.
// Manage user settings
//
// Displays user settings, allows one to control special user status
// and forum suspension (banishment). Put this in html/ops,
// (or could be used by moderators for bans < 24 hrs).
// TODO: use DB abstraction layer
require_once("../inc/util.inc");
require_once("../inc/user.inc");
require_once("../inc/team.inc");
require_once("../inc/forum.inc");
require_once("../inc/util_ops.inc");
require_once("../inc/profile.inc");
require_once("../project/project.inc");
db_init();
$is_admin = true;
$Nbf = sizeof($special_user_bitfield);
// Delete a user (or at least try to)
//
function delete_user($user){
global $delete_problem;
if (!empty($user->teamid)){
user_quit_team($user);
#$delete_problem .= "Removed user from team. ";
}
if ($user->has_profile){
mysql_query("DELETE FROM profile WHERE userid = $user->id");
delete_user_pictures($user->id);
mysql_query("UPDATE user SET has_profile=0 WHERE id=$user->id");
#$delete_problem .= "Deleted profile. ";
}
if ($user->total_credit > 0.0){
$delete_problem .= "Cannot delete user: User has credit. ";
return false;
}
// Don't delete user if they have any outstanding Results
//
$q = "SELECT COUNT(*) AS count FROM result WHERE userid=".$user->id;
$result = mysql_query($q);
$c = mysql_fetch_object($result);
mysql_free_result($result);
if ($c->count) {
$delete_problem .= "Cannot delete user: User has ". $c->count.
" Results in the database. ";
}
// Don't delete user if they have posted to the forums
//
$q = "SELECT COUNT(*) AS count FROM post WHERE user=".$user->id;
$result = mysql_query($q);
$c = mysql_fetch_object($result);
mysql_free_result($result);
if ($c->count) {
$delete_problem .= "Cannot delete user: User has ". $c->count.
" forum posts. ";
}
if ($delete_problem) return false;
$q = "DELETE FROM user WHERE id=".$user->id;
$result = mysql_query($q);
$delete_problem .= "User ".$user->id." deleted.";
unset($user);
}
$delete_problem="";
// Process user search form
$matches="";
if (isset($_POST['search_submit'])){
$search_name = post_str('search_text');
$search_name = BoincDb::escape_string(sanitize_tags($search_name));
if (!empty($search_name)){
$result = mysql_query("SELECT * FROM user WHERE name='$search_name'");
if (mysql_num_rows($result)==1) {
$user = mysql_fetch_object($result);
mysql_free_result($result);
} else {
$q = "SELECT * FROM user WHERE name LIKE '%".$search_name."%'";
$result = mysql_query($q);
if (mysql_num_rows($result)==1) {
$user = mysql_fetch_object($result);
mysql_free_result($result);
}
if (mysql_num_rows($result)>1) {
while ($row = mysql_fetch_object($result)){
if (!empty($matches)) {
$matches .= ", ";
}
$matches .= $row->name;
}
mysql_free_result($result);
}
}
}
}
// Look up the user
$id = get_int("userid", true);
if (!$id) {
$id = post_int("userid", true);
}
$user = lookup_user_id($id);
// but clear if page was reset (forcing search form)
if (isset($_POST['reset_page'])){
unset($user);
}
// Process special user settings
if (isset($_POST['special_user']) && $user && $is_admin){
$bits="";
for ($i=0; $i<$Nbf; $i++) {
$key = "special_user_$i";
if (array_key_exists($key, $_POST) && $_POST[$key]) {
$bits .= "1";
} else {
$bits .= "0";
}
}
$q = "UPDATE forum_preferences SET special_user=\"$bits\" WHERE userid=$id";
mysql_query($q);
}
// Process a suspension:
if (isset($_POST['suspend_submit']) && !empty($user) && $is_admin) {
$dt = post_int('suspend_for',true);
if ($is_admin || ($is_mod && $dt < 86400)) {
$reason = $_POST['suspend_reason'];
if ($dt > 0 && empty($reason)) {
error_page("You must supply a reason for a suspension.
id>Try again"
);
} else {
if (is_numeric($dt)) {
$t = time()+$dt;
$q = "UPDATE forum_preferences SET banished_until=$t WHERE userid=$id";
mysql_query($q);
// put a timestamp in wiki to trigger re-validation of credentials
if (function_exists('touch_wiki_user')){
touch_wiki_user($user);
}
// Send suspension e-mail to user and administrators
if ($dt>0) {
$subject = PROJECT." posting privileges suspended for ". $user->name;
$body = "
Forum posting privileges for the " .PROJECT. " user \"".$user->name."\"
have been suspended for " .time_diff($dt). " by ".$g_logged_in_user->name.".
The reason given was:
$reason
The suspension will end at " .time_str($t)."\n";
} else {
$subject = PROJECT." user ". $user->name. " unsuspended";
$body = "
Forum posting privileges for the " .PROJECT. " user \"".$user->name."\"
have been restored by ".$g_logged_in_user->name."\n";
if ($reason) {
$body.="The reason given was:\n\n $reason\n";
}
}
send_email($user, $subject, $body);
$emails = explode(",", POST_REPORT_EMAILS);
foreach ($emails as $email) {
$admin->email_addr = $email;
send_email($admin, $subject, $body);
}
}
}
}
}
// Process a delete request. Empty user will trigger search form.
//
if (isset($_POST['delete_user']) && !empty($user)) {
delete_user($user);
}
// Now update from whatever might have been set above
if (!empty($user)) {
BoincForumPrefs::lookup($user);
}
// Output:
admin_page_head("User Management: $user->name");
echo "
User Management
\n";
if (!defined("POST_REPORT_EMAILS")) {
echo "
There is no addministrative e-mail address defined for reporting problems
or abuse in the forums. Please define POST_REPORT_EMAILS in project.inc