1 <?php |
|
2 /*********************************************************************** |
|
3 |
|
4 Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
|
6 This file is part of PunBB. |
|
7 |
|
8 PunBB is free software; you can redistribute it and/or modify it |
|
9 under the terms of the GNU General Public License as published |
|
10 by the Free Software Foundation; either version 2 of the License, |
|
11 or (at your option) any later version. |
|
12 |
|
13 PunBB is distributed in the hope that it will be useful, but |
|
14 WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 GNU General Public License for more details. |
|
17 |
|
18 You should have received a copy of the GNU General Public License |
|
19 along with this program; if not, write to the Free Software |
|
20 Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 MA 02111-1307 USA |
|
22 |
|
23 ************************************************************************/ |
|
24 |
|
25 |
|
26 // Tell header.php to use the admin template |
|
27 define('PUN_ADMIN_CONSOLE', 1); |
|
28 |
|
29 //define('PUN_ROOT', './'); |
|
30 //require PUN_ROOT.'include/common.php'; |
|
31 |
|
32 global $pun_db, $pun_user, $pun_config, $lang_common; |
|
33 |
|
34 require PUN_ROOT.'include/common_admin.php'; |
|
35 |
|
36 |
|
37 if ($pun_user['g_id'] < PUN_MOD) |
|
38 message($lang_common['No permission']); |
|
39 |
|
40 |
|
41 // Show IP statistics for a certain user ID |
|
42 if (isset($_GET['ip_stats'])) |
|
43 { |
|
44 $ip_stats = intval($_GET['ip_stats']); |
|
45 if ($ip_stats < 1) |
|
46 message($lang_common['Bad request']); |
|
47 |
|
48 |
|
49 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Users'; |
|
50 require PUN_ROOT.'header.php'; |
|
51 |
|
52 ?> |
|
53 <div class="linkst"> |
|
54 <div class="inbox"> |
|
55 <div><a href="javascript:history.go(-1)">Go back</a></div> |
|
56 </div> |
|
57 </div> |
|
58 |
|
59 <div id="users1" class="blocktable"> |
|
60 <h2><span>Users</span></h2> |
|
61 <div class="box"> |
|
62 <div class="inbox"> |
|
63 <table cellspacing="0"> |
|
64 <thead> |
|
65 <tr> |
|
66 <th class="tcl" scope="col">IP address</th> |
|
67 <th class="tc2" scope="col">Last used</th> |
|
68 <th class="tc3" scope="col">Times found</th> |
|
69 <th class="tcr" scope="col">Action</th> |
|
70 </tr> |
|
71 </thead> |
|
72 <tbody> |
|
73 <?php |
|
74 |
|
75 $result = $pun_db->query('SELECT poster_ip, MAX(posted) AS last_used, COUNT(id) AS used_times FROM '.$pun_db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip ORDER BY last_used DESC') or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
|
76 if ($pun_db->num_rows($result)) |
|
77 { |
|
78 while ($cur_ip = $pun_db->fetch_assoc($result)) |
|
79 { |
|
80 |
|
81 ?> |
|
82 <tr> |
|
83 <td class="tcl"><a href="moderate.php?get_host=<?php echo $cur_ip['poster_ip'] ?>"><?php echo $cur_ip['poster_ip'] ?></a></td> |
|
84 <td class="tc2"><?php echo format_time($cur_ip['last_used']) ?></td> |
|
85 <td class="tc3"><?php echo $cur_ip['used_times'] ?></td> |
|
86 <td class="tcr"><a href="admin_users.php?show_users=<?php echo $cur_ip['poster_ip'] ?>">Find more users for this ip</a></td> |
|
87 </tr> |
|
88 <?php |
|
89 |
|
90 } |
|
91 } |
|
92 else |
|
93 echo "\t\t\t\t".'<tr><td class="tcl" colspan="4">There are currently no posts by that user in the forum.</td></tr>'."\n"; |
|
94 |
|
95 ?> |
|
96 </tbody> |
|
97 </table> |
|
98 </div> |
|
99 </div> |
|
100 </div> |
|
101 |
|
102 <div class="linksb"> |
|
103 <div class="inbox"> |
|
104 <div><a href="javascript:history.go(-1)">Go back</a></div> |
|
105 </div> |
|
106 </div> |
|
107 <?php |
|
108 |
|
109 require PUN_ROOT.'footer.php'; |
|
110 } |
|
111 |
|
112 |
|
113 if (isset($_GET['show_users'])) |
|
114 { |
|
115 $ip = $_GET['show_users']; |
|
116 |
|
117 if (!@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip)) |
|
118 message('The supplied IP address is not correctly formatted.'); |
|
119 |
|
120 |
|
121 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Users'; |
|
122 require PUN_ROOT.'header.php'; |
|
123 |
|
124 ?> |
|
125 <div class="linkst"> |
|
126 <div class="inbox"> |
|
127 <div><a href="javascript:history.go(-1)">Go back</a></div> |
|
128 </div> |
|
129 </div> |
|
130 |
|
131 <div id="users2" class="blocktable"> |
|
132 <h2><span>Users</span></h2> |
|
133 <div class="box"> |
|
134 <div class="inbox"> |
|
135 <table cellspacing="0"> |
|
136 <thead> |
|
137 <tr> |
|
138 <th class="tcl" scope="col">Username</th> |
|
139 <th class="tc2" scope="col">E-mail</th> |
|
140 <th class="tc3" scope="col">Title/Status</th> |
|
141 <th class="tc4" scope="col">Posts</th> |
|
142 <th class="tc5" scope="col">Admin note</th> |
|
143 <th class="tcr" scope="col">Actions</th> |
|
144 </tr> |
|
145 </thead> |
|
146 <tbody> |
|
147 <?php |
|
148 |
|
149 $result = $pun_db->query('SELECT DISTINCT poster_id, poster FROM '.$pun_db->prefix.'posts WHERE poster_ip=\''.$pun_db->escape($ip).'\' ORDER BY poster DESC') or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
|
150 $num_posts = $pun_db->num_rows($result); |
|
151 |
|
152 if ($num_posts) |
|
153 { |
|
154 // Loop through users and print out some info |
|
155 for ($i = 0; $i < $num_posts; ++$i) |
|
156 { |
|
157 list($poster_id, $poster) = $pun_db->fetch_row($result); |
|
158 |
|
159 $result2 = $pun_db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$pun_db->prefix.'users AS u INNER JOIN '.$pun_db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND u.id='.$poster_id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
|
160 |
|
161 if (($user_data = $pun_db->fetch_assoc($result2))) |
|
162 { |
|
163 $user_title = get_title($user_data); |
|
164 |
|
165 $actions = '<a href="admin_users.php?ip_stats='.$user_data['id'].'">View IP stats</a> - <a href="search.php?action=show_user&user_id='.$user_data['id'].'">Show posts</a>'; |
|
166 |
|
167 ?> |
|
168 <tr> |
|
169 <td class="tcl"><?php echo '<a href="profile.php?id='.$user_data['id'].'">'.pun_htmlspecialchars($user_data['username']).'</a>' ?></td> |
|
170 <td class="tc2"><a href="mailto:<?php echo $user_data['email'] ?>"><?php echo $user_data['email'] ?></a></td> |
|
171 <td class="tc3"><?php echo $user_title ?></td> |
|
172 <td class="tc4"><?php echo $user_data['num_posts'] ?></td> |
|
173 <td class="tc5"><?php echo ($user_data['admin_note'] != '') ? $user_data['admin_note'] : ' ' ?></td> |
|
174 <td class="tcr"><?php echo $actions ?></td> |
|
175 </tr> |
|
176 <?php |
|
177 |
|
178 } |
|
179 else |
|
180 { |
|
181 |
|
182 ?> |
|
183 <tr> |
|
184 <td class="tcl"><?php echo pun_htmlspecialchars($poster) ?></td> |
|
185 <td class="tc2"> </td> |
|
186 <td class="tc3">Guest</td> |
|
187 <td class="tc4"> </td> |
|
188 <td class="tc5"> </td> |
|
189 <td class="tcr"> </td> |
|
190 </tr> |
|
191 <?php |
|
192 |
|
193 } |
|
194 } |
|
195 } |
|
196 else |
|
197 echo "\t\t\t\t".'<tr><td class="tcl" colspan="6">The supplied IP address could not be found in the database.</td></tr>'."\n"; |
|
198 |
|
199 ?> |
|
200 </tbody> |
|
201 </table> |
|
202 </div> |
|
203 </div> |
|
204 </div> |
|
205 |
|
206 <div class="linksb"> |
|
207 <div class="inbox"> |
|
208 <div><a href="javascript:history.go(-1)">Go back</a></div> |
|
209 </div> |
|
210 </div> |
|
211 <?php |
|
212 require PUN_ROOT.'footer.php'; |
|
213 } |
|
214 |
|
215 |
|
216 else if (isset($_POST['find_user'])) |
|
217 { |
|
218 $form = $_POST['form']; |
|
219 $form['username'] = $_POST['username']; |
|
220 |
|
221 // trim() all elements in $form |
|
222 $form = array_map('trim', $form); |
|
223 $conditions = array(); |
|
224 |
|
225 $posts_greater = trim($_POST['posts_greater']); |
|
226 $posts_less = trim($_POST['posts_less']); |
|
227 $last_post_after = trim($_POST['last_post_after']); |
|
228 $last_post_before = trim($_POST['last_post_before']); |
|
229 $registered_after = trim($_POST['registered_after']); |
|
230 $registered_before = trim($_POST['registered_before']); |
|
231 $order_by = $_POST['order_by']; |
|
232 $direction = $_POST['direction']; |
|
233 $user_group = $_POST['user_group']; |
|
234 |
|
235 if (preg_match('/[^0-9]/', $posts_greater.$posts_less)) |
|
236 message('You entered a non-numeric value into a numeric only column.'); |
|
237 |
|
238 // Try to convert date/time to timestamps |
|
239 if ($last_post_after != '') |
|
240 $last_post_after = strtotime($last_post_after); |
|
241 if ($last_post_before != '') |
|
242 $last_post_before = strtotime($last_post_before); |
|
243 if ($registered_after != '') |
|
244 $registered_after = strtotime($registered_after); |
|
245 if ($registered_before != '') |
|
246 $registered_before = strtotime($registered_before); |
|
247 |
|
248 if ($last_post_after == -1 || $last_post_before == -1 || $registered_after == -1 || $registered_before == -1) |
|
249 message('You entered an invalid date/time.'); |
|
250 |
|
251 if ($last_post_after != '') |
|
252 $conditions[] = 'u.last_post>'.$last_post_after; |
|
253 if ($last_post_before != '') |
|
254 $conditions[] = 'u.last_post<'.$last_post_before; |
|
255 if ($registered_after != '') |
|
256 $conditions[] = 'u.registered>'.$registered_after; |
|
257 if ($registered_before != '') |
|
258 $conditions[] = 'u.registered<'.$registered_before; |
|
259 |
|
260 $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE'; |
|
261 while (list($key, $input) = @each($form)) |
|
262 { |
|
263 if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note'))) |
|
264 $conditions[] = 'u.'.$pun_db->escape($key).' '.$like_command.' \''.$pun_db->escape(str_replace('*', '%', $input)).'\''; |
|
265 } |
|
266 |
|
267 if ($posts_greater != '') |
|
268 $conditions[] = 'u.num_posts>'.$posts_greater; |
|
269 if ($posts_less != '') |
|
270 $conditions[] = 'u.num_posts<'.$posts_less; |
|
271 |
|
272 if ($user_group != 'all') |
|
273 $conditions[] = 'u.group_id='.intval($user_group); |
|
274 |
|
275 if (empty($conditions)) |
|
276 message('You didn\'t enter any search terms.'); |
|
277 |
|
278 |
|
279 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Users'; |
|
280 require PUN_ROOT.'header.php'; |
|
281 |
|
282 ?> |
|
283 <div class="linkst"> |
|
284 <div class="inbox"> |
|
285 <div><a href="javascript:history.go(-1)">Go back</a></div> |
|
286 </div> |
|
287 </div> |
|
288 |
|
289 <div id="users2" class="blocktable"> |
|
290 <h2><span>Users</span></h2> |
|
291 <div class="box"> |
|
292 <div class="inbox"> |
|
293 <table cellspacing="0"> |
|
294 <thead> |
|
295 <tr> |
|
296 <th class="tcl" scope="col">Username</th> |
|
297 <th class="tc2" scope="col">E-mail</th> |
|
298 <th class="tc3" scope="col">Title/Status</th> |
|
299 <th class="tc4" scope="col">Posts</th> |
|
300 <th class="tc5" scope="col">Admin note</th> |
|
301 <th class="tcr" scope="col">Actions</th> |
|
302 </tr> |
|
303 </thead> |
|
304 <tbody> |
|
305 <?php |
|
306 |
|
307 $result = $pun_db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$pun_db->prefix.'users AS u LEFT JOIN '.$pun_db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$pun_db->escape($order_by).' '.$pun_db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
|
308 if ($pun_db->num_rows($result)) |
|
309 { |
|
310 while ($user_data = $pun_db->fetch_assoc($result)) |
|
311 { |
|
312 $user_title = get_title($user_data); |
|
313 |
|
314 // This script is a special case in that we want to display "Not verified" for non-verified users |
|
315 if (($user_data['g_id'] == '' || $user_data['g_id'] == PUN_UNVERIFIED) && $user_title != $lang_common['Banned']) |
|
316 $user_title = '<span class="warntext">Not verified</span>'; |
|
317 |
|
318 $actions = '<a href="admin_users.php?ip_stats='.$user_data['id'].'">View IP stats</a> - <a href="search.php?action=show_user&user_id='.$user_data['id'].'">Show posts</a>'; |
|
319 |
|
320 ?> |
|
321 <tr> |
|
322 <td class="tcl"><?php echo '<a href="profile.php?id='.$user_data['id'].'">'.pun_htmlspecialchars($user_data['username']).'</a>' ?></td> |
|
323 <td class="tc2"><a href="mailto:<?php echo $user_data['email'] ?>"><?php echo $user_data['email'] ?></a></td> |
|
324 <td class="tc3"><?php echo $user_title ?></td> |
|
325 <td class="tc4"><?php echo $user_data['num_posts'] ?></td> |
|
326 <td class="tc5"><?php echo ($user_data['admin_note'] != '') ? $user_data['admin_note'] : ' ' ?></td> |
|
327 <td class="tcr"><?php echo $actions ?></td> |
|
328 </tr> |
|
329 <?php |
|
330 |
|
331 } |
|
332 } |
|
333 else |
|
334 echo "\t\t\t\t".'<tr><td class="tcl" colspan="6">No match.</td></tr>'."\n"; |
|
335 |
|
336 ?> |
|
337 </tbody> |
|
338 </table> |
|
339 </div> |
|
340 </div> |
|
341 </div> |
|
342 |
|
343 <div class="linksb"> |
|
344 <div class="inbox"> |
|
345 <div><a href="javascript:history.go(-1)">Go back</a></div> |
|
346 </div> |
|
347 </div> |
|
348 <?php |
|
349 |
|
350 require PUN_ROOT.'footer.php'; |
|
351 } |
|
352 |
|
353 |
|
354 else |
|
355 { |
|
356 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Users'; |
|
357 $focus_element = array('find_user', 'username'); |
|
358 require PUN_ROOT.'header.php'; |
|
359 |
|
360 generate_admin_menu('users'); |
|
361 |
|
362 ?> |
|
363 <div class="blockform"> |
|
364 <h2><span>User search</span></h2> |
|
365 <div class="box"> |
|
366 <form id="find_user" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Admin_users', 'action=find_user', true); ?>"> |
|
367 <p class="submittop"><input type="submit" name="find_user" value="Submit search" tabindex="1" /></p> |
|
368 <div class="inform"> |
|
369 <fieldset> |
|
370 <legend>Enter search criteria</legend> |
|
371 <div class="infldset"> |
|
372 <p>Search for users in the database. You can enter one or more terms to search for. Wildcards in the form of asterisks (*) are accepted.</p> |
|
373 <table class="aligntop" cellspacing="0"> |
|
374 <tr> |
|
375 <th scope="row">Username</th> |
|
376 <td><input type="text" name="username" size="25" maxlength="25" tabindex="2" /></td> |
|
377 </tr> |
|
378 <tr> |
|
379 <th scope="row">E-mail address</th> |
|
380 <td><input type="text" name="form[email]" size="30" maxlength="50" tabindex="3" /></td> |
|
381 </tr> |
|
382 <tr> |
|
383 <th scope="row">Title</th> |
|
384 <td><input type="text" name="form[title]" size="30" maxlength="50" tabindex="4" /></td> |
|
385 </tr> |
|
386 <tr> |
|
387 <th scope="row">Real name</th> |
|
388 <td><input type="text" name="form[realname]" size="30" maxlength="40" tabindex="5" /></td> |
|
389 </tr> |
|
390 <tr> |
|
391 <th scope="row">Website</th> |
|
392 <td><input type="text" name="form[url]" size="35" maxlength="100" tabindex="6" /></td> |
|
393 </tr> |
|
394 <tr> |
|
395 <th scope="row">ICQ</th> |
|
396 <td><input type="text" name="form[icq]" size="12" maxlength="12" tabindex="7" /></td> |
|
397 </tr> |
|
398 <tr> |
|
399 <th scope="row">MSN Messenger</th> |
|
400 <td><input type="text" name="form[msn]" size="30" maxlength="50" tabindex="8" /></td> |
|
401 </tr> |
|
402 <tr> |
|
403 <th scope="row">AOL IM</th> |
|
404 <td><input type="text" name="form[aim]" size="20" maxlength="20" tabindex="9" /></td> |
|
405 </tr> |
|
406 <tr> |
|
407 <th scope="row">Yahoo! Messenger</th> |
|
408 <td><input type="text" name="form[yahoo]" size="20" maxlength="20" tabindex="10" /></td> |
|
409 </tr> |
|
410 <tr> |
|
411 <th scope="row">Location</th> |
|
412 <td><input type="text" name="form[location]" size="30" maxlength="30" tabindex="11" /></td> |
|
413 </tr> |
|
414 <tr> |
|
415 <th scope="row">Signature</th> |
|
416 <td><input type="text" name="form[signature]" size="35" maxlength="512" tabindex="12" /></td> |
|
417 </tr> |
|
418 <tr> |
|
419 <th scope="row">Admin note</th> |
|
420 <td><input type="text" name="form[admin_note]" size="30" maxlength="30" tabindex="13" /></td> |
|
421 </tr> |
|
422 <tr> |
|
423 <th scope="row">Number of posts greater than</th> |
|
424 <td><input type="text" name="posts_greater" size="5" maxlength="8" tabindex="14" /></td> |
|
425 </tr> |
|
426 <tr> |
|
427 <th scope="row">Number of posts less than</th> |
|
428 <td><input type="text" name="posts_less" size="5" maxlength="8" tabindex="15" /></td> |
|
429 </tr> |
|
430 <tr> |
|
431 <th scope="row">Last post is after</th> |
|
432 <td><input type="text" name="last_post_after" size="24" maxlength="19" tabindex="16" /> |
|
433 <span>(yyyy-mm-dd hh:mm:ss)</span></td> |
|
434 </tr> |
|
435 <tr> |
|
436 <th scope="row">Last post is before</th> |
|
437 <td><input type="text" name="last_post_before" size="24" maxlength="19" tabindex="17" /> |
|
438 <span>(yyyy-mm-dd hh:mm:ss)</span></td> |
|
439 </tr> |
|
440 <tr> |
|
441 <th scope="row">Registered after</th> |
|
442 <td><input type="text" name="registered_after" size="24" maxlength="19" tabindex="18" /> |
|
443 <span>(yyyy-mm-dd hh:mm:ss)</span></td> |
|
444 </tr> |
|
445 <tr> |
|
446 <th scope="row">Registered before</th> |
|
447 <td><input type="text" name="registered_before" size="24" maxlength="19" tabindex="19" /> |
|
448 <span>(yyyy-mm-dd hh:mm:ss)</span></td> |
|
449 </tr> |
|
450 <tr> |
|
451 <th scope="row">Order by</th> |
|
452 <td> |
|
453 <select name="order_by" tabindex="20"> |
|
454 <option value="username" selected="selected">username</option> |
|
455 <option value="email">e-mail</option> |
|
456 <option value="num_posts">posts</option> |
|
457 <option value="last_post">last post</option> |
|
458 <option value="registered">registered</option> |
|
459 </select> <select name="direction" tabindex="21"> |
|
460 <option value="ASC" selected="selected">ascending</option> |
|
461 <option value="DESC">descending</option> |
|
462 </select> |
|
463 </td> |
|
464 </tr> |
|
465 <tr> |
|
466 <th scope="row">User group</th> |
|
467 <td> |
|
468 <select name="user_group" tabindex="22"> |
|
469 <option value="all" selected="selected">All groups</option> |
|
470 <?php |
|
471 |
|
472 $result = $pun_db->query('SELECT g_id, g_title FROM '.$pun_db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $pun_db->error()); |
|
473 |
|
474 while ($cur_group = $pun_db->fetch_assoc($result)) |
|
475 echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
|
476 |
|
477 ?> |
|
478 </select> |
|
479 </td> |
|
480 </tr> |
|
481 </table> |
|
482 </div> |
|
483 </fieldset> |
|
484 </div> |
|
485 <p class="submitend"><input type="submit" name="find_user" value="Submit search" tabindex="23" /></p> |
|
486 </form> |
|
487 </div> |
|
488 |
|
489 <h2 class="block2"><span>IP search</span></h2> |
|
490 <div class="box"> |
|
491 <form method="get" action="admin_users.php"> |
|
492 <div class="inform"> |
|
493 <fieldset> |
|
494 <legend>Enter IP to search for</legend> |
|
495 <div class="infldset"> |
|
496 <table class="aligntop" cellspacing="0"> |
|
497 <tr> |
|
498 <th scope="row">IP address<div><input type="submit" value=" Find " tabindex="25" /></div></th> |
|
499 <td><input type="text" name="show_users" size="18" maxlength="15" tabindex="24" /> |
|
500 <span>The IP address to search for in the post database.</span></td> |
|
501 </tr> |
|
502 </table> |
|
503 </div> |
|
504 </fieldset> |
|
505 </div> |
|
506 </form> |
|
507 </div> |
|
508 </div> |
|
509 <div class="clearer"></div> |
|
510 </div> |
|
511 <?php |
|
512 |
|
513 require PUN_ROOT.'footer.php'; |
|
514 } |
|