($user_real_name).'" maxlength="';
1258 $output .= $settings['name_maxlength'].'" id="real-name" /></td>'."\n";
1259 $output .= ' </tr><tr>'."\n";
1260 $output .= ' <td><label for="homepage">'.$lang['user_hp'].'</label><br />';
1261 $output .= '<span class="info">'.$lang['optional_marking'].'</span></td>'."\n";
1262 $output .= ' <td><input type="text" size="40" name="user_hp" value="';
1263 $output .= htmlspecialchars($user_hp).'" maxlength="';
1264 $output .= $settings['hp_maxlength'].'" id="homepage" /></td>'."\n";
1265 $output .= ' </tr><tr>'."\n";
1266 $output .= ' <td><label for="userplace">'.$lang['user_place'].'</label><br />';
1267 $output .= '<span class="info">'.$lang['optional_marking'].'</span></td>'."\n";
1268 $output .= ' <td><input type="text" size="40" name="user_place" value="';
1269 $output .= htmlspecialchars($user_place).'" maxlength="';
1270 $output .= $settings['place_maxlength'].'" id="userplace" /></td>'."\n";
1271 $output .= ' </tr><tr>'."\n";
1272 $output .= ' <td><label for="userprofile">'.$lang['user_profile'].'</label><br />';
1273 $output .= '<span class="info">'.$lang['user_profile_exp'].'<br />';
1274 $output .= $lang['optional_marking'].'</span></td>'."\n";
1275 $output .= ' <td><textarea cols="65" rows="10" name="profile" id="userprofile">';
1276 $output .= htmlspecialchars($profile).'</textarea></td>'."\n";
1277 $output .= ' </tr><tr>'."\n";
1278 $output .= ' <td><label for="usersignature">'.$lang['user_signature'].'</label><br />';
1279 $output .= '<span class="info">'.$lang['user_sig_exp'].'<br />';
1280 $output .= $lang['optional_marking'].'</span></td>'."\n";
1281 $output .= ' <td><textarea cols="65" rows="4" name="signature" id="usersignature">';
1282 $output .= htmlspecialchars($signature).'</textarea></td>'."\n";
1283 $output .= ' </tr>';
1284 if ($settings['thread_view'] != 0
1285 && $settings['board_view'] != 0
1286 ||
$settings['board_view'] != 0
1287 && $settings['mix_view'] != 0
1288 ||
$settings['thread_view'] != 0
1289 && $settings['mix_view'] != 0)
1291 $output .= '<tr>'."\n";
1292 $output .= ' <td>'.$lang['user_standard_view'].'</td>'."\n";
1293 $output .= ' <td>'."\n";
1294 if ($settings['thread_view'] == 1)
1296 $output .= '<input type="radio" name="user_view" value="thread" id="view-thread"';
1297 $output .= ($user_view=="thread") ?
' checked="checked"' : '';
1298 $output .= ' /><label for="view-thread">'.$lang['thread_view_linkname'].'</label><br />'."\n";
1300 if ($settings['board_view'] == 1)
1302 $output .= '<input type="radio" name="user_view" value="board" id="view-board"';
1303 $output .= ($user_view=="board") ?
' checked="checked"' : '';
1304 $output .= ' /><label for="view-board">'.$lang['board_view_linkname'].'</label><br />'."\n";
1306 if ($settings['mix_view'] == 1)
1308 $output .= '<input type="radio" name="user_view" value="mix" id="view-mix"';
1309 $output .= ($user_view=="mix") ?
' checked="checked"' : '';
1310 $output .= ' /><label for="view-mix">'.$lang['mix_view_linkname']."</label>\n";
1312 $output .= '</td>'."\n";
1313 $output .= ' </tr>'."\n";
1315 $output .= '<tr>'."\n";
1316 $output .= ' <td>'.$lang['user_pers_msg'].'<br />';
1317 $output .= '<span class="info">'.$lang['user_pers_msg_exp'].'</span></td>'."\n";
1318 $output .= ' <td><input type="radio" name="personal_messages" value="1" id="persmess-1"';
1319 $output .= ($personal_messages=="1") ?
' checked="checked"' : '';
1320 $output .= ' /><label for="persmess-1">'.$lang['user_pers_msg_act'].'</label><br />'."\n";
1321 $output .= '<input type="radio" name="personal_messages" value="0" id="persmess-0"';
1322 $output .= ($personal_messages=="0") ?
' checked="checked"' : '';
1323 $output .= '><label for="persmess-0">'.$lang['user_pers_msg_deact'].'</label></td>'."\n";
1324 $output .= ' </tr><tr>'."\n";
1325 $output .= ' <td><label for="timediff">'.$lang['user_time_diff'].'</label><br />';
1326 $output .= '<span class="info">'.$lang['user_time_diff_exp'].'</span></td>'."\n";
1327 $output .= ' <td><select name="user_time_difference" size="1" id="timediff">'."\n";
1328 for ($h = -24; $h <= 24; $h++
)
1330 $output .= '<option value="'.$h.'"';
1331 $output .= ($user_time_difference==$h) ?
' selected="selected"' : '';
1332 $output .= '>'.$h.'</option>'."\n";
1334 $output .= '</select>';
1335 # $output .= ' Test: <select size="1">'.outputTimeZonesOptions().'</select>';
1336 $output .= '</td>'."\n";
1337 if ($user_type=="admin" ||
$user_type=="mod")
1339 $output .= '<tr>'."\n";
1340 $output .= ' <td>'.$lang['admin_mod_notif'].'<br />';
1341 $output .= '<span class="info">'.$lang['admin_mod_notif_exp'].'</span></td>'."\n";
1342 $output .= ' <td><input type="checkbox" name="new_posting_notify" value="1"';
1343 $output .= ($new_posting_notify=="1") ?
' checked="checked"' : '';
1344 $output .= ' id="notice-post" /><label for="notice-post">'.$lang['admin_mod_notif_np'].'</label><br />';
1345 $output .= '<input type="checkbox" name="new_user_notify" value="1"';
1346 $output .= ($new_user_notify=="1") ?
' checked="checked"' : '';
1347 $output .= ' id="notice-user" /><label for="notice-user">'.$lang['admin_mod_notif_nu'].'</label></td>'."\n";
1349 $output .= ' </tr>'."\n".'</table>'."\n";
1350 $output .= '<p><input type="submit" name="userdata_submit" value="';
1351 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']).'" /></p></form>'."\n";
1352 if ($settings['bbcode'] == 1)
1354 $output .= '<p class="xsmall">'.$lang['bbcode_marking_user'];
1355 if ($settings['bbcode_img']==1)
1357 $output .= '<br />'.$lang['bbcode_img_marking_user'];
1359 $output .= '</p>'."\n";
1363 $lang['change_pw_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['change_pw_hl']);
1364 $output .= '<h2>'.$lang['change_pw_hl'].'</h2>'."\n";
1367 $output .= errorMessages($errors);
1369 $output .= outputUsersettingsMenu($uid, 'pw');
1370 $output .= '<form action="user.php" method="post">'."\n";
1371 $output .= '<input type="hidden" name="action" value="pw submited">'."\n";
1372 $output .= '<table class="info admin">'."\n".' <tr>'."\n";
1373 $output .= ' <td><label for="old-pw">'.$lang['old_pw'].'</label></td>'."\n";
1374 $output .= ' <td><input type="password" size="25" name="old_pw" id="old-pw" maxlength="50"></td>'."\n";
1375 $output .= ' </tr><tr>'."\n";
1376 $output .= ' <td><label for ="new-pw">'.$lang['new_pw'].'</label></td>'."\n";
1377 $output .= ' <td><input type="password" size="25" name="new_pw" id="new-pw" maxlength="50"></td>'."\n";
1378 $output .= ' </tr><tr>'."\n";
1379 $output .= ' <td><label for="pw-conf">'.$lang['new_pw_conf'].'</label></td>'."\n";
1380 $output .= ' <td><input type="password" size="25" name="new_pw_conf" id="pw-conf" maxlength="50"></td>'."\n";
1381 $output .= ' </tr>'."\n".'</table>'."\n";
1382 $output .= '<p><input type="submit" name="pw_submit" value="'.outputLangDebugInAttributes($lang['userdata_subm_button']);
1383 $output .= '" title="'.outputLangDebugInAttributes($lang['new_pw_subm_button_title']).'"></p>'."\n";
1384 $output .= '</form>'."\n";
1387 $output .= '<h2>'.$lang['change_email_hl'].'</h2>'."\n";
1388 $output .= '<p class="caution">'.$lang['caution'].'</p>'."\n";
1389 $output .= '<p>'.$lang['change_email_exp'].'</p>'."\n";
1392 $output .= errorMessages($errors);
1394 $output .= '<form action="user.php" method="post">'."\n";
1395 $output .= ' <p><label for="new-email">'.$lang['new_email'].'</label><br />'."\n";
1396 $output .= '<input type="text" size="25" name="new_email" id="new-email" value="';
1397 $output .= (isset($new_email)) ?
htmlspecialchars($new_email) : '';
1398 $output .= '" maxlength="'.$settings['email_maxlength'].'"></p>'."\n";
1399 $output .= ' <p><label for="pw-email">'.$lang['password_marking'].'</label><br />'."\n";
1400 $output .= '<input type="password" size="25" name="pw_new_email" id="pw-email" maxlength="50"></p>'."\n";
1401 $output .= ' <p><input type="submit" name="change_email_submit" value="';
1402 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']).'"></p>'."\n";
1403 $output .= '</form>'."\n";
1405 case "personal_message":
1406 $pma_result = mysql_query("SELECT user_name, personal_messages FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid);
1407 if (!$pma_result) die($lang['db_error']);
1408 $field = mysql_fetch_assoc($pma_result);
1409 mysql_free_result($pma_result);
1411 $lang['pers_msg_hl'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['pers_msg_hl']);
1412 $output .= '<h2>'.$lang['pers_msg_hl'].'</h2>'."\n";
1415 $output .= errorMessages($errors);
1417 if ($field["personal_messages"] == 1)
1419 $output .= '<form action="'.$_SERVER["SCRIPT_NAME"].'" method="post"><div>'."\n";
1420 $output .= '<input type="hidden" name="action" value="pm_sent" />'."\n";
1421 $output .= '<input type="hidden" name="recipient_id" value="'.intval($id).'" />'."\n";
1422 $output .= ' <p><label for="mess-subject">'.$lang['pers_msg_sj'].'</label><br />'."\n";
1423 $output .= '<input class="fs" type="text" name="pm_subject" value="';
1424 $output .= (isset($_POST['pm_subject'])) ?
htmlspecialchars($_POST['pm_subject']) : '';
1425 $output .= '" size="50" id="mess-subject" /></p>'."\n";
1426 $output .= ' <p><label for="mess-text">'.$lang['pers_msg_txt'].'</label><br />'."\n";
1427 $output .= '<textarea name="pm_text" id="mess-text" cols="60" rows="15">';
1428 $output .= (isset($_POST['pm_text'])) ?
htmlspecialchars($_POST['pm_text']) : '';
1429 $output .= '</textarea></p>'."\n";
1430 $output .= ' <p><input type="submit" name="pm_ok" value="';
1431 $output .= outputLangDebugInAttributes($lang['pers_msg_subm_button']).'" /></p>';
1432 $output .= '</div></form>'."\n";
1436 $lang['pers_msg_deactivated'] = str_replace("[name]", htmlspecialchars($field["user_name"]), $lang['pers_msg_deactivated']);
1437 $output .= $lang['pers_msg_deactivated'];
1440 case 'subscriptions':
1441 # no categories defined
1442 if ($categories === false)
1444 $threadsQueryWhere = '';
1446 # there are categories and all categories should be shown
1447 else if (is_array($categories))
1449 $threadsQueryWhere = " AND category IN (". $category_ids_query .")";
1451 $searchPostSubscrQuery = "SELECT
1455 DATE_FORMAT(time + INTERVAL ". $time_difference ." HOUR, '". $lang['time_format_sql'] ."') AS Uhrzeit,
1456 DATE_FORMAT(time + INTERVAL ". $time_difference ." HOUR, '%Y%m%d%H%i%s') AS sort,
1460 FROM ". $db_settings['forum_table'] ."
1461 WHERE user_id = ". $_SESSION[$settings['session_prefix'] .'user_id']."
1462 AND email_notify = 1". $threadsQueryWhere ."
1463 ORDER BY time DESC";
1464 $resultSearchPostSubscr = mysql_query($searchPostSubscrQuery, $connid);
1465 $searchThreadSubscrQuery = "SELECT
1470 DATE_FORMAT(t2.time + INTERVAL ". $time_difference ." HOUR, '". $lang['time_format_sql'] ."') AS Uhrzeit,
1471 DATE_FORMAT(t2.time + INTERVAL ". $time_difference ." HOUR, '%Y%m%d%H%i%s') AS sort,
1475 FROM ". $db_settings['usersubscripts_table'] ." AS t1,
1476 ". $db_settings['forum_table'] ." AS t2
1477 WHERE t1.user_id = ". $_SESSION[$settings['session_prefix'].'user_id'] ."
1480 $resultSearchThreadSubscr = mysql_query($searchThreadSubscrQuery, $connid);
1483 $output .= errorMessages($errors);
1485 $subscriptions = array();
1486 while ($raw = mysql_fetch_assoc($resultSearchPostSubscr))
1488 $raw['thread_notify'] = 0;
1489 $subscriptions[] = $raw;
1491 while ($rew = mysql_fetch_assoc($resultSearchThreadSubscr))
1493 $rew['thread_notify'] = 1;
1494 $subscriptions[] = $rew;
1496 if (!empty($subscriptions))
1498 foreach ($subscriptions as $key=>$row)
1500 $sortDate[$key] = $row['sort'];
1502 # delete possible posting subscriptions
1503 # in case of a thread subscription
1504 $subscriptions = processSubscriptFilter($subscriptions);
1505 array_multisort($sortDate, SORT_DESC
, $subscriptions);
1506 $lang['edit_subscriptions_hl'] = str_replace("[name]", htmlspecialchars($userName["user_name"]), $lang['edit_subscriptions_hl']);
1507 $output .= '<h2>'. $lang['edit_subscriptions_hl'] .'</h2>'."\n";
1508 $output .= outputUsersettingsMenu($uid, 'subscriptions');
1509 $output .= '<form action="user.php" method="post">'."\n";
1510 $output .= '<input type="hidden" name="action" value="edit subscriptions">'."\n";
1511 $output .= '<table class="normaltab">'."\n";
1512 $output .= ' <tr class="titlerow">'."\n";
1513 $output .= ' <th>'. $lang['edit_subscriptions_th_title'] .'</th>'."\n";
1514 $output .= ' <th>'. $lang['edit_subscriptions_th_posting'] .'</th>'."\n";
1515 $output .= ' <th>'. $lang['edit_subscriptions_th_thread'] .'</th>'."\n";
1516 $output .= ' <th>'. $lang['no'] .'</th>'."\n".'</tr>';
1518 foreach ($subscriptions as $row)
1520 if (!isset($row['delete']))
1522 $item = ($row['pid'] == 0) ?
'thread' : 'reply';
1523 $rowClass = ($i %
2 == 0) ?
"a" : "b";
1524 $output .= '<tr class="'.$rowClass.'">'."\n";
1526 $output .= '<span class="'.$item.'">'.$row['subject'].'</span> - '.$row['name'].', '.$row['Uhrzeit'].'</td>';
1528 $output .= '<input type="radio" name="id-'.$row['id'].'" value="posting-'.$row['id'].'-'.$row['tid'].'"';
1529 $output .= ($row['email_notify'] == 1) ?
' checked="checked"' : '';
1530 $output .= ($row['thread_notify'] == 1) ?
' disabled="disabled"' : '';
1532 $output .= '</td><td>';
1533 $output .= '<input type="radio" name="id-'.$row['id'].'" value="thread-'.$row['id'].'-'.$row['tid'].'"';
1534 $output .= ($row['thread_notify'] == 1) ?
' checked="checked"' : '';
1536 $output .= '</td><td>'."\n";
1537 $output .= '<input type="radio" name="id-'.$row['id'].'" value="none-'.$row['id'].'-'.$row['tid'].'" />';
1538 $output .= '</td>'."\n";
1539 $output .= ' </tr>';
1543 $output .= "\n".'</table>'."\n";
1544 $output .= '<p><input type="submit" name="subscriptions_submit" value="';
1545 $output .= outputLangDebugInAttributes($lang['userdata_subm_button']).'" /></p></form>'."\n";
1549 # no subscribed postings or threads
1550 $output .= '<p>'.$lang['edit_subscriptions_none'].'</p>'."\n";
1554 # import posting template
1555 $output = file_get_contents('data/templates/locked.gen.html');
1556 $output = str_replace('{locked_hl}', $lang['user_locked_hl'], $output);
1557 $output = str_replace('{locked_txt}', str_replace("[name]", htmlspecialchars($user_name), $lang['usr_locked_txt']), $output);