Vergleich modcp.php - 1.4.1 - 1.4.3

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * $Id: modcp.php 4111 2008-08-13 06:14:12Z Tikitiki $

 * $Id: modcp.php 4184 2008-09-10 04:40:17Z Tikitiki $

 */

define("IN_MYBB", 1);

 */

define("IN_MYBB", 1);

Zeile 81Zeile 81
		error($lang->error_noselected_reports);
}


		error($lang->error_noselected_reports);
}


	array_walk($mybb->input['reports'], "intval");

	$mybb->input['reports'] = array_map("intval", $mybb->input['reports']);

	$rids = implode($mybb->input['reports'], "','");
$rids = "'0','{$rids}'";


	$rids = implode($mybb->input['reports'], "','");
$rids = "'0','{$rids}'";


Zeile 126Zeile 126
			$page = intval($result / $perpage) + 1;
}
}

			$page = intval($result / $perpage) + 1;
}
}

	$postcount = intval($report_count)+1;

	$postcount = intval($report_count);

	$pages = $postcount / $perpage;
$pages = ceil($pages);

	$pages = $postcount / $perpage;
$pages = ceil($pages);

 





if($mybb->input['page'] == "last")


if($mybb->input['page'] == "last")



 
	{
$page = $pages;

	{
$page = $pages;

	}

	}


if($page > $pages || $page <= 0)


if($page > $pages || $page <= 0)

	{
$page = 1;

	{
$page = 1;

	}

if($page && $page > 0)

	}

if($page && $page > 0)

Zeile 156Zeile 158
	if($postcount > $perpage)
{
eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");

	if($postcount > $perpage)
{
eval("\$reportspages = \"".$templates->get("modcp_reports_multipage")."\";");

	}

$query = $db->simple_select("forums", "fid, name");
while($forum = $db->fetch_array($query))
{
$forums[$forum['fid']] = $forum['name'];
}

$reports = '';
$query = $db->query("
SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject
FROM ".TABLE_PREFIX."reportedposts r
LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid)
LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)

	}

$query = $db->simple_select("forums", "fid, name");
while($forum = $db->fetch_array($query))
{
$forums[$forum['fid']] = $forum['name'];
}

$reports = '';
$query = $db->query("
SELECT r.*, u.username, up.username AS postusername, up.uid AS postuid, t.subject AS threadsubject
FROM ".TABLE_PREFIX."reportedposts r
LEFT JOIN ".TABLE_PREFIX."posts p ON (r.pid=p.pid)
LEFT JOIN ".TABLE_PREFIX."threads t ON (p.tid=t.tid)

		LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
WHERE r.reportstatus='0'

		LEFT JOIN ".TABLE_PREFIX."users u ON (r.uid=u.uid)
LEFT JOIN ".TABLE_PREFIX."users up ON (p.uid=up.uid)
WHERE r.reportstatus='0'

Zeile 230Zeile 232
		if(($result % $perpage) == 0)
{
$page = $result / $perpage;

		if(($result % $perpage) == 0)
{
$page = $result / $perpage;

		}
else
{
$page = intval($result / $perpage) + 1;
}
}
$postcount = intval($warnings)+1;
$pages = $postcount / $perpage;
$pages = ceil($pages);

if($mybb->input['page'] == "last")
{
$page = $pages;
}

if($page > $pages || $page <= 0)
{
$page = 1;
}

if($page)

		}
else
{
$page = intval($result / $perpage) + 1;
}
}
$postcount = intval($warnings);
$pages = $postcount / $perpage;
$pages = ceil($pages);

if($mybb->input['page'] == "last")
{
$page = $pages;
}

if($page > $pages || $page <= 0)
{
$page = 1;
}

if($page)

	{
$start = ($page-1) * $perpage;
}
else

	{
$start = ($page-1) * $perpage;
}
else

	{

	{

		$start = 0;
$page = 1;
}
$upper = $start+$perpage;

		$start = 0;
$page = 1;
}
$upper = $start+$perpage;





	$multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
if($postcount > $perpage)
{
eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");

	$multipage = multipage($postcount, $perpage, $page, "modcp.php?action=allreports");
if($postcount > $perpage)
{
eval("\$allreportspages = \"".$templates->get("modcp_reports_multipage")."\";");

	}

	}


$query = $db->simple_select("forums", "fid, name");
while($forum = $db->fetch_array($query))


$query = $db->simple_select("forums", "fid, name");
while($forum = $db->fetch_array($query))

Zeile 290Zeile 292
		$report['threadlink'] = get_thread_link($report['tid']);
$report['posterlink'] = get_profile_link($report['postuid']);
$report['reporterlink'] = get_profile_link($report['uid']);

		$report['threadlink'] = get_thread_link($report['tid']);
$report['posterlink'] = get_profile_link($report['postuid']);
$report['reporterlink'] = get_profile_link($report['uid']);





		$reportdate = my_date($mybb->settings['dateformat'], $report['dateline']);
$reporttime = my_date($mybb->settings['timeformat'], $report['dateline']);


		$reportdate = my_date($mybb->settings['dateformat'], $report['dateline']);
$reporttime = my_date($mybb->settings['timeformat'], $report['dateline']);


Zeile 334Zeile 336
	add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");

$perpage = intval($mybb->input['perpage']);

	add_breadcrumb($lang->mcp_nav_modlogs, "modcp.php?action=modlogs");

$perpage = intval($mybb->input['perpage']);

	if(!$perpage)

	if(!$perpage || $pagepage <= 0)

	{
$perpage = $mybb->settings['threadsperpage'];
}

	{
$perpage = $mybb->settings['threadsperpage'];
}

Zeile 411Zeile 413
	{
$start = 0;
$page = 1;

	{
$start = 0;
$page = 1;

	}

	}





	$multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modlogs&amp;perpage=$perpage&amp;uid={$mybb->input['uid']}&amp;fid={$mybb->input['fid']}&amp;orderby=$mybb->input['sortby']&amp;order={$mybb->input['order']}");

	$multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modlogs&amp;perpage=$perpage&amp;uid={$mybb->input['uid']}&amp;fid={$mybb->input['fid']}&amp;sortby={$mybb->input['sortby']}&amp;order={$mybb->input['order']}");

	if($postcount > $perpage)
{
eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");

	if($postcount > $perpage)
{
eval("\$resultspages = \"".$templates->get("modcp_modlogs_multipage")."\";");

Zeile 442Zeile 444
			$information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />";
}
if($logitem['fname'])

			$information = "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($logitem['tid'])."\" target=\"_blank\">".htmlspecialchars_uni($logitem['tsubject'])."</a><br />";
}
if($logitem['fname'])

		{

		{

			$information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">{$logitem['fname']}</a><br />";
}
if($logitem['psubject'])

			$information .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($logitem['fid'])."\" target=\"_blank\">{$logitem['fname']}</a><br />";
}
if($logitem['psubject'])

Zeile 451Zeile 453
		}

eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");

		}

eval("\$results .= \"".$templates->get("modcp_modlogs_result")."\";");

	}

	}


if(!$results)
{
eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");


if(!$results)
{
eval("\$results = \"".$templates->get("modcp_modlogs_noresults")."\";");

	}

	}


// Fetch filter options
$sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";


// Fetch filter options
$sortbysel[$mybb->input['sortby']] = "selected=\"selected\"";

Zeile 490Zeile 492
}

if($mybb->input['action'] == "do_delete_announcement")

}

if($mybb->input['action'] == "do_delete_announcement")

{

{

	verify_post_check($mybb->input['my_post_key']);


	verify_post_check($mybb->input['my_post_key']);


	$aid = intval($mybb->input['aid']);
$query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
$announcement = $db->fetch_array($query);

if(!$announcement['aid'])
{
error($lang->error_invalid_announcement);
}
if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])))
{
error_no_permission();
}


	$aid = intval($mybb->input['aid']);
$query = $db->simple_select("announcements", "aid, subject, fid", "aid='{$aid}'");
$announcement = $db->fetch_array($query);

if(!$announcement['aid'])
{
error($lang->error_invalid_announcement);
}
if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])))
{
error_no_permission();
}


	$db->delete_query("announcements", "aid='{$aid}'");

redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);

	$db->delete_query("announcements", "aid='{$aid}'");

redirect("modcp.php?action=announcements", $lang->redirect_delete_announcement);

Zeile 518Zeile 520
	$announcement = $db->fetch_array($query);

if(!$announcement['aid'])

	$announcement = $db->fetch_array($query);

if(!$announcement['aid'])

	{

	{

		error($lang->error_invalid_announcement);
}
if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])))

		error($lang->error_invalid_announcement);
}
if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])))

Zeile 528Zeile 530

eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
output_page($announcements);


eval("\$announcements = \"".$templates->get("modcp_announcements_delete")."\";");
output_page($announcements);

}


}


if($mybb->input['action'] == "do_new_announcement")
{
verify_post_check($mybb->input['my_post_key']);

if($mybb->input['action'] == "do_new_announcement")
{
verify_post_check($mybb->input['my_post_key']);

Zeile 546Zeile 548
	}

if(!trim($mybb->input['message']))

	}

if(!trim($mybb->input['message']))

	{

	{

		$errors[] = $lang->error_missing_message;
}

if(!trim($mybb->input['fid']))

		$errors[] = $lang->error_missing_message;
}

if(!trim($mybb->input['fid']))

	{

	{

		$errors[] = $lang->error_missing_forum;
}


		$errors[] = $lang->error_missing_forum;
}


Zeile 566Zeile 568
		if($startdate[0] >= 24)
{
$startdate[0] = "00";

		if($startdate[0] >= 24)
{
$startdate[0] = "00";

		}
}


		}
}


	if(stristr($mybb->input['endtime_time'], "pm"))
{
$enddate[0] = 12+$enddate[0];

	if(stristr($mybb->input['endtime_time'], "pm"))
{
$enddate[0] = 12+$enddate[0];

Zeile 601Zeile 603
		{
$mybb->input['endtime_month'] = 1;
}

		{
$mybb->input['endtime_month'] = 1;
}

		$enddate = gmmktime($enddatehour, intval($mybb->input['endtime_time']), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year']));

		$enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year']));

		if($enddate < 0 || $enddate == false)
{
$errors[] = $lang->error_invalid_end_date;

		if($enddate < 0 || $enddate == false)
{
$errors[] = $lang->error_invalid_end_date;

Zeile 765Zeile 767
	}

if($mybb->input['allowsmilies'] || !isset($mybb->input['allowsmilies']))

	}

if($mybb->input['allowsmilies'] || !isset($mybb->input['allowsmilies']))

	{
$smilies_sel['yes'] = ' checked="checked"';
}
else
{
$smilies_sel['no'] = ' checked="checked"';

	{
$smilies_sel['yes'] = ' checked="checked"';
}
else
{
$smilies_sel['no'] = ' checked="checked"';

	}

if($mybb->input['endtime_type'] == 2 || !isset($mybb->input['endtime_type']))

	}

if($mybb->input['endtime_type'] == 2 || !isset($mybb->input['endtime_type']))

Zeile 803Zeile 805
	if(!$announcement['aid'])
{
error($lang->error_invalid_announcement);

	if(!$announcement['aid'])
{
error($lang->error_invalid_announcement);

	}


	}


	// Mod has permissions to edit this announcement
if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])))
{

	// Mod has permissions to edit this announcement
if(($mybb->usergroup['issupermod'] != 1 && $announcement['fid'] == -1) || ($announcement['fid'] != -1 && !is_moderator($announcement['fid'])))
{

Zeile 818Zeile 820
	}

if(!trim($mybb->input['message']))

	}

if(!trim($mybb->input['message']))

	{

	{

		$errors[] = $lang->error_missing_message;
}


		$errors[] = $lang->error_missing_message;
}


	if(!trim($mybb->input['fid']))




















	if(!trim($mybb->input['fid']))
{
$errors[] = $lang->error_missing_forum;
}

$startdate = @explode(" ", $mybb->input['starttime_time']);
$startdate = @explode(":", $startdate[0]);
$enddate = @explode(" ", $mybb->input['endtime_time']);
$enddate = @explode(":", $enddate[0]);

if(stristr($mybb->input['starttime_time'], "pm"))
{
$startdate[0] = 12+$startdate[0];
if($startdate[0] >= 24)
{
$startdate[0] = "00";
}
}

if(stristr($mybb->input['endtime_time'], "pm"))

	{

	{

		$errors[] = $lang->error_missing_forum;





		$enddate[0] = 12+$enddate[0];
if($enddate[0] >= 24)
{
$enddate[0] = "00";
}

	}

$months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');

	}

$months = array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12');

Zeile 849Zeile 874
		{
$mybb->input['endtime_month'] = 1;
}

		{
$mybb->input['endtime_month'] = 1;
}

		$enddate = gmmktime($enddatehour, intval($mybb->input['endtime_time']), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year']));

		$enddate = gmmktime(intval($enddate[0]), intval($enddate[1]), 0, (int)$mybb->input['endtime_month'], intval($mybb->input['endtime_day']), intval($mybb->input['endtime_year']));

		if($enddate < 0 || $enddate == false)
{
$errors[] = $lang->error_invalid_end_date;

		if($enddate < 0 || $enddate == false)
{
$errors[] = $lang->error_invalid_end_date;

Zeile 1171Zeile 1196
	}
else if(is_array($mybb->input['attachments']))
{

	}
else if(is_array($mybb->input['attachments']))
{

		$query = $db->simple_select("attachments", "aid, pid", "aid IN (".implode(",", array_map("intval", array_keys($mybb->input['attachments'])))."){$flist}");






		$query = $db->query("
SELECT a.pid, a.aid
FROM ".TABLE_PREFIX."attachments a
LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
WHERE aid IN (".implode(",", array_map("intval", array_keys($mybb->input['attachments'])))."){$flist}
");

		while($attachment = $db->fetch_array($query))
{
$action = $mybb->input['attachments'][$attachment['aid']];
if($action == "approve")
{
$db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");

		while($attachment = $db->fetch_array($query))
{
$action = $mybb->input['attachments'][$attachment['aid']];
if($action == "approve")
{
$db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'");

			}

			}

			else if($action == "delete")
{
remove_attachment($attachment['pid'], '', $attachment['aid']);

			else if($action == "delete")
{
remove_attachment($attachment['pid'], '', $attachment['aid']);

Zeile 1187Zeile 1217
		redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
}
}

		redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated);
}
}





if($mybb->input['action'] == "modqueue")
{
if($mybb->input['type'] == "threads" || !$mybb->input['type'])

if($mybb->input['action'] == "modqueue")
{
if($mybb->input['type'] == "threads" || !$mybb->input['type'])

Zeile 1196Zeile 1226

$query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}");
$unapproved_threads = $db->fetch_field($query, "unapprovedthreads");


$query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible=0 {$flist}");
$unapproved_threads = $db->fetch_field($query, "unapprovedthreads");





		// Figure out if we need to display multiple pages.
if($mybb->input['page'] != "last")

		// Figure out if we need to display multiple pages.
if($mybb->input['page'] != "last")

		{

		{

			$page = intval($mybb->input['page']);

			$page = intval($mybb->input['page']);

		}


		}


		$perpage = $mybb->settings['threadsperpage'];
$pages = $unapproved_threads / $perpage;

		$perpage = $mybb->settings['threadsperpage'];
$pages = $unapproved_threads / $perpage;

		$pages = ceil($pages);

if($mybb->input['page'] == "last")
{
$page = $pages;
}

if($page > $pages || $page <= 0)
{
$page = 1;
}

if($page)
{
$start = ($page-1) * $perpage;
}
else

		$pages = ceil($pages);

if($mybb->input['page'] == "last")
{
$page = $pages;
}

if($page > $pages || $page <= 0)
{
$page = 1;
}

if($page)
{
$start = ($page-1) * $perpage;
}
else

		{
$start = 0;
$page = 1;
}


		{
$start = 0;
$page = 1;
}


		$multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modqueue&amp;type=threads");

		$multipage = multipage($pages, $perpage, $page, "modcp.php?action=modqueue&amp;type=threads");


$query = $db->query("
SELECT t.tid, t.dateline, t.fid, t.subject, p.message AS postmessage, u.username AS username, t.uid


$query = $db->query("
SELECT t.tid, t.dateline, t.fid, t.subject, p.message AS postmessage, u.username AS username, t.uid

Zeile 1271Zeile 1301
	if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue))
{
$forum_cache = $cache->read("forums");

	if($mybb->input['type'] == "posts" || (!$mybb->input['type'] && !$threadqueue))
{
$forum_cache = $cache->read("forums");





		$query = $db->query("
SELECT COUNT(pid) AS unapprovedposts
FROM ".TABLE_PREFIX."posts p

		$query = $db->query("
SELECT COUNT(pid) AS unapprovedposts
FROM ".TABLE_PREFIX."posts p

Zeile 1284Zeile 1314
		if($mybb->input['page'] != "last")
{
$page = intval($mybb->input['page']);

		if($mybb->input['page'] != "last")
{
$page = intval($mybb->input['page']);

		}

		}


$perpage = $mybb->settings['postsperpage'];
$pages = $unapproved_posts / $perpage;


$perpage = $mybb->settings['postsperpage'];
$pages = $unapproved_posts / $perpage;

Zeile 1296Zeile 1326
		}

if($page > $pages || $page <= 0)

		}

if($page > $pages || $page <= 0)

		{

		{

			$page = 1;
}


			$page = 1;
}


Zeile 1310Zeile 1340
			$page = 1;
}


			$page = 1;
}


		$multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");

		$multipage = multipage($pages, $perpage, $page, "modcp.php?action=modqueue&amp;type=posts");


$query = $db->query("
SELECT p.pid, p.subject, p.message, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline


$query = $db->query("
SELECT p.pid, p.subject, p.message, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline

Zeile 1370Zeile 1400
		}

$perpage = $mybb->settings['postsperpage'];

		}

$perpage = $mybb->settings['postsperpage'];

		$pages = $unapprovedthreads / $perpage;

		$pages = $unapproved_attachments / $perpage;

		$pages = ceil($pages);

		$pages = ceil($pages);

 



if($mybb->input['page'] == "last")
{


if($mybb->input['page'] == "last")
{

Zeile 1393Zeile 1424
			$page = 1;
}


			$page = 1;
}


		$multipage = multipage($postcount, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");

		$multipage = multipage($pages, $perpage, $page, "modcp.php?action=modqueue&amp;type=attachments");


$query = $db->query("
SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject


$query = $db->query("
SELECT a.*, p.subject AS postsubject, p.dateline, p.uid, u.username, t.tid, t.subject AS threadsubject

Zeile 1472Zeile 1503
		error_no_permission();
}
// Current user is a super mod or is an administrator and the user we are editing is a super admin, cannot edit admins

		error_no_permission();
}
// Current user is a super mod or is an administrator and the user we are editing is a super admin, cannot edit admins

	else if($mybb->usergroup['issupermod'] == 1 && $user_permissions['cancp'] == 1 || (is_super_admin($user['uid']) && !is_super_admin($user['uid'])))

	else if(!modcp_can_manage_user($user['uid']))

	{
error_no_permission();
}

	{
error_no_permission();
}

Zeile 1561Zeile 1592
		error_no_permission();
}
// Current user is a super mod or is an administrator and the user we are editing is a super admin, cannot edit admins

		error_no_permission();
}
// Current user is a super mod or is an administrator and the user we are editing is a super admin, cannot edit admins

	else if($mybb->usergroup['issupermod'] == 1 && $user_permissions['cancp'] == 1 || (is_super_admin($user['uid']) && !is_super_admin($user['uid'])))

	else if(!modcp_can_manage_user($user['uid']))

	{
error_no_permission();
}

	{
error_no_permission();
}

Zeile 1803Zeile 1834

if($mybb->input['action'] == "finduser")
{


if($mybb->input['action'] == "finduser")
{

	if(!$perpage)


	$perpage = intval($mybb->input['perpage']);
if(!$perpage || $pagepage <= 0)

	{
$perpage = $mybb->settings['threadsperpage'];
}

	{
$perpage = $mybb->settings['threadsperpage'];
}

Zeile 1872Zeile 1904
		if($mybb->input[$field])
{
$page_url .= "&amp;{$field}=".htmlspecialchars_uni($mybb->input[$field]);

		if($mybb->input[$field])
{
$page_url .= "&amp;{$field}=".htmlspecialchars_uni($mybb->input[$field]);

 
			$mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]);

		}
}


		}
}


Zeile 1915Zeile 1948
		$search['username'] = $db->escape_string($mybb->input['filter']['username']);
$query = $db->simple_select("users", "uid", "username='{$search['username']}'");
$mybb->input['filter']['uid'] = $db->fetch_field($query, "uid");

		$search['username'] = $db->escape_string($mybb->input['filter']['username']);
$query = $db->simple_select("users", "uid", "username='{$search['username']}'");
$mybb->input['filter']['uid'] = $db->fetch_field($query, "uid");

 
		$mybb->input['filter']['username'] = htmlspecialchars_uni($mybb->input['filter']['username']);

	}
if($mybb->input['filter']['uid'])
{

	}
if($mybb->input['filter']['uid'])
{

Zeile 1923Zeile 1957
		if(!isset($mybb->input['search']['username']))
{
$user = get_user($mybb->input['search']['uid']);

		if(!isset($mybb->input['search']['username']))
{
$user = get_user($mybb->input['search']['uid']);

			$mybb->input['search']['username'] = $user['username'];

			$mybb->input['search']['username'] = htmlspecialchars_uni($user['username']);

		}
}
if($mybb->input['filter']['mod_username'])

		}
}
if($mybb->input['filter']['mod_username'])

Zeile 1931Zeile 1965
		$search['mod_username'] = $db->escape_string($mybb->input['filter']['mod_username']);
$query = $db->simple_select("users", "uid", "username='{$search['mod_username']}'");
$mybb->input['filter']['mod_uid'] = $db->fetch_field($query, "uid");

		$search['mod_username'] = $db->escape_string($mybb->input['filter']['mod_username']);
$query = $db->simple_select("users", "uid", "username='{$search['mod_username']}'");
$mybb->input['filter']['mod_uid'] = $db->fetch_field($query, "uid");

 
		$mybb->input['filter']['mod_username'] = htmlspecialchars_uni($mybb->input['filter']['mod_username']);

	}
if($mybb->input['filter']['mod_uid'])
{

	}
if($mybb->input['filter']['mod_uid'])
{

Zeile 1939Zeile 1974
		if(!isset($mybb->input['search']['mod_username']))
{
$mod_user = get_user($mybb->input['search']['uid']);

		if(!isset($mybb->input['search']['mod_username']))
{
$mod_user = get_user($mybb->input['search']['uid']);

			$mybb->input['search']['mod_username'] = $mod_user['username'];

			$mybb->input['search']['mod_username'] = htmlspecialchars_uni($mod_user['username']);

		}
}
if($mybb->input['filter']['reason'])
{
$search['reason'] = $db->escape_string($mybb->input['filter']['reason']);
$where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";

		}
}
if($mybb->input['filter']['reason'])
{
$search['reason'] = $db->escape_string($mybb->input['filter']['reason']);
$where_sql .= " AND (w.notes LIKE '%{$search['reason']}%' OR t.title LIKE '%{$search['reason']}%' OR w.title LIKE '%{$search['reason']}%')";

 
		$mybb->input['filter']['reason'] = htmlspecialchars_uni($mybb->input['filter']['reason']);

	}
$sortbysel = array();
switch($mybb->input['filter']['sortby'])

	}
$sortbysel = array();
switch($mybb->input['filter']['sortby'])

Zeile 2150Zeile 2186

// Now we have the result counts, paginate
$perpage = intval($mybb->input['perpage']);


// Now we have the result counts, paginate
$perpage = intval($mybb->input['perpage']);

		if(!$perpage)

		if(!$perpage || $pagepage <= 0)

		{
$perpage = $mybb->settings['threadsperpage'];
}

		{
$perpage = $mybb->settings['threadsperpage'];
}

Zeile 2257Zeile 2293
				{
$ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}";
}

				{
$ipaddress['subject'] = "RE: {$ipaddress['threadsubject']}";
}

				$subject = "<strong>{$lang->ipresult_post}</strong> <a href=\"".get_post_link($ipaddress['pid'], $ipaddress['tid'])."\">".htmlspecialchars_uni($ipaddress['subject'])."</a> by ".build_profile_link($ipaddress['username'], $ipaddress['uid']);

				$subject = "<strong>{$lang->ipresult_post}</strong> <a href=\"".get_post_link($ipaddress['pid'], $ipaddress['tid'])."\">".htmlspecialchars_uni($ipaddress['subject'])."</a> {$lang->by} ".build_profile_link($ipaddress['username'], $ipaddress['uid']);

				eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
}
}

				eval("\$results .= \"".$templates->get("modcp_ipsearch_result")."\";");
}
}

Zeile 2317Zeile 2353
	$query = $db->simple_select("banned", "COUNT(uid) AS count");
$banned_count = $db->fetch_field($query, "count");


	$query = $db->simple_select("banned", "COUNT(uid) AS count");
$banned_count = $db->fetch_field($query, "count");


	$postcount = intval($banned_count)+1;

	$postcount = intval($banned_count);

	$pages = $postcount / $perpage;
$pages = ceil($pages);


	$pages = $postcount / $perpage;
$pages = ceil($pages);


Zeile 2376Zeile 2412
		if($banned['reason'])
{
$banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));

		if($banned['reason'])
{
$banned['reason'] = htmlspecialchars_uni($parser->parse_badwords($banned['reason']));

		}
else

		}
else

		{
$banned['reason'] = $lang->na;
}

		{
$banned['reason'] = $lang->na;
}

Zeile 2436Zeile 2472

if(!$ban['uid'])
{


if(!$ban['uid'])
{

		$lang->error_invalidban;

		error($lang->error_invalidban);

	}

// Permission to edit this ban?

	}

// Permission to edit this ban?

Zeile 2457Zeile 2493
	$cache->update_moderators();

redirect("modcp.php?action=banning", $lang->redirect_banlifted);

	$cache->update_moderators();

redirect("modcp.php?action=banning", $lang->redirect_banlifted);

}


}


if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post")
{
// Verify incoming POST request

if($mybb->input['action'] == "do_banuser" && $mybb->request_method == "post")
{
// Verify incoming POST request

Zeile 2466Zeile 2502

// Editing an existing ban
if($mybb->input['uid'])


// Editing an existing ban
if($mybb->input['uid'])

	{

	{

		// Get the users info from their uid
$query = $db->query("
SELECT b.*, u.uid, u.usergroup, u.additionalgroups, u.displaygroup

		// Get the users info from their uid
$query = $db->query("
SELECT b.*, u.uid, u.usergroup, u.additionalgroups, u.displaygroup

Zeile 2474Zeile 2510
			LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
WHERE b.uid='{$mybb->input['uid']}'
");

			LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
WHERE b.uid='{$mybb->input['uid']}'
");

		$user = $db->fetch_array($query);
if(!$user['uid'])

		$user = $db->fetch_array($query);
if(!$user['uid'])

		{
error($lang->error_invalidban);
}

		{
error($lang->error_invalidban);
}

Zeile 2484Zeile 2520
		if($mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
{
error_no_permission();

		if($mybb->user['uid'] != $user['admin'] && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['cancp'] != 1)
{
error_no_permission();

		}

$lift_link = "<div class=\"float_right\"><a href=\"modcp.php?action=liftban&amp;bid={$user['uid']}&amp;my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></div>";
}

		}
}



	// Creating a new ban
else
{

	// Creating a new ban
else
{

Zeile 2497Zeile 2531
		if(!$user['uid'])
{
$errors[] = $lang->invalid_username;

		if(!$user['uid'])
{
$errors[] = $lang->invalid_username;

		}
}


		}
}


	if($user['uid'] == $mybb->user['uid'])
{
$errors[] = $lang->error_cannotbanself;

	if($user['uid'] == $mybb->user['uid'])
{
$errors[] = $lang->error_cannotbanself;

	}


	}


	// Have permissions to ban this user?
if(!modcp_can_manage_user($user['uid']))
{
$errors[] = $lang->error_cannotbanuser;

	// Have permissions to ban this user?
if(!modcp_can_manage_user($user['uid']))
{
$errors[] = $lang->error_cannotbanuser;

	}

	}


// Check for an incoming reason
if(!$mybb->input['banreason'])


// Check for an incoming reason
if(!$mybb->input['banreason'])

Zeile 2519Zeile 2553

// Check banned group
if(!$db->fetch_field($db->simple_select("usergroups", "gid", "isbannedgroup=1 AND gid='".intval($mybb->input['usergroup'])."'"), "gid"))


// Check banned group
if(!$db->fetch_field($db->simple_select("usergroups", "gid", "isbannedgroup=1 AND gid='".intval($mybb->input['usergroup'])."'"), "gid"))

	{

	{

		$errors[] = $lang->error_nobangroup;
}


		$errors[] = $lang->error_nobangroup;
}


Zeile 2538Zeile 2572
	{
// Ban the user
if($mybb->input['liftafter'] == '---')

	{
// Ban the user
if($mybb->input['liftafter'] == '---')

		{

		{

			$lifted = 0;
}
else

			$lifted = 0;
}
else

Zeile 2618Zeile 2652

// If incoming user ID, we are editing a ban
if($mybb->input['uid'])


// If incoming user ID, we are editing a ban
if($mybb->input['uid'])

	{

	{

		$query = $db->query("
SELECT b.*, u.username
FROM ".TABLE_PREFIX."banned b

		$query = $db->query("
SELECT b.*, u.username
FROM ".TABLE_PREFIX."banned b

Zeile 2635Zeile 2669
			eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";");
}
}

			eval("\$banuser_username = \"".$templates->get("modcp_banuser_editusername")."\";");
}
}

 
	

	// New ban!

	// New ban!

	if(!$banuer_username)

	if(!$banuser_username)

	{
if($mybb->input['uid'])
{

	{
if($mybb->input['uid'])
{

Zeile 2680Zeile 2715
			$liftlist .= ">{$title} ({$thatime})</option>\n";
}
}

			$liftlist .= ">{$title} ({$thatime})</option>\n";
}
}



	

	$bangroups = '';
$query = $db->simple_select("usergroups", "gid, title", "isbannedgroup=1");
while($item = $db->fetch_array($query))

	$bangroups = '';
$query = $db->simple_select("usergroups", "gid, title", "isbannedgroup=1");
while($item = $db->fetch_array($query))

Zeile 2692Zeile 2727
		}
$bangroups .= "<option value=\"{$item['gid']}\"{$selected}>".htmlspecialchars_uni($item['title'])."</option>\n";
}

		}
$bangroups .= "<option value=\"{$item['gid']}\"{$selected}>".htmlspecialchars_uni($item['title'])."</option>\n";
}

 
	
$lift_link = "<div class=\"float_right\"><a href=\"modcp.php?action=liftban&amp;uid={$user['uid']}&amp;my_post_key={$mybb->post_code}\">{$lang->lift_ban}</a></div>";


eval("\$banuser = \"".$templates->get("modcp_banuser")."\";");
output_page($banuser);


eval("\$banuser = \"".$templates->get("modcp_banuser")."\";");
output_page($banuser);

Zeile 2699Zeile 2736

if($mybb->input['action'] == "do_modnotes")
{


if($mybb->input['action'] == "do_modnotes")
{

 
	// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);


	// Update Moderator Notes cache
$update_cache = array(
"modmessage" => $mybb->input['modnotes']

	// Update Moderator Notes cache
$update_cache = array(
"modmessage" => $mybb->input['modnotes']

Zeile 2722Zeile 2762
	if($unapproved_attachments > 0)
{
$query = $db->query("

	if($unapproved_attachments > 0)
{
$query = $db->query("

			SELECT t.tid, p.pid, t.uid, t.username, a.filename, a.dateuploaded

			SELECT t.tid, p.pid, p.uid, t.username, a.filename, a.dateuploaded

			FROM  ".TABLE_PREFIX."attachments a
LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)

			FROM  ".TABLE_PREFIX."attachments a
LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=a.pid)
LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)

Zeile 2755Zeile 2795
	if($unapproved_posts > 0)
{
$query = $db->query("

	if($unapproved_posts > 0)
{
$query = $db->query("

			SELECT p.pid, p.tid, p.subject, p.uid, p.username

			SELECT p.pid, p.tid, p.subject, p.uid, p.username, p.dateline

			FROM  ".TABLE_PREFIX."posts p
LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid

			FROM  ".TABLE_PREFIX."posts p
LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid

Zeile 2770Zeile 2810
		$post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']);
if(my_strlen($post['subject']) > 25)
{

		$post['subject'] = $post['fullsubject'] = $parser->parse_badwords($post['subject']);
if(my_strlen($post['subject']) > 25)
{

			$lastpost_subject = my_substr($post['subject'], 0, 25)."...";

			$post['subject'] = my_substr($post['subject'], 0, 25)."...";

		}
$post['subject'] = htmlspecialchars_uni($post['subject']);
$post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']);

		}
$post['subject'] = htmlspecialchars_uni($post['subject']);
$post['fullsubject'] = htmlspecialchars_uni($post['fullsubject']);

Zeile 2796Zeile 2836
		$thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']);
if(my_strlen($thread['subject']) > 25)
{

		$thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']);
if(my_strlen($thread['subject']) > 25)
{

			$lastpost_subject = my_substr($thread['subject'], 0, 25)."...";

			$post['subject'] = my_substr($thread['subject'], 0, 25)."...";

		}
$thread['subject'] = htmlspecialchars_uni($thread['subject']);
$thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']);

		}
$thread['subject'] = htmlspecialchars_uni($thread['subject']);
$thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']);