sql_query($sql)) { bb_die('Could not select group data #1'); } $group_list = ''; if (DB()->num_rows($result) != 0) { $template->assign_block_vars('groups_exist', []); while ($row = DB()->sql_fetchrow($result)) { $group_list .= '' . strip_tags(htmlspecialchars($row['group_name'])) . ''; } } $sql = 'SELECT * FROM ' . BB_RANKS . ' ORDER BY rank_title'; if (!($result = DB()->sql_query($sql))) { bb_die('Could not obtain ranks data'); } $rank_select_box = ''; if (DB()->num_rows($result) != 0) { $template->assign_block_vars('ranks_exist', []); while ($row = DB()->sql_fetchrow($result)) { $rank = $row['rank_title']; $rank_id = $row['rank_id']; $rank_select_box .= '' . $rank . ''; } } $language_list = \TorrentPier\Legacy\Select::language('', 'language_type'); $timezone_list = \TorrentPier\Legacy\Select::timezone('', 'timezone_type'); $sql = 'SELECT f.forum_id, f.forum_name, f.forum_parent, c.cat_id, c.cat_title FROM ( ' . BB_FORUMS . ' AS f INNER JOIN ' . BB_CATEGORIES . ' AS c ON c.cat_id = f.cat_id ) ORDER BY c.cat_order, f.forum_order ASC'; if (!$result = DB()->sql_query($sql)) { bb_die('Could not select forum data'); } $forums = []; $last_cat_id = -1; $forums_list = ''; if (DB()->num_rows($result) != 0) { $template->assign_block_vars('forums_exist', []); while ($row = DB()->sql_fetchrow($result)) { if ($row['cat_id'] != $last_cat_id) { $forums_list .= ''; $last_cat_id = $row['cat_id']; } $forums_list .= '' . ($row['forum_parent'] ? HTML_SF_SPACER : '') . htmlCHR($row['forum_name']) . ''; } } $lastvisited = [1, 7, 14, 30, 60, 120, 365, 500, 730, 1000]; $lastvisited_list = ''; foreach ($lastvisited as $days) { $lastvisited_list .= '' . delta_time((TIMENOW - 86400 * $days), TIMENOW, 'days') . ''; } $template->assign_vars([ 'TPL_ADMIN_USER_SEARCH_MAIN' => true, 'YEAR' => date('Y'), 'MONTH' => date('m'), 'DAY' => date('d'), 'GROUP_LIST' => $group_list, 'RANK_SELECT_BOX' => $rank_select_box, 'LANGUAGE_LIST' => $language_list, 'TIMEZONE_LIST' => $timezone_list, 'FORUMS_LIST' => $forums_list, 'LASTVISITED_LIST' => $lastvisited_list, 'U_SEARCH_USER' => BB_ROOT . 'search.php?mode=searchuser', 'S_SEARCH_ACTION' => 'admin_user_search.php' ]); } else { $mode = ''; // validate mode if (isset($_REQUEST['search_username'])) { $mode = 'search_username'; } elseif (isset($_REQUEST['search_email'])) { $mode = 'search_email'; } elseif (isset($_REQUEST['search_ip'])) { $mode = 'search_ip'; } elseif (isset($_REQUEST['search_joindate'])) { $mode = 'search_joindate'; } elseif (isset($_REQUEST['search_group'])) { $mode = 'search_group'; } elseif (isset($_REQUEST['search_rank'])) { $mode = 'search_rank'; } elseif (isset($_REQUEST['search_postcount'])) { $mode = 'search_postcount'; } elseif (isset($_REQUEST['search_userfield'])) { $mode = 'search_userfield'; } elseif (isset($_REQUEST['search_lastvisited'])) { $mode = 'search_lastvisited'; } elseif (isset($_REQUEST['search_language'])) { $mode = 'search_language'; } elseif (isset($_REQUEST['search_timezone'])) { $mode = 'search_timezone'; } elseif (isset($_REQUEST['search_moderators'])) { $mode = 'search_moderators'; } elseif (isset($_REQUEST['search_misc'])) { $mode = 'search_misc'; } // validate fields (that they exist) switch ($mode) { case 'search_username': $username = $_REQUEST['username']; if (!$username) { bb_die($lang['SEARCH_INVALID_USERNAME']); } break; case 'search_email': $email = $_REQUEST['email']; if (!$email) { bb_die($lang['SEARCH_INVALID_EMAIL']); } break; case 'search_ip': $ip_address = $_REQUEST['ip_address']; if (!$ip_address) { bb_die($lang['SEARCH_INVALID_IP']); } break; case 'search_joindate': $date_type = $_REQUEST['date_type']; $date_day = $_REQUEST['date_day']; $date_month = $_REQUEST['date_month']; $date_year = $_REQUEST['date_year']; if (!($date_type || $date_day || $date_month || $date_year)) { bb_die($lang['SEARCH_INVALID_DATE']); } break; case 'search_group': $group_id = $_REQUEST['group_id']; if (!$group_id) { bb_die($lang['SEARCH_INVALID_GROUP']); } break; case 'search_rank': $rank_id = $_REQUEST['rank_id']; if (!$rank_id) { bb_die($lang['SEARCH_INVALID_RANK']); } break; case 'search_postcount': $postcount_type = $_REQUEST['postcount_type']; $postcount_value = $_REQUEST['postcount_value']; if (!$postcount_type || (!$postcount_value && $postcount_value != 0)) { bb_die($lang['SEARCH_INVALID_POSTCOUNT']); } break; case 'search_userfield': $userfield_type = $_REQUEST['userfield_type']; $userfield_value = $_REQUEST['userfield_value']; if (!$userfield_type || !$userfield_value) { bb_die($lang['SEARCH_INVALID_USERFIELD']); } break; case 'search_lastvisited': $lastvisited_days = $_REQUEST['lastvisited_days']; $lastvisited_type = $_REQUEST['lastvisited_type']; if (!$lastvisited_days || !$lastvisited_type) { bb_die($lang['SEARCH_INVALID_LASTVISITED']); } break; case 'search_language': $language_type = $_REQUEST['language_type']; if (!$language_type) { bb_die($lang['SEARCH_INVALID_LANGUAGE']); } break; case 'search_timezone': $timezone_type = $_REQUEST['timezone_type']; if (!$timezone_type && $timezone_type != 0) { bb_die($lang['SEARCH_INVALID_TIMEZONE']); } break; case 'search_moderators': $moderators_forum = $_REQUEST['moderators_forum']; if (!$moderators_forum) { bb_die($lang['SEARCH_INVALID_MODERATORS']); } break; case 'search_misc': $misc = $_REQUEST['misc']; if (!$misc) { bb_die($lang['SEARCH_INVALID']); } break; default: bb_die('Invalid mode'); } $base_url = 'admin_user_search.php?dosearch=true'; $select_sql = 'SELECT u.user_id, u.username, u.user_rank, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active, u.user_lastvisit FROM ' . BB_USERS . ' AS u'; $lower_b = 'LOWER('; $lower_e = ')'; // validate data & prepare sql switch ($mode) { case 'search_username': $base_url .= '&search_username=true&username=' . rawurlencode(stripslashes($username)); $text = sprintf($lang['SEARCH_FOR_USERNAME'], strip_tags(htmlspecialchars(stripslashes($username)))); $username = str_replace('*', '%', trim(strip_tags(strtolower($username)))); if (str_contains($username, '%')) { $op = 'LIKE'; } else { $op = '='; } if ($username == '') { bb_die($lang['SEARCH_INVALID_USERNAME']); } $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE {$lower_b}username{$lower_e} $op '" . DB()->escape($username) . "' AND user_id <> " . GUEST_UID; $select_sql .= " WHERE {$lower_b}u.username{$lower_e} $op '" . DB()->escape($username) . "' AND u.user_id <> " . GUEST_UID; break; case 'search_email': $base_url .= '&search_email=true&email=' . rawurlencode(stripslashes($email)); $text = sprintf($lang['SEARCH_FOR_EMAIL'], strip_tags(htmlspecialchars(stripslashes($email)))); $email = str_replace('*', '%', trim(strip_tags(strtolower($email)))); if (str_contains($email, '%')) { $op = 'LIKE'; } else { $op = '='; } if ($email == '') { bb_die($lang['SEARCH_INVALID_EMAIL']); } $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE {$lower_b}user_email{$lower_e} $op '" . DB()->escape($email) . "' AND user_id <> " . GUEST_UID; $select_sql .= " WHERE {$lower_b}u.user_email{$lower_e} $op '" . DB()->escape($email) . "' AND u.user_id <> " . GUEST_UID; break; case 'search_ip': $base_url .= '&search_ip=true&ip_address=' . rawurlencode(stripslashes($ip_address)); $ip_address = trim($ip_address); $text = sprintf($lang['SEARCH_FOR_IP'], strip_tags(htmlspecialchars(stripslashes($ip_address)))); unset($users); $users = []; if (\TorrentPier\Helpers\IPHelper::isValid($ip_address)) { $ip = \TorrentPier\Helpers\IPHelper::ip2long($ip_address); $users[] = $ip; } else { bb_die($lang['SEARCH_INVALID_IP']); } $ip_in_sql = $ip_like_sql = $ip_like_sql_flylast = $ip_like_sql_flyreg = ''; foreach ($users as $address) { $ip_in_sql .= ($ip_in_sql == '') ? "'$address'" : ", '$address'"; } $where_sql = ''; $where_sql .= ($ip_in_sql != '') ? "poster_ip IN ($ip_in_sql)" : ''; $where_sql .= ($ip_like_sql != '') ? ($where_sql != '') ? " OR $ip_like_sql" : (string)$ip_like_sql : ''; if (!$where_sql) { bb_die('invalid request'); } // start search $no_result_search = false; $ip_users_sql = ''; $sql = 'SELECT poster_id FROM ' . BB_POSTS . ' WHERE poster_id <> ' . GUEST_UID . " AND ($where_sql) GROUP BY poster_id"; if (!$result = DB()->sql_query($sql)) { bb_die('Could not count users #1'); } if (DB()->num_rows($result) == 0) { $no_result_search = true; } else { $total_pages['total'] = DB()->num_rows($result); $total_sql = null; $ip_users_sql = ''; while ($row = DB()->sql_fetchrow($result)) { $ip_users_sql .= ($ip_users_sql == '') ? $row['poster_id'] : ', ' . $row['poster_id']; } } $where_sql = ''; $where_sql .= ($ip_in_sql != '') ? "user_last_ip IN ($ip_in_sql)" : ''; $where_sql .= ($ip_like_sql_flylast != '') ? ($where_sql != '') ? " OR $ip_like_sql_flylast" : (string)$ip_like_sql_flylast : ''; $sql = 'SELECT user_id FROM ' . BB_USERS . ' WHERE user_id <> ' . GUEST_UID . " AND ($where_sql) GROUP BY user_id"; if (!$result = DB()->sql_query($sql)) { bb_die('Could not count users #2'); } if (DB()->num_rows($result) != 0) { if ($no_result_search == true) { $no_result_search = false; } $total_pages['total'] = DB()->num_rows($result); $total_sql = null; while ($row = DB()->sql_fetchrow($result)) { $ip_users_sql .= ($ip_users_sql == '') ? $row['user_id'] : ', ' . $row['user_id']; } } $where_sql = ''; $where_sql .= ($ip_in_sql != '') ? "user_reg_ip IN ($ip_in_sql)" : ''; $where_sql .= ($ip_like_sql_flyreg != '') ? ($where_sql != '') ? " OR $ip_like_sql_flyreg" : (string)$ip_like_sql_flyreg : ''; $sql = 'SELECT user_id FROM ' . BB_USERS . ' WHERE user_id <> ' . GUEST_UID . " AND ($where_sql) GROUP BY user_id"; if (!$result = DB()->sql_query($sql)) { bb_die('Could not count users #3'); } if (DB()->num_rows($result) != 0) { if ($no_result_search == true) { $no_result_search = false; } $total_pages['total'] = DB()->num_rows($result); $total_sql = null; while ($row = DB()->sql_fetchrow($result)) { $ip_users_sql .= ($ip_users_sql == '') ? $row['user_id'] : ', ' . $row['user_id']; } } if ($no_result_search == true) { bb_die($lang['SEARCH_NO_RESULTS']); } $select_sql .= " WHERE u.user_id IN ($ip_users_sql)"; break; case 'search_joindate': $base_url .= '&search_joindate=true&date_type=' . rawurlencode($date_type) . '&date_day=' . rawurlencode($date_day) . '&date_month=' . rawurlencode($date_month) . '&date_year=' . rawurlencode(stripslashes($date_year)); $date_type = strtolower(trim($date_type)); if ($date_type != 'before' && $date_type != 'after') { bb_die($lang['SEARCH_INVALID_DATE']); } $date_day = (int)$date_day; if (!preg_match('/^([1-9]|[0-2][0-9]|3[0-1])$/', $date_day)) { bb_die($lang['SEARCH_INVALID_DAY']); } $date_month = (int)$date_month; if (!preg_match('/^(0?[1-9]|1[0-2])$/', $date_month)) { bb_die($lang['SEARCH_INVALID_MONTH']); } $date_year = (int)$date_year; if (!preg_match('/^(20[0-9]{2}|19[0-9]{2})$/', $date_year)) { bb_die($lang['SEARCH_INVALID_YEAR']); } $text = sprintf($lang['SEARCH_FOR_DATE'], strip_tags(htmlspecialchars(stripslashes($date_type))), $date_year, $date_month, $date_day); $time = mktime(0, 0, 0, $date_month, $date_day, $date_year); if ($date_type == 'before') { $arg = '<'; } else { $arg = '>'; } $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_regdate $arg $time AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_regdate $arg $time AND u.user_id <> " . GUEST_UID; break; case 'search_group': $group_id = (int)$group_id; $base_url .= '&search_group=true&group_id=' . rawurlencode($group_id); if (!$group_id) { bb_die($lang['SEARCH_INVALID_GROUP']); } $sql = 'SELECT group_name FROM ' . BB_GROUPS . " WHERE group_id = $group_id AND group_single_user = 0"; if (!$result = DB()->sql_query($sql)) { bb_die('Could not select group data #2'); } if (DB()->num_rows($result) == 0) { bb_die($lang['SEARCH_INVALID_GROUP']); } $group_name = DB()->sql_fetchrow($result); $text = sprintf($lang['SEARCH_FOR_GROUP'], strip_tags(htmlspecialchars($group_name['group_name']))); $total_sql .= 'SELECT COUNT(u.user_id) AS total FROM ' . BB_USERS . ' AS u, ' . BB_USER_GROUP . " AS ug WHERE u.user_id = ug.user_id AND ug.group_id = $group_id AND u.user_id <> " . GUEST_UID; $select_sql .= ', ' . BB_USER_GROUP . " AS ug WHERE u.user_id = ug.user_id AND ug.group_id = $group_id AND u.user_id <> " . GUEST_UID; break; case 'search_rank': $rank_id = (int)$rank_id; $base_url .= '&search_rank=true&rank_id=' . rawurlencode($rank_id); if (!$rank_id) { bb_die($lang['SEARCH_INVALID_RANK']); } $sql = 'SELECT rank_title FROM ' . BB_RANKS . " WHERE rank_id = $rank_id"; if (!$result = DB()->sql_query($sql)) { bb_die('Could not select rank data'); } if (DB()->num_rows($result) == 0) { bb_die($lang['SEARCH_INVALID_RANK']); } $rank_title = DB()->sql_fetchrow($result); $text = sprintf($lang['SEARCH_FOR_RANK'], strip_tags(htmlspecialchars($rank_title['rank_title']))); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_rank = $rank_id AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_rank = $rank_id AND u.user_id <> " . GUEST_UID; break; case 'search_postcount': $postcount_type = strtolower(trim($postcount_type)); $postcount_value = strtolower(trim($postcount_value)); $base_url .= '&search_postcount=true&postcount_type=' . rawurlencode($postcount_type) . '&postcount_value=' . rawurlencode(stripslashes($postcount_value)); switch ($postcount_type) { case 'greater': $postcount_value = (int)$postcount_value; $text = sprintf($lang['SEARCH_FOR_POSTCOUNT_GREATER'], $postcount_value); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_posts > $postcount_value AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_posts > $postcount_value AND u.user_id <> " . GUEST_UID; break; case 'lesser': $postcount_value = (int)$postcount_value; $text = sprintf($lang['SEARCH_FOR_POSTCOUNT_LESSER'], $postcount_value); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_posts < $postcount_value AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_posts < $postcount_value AND u.user_id <> " . GUEST_UID; break; case 'equals': // looking for a - if (str_contains($postcount_value, '-')) { $range = preg_split('/[-\s]+/', $postcount_value); $range_begin = (int)$range[0]; $range_end = (int)$range[1]; if ($range_begin > $range_end) { bb_die($lang['SEARCH_INVALID_POSTCOUNT']); } $text = sprintf($lang['SEARCH_FOR_POSTCOUNT_RANGE'], $range_begin, $range_end); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_posts >= $range_begin AND user_posts <= $range_end AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_posts >= $range_begin AND u.user_posts <= $range_end AND u.user_id <> " . GUEST_UID; } else { $postcount_value = (int)$postcount_value; $text = sprintf($lang['SEARCH_FOR_POSTCOUNT_EQUALS'], $postcount_value); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_posts = $postcount_value AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_posts = $postcount_value AND u.user_id <> " . GUEST_UID; } break; default: bb_die($lang['SEARCH_INVALID']); } break; case 'search_userfield': $base_url .= '&search_userfield=true&userfield_type=' . rawurlencode($userfield_type) . '&userfield_value=' . rawurlencode(stripslashes($userfield_value)); $text = strip_tags(htmlspecialchars(stripslashes($userfield_value))); $userfield_value = str_replace('*', '%', trim(strip_tags(strtolower($userfield_value)))); if (str_contains($userfield_value, '%')) { $op = 'LIKE'; } else { $op = '='; } if ($userfield_value == '') { bb_die($lang['SEARCH_INVALID_USERFIELD']); } $userfield_type = strtolower(trim($userfield_type)); switch ($userfield_type) { case 'icq': $text = sprintf($lang['SEARCH_FOR_USERFIELD_ICQ'], $text); $field = 'user_icq'; break; case 'skype': $text = sprintf($lang['SEARCH_FOR_USERFIELD_SKYPE'], $text); $field = 'user_skype'; break; case 'twitter': $text = sprintf($lang['SEARCH_FOR_USERFIELD_TWITTER'], $text); $field = 'user_twitter'; break; case 'website': $text = sprintf($lang['SEARCH_FOR_USERFIELD_WEBSITE'], $text); $field = 'user_website'; break; case 'location': $text = sprintf($lang['SEARCH_FOR_USERFIELD_LOCATION'], $text); $field = 'user_from'; break; case 'interests': $text = sprintf($lang['SEARCH_FOR_USERFIELD_INTERESTS'], $text); $field = 'user_interests'; break; case 'occupation': $text = sprintf($lang['SEARCH_FOR_USERFIELD_OCCUPATION'], $text); $field = 'user_occ'; break; default: bb_die($lang['SEARCH_INVALID']); } $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE {$lower_b}$field{$lower_e} $op '" . DB()->escape($userfield_value) . "' AND user_id <> " . GUEST_UID; $select_sql .= " WHERE {$lower_b}u.$field{$lower_e} $op '" . DB()->escape($userfield_value) . "' AND u.user_id <> " . GUEST_UID; break; case 'search_lastvisited': $lastvisited_type = strtolower(trim($lastvisited_type)); $lastvisited_days = (int)$lastvisited_days; $base_url .= '&search_lastvisited=true&lastvisited_type=' . rawurlencode(stripslashes($lastvisited_type)) . '&lastvisited_days=' . rawurlencode($lastvisited_days); $lastvisited_seconds = (TIMENOW - ((($lastvisited_days * 24) * 60) * 60)); switch ($lastvisited_type) { case 'in': $text = sprintf($lang['SEARCH_FOR_LASTVISITED_INTHELAST'], delta_time((TIMENOW - 86400 * $lastvisited_days), TIMENOW, 'days')); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_lastvisit >= $lastvisited_seconds AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_lastvisit >= $lastvisited_seconds AND u.user_id <> " . GUEST_UID; break; case 'after': $text = sprintf($lang['SEARCH_FOR_LASTVISITED_AFTERTHELAST'], delta_time((TIMENOW - 86400 * $lastvisited_days), TIMENOW, 'days')); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_lastvisit < $lastvisited_seconds AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_lastvisit < $lastvisited_seconds AND u.user_id <> " . GUEST_UID; break; default: bb_die($lang['SEARCH_INVALID_LASTVISITED']); } break; case 'search_language': $base_url .= '&search_language=true&language_type=' . rawurlencode(stripslashes($language_type)); $language_type = strtolower(trim(stripslashes($language_type))); if ($language_type == '') { bb_die($lang['SEARCH_INVALID_LANGUAGE']); } $text = sprintf($lang['SEARCH_FOR_LANGUAGE'], strip_tags(htmlspecialchars($language_type))); $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_lang = '" . DB()->escape($language_type) . "' AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_lang = '" . DB()->escape($language_type) . "' AND u.user_id <> " . GUEST_UID; break; case 'search_timezone': $base_url .= '&search_timezone=true&timezone_type=' . rawurlencode(stripslashes($timezone_type)); $text = sprintf($lang['SEARCH_FOR_TIMEZONE'], strip_tags(htmlspecialchars(stripslashes($timezone_type)))); $timezone_type = (int)$timezone_type; $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . " WHERE user_timezone = $timezone_type AND user_id <> " . GUEST_UID; $select_sql .= " WHERE u.user_timezone = $timezone_type AND u.user_id <> " . GUEST_UID; break; case 'search_moderators': $base_url .= '&search_moderators=true&moderators_forum=' . rawurlencode(stripslashes($moderators_forum)); $moderators_forum = (int)$moderators_forum; $sql = 'SELECT forum_name FROM ' . BB_FORUMS . ' WHERE forum_id = ' . $moderators_forum; if (!$result = DB()->sql_query($sql)) { bb_die('Could not select forum data'); } if (DB()->num_rows($result) == 0) { bb_die($lang['SEARCH_INVALID_MODERATORS']); } $forum_name = DB()->sql_fetchrow($result); $text = sprintf($lang['SEARCH_FOR_MODERATORS'], htmlCHR($forum_name['forum_name'])); $total_sql .= 'SELECT COUNT(DISTINCT u.user_id) AS total FROM ' . BB_USERS . ' AS u, ' . BB_GROUPS . ' AS g, ' . BB_USER_GROUP . ' AS ug, ' . BB_AUTH_ACCESS . ' AS aa WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id AND g.group_id = aa.group_id AND aa.forum_id = ' . $moderators_forum . ' AND aa.forum_perm & ' . BF_AUTH_MOD . ' AND u.user_id <> ' . GUEST_UID; $select_sql .= ', ' . BB_GROUPS . ' AS g, ' . BB_USER_GROUP . ' AS ug, ' . BB_AUTH_ACCESS . ' AS aa WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id AND g.group_id = aa.group_id AND aa.forum_id = ' . $moderators_forum . ' AND aa.forum_perm & ' . BF_AUTH_MOD . ' AND u.user_id <> ' . GUEST_UID . ' GROUP BY u.user_id, u.username, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active, u.user_lastvisit'; break; case 'search_misc': default: $misc = strtolower(trim($misc)); $base_url .= '&search_misc=true&misc=' . rawurlencode(stripslashes($misc)); switch ($misc) { case 'admins': $text = $lang['SEARCH_FOR_ADMINS']; $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . ' WHERE user_level = ' . ADMIN . ' AND user_id <> ' . GUEST_UID; $select_sql .= ' WHERE u.user_level = ' . ADMIN . ' AND u.user_id <> ' . GUEST_UID; break; case 'mods': $text = $lang['SEARCH_FOR_MODS']; $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . ' WHERE user_level = ' . MOD . ' AND user_id <> ' . GUEST_UID; $select_sql .= ' WHERE u.user_level = ' . MOD . ' AND u.user_id <> ' . GUEST_UID; break; case 'banned': $text = $lang['SEARCH_FOR_BANNED']; $total_sql .= 'SELECT COUNT(u.user_id) AS total FROM ' . BB_USERS . ' AS u, ' . BB_BANLIST . ' AS b WHERE u.user_id = b.ban_userid AND u.user_id <> ' . GUEST_UID; $select_sql .= ', ' . BB_BANLIST . ' AS b WHERE u.user_id = b.ban_userid AND u.user_id <> ' . GUEST_UID; break; case 'disabled': $text = $lang['SEARCH_FOR_DISABLED']; $total_sql .= 'SELECT COUNT(user_id) AS total FROM ' . BB_USERS . ' WHERE user_active = 0 AND user_id <> ' . GUEST_UID; $select_sql .= ' WHERE u.user_active = 0 AND u.user_id <> ' . GUEST_UID; break; default: bb_die($lang['SEARCH_INVALID']); } } $select_sql .= ' ORDER BY '; if (isset($_GET['sort'])) { switch (strtolower($_GET['sort'])) { case 'regdate': $sort = 'regdate'; $select_sql .= 'u.user_regdate'; break; case 'posts': $sort = 'posts'; $select_sql .= 'u.user_posts'; break; case 'user_email': $sort = 'user_email'; $select_sql .= 'u.user_email'; break; case 'lastvisit': $sort = 'lastvisit'; $select_sql .= 'u.user_lastvisit'; break; case 'username': $sort = 'username'; $select_sql .= 'u.username'; } } else { $sort = 'username'; $select_sql .= 'u.username'; } if (isset($_GET['order'])) { $o_order = 'ASC'; $order = 'DESC'; } else { $o_order = 'DESC'; $order = 'ASC'; } $select_sql .= " $order"; $page = isset($_GET['page']) ? (int)$_GET['page'] : 0; if ($page < 1) { $page = 1; } if ($page == 1) { $offset = 0; } else { $offset = (($page - 1) * $bb_cfg['topics_per_page']); } $limit = "LIMIT $offset, " . $bb_cfg['topics_per_page']; $select_sql .= " $limit"; if (null !== $total_sql) { if (!$result = DB()->sql_query($total_sql)) { bb_die('Could not count users'); } $total_pages = DB()->sql_fetchrow($result); if ($total_pages['total'] == 0) { bb_die($lang['SEARCH_NO_RESULTS']); } } $num_pages = ceil($total_pages['total'] / $bb_cfg['topics_per_page']); $pagination = ''; if ($page > 1) { $pagination .= '' . $lang['BACK'] . ''; } if ($page < $num_pages) { $pagination .= ($pagination == '') ? '' . $lang['NEXT'] . '' : ' | ' . $lang['NEXT'] . ''; } if ($num_pages > 2) { $pagination .= '   '; } $template->assign_vars([ 'TPL_ADMIN_USER_SEARCH_RESULTS' => true, 'PAGE_NUMBER' => sprintf($lang['PAGE_OF'], $page, $num_pages), 'PAGINATION' => $pagination, 'NEW_SEARCH' => sprintf($lang['SEARCH_USERS_NEW'], $text, $total_pages['total'], 'admin_user_search.php'), 'U_USERNAME' => ($sort == 'username') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=username&order=$order", 'U_EMAIL' => ($sort == 'user_email') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=user_email&order=$order", 'U_POSTS' => ($sort == 'posts') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=posts&order=$order", 'U_JOINDATE' => ($sort == 'regdate') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=regdate&order=$order", 'U_LASTVISIT' => ($sort == 'lastvisit') ? "$base_url&sort=$sort&order=$o_order" : "$base_url&sort=lastvisit&order=$order", 'S_POST_ACTION' => "$base_url&sort=$sort&order=$order" ]); if (!$result = DB()->sql_query($select_sql)) { bb_die('Could not select user data'); } $rowset = DB()->sql_fetchrowset($result); $users_sql = ''; foreach ($rowset as $array) { $users_sql .= ($users_sql == '') ? $array['user_id'] : ', ' . $array['user_id']; } $sql = 'SELECT ban_userid AS user_id FROM ' . BB_BANLIST . " WHERE ban_userid IN ($users_sql)"; if (!$result = DB()->sql_query($sql)) { bb_die('Could not select banned data'); } unset($banned); $banned = []; while ($row = DB()->sql_fetchrow($result)) { $banned[$row['user_id']] = true; } for ($i = 0, $iMax = count($rowset); $i < $iMax; $i++) { $row_class = !($i % 2) ? 'row1' : 'row2'; $template->assign_block_vars('userrow', [ 'ROW_CLASS' => $row_class, 'USER' => profile_url($rowset[$i], true), 'EMAIL' => $rowset[$i]['user_email'], 'JOINDATE' => bb_date($rowset[$i]['user_regdate']), 'LASTVISIT' => $rowset[$i]['user_lastvisit'] ? bb_date($rowset[$i]['user_lastvisit']) : $lang['NEVER'], 'POSTS' => $rowset[$i]['user_posts'], 'BAN' => (!isset($banned[$rowset[$i]['user_id']])) ? $lang['NOT_BANNED'] : $lang['BANNED'], 'ABLED' => $rowset[$i]['user_active'] ? $lang['ENABLED'] : $lang['DISABLED'], 'U_VIEWPOSTS' => "../search.php?search_author=1&uid={$rowset[$i]['user_id']}", 'U_MANAGE' => '../profile.php?mode=editprofile&' . POST_USERS_URL . '=' . $rowset[$i]['user_id'] . '&admin=1', 'U_PERMISSIONS' => 'admin_ug_auth.php?mode=user&' . POST_USERS_URL . '=' . $rowset[$i]['user_id'], ]); } } print_page('admin_user_search.tpl', 'admin');