for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php
/**
* Show a list of members or a selection of members.
*
* Simple Machines Forum (SMF)
* @package SMF
* @author Simple Machines http://www.simplemachines.org
* @copyright 2017 Simple Machines and individual contributors
* @license http://www.simplemachines.org/about/smf/license.php BSD
* @version 2.1 Beta 4
*/
if (!defined('SMF'))
die('No direct access...');
* The main entrance point for the Manage Members screen.
* As everyone else, it calls a function based on the given sub-action.
* Called by ?action=admin;area=viewmembers.
* Requires the moderate_forum permission.
* @uses ManageMembers template
* @uses ManageMembers language file.
function ViewMembers()
{
global $txt, $scripturl, $context, $modSettings, $smcFunc;
$subActions = array(
'all' => array('ViewMemberlist', 'moderate_forum'),
'approve' => array('AdminApprove', 'moderate_forum'),
'browse' => array('MembersAwaitingActivation', 'moderate_forum'),
'search' => array('SearchMembers', 'moderate_forum'),
'query' => array('ViewMemberlist', 'moderate_forum'),
);
call_integration_hook('integrate_manage_members', array(&$subActions));
// Default to sub action 'index' or 'settings' depending on permissions.
$_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'all';
// We know the sub action, now we know what you're allowed to do.
isAllowedTo($subActions[$_REQUEST['sa']][1]);
// Load the essentials.
loadLanguage('ManageMembers');
loadTemplate('ManageMembers');
// Get counts on every type of activation - for sections and filtering alike.
$request = $smcFunc['db_query']('', '
SELECT COUNT(*) AS total_members, is_activated
FROM {db_prefix}members
WHERE is_activated != {int:is_activated}
GROUP BY is_activated',
array(
'is_activated' => 1,
)
$context['activation_numbers'] = array();
$context['awaiting_activation'] = 0;
$context['awaiting_approval'] = 0;
while ($row = $smcFunc['db_fetch_assoc']($request))
$context['activation_numbers'][$row['is_activated']] = $row['total_members'];
$smcFunc['db_free_result']($request);
foreach ($context['activation_numbers'] as $activation_type => $total_members)
if (in_array($activation_type, array(0, 2)))
$context['awaiting_activation'] += $total_members;
elseif (in_array($activation_type, array(3, 4, 5)))
$context['awaiting_approval'] += $total_members;
}
// For the page header... do we show activation?
$context['show_activate'] = (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 1) || !empty($context['awaiting_activation']);
// What about approval?
$context['show_approve'] = (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 2) || !empty($context['awaiting_approval']) || !empty($modSettings['approveAccountDeletion']);
// Setup the admin tabs.
$context[$context['admin_menu_name']]['tab_data'] = array(
'title' => $txt['admin_members'],
'help' => 'view_members',
'description' => $txt['admin_members_list'],
'tabs' => array(),
$context['tabs'] = array(
'viewmembers' => array(
'label' => $txt['view_all_members'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=all',
'is_selected' => $_REQUEST['sa'] == 'all',
),
'search' => array(
'label' => $txt['mlist_search'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=search',
'is_selected' => $_REQUEST['sa'] == 'search' || $_REQUEST['sa'] == 'query',
'approve' => array(
'label' => sprintf($txt['admin_browse_awaiting_approval'], $context['awaiting_approval']),
'description' => $txt['admin_browse_approve_desc'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve',
'is_selected' => false,
'activate' => array(
'label' => sprintf($txt['admin_browse_awaiting_activate'], $context['awaiting_activation']),
'description' => $txt['admin_browse_activate_desc'],
'url' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=activate',
'is_last' => true,
// Sort out the tabs for the ones which may not exist!
if (!$context['show_activate'] && ($_REQUEST['sa'] != 'browse' || $_REQUEST['type'] != 'activate'))
$context['tabs']['approve']['is_last'] = true;
unset($context['tabs']['activate']);
if (!$context['show_approve'] && ($_REQUEST['sa'] != 'browse' || $_REQUEST['type'] != 'approve'))
$context['tabs']['search']['is_last'] = true;
unset($context['tabs']['approve']);
call_helper($subActions[$_REQUEST['sa']][0]);
* View all members list. It allows sorting on several columns, and deletion of
* selected members. It also handles the search query sent by
* ?action=admin;area=viewmembers;sa=search.
* Called by ?action=admin;area=viewmembers;sa=all or ?action=admin;area=viewmembers;sa=query.
* @uses the view_members sub template of the ManageMembers template.
function ViewMemberlist()
global $txt, $scripturl, $context, $modSettings, $sourcedir, $smcFunc, $user_info;
// Set the current sub action.
$context['sub_action'] = $_REQUEST['sa'];
// Are we performing a delete?
if (isset($_POST['delete_members']) && !empty($_POST['delete']) && allowedTo('profile_remove_any'))
checkSession();
// Clean the input.
foreach ($_POST['delete'] as $key => $value)
// Don't delete yourself, idiot.
if ($value != $user_info['id'])
$delete[$key] = (int) $value;
if (!empty($delete))
// Delete all the selected members.
require_once($sourcedir . '/Subs-Members.php');
deleteMembers($delete, true);
// Check input after a member search has been submitted.
if ($context['sub_action'] == 'query')
// Retrieving the membergroups and postgroups.
$context['membergroups'] = array(
'id' => 0,
'name' => $txt['membergroups_members'],
'can_be_additional' => false
$context['postgroups'] = array();
SELECT id_group, group_name, min_posts
FROM {db_prefix}membergroups
WHERE id_group != {int:moderator_group}
ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
'moderator_group' => 3,
'newbie_group' => 4,
if ($row['min_posts'] == -1)
$context['membergroups'][] = array(
'id' => $row['id_group'],
'name' => $row['group_name'],
'can_be_additional' => true
else
$context['postgroups'][] = array(
'name' => $row['group_name']
// Some data about the form fields and how they are linked to the database.
$params = array(
'mem_id' => array(
'db_fields' => array('id_member'),
'type' => 'int',
'range' => true
'age' => array(
'db_fields' => array('birthdate'),
'type' => 'age',
'posts' => array(
'db_fields' => array('posts'),
'reg_date' => array(
'db_fields' => array('date_registered'),
'type' => 'date',
'last_online' => array(
'db_fields' => array('last_login'),
'activated' => array(
'db_fields' => array('CASE WHEN is_activated IN (1, 11) THEN 1 ELSE 0 END'),
'type' => 'checkbox',
'values' => array('0', '1'),
'membername' => array(
'db_fields' => array('member_name', 'real_name'),
'type' => 'string'
'email' => array(
'db_fields' => array('email_address'),
'website' => array(
'db_fields' => array('website_title', 'website_url'),
'ip' => array(
'db_fields' => array('member_ip'),
'type' => 'inet'
$range_trans = array(
'--' => '<',
'-' => '<=',
'=' => '=',
'+' => '>=',
'++' => '>'
call_integration_hook('integrate_view_members_params', array(&$params));
$search_params = array();
if ($context['sub_action'] == 'query' && !empty($_REQUEST['params']) && empty($_POST['types']))
$search_params = $smcFunc['json_decode'](base64_decode($_REQUEST['params']), true);
elseif (!empty($_POST))
$search_params['types'] = $_POST['types'];
foreach ($params as $param_name => $param_info)
if (isset($_POST[$param_name]))
$search_params[$param_name] = $_POST[$param_name];
$search_url_params = isset($search_params) ? base64_encode($smcFunc['json_encode']($search_params)) : null;
// @todo Validate a little more.
// Loop through every field of the form.
$query_parts = array();
$where_params = array();
// Not filled in?
if (!isset($search_params[$param_name]) || $search_params[$param_name] === '')
continue;
// Make sure numeric values are really numeric.
if (in_array($param_info['type'], array('int', 'age')))
$search_params[$param_name] = (int) $search_params[$param_name];
// Date values have to match the specified format.
elseif ($param_info['type'] == 'date')
// Check if this date format is valid.
if (preg_match('/^\d{4}-\d{1,2}-\d{1,2}$/', $search_params[$param_name]) == 0)
$search_params[$param_name] = strtotime($search_params[$param_name]);
// Those values that are in some kind of range (<, <=, =, >=, >).
if (!empty($param_info['range']))
// Default to '=', just in case...
if (empty($range_trans[$search_params['types'][$param_name]]))
$search_params['types'][$param_name] = '=';
// Handle special case 'age'.
if ($param_info['type'] == 'age')
// All people that were born between $lowerlimit and $upperlimit are currently the specified age.
$datearray = getdate(forum_time());
$upperlimit = sprintf('%04d-%02d-%02d', $datearray['year'] - $search_params[$param_name], $datearray['mon'], $datearray['mday']);
$lowerlimit = sprintf('%04d-%02d-%02d', $datearray['year'] - $search_params[$param_name] - 1, $datearray['mon'], $datearray['mday']);
if (in_array($search_params['types'][$param_name], array('-', '--', '=')))
$query_parts[] = ($param_info['db_fields'][0]) . ' > {string:' . $param_name . '_minlimit}';
$where_params[$param_name . '_minlimit'] = ($search_params['types'][$param_name] == '--' ? $upperlimit : $lowerlimit);
if (in_array($search_params['types'][$param_name], array('+', '++', '=')))
$query_parts[] = ($param_info['db_fields'][0]) . ' <= {string:' . $param_name . '_pluslimit}';
$where_params[$param_name . '_pluslimit'] = ($search_params['types'][$param_name] == '++' ? $lowerlimit : $upperlimit);
// Make sure that members that didn't set their birth year are not queried.
$query_parts[] = ($param_info['db_fields'][0]) . ' > {date:dec_zero_date}';
$where_params['dec_zero_date'] = '0004-12-31';
// Special case - equals a date.
elseif ($param_info['type'] == 'date' && $search_params['types'][$param_name] == '=')
$query_parts[] = $param_info['db_fields'][0] . ' > ' . $search_params[$param_name] . ' AND ' . $param_info['db_fields'][0] . ' < ' . ($search_params[$param_name] + 86400);
$query_parts[] = $param_info['db_fields'][0] . ' ' . $range_trans[$search_params['types'][$param_name]] . ' ' . $search_params[$param_name];
// Checkboxes.
elseif ($param_info['type'] == 'checkbox')
// Each checkbox or no checkbox at all is checked -> ignore.
if (!is_array($search_params[$param_name]) || count($search_params[$param_name]) == 0 || count($search_params[$param_name]) == count($param_info['values']))
$query_parts[] = ($param_info['db_fields'][0]) . ' IN ({array_string:' . $param_name . '_check})';
$where_params[$param_name . '_check'] = $search_params[$param_name];
// Replace the wildcard characters ('*' and '?') into MySQL ones.
$parameter = strtolower(strtr($smcFunc['htmlspecialchars']($search_params[$param_name], ENT_QUOTES), array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_')));
if ($smcFunc['db_case_sensitive'])
$query_parts[] = '(LOWER(' . implode(') LIKE {string:' . $param_name . '_normal} OR LOWER(', $param_info['db_fields']) . ') LIKE {string:' . $param_name . '_normal})';
$query_parts[] = '(' . implode(' LIKE {string:' . $param_name . '_normal} OR ', $param_info['db_fields']) . ' LIKE {string:' . $param_name . '_normal})';
$where_params[$param_name . '_normal'] = '%' . $parameter . '%';
// Set up the membergroup query part.
$mg_query_parts = array();
// Primary membergroups, but only if at least was was not selected.
if (!empty($search_params['membergroups'][1]) && count($context['membergroups']) != count($search_params['membergroups'][1]))
$mg_query_parts[] = 'mem.id_group IN ({array_int:group_check})';
$where_params['group_check'] = $search_params['membergroups'][1];
// Additional membergroups (these are only relevant if not all primary groups where selected!).
if (!empty($search_params['membergroups'][2]) && (empty($search_params['membergroups'][1]) || count($context['membergroups']) != count($search_params['membergroups'][1])))
foreach ($search_params['membergroups'][2] as $mg)
$mg_query_parts[] = 'FIND_IN_SET({int:add_group_' . $mg . '}, mem.additional_groups) != 0';
$where_params['add_group_' . $mg] = $mg;
// Combine the one or two membergroup parts into one query part linked with an OR.
if (!empty($mg_query_parts))
$query_parts[] = '(' . implode(' OR ', $mg_query_parts) . ')';
// Get all selected post count related membergroups.
if (!empty($search_params['postgroups']) && count($search_params['postgroups']) != count($context['postgroups']))
$query_parts[] = 'id_post_group IN ({array_int:post_groups})';
$where_params['post_groups'] = $search_params['postgroups'];
// Construct the where part of the query.
$where = empty($query_parts) ? '1=1' : implode('
AND ', $query_parts);
$search_url_params = null;
// Construct the additional URL part with the query info in it.
$context['params_url'] = $context['sub_action'] == 'query' ? ';sa=query;params=' . $search_url_params : '';
// Get the title and sub template ready..
$context['page_title'] = $txt['admin_members'];
$listOptions = array(
'id' => 'member_list',
'title' => $txt['members_list'],
'items_per_page' => $modSettings['defaultMaxMembers'],
'base_href' => $scripturl . '?action=admin;area=viewmembers' . $context['params_url'],
'default_sort_col' => 'user_name',
'get_items' => array(
'file' => $sourcedir . '/Subs-Members.php',
'function' => 'list_getMembers',
'params' => array(
isset($where) ? $where : '1=1',
isset($where_params) ? $where_params : array(),
'get_count' => array(
'function' => 'list_getNumMembers',
'columns' => array(
'id_member' => array(
'header' => array(
'value' => $txt['member_id'],
'data' => array(
'db' => 'id_member',
'sort' => array(
'default' => 'id_member',
'reverse' => 'id_member DESC',
'user_name' => array(
'value' => $txt['username'],
'sprintf' => array(
'format' => '<a href="' . strtr($scripturl, array('%' => '%%')) . '?action=profile;u=%1$d">%2$s</a>',
'id_member' => false,
'member_name' => false,
'class' => 'hidden',
'default' => 'member_name',
'reverse' => 'member_name DESC',
'display_name' => array(
'value' => $txt['display_name'],
'real_name' => false,
'default' => 'real_name',
'reverse' => 'real_name DESC',
'value' => $txt['email_address'],
'format' => '<a href="mailto:%1$s">%1$s</a>',
'email_address' => true,
'default' => 'email_address',
'reverse' => 'email_address DESC',
'value' => $txt['ip_address'],
'format' => '<a href="' . strtr($scripturl, array('%' => '%%')) . '?action=trackip;searchip=%1$s">%1$s</a>',
'member_ip' => false,
'default' => 'member_ip',
'reverse' => 'member_ip DESC',
'last_active' => array(
'value' => $txt['viewmembers_online'],
'function' => function($rowData) use ($txt)
// Calculate number of days since last online.
if (empty($rowData['last_login']))
$difference = $txt['never'];
$num_days_difference = jeffsdatediff($rowData['last_login']);
// Today.
if (empty($num_days_difference))
$difference = $txt['viewmembers_today'];
// Yesterday.
elseif ($num_days_difference == 1)
$difference = sprintf('1 %1$s', $txt['viewmembers_day_ago']);
// X days ago.
$difference = sprintf('%1$d %2$s', $num_days_difference, $txt['viewmembers_days_ago']);
// Show it in italics if they're not activated...
if ($rowData['is_activated'] % 10 != 1)
$difference = sprintf('<em title="%1$s">%2$s</em>', $txt['not_activated'], $difference);
return $difference;
},
'default' => 'last_login DESC',
'reverse' => 'last_login',
'value' => $txt['member_postcount'],
'db' => 'posts',
'default' => 'posts',
'reverse' => 'posts DESC',
'check' => array(
'value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check">',
'class' => 'centercol',
'function' => function($rowData) use ($user_info)
return '<input type="checkbox" name="delete[]" value="' . $rowData['id_member'] . '" class="input_check"' . ($rowData['id_member'] == $user_info['id'] || $rowData['id_group'] == 1 || in_array(1, explode(',', $rowData['additional_groups'])) ? ' disabled' : '') . '>';
'form' => array(
'href' => $scripturl . '?action=admin;area=viewmembers' . $context['params_url'],
'include_start' => true,
'include_sort' => true,
'additional_rows' => array(
'position' => 'below_table_data',
'value' => '<input type="submit" name="delete_members" value="' . $txt['admin_delete_members'] . '" data-confirm="' . $txt['confirm_delete_members'] . '" class="button_submit you_sure">',
// Without enough permissions, don't show 'delete members' checkboxes.
if (!allowedTo('profile_remove_any'))
unset($listOptions['cols']['check'], $listOptions['form'], $listOptions['additional_rows']);
require_once($sourcedir . '/Subs-List.php');
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'member_list';
* Search the member list, using one or more criteria.
* Called by ?action=admin;area=viewmembers;sa=search.
* form is submitted to action=admin;area=viewmembers;sa=query.
* @uses the search_members sub template of the ManageMembers template.
function SearchMembers()
global $context, $txt, $smcFunc;
// Get a list of all the membergroups and postgroups that can be selected.
$context['sub_template'] = 'search_members';
* List all members who are awaiting approval / activation, sortable on different columns.
* It allows instant approval or activation of (a selection of) members.
* Called by ?action=admin;area=viewmembers;sa=browse;type=approve
* or ?action=admin;area=viewmembers;sa=browse;type=activate.
* The form submits to ?action=admin;area=viewmembers;sa=approve.
* @uses the admin_browse sub template of the ManageMembers template.
function MembersAwaitingActivation()
global $txt, $context, $scripturl, $modSettings;
global $sourcedir;
// Not a lot here!
$context['sub_template'] = 'admin_browse';
$context['browse_type'] = isset($_REQUEST['type']) ? $_REQUEST['type'] : (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 1 ? 'activate' : 'approve');
if (isset($context['tabs'][$context['browse_type']]))
$context['tabs'][$context['browse_type']]['is_selected'] = true;
// Allowed filters are those we can have, in theory.
$context['allowed_filters'] = $context['browse_type'] == 'approve' ? array(3, 4, 5) : array(0, 2);
$context['current_filter'] = isset($_REQUEST['filter']) && in_array($_REQUEST['filter'], $context['allowed_filters']) && !empty($context['activation_numbers'][$_REQUEST['filter']]) ? (int) $_REQUEST['filter'] : -1;
// Sort out the different sub areas that we can actually filter by.
$context['available_filters'] = array();
foreach ($context['activation_numbers'] as $type => $amount)
// We have some of these...
if (in_array($type, $context['allowed_filters']) && $amount > 0)
$context['available_filters'][] = array(
'type' => $type,
'amount' => $amount,
'desc' => isset($txt['admin_browse_filter_type_' . $type]) ? $txt['admin_browse_filter_type_' . $type] : '?',
'selected' => $type == $context['current_filter']
// If the filter was not sent, set it to whatever has people in it!
if ($context['current_filter'] == -1 && !empty($context['available_filters'][0]['amount']))
$context['current_filter'] = $context['available_filters'][0]['type'];
// This little variable is used to determine if we should flag where we are looking.
$context['show_filter'] = ($context['current_filter'] != 0 && $context['current_filter'] != 3) || count($context['available_filters']) > 1;
// The columns that can be sorted.
$context['columns'] = array(
'id_member' => array('label' => $txt['admin_browse_id']),
'member_name' => array('label' => $txt['admin_browse_username']),
'email_address' => array('label' => $txt['admin_browse_email']),
'member_ip' => array('label' => $txt['admin_browse_ip']),
'date_registered' => array('label' => $txt['admin_browse_registered']),
// Are we showing duplicate information?
if (isset($_GET['showdupes']))
$_SESSION['showdupes'] = (int) $_GET['showdupes'];
$context['show_duplicates'] = !empty($_SESSION['showdupes']);
// Determine which actions we should allow on this page.
if ($context['browse_type'] == 'approve')
// If we are approving deleted accounts we have a slightly different list... actually a mirror ;)
if ($context['current_filter'] == 4)
$context['allowed_actions'] = array(
'reject' => $txt['admin_browse_w_approve_deletion'],
'ok' => $txt['admin_browse_w_reject'],
'ok' => $txt['admin_browse_w_approve'],
'okemail' => $txt['admin_browse_w_approve'] . ' ' . $txt['admin_browse_w_email'],
'require_activation' => $txt['admin_browse_w_approve_require_activate'],
'reject' => $txt['admin_browse_w_reject'],
'rejectemail' => $txt['admin_browse_w_reject'] . ' ' . $txt['admin_browse_w_email'],
elseif ($context['browse_type'] == 'activate')
'ok' => $txt['admin_browse_w_activate'],
'okemail' => $txt['admin_browse_w_activate'] . ' ' . $txt['admin_browse_w_email'],
'delete' => $txt['admin_browse_w_delete'],
'deleteemail' => $txt['admin_browse_w_delete'] . ' ' . $txt['admin_browse_w_email'],
'remind' => $txt['admin_browse_w_remind'] . ' ' . $txt['admin_browse_w_email'],
// Create an option list for actions allowed to be done with selected members.
$allowed_actions = '
<option selected value="">' . $txt['admin_browse_with_selected'] . ':</option>
<option value="" disabled>-----------------------------</option>';
foreach ($context['allowed_actions'] as $key => $desc)
$allowed_actions .= '
<option value="' . $key . '">' . $desc . '</option>';
// Setup the Javascript function for selecting an action for the list.
$javascript = '
function onSelectChange()
if (document.forms.postForm.todo.value == "")
return;
var message = "";';
// We have special messages for approving deletion of accounts - it's surprisingly logical - honest.
$javascript .= '
if (document.forms.postForm.todo.value.indexOf("reject") != -1)
message = "' . $txt['admin_browse_w_delete'] . '";
message = "' . $txt['admin_browse_w_reject'] . '";';
// Otherwise a nice standard message.
if (document.forms.postForm.todo.value.indexOf("delete") != -1)
else if (document.forms.postForm.todo.value.indexOf("reject") != -1)
message = "' . $txt['admin_browse_w_reject'] . '";
else if (document.forms.postForm.todo.value == "remind")
message = "' . $txt['admin_browse_w_remind'] . '";
message = "' . ($context['browse_type'] == 'approve' ? $txt['admin_browse_w_approve'] : $txt['admin_browse_w_activate']) . '";';
if (confirm(message + " ' . $txt['admin_browse_warn'] . '"))
document.forms.postForm.submit();
}';
'id' => 'approve_list',
// 'title' => $txt['members_approval_title'],
'base_href' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=' . $context['browse_type'] . (!empty($context['show_filter']) ? ';filter=' . $context['current_filter'] : ''),
'default_sort_col' => 'date_registered',
'is_activated = {int:activated_status}',
array('activated_status' => $context['current_filter']),
$context['show_duplicates'],
'hostname' => array(
'value' => $txt['hostname'],
'function' => function($rowData)
return host_from_ip(inet_dtop($rowData['member_ip']));
inet_dtop($rowData['member_ip'])
inet_dtop()
false
host_from_ip()
string
'class' => 'smalltext',
'date_registered' => array(
'value' => $context['current_filter'] == 4 ? $txt['viewmembers_online'] : $txt['date_registered'],
'function' => function($rowData) use ($context)
return timeformat($rowData['' . ($context['current_filter'] == 4 ? 'last_login' : 'date_registered') . '']);
'default' => $context['current_filter'] == 4 ? 'mem.last_login DESC' : 'date_registered DESC',
'reverse' => $context['current_filter'] == 4 ? 'mem.last_login' : 'date_registered',
'duplicates' => array(
'value' => $txt['duplicates'],
// Make sure it doesn't go too wide.
'style' => 'width: 20%;',
'function' => function($rowData) use ($scripturl, $txt)
$member_links = array();
foreach ($rowData['duplicate_members'] as $member)
if ($member['id'])
$member_links[] = '<a href="' . $scripturl . '?action=profile;u=' . $member['id'] . '" ' . (!empty($member['is_banned']) ? 'class="red"' : '') . '>' . $member['name'] . '</a>';
$member_links[] = $member['name'] . ' (' . $txt['guest'] . ')';
return implode(', ', $member_links);
'format' => '<input type="checkbox" name="todoAction[]" value="%1$d" class="input_check">',
'javascript' => $javascript,
'href' => $scripturl . '?action=admin;area=viewmembers;sa=approve;type=' . $context['browse_type'],
'name' => 'postForm',
'hidden_fields' => array(
'orig_filter' => $context['current_filter'],
'value' => '
[<a href="' . $scripturl . '?action=admin;area=viewmembers;sa=browse;showdupes=' . ($context['show_duplicates'] ? 0 : 1) . ';type=' . $context['browse_type'] . (!empty($context['show_filter']) ? ';filter=' . $context['current_filter'] : '') . ';' . $context['session_var'] . '=' . $context['session_id'] . '">' . ($context['show_duplicates'] ? $txt['dont_check_for_duplicate'] : $txt['check_for_duplicate']) . '</a>]
<select name="todo" onchange="onSelectChange();">
' . $allowed_actions . '
</select>
<noscript><input type="submit" value="' . $txt['go'] . '" class="button_submit"><br class="clear_right"></noscript>
',
'class' => 'floatright',
// Pick what column to actually include if we're showing duplicates.
if ($context['show_duplicates'])
unset($listOptions['columns']['email']);
unset($listOptions['columns']['duplicates']);
// Only show hostname on duplicates as it takes a lot of time.
if (!$context['show_duplicates'] || !empty($modSettings['disableHostnameLookup']))
unset($listOptions['columns']['hostname']);
// Is there any need to show filters?
if (isset($context['available_filters']) && count($context['available_filters']) > 1)
$filterOptions = '
<strong>' . $txt['admin_browse_filter_by'] . ':</strong>
<select name="filter" onchange="this.form.submit();">';
foreach ($context['available_filters'] as $filter)
$filterOptions .= '
<option value="' . $filter['type'] . '"' . ($filter['selected'] ? ' selected' : '') . '>' . $filter['desc'] . ' - ' . $filter['amount'] . ' ' . ($filter['amount'] == 1 ? $txt['user'] : $txt['users']) . '</option>';
<noscript><input type="submit" value="' . $txt['go'] . '" name="filter" class="button_submit"></noscript>';
$listOptions['additional_rows'][] = array(
'position' => 'top_of_list',
'value' => $filterOptions,
'class' => 'righttext',
// What about if we only have one filter, but it's not the "standard" filter - show them what they are looking at.
if (!empty($context['show_filter']) && !empty($context['available_filters']))
'position' => 'above_column_headers',
'value' => '<strong>' . $txt['admin_browse_filter_show'] . ':</strong> ' . $context['available_filters'][0]['desc'],
'class' => 'smalltext floatright',
// Now that we have all the options, create the list.
* This function handles the approval, rejection, activation or deletion of members.
* Called by ?action=admin;area=viewmembers;sa=approve.
* Redirects to ?action=admin;area=viewmembers;sa=browse
* with the same parameters as the calling page.
function AdminApprove()
global $scripturl, $modSettings, $sourcedir, $language, $user_info, $smcFunc;
// First, check our session.
require_once($sourcedir . '/Subs-Post.php');
// We also need to the login languages here - for emails.
loadLanguage('Login');
// Sort out where we are going...
$current_filter = (int) $_REQUEST['orig_filter'];
// If we are applying a filter do just that - then redirect.
if (isset($_REQUEST['filter']) && $_REQUEST['filter'] != $_REQUEST['orig_filter'])
redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $_REQUEST['filter'] . ';start=' . $_REQUEST['start']);
// Nothing to do?
if (!isset($_POST['todoAction']) && !isset($_POST['time_passed']))
redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
// Are we dealing with members who have been waiting for > set amount of time?
if (isset($_POST['time_passed']))
$timeBefore = time() - 86400 * (int) $_POST['time_passed'];
$condition = '
AND date_registered < {int:time_before}';
// Coming from checkboxes - validate the members passed through to us.
$members = array();
foreach ($_POST['todoAction'] as $id)
$members[] = (int) $id;
AND id_member IN ({array_int:members})';
// Get information on each of the members, things that are important to us, like email address...
SELECT id_member, member_name, real_name, email_address, validation_code, lngfile
WHERE is_activated = {int:activated_status}' . $condition . '
ORDER BY lngfile',
'activated_status' => $current_filter,
'time_before' => empty($timeBefore) ? 0 : $timeBefore,
'members' => empty($members) ? array() : $members,
$member_count = $smcFunc['db_num_rows']($request);
// If no results then just return!
if ($member_count == 0)
$member_info = array();
// Fill the info array.
$members[] = $row['id_member'];
$member_info[] = array(
'id' => $row['id_member'],
'username' => $row['member_name'],
'name' => $row['real_name'],
'email' => $row['email_address'],
'language' => empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'],
'code' => $row['validation_code']
// Are we activating or approving the members?
if ($_POST['todo'] == 'ok' || $_POST['todo'] == 'okemail')
// Approve/activate this member.
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET validation_code = {string:blank_string}, is_activated = {int:is_activated}
WHERE is_activated = {int:activated_status}' . $condition,
'blank_string' => '',
// Do we have to let the integration code know about the activations?
if (!empty($modSettings['integrate_activate']))
foreach ($member_info as $member)
call_integration_hook('integrate_activate', array($member['username']));
// Check for email.
if ($_POST['todo'] == 'okemail')
$replacements = array(
'NAME' => $member['name'],
'USERNAME' => $member['username'],
'PROFILELINK' => $scripturl . '?action=profile;u=' . $member['id'],
'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
$emaildata = loadEmailTemplate('admin_approve_accept', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accapp' . $member['id'], $emaildata['is_html'], 0);
// Maybe we're sending it off for activation?
elseif ($_POST['todo'] == 'require_activation')
// We have to do this for each member I'm afraid.
// Generate a random activation code.
$validation_code = generateValidationCode();
// Set these members for activation - I know this includes two id_member checks but it's safer than bodging $condition ;).
SET validation_code = {string:validation_code}, is_activated = {int:not_activated}
WHERE is_activated = {int:activated_status}
' . $condition . '
AND id_member = {int:selected_member}',
'not_activated' => 0,
'selected_member' => $member['id'],
'validation_code' => $validation_code,
'USERNAME' => $member['name'],
'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $validation_code,
'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'],
'ACTIVATIONCODE' => $validation_code,
$emaildata = loadEmailTemplate('admin_approve_activation', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accact' . $member['id'], $emaildata['is_html'], 0);
// Are we rejecting them?
elseif ($_POST['todo'] == 'reject' || $_POST['todo'] == 'rejectemail')
deleteMembers($members);
// Send email telling them they aren't welcome?
if ($_POST['todo'] == 'rejectemail')
$emaildata = loadEmailTemplate('admin_approve_reject', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accrej', $emaildata['is_html'], 1);
// A simple delete?
elseif ($_POST['todo'] == 'delete' || $_POST['todo'] == 'deleteemail')
if ($_POST['todo'] == 'deleteemail')
$emaildata = loadEmailTemplate('admin_approve_delete', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accdel', $emaildata['is_html'], 1);
// Remind them to activate their account?
elseif ($_POST['todo'] == 'remind')
'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $member['code'],
'ACTIVATIONCODE' => $member['code'],
$emaildata = loadEmailTemplate('admin_approve_remind', $replacements, $member['language']);
sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, 'accrem' . $member['id'], $emaildata['is_html'], 1);
// @todo current_language is never set, no idea what this is for. Remove?
// Back to the user's language!
if (isset($current_language) && $current_language != $user_info['language'])
loadLanguage('index');
// Log what we did?
if (!empty($modSettings['modlog_enabled']) && in_array($_POST['todo'], array('ok', 'okemail', 'require_activation', 'remind')))
$log_action = $_POST['todo'] == 'remind' ? 'remind_member' : 'approve_member';
require_once($sourcedir . '/Logging.php');
logAction($log_action, array('member' => $member['id']), 'admin');
// Although updateStats *may* catch this, best to do it manually just in case (Doesn't always sort out unapprovedMembers).
if (in_array($current_filter, array(3, 4, 5)))
updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > $member_count ? $modSettings['unapprovedMembers'] - $member_count : 0)));
// Update the member's stats. (but, we know the member didn't change their name.)
updateStats('member', false);
// If they haven't been deleted, update the post group statistics on them...
if (!in_array($_POST['todo'], array('delete', 'deleteemail', 'reject', 'rejectemail', 'remind')))
updateStats('postgroups', $members);
* Nifty function to calculate the number of days ago a given date was.
* Requires a unix timestamp as input, returns an integer.
* Named in honour of Jeff Lewis, the original creator of...this function.
* @param int $old The timestamp of the old date
* @return int The number of days since $old, based on the forum time
function jeffsdatediff($old)
// Get the current time as the user would see it...
$forumTime = forum_time();
// Calculate the seconds that have passed since midnight.
$sinceMidnight = date('H', $forumTime) * 60 * 60 + date('i', $forumTime) * 60 + date('s', $forumTime);
// Take the difference between the two times.
$dis = time() - $old;
// Before midnight?
if ($dis < $sinceMidnight)
return 0;
$dis -= $sinceMidnight;
// Divide out the seconds in a day to get the number of days.
return ceil($dis / (24 * 60 * 60));
?>
Yoshi2889 /
SMF2.1
albertlast
Loading history...