function onUse()
{
global $db_prefix, $context, $item_info;
// If an amount was not defined by the admin, assume defaults
if (!isset($item_info[1]) || $item_info[1] == '') {
$item_info[1] = -190;
}
if (!isset($item_info[2]) || $item_info[2] == '') {
$item_info[2] = 190;
}
$amount = mt_rand($item_info[1], $item_info[2]);
// Did we lose money?
if ($amount < 0) {
$result = db_query("\n\t\t\t\tSELECT money\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE ID_MEMBER = {$context[user][id]}", __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$amountLoss = abs($amount);
// If the user has enough money to pay for it out of his/her pocket
if ($row['money'] > $amountLoss) {
updateMemberData($context['user']['id'], array('money' => 'money - ' . $amountLoss));
return 'You lost ' . formatMoney($amountLoss) . '!';
} else {
updateMemberData($context['user']['id'], array('memberBank' => 'moneyBank - ' . $amountLoss));
return 'You lost ' . formatMoney($amountLoss) . '!<br /><br />You didn\'t have enough money in your pocket, so the money was taken from your bank! :(';
}
} else {
updateMemberData($context['user']['id'], array('money' => 'money + ' . $amount));
return 'You got ' . formatMoney($amount) . '!';
}
}
function onUse()
{
global $context, $smcFunc;
if (!isset($_POST['newtitle']) || $_POST['newtitle'] == '') {
die('ERROR: Please enter a new user title!');
}
$_POST['newtitle'] = $smcFunc['htmlspecialchars']($_POST['newtitle'], ENT_QUOTES);
updateMemberData($context['user']['id'], array('usertitle' => $_POST['newtitle']));
return 'Successfully changed your user title to ' . $_POST['newtitle'];
}
function onUse()
{
global $context, $item_info, $smcFunc;
// Use a length of 5 as default
if (!isset($item_info[1]) || $item_info[1] == 0) {
$item_info[1] = 5;
}
if (strlen($_POST['newDisplayName']) < $item_info[1]) {
die('ERROR: The name you chose was not long enough! Please go back and choose a name which is at least ' . $item_info[1] . ' characters long.');
}
$_POST['newDisplayName'] = $smcFunc['htmlspecialchars']($_POST['newDisplayName'], ENT_QUOTES);
updateMemberData($context['user']['id'], array('real_name' => $_POST['newDisplayName']));
return 'Successfully changed your display name to ' . $_POST['newDisplayName'];
}
/**
* Count the mentions of the current user
* callback for createList in action_list of Mentions_Controller
*
* @package Mentions
* @param bool $all : if true counts all the mentions, otherwise only the unread
* @param string[]|string $type : the type of the mention can be a string or an array of strings.
* @param string|null $id_member : the id of the member the counts are for, defaults to user_info['id']
*/
function countUserMentions($all = false, $type = '', $id_member = null)
{
global $user_info;
static $counts;
$db = database();
$id_member = $id_member === null ? $user_info['id'] : (int) $id_member;
if (isset($counts[$id_member])) {
return $counts[$id_member];
}
$request = $db->query('', '
SELECT COUNT(*)
FROM {db_prefix}log_mentions as mtn
WHERE mtn.id_member = {int:current_user}
AND mtn.status IN ({array_int:status})' . (empty($type) ? '' : (is_array($type) ? '
AND mtn.mention_type IN ({array_string:current_type})' : '
AND mtn.mention_type = {string:current_type}')), array('current_user' => $id_member, 'current_type' => $type, 'status' => $all ? array(0, 1) : array(0)));
list($counts[$id_member]) = $db->fetch_row($request);
$db->free_result($request);
// Counts as maintenance! :P
if ($all === false && empty($type)) {
updateMemberData($id_member, array('mentions' => $counts[$id_member]));
}
return $counts[$id_member];
}
//.........这里部分代码省略.........
WHERE id_board IN ({array_int:move_boards})', array('move_boards' => array_keys($moveTos)));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$cp = empty($row['count_posts']);
// Go through all the topics that are being moved to this board.
foreach ($moveTos[$row['id_board']] as $topic) {
// If both boards have the same value for post counting then no adjustment needs to be made.
if ($countPosts[$topic] != $cp) {
// If the board being moved to does count the posts then the other one doesn't so add to their post count.
$topicRecounts[$topic] = $cp ? '+' : '-';
}
}
}
$smcFunc['db_free_result']($request);
if (!empty($topicRecounts)) {
$members = array();
// Get all the members who have posted in the moved topics.
$request = $smcFunc['db_query']('', '
SELECT id_member, id_topic
FROM {db_prefix}messages
WHERE id_topic IN ({array_int:moved_topic_ids})', array('moved_topic_ids' => array_keys($topicRecounts)));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!isset($members[$row['id_member']])) {
$members[$row['id_member']] = 0;
}
if ($topicRecounts[$row['id_topic']] === '+') {
$members[$row['id_member']] += 1;
} else {
$members[$row['id_member']] -= 1;
}
}
$smcFunc['db_free_result']($request);
// And now update them member's post counts
foreach ($members as $id_member => $post_adj) {
updateMemberData($id_member, array('posts' => 'posts + ' . $post_adj));
}
}
}
}
// Now delete the topics...
if (!empty($removeCache)) {
// They can only delete their own topics. (we wouldn't be here if they couldn't do that..)
$result = $smcFunc['db_query']('', '
SELECT id_topic, id_board
FROM {db_prefix}topics
WHERE id_topic IN ({array_int:removed_topic_ids})' . (!empty($board) && !allowedTo('remove_any') ? '
AND id_member_started = {int:current_member}' : '') . '
LIMIT ' . count($removeCache), array('current_member' => $user_info['id'], 'removed_topic_ids' => $removeCache));
$removeCache = array();
$removeCacheBoards = array();
while ($row = $smcFunc['db_fetch_assoc']($result)) {
$removeCache[] = $row['id_topic'];
$removeCacheBoards[$row['id_topic']] = $row['id_board'];
}
$smcFunc['db_free_result']($result);
// Maybe *none* were their own topics.
if (!empty($removeCache)) {
// Gotta send the notifications *first*!
foreach ($removeCache as $topic) {
// Only log the topic ID if it's not in the recycle board.
logAction('remove', array(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $removeCacheBoards[$topic] ? 'topic' : 'old_topic_id' => $topic, 'board' => $removeCacheBoards[$topic]));
sendNotifications($topic, 'remove');
}
require_once $sourcedir . '/RemoveTopic.php';
removeTopics($removeCache);
}
}
function writeLog($force = false)
{
global $user_info, $user_settings, $context, $modSettings, $settings, $topic, $board, $smcFunc, $sourcedir;
// If we are showing who is viewing a topic, let's see if we are, and force an update if so - to make it accurate.
if (!empty($settings['display_who_viewing']) && ($topic || $board)) {
// Take the opposite approach!
$force = true;
// Don't update for every page - this isn't wholly accurate but who cares.
if ($topic) {
if (isset($_SESSION['last_topic_id']) && $_SESSION['last_topic_id'] == $topic) {
$force = false;
}
$_SESSION['last_topic_id'] = $topic;
}
}
// Are they a spider we should be tracking? Mode = 1 gets tracked on its spider check...
if (!empty($user_info['possibly_robot']) && !empty($modSettings['spider_mode']) && $modSettings['spider_mode'] > 1) {
require_once $sourcedir . '/ManageSearchEngines.php';
logSpider();
}
// Don't mark them as online more than every so often.
if (!empty($_SESSION['log_time']) && $_SESSION['log_time'] >= time() - 8 && !$force) {
return;
}
if (!empty($modSettings['who_enabled'])) {
$serialized = $_GET + array('USER_AGENT' => $_SERVER['HTTP_USER_AGENT']);
// In the case of a dlattach action, session_var may not be set.
if (!isset($context['session_var'])) {
$context['session_var'] = $_SESSION['session_var'];
}
unset($serialized['sesc'], $serialized[$context['session_var']]);
$serialized = serialize($serialized);
} else {
$serialized = '';
}
// Guests use 0, members use their session ID.
$session_id = $user_info['is_guest'] ? 'ip' . $user_info['ip'] : session_id();
// Grab the last all-of-SMF-specific log_online deletion time.
$do_delete = cache_get_data('log_online-update', 30) < time() - 30;
// If the last click wasn't a long time ago, and there was a last click...
if (!empty($_SESSION['log_time']) && $_SESSION['log_time'] >= time() - $modSettings['lastActive'] * 20) {
if ($do_delete) {
$smcFunc['db_query']('delete_log_online_interval', '
DELETE FROM {db_prefix}log_online
WHERE log_time < {int:log_time}
AND session != {string:session}', array('log_time' => time() - $modSettings['lastActive'] * 60, 'session' => $session_id));
// Cache when we did it last.
cache_put_data('log_online-update', time(), 30);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_online
SET log_time = {int:log_time}, ip = IFNULL(INET_ATON({string:ip}), 0), url = {string:url}
WHERE session = {string:session}', array('log_time' => time(), 'ip' => $user_info['ip'], 'url' => $serialized, 'session' => $session_id));
// Guess it got deleted.
if ($smcFunc['db_affected_rows']() == 0) {
$_SESSION['log_time'] = 0;
}
} else {
$_SESSION['log_time'] = 0;
}
// Otherwise, we have to delete and insert.
if (empty($_SESSION['log_time'])) {
if ($do_delete || !empty($user_info['id'])) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}log_online
WHERE ' . ($do_delete ? 'log_time < {int:log_time}' : '') . ($do_delete && !empty($user_info['id']) ? ' OR ' : '') . (empty($user_info['id']) ? '' : 'id_member = {int:current_member}'), array('current_member' => $user_info['id'], 'log_time' => time() - $modSettings['lastActive'] * 60));
}
$smcFunc['db_insert']($do_delete ? 'ignore' : 'replace', '{db_prefix}log_online', array('session' => 'string', 'id_member' => 'int', 'id_spider' => 'int', 'log_time' => 'int', 'ip' => 'raw', 'url' => 'string'), array($session_id, $user_info['id'], empty($_SESSION['id_robot']) ? 0 : $_SESSION['id_robot'], time(), 'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)', $serialized), array('session'));
}
// Mark your session as being logged.
$_SESSION['log_time'] = time();
// Well, they are online now.
if (empty($_SESSION['timeOnlineUpdated'])) {
$_SESSION['timeOnlineUpdated'] = time();
}
// Set their login time, if not already done within the last minute.
if (SMF != 'SSI' && !empty($user_info['last_login']) && $user_info['last_login'] < time() - 60) {
// Don't count longer than 15 minutes.
if (time() - $_SESSION['timeOnlineUpdated'] > 60 * 15) {
$_SESSION['timeOnlineUpdated'] = time();
}
$user_settings['total_time_logged_in'] += time() - $_SESSION['timeOnlineUpdated'];
updateMemberData($user_info['id'], array('last_login' => time(), 'member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP'], 'total_time_logged_in' => $user_settings['total_time_logged_in']));
if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2) {
cache_put_data('user_settings-' . $user_info['id'], $user_settings, 60);
}
$user_info['total_time_logged_in'] += time() - $_SESSION['timeOnlineUpdated'];
$_SESSION['timeOnlineUpdated'] = time();
}
}
function updateBanMembers()
{
global $smcFunc;
$updates = array();
$allMembers = array();
$newMembers = array();
// Start by getting all active bans - it's quicker doing this in parts...
$request = $smcFunc['db_query']('', '
SELECT bi.id_member, bi.email_address
FROM {db_prefix}ban_items AS bi
INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group)
WHERE (bi.id_member > {int:no_member} OR bi.email_address != {string:blank_string})
AND bg.cannot_access = {int:cannot_access_on}
AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time})', array('no_member' => 0, 'cannot_access_on' => 1, 'current_time' => time(), 'blank_string' => ''));
$memberIDs = array();
$memberEmails = array();
$memberEmailWild = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if ($row['id_member']) {
$memberIDs[$row['id_member']] = $row['id_member'];
}
if ($row['email_address']) {
// Does it have a wildcard - if so we can't do a IN on it.
if (strpos($row['email_address'], '%') !== false) {
$memberEmailWild[$row['email_address']] = $row['email_address'];
} else {
$memberEmails[$row['email_address']] = $row['email_address'];
}
}
}
$smcFunc['db_free_result']($request);
// Build up the query.
$queryPart = array();
$queryValues = array();
if (!empty($memberIDs)) {
$queryPart[] = 'mem.id_member IN ({array_string:member_ids})';
$queryValues['member_ids'] = $memberIDs;
}
if (!empty($memberEmails)) {
$queryPart[] = 'mem.email_address IN ({array_string:member_emails})';
$queryValues['member_emails'] = $memberEmails;
}
$count = 0;
foreach ($memberEmailWild as $email) {
$queryPart[] = 'mem.email_address LIKE {string:wild_' . $count . '}';
$queryValues['wild_' . $count++] = $email;
}
// Find all banned members.
if (!empty($queryPart)) {
$request = $smcFunc['db_query']('', '
SELECT mem.id_member, mem.is_activated
FROM {db_prefix}members AS mem
WHERE ' . implode(' OR ', $queryPart), $queryValues);
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!in_array($row['id_member'], $allMembers)) {
$allMembers[] = $row['id_member'];
// Do they need an update?
if ($row['is_activated'] < 10) {
$updates[$row['is_activated'] + 10][] = $row['id_member'];
$newMembers[] = $row['id_member'];
}
}
}
$smcFunc['db_free_result']($request);
}
// We welcome our new members in the realm of the banned.
if (!empty($newMembers)) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}log_online
WHERE id_member IN ({array_int:new_banned_members})', array('new_banned_members' => $newMembers));
}
// Find members that are wrongfully marked as banned.
$request = $smcFunc['db_query']('', '
SELECT mem.id_member, mem.is_activated - 10 AS new_value
FROM {db_prefix}members AS mem
LEFT JOIN {db_prefix}ban_items AS bi ON (bi.id_member = mem.id_member OR mem.email_address LIKE bi.email_address)
LEFT JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group AND bg.cannot_access = {int:cannot_access_activated} AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time}))
WHERE (bi.id_ban IS NULL OR bg.id_ban_group IS NULL)
AND mem.is_activated >= {int:ban_flag}', array('cannot_access_activated' => 1, 'current_time' => time(), 'ban_flag' => 10));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// Don't do this twice!
if (!in_array($row['id_member'], $allMembers)) {
$updates[$row['new_value']][] = $row['id_member'];
$allMembers[] = $row['id_member'];
}
}
$smcFunc['db_free_result']($request);
if (!empty($updates)) {
foreach ($updates as $newStatus => $members) {
updateMemberData($members, array('is_activated' => $newStatus));
}
}
// Update the latest member and our total members as banning may change them.
updateStats('member');
}
/**
* Actually delete an account.
*/
public function action_deleteaccount2()
{
global $user_info, $context, $cur_profile, $user_profile, $modSettings;
// Try get more time...
@set_time_limit(600);
// @todo Add a way to delete pms as well?
if (!$context['user']['is_owner']) {
isAllowedTo('profile_remove_any');
} elseif (!allowedTo('profile_remove_any')) {
isAllowedTo('profile_remove_own');
}
checkSession();
$memID = currentMemberID();
// Check we got here as we should have!
if ($cur_profile != $user_profile[$memID]) {
fatal_lang_error('no_access', false);
}
$old_profile =& $cur_profile;
// This file is needed for our utility functions.
require_once SUBSDIR . '/Members.subs.php';
// Too often, people remove/delete their own only administrative account.
if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1) {
// Are you allowed to administrate the forum, as they are?
isAllowedTo('admin_forum');
$another = isAnotherAdmin($memID);
if (empty($another)) {
fatal_lang_error('at_least_one_admin', 'critical');
}
}
// Do you have permission to delete others profiles, or is that your profile you wanna delete?
if ($memID != $user_info['id']) {
isAllowedTo('profile_remove_any');
// Now, have you been naughty and need your posts deleting?
// @todo Should this check board permissions?
if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum')) {
// Include subs/Topic.subs.php - essential for this type of work!
require_once SUBSDIR . '/Topic.subs.php';
require_once SUBSDIR . '/Messages.subs.php';
// First off we delete any topics the member has started - if they wanted topics being done.
if ($_POST['remove_type'] == 'topics') {
// Fetch all topics started by this user.
$topicIDs = topicsStartedBy($memID);
// Actually remove the topics.
// @todo This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had.
removeTopics($topicIDs);
}
// Now delete the remaining messages.
removeNonTopicMessages($memID);
}
// Only delete this poor member's account if they are actually being booted out of camp.
if (isset($_POST['deleteAccount'])) {
deleteMembers($memID);
}
} elseif (!empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum')) {
// Setup their account for deletion ;)
updateMemberData($memID, array('is_activated' => 4));
// Another account needs approval...
updateSettings(array('unapprovedMembers' => true), true);
} else {
deleteMembers($memID);
require_once CONTROLLERDIR . '/Auth.controller.php';
$controller = new Auth_Controller();
$controller->action_logout(true);
redirectexit();
}
}
/**
* Generates a random password for a user and emails it to them.
* - called by Profile.php when changing someone's username.
* - checks the validity of the new username.
* - generates and sets a new password for the given user.
* - mails the new password to the email address of the user.
* - if username is not set, only a new password is generated and sent.
*
* @param int $memID
* @param string $username = null
*/
function resetPassword($memID, $username = null)
{
global $scripturl, $context, $txt, $sourcedir, $modSettings, $smcFunc, $language;
// Language... and a required file.
loadLanguage('Login');
require_once $sourcedir . '/Subs-Post.php';
// Get some important details.
$request = $smcFunc['db_query']('', '
SELECT member_name, email_address, lngfile
FROM {db_prefix}members
WHERE id_member = {int:id_member}', array('id_member' => $memID));
list($user, $email, $lngfile) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if ($username !== null) {
$old_user = $user;
$user = trim($username);
}
// Generate a random password.
$newPassword = substr(preg_replace('/\\W/', '', md5(mt_rand())), 0, 10);
$newPassword_sha1 = sha1(strtolower($user) . $newPassword);
// Do some checks on the username if needed.
if ($username !== null) {
validateUsername($memID, $user);
// Update the database...
updateMemberData($memID, array('member_name' => $user, 'passwd' => $newPassword_sha1));
} else {
updateMemberData($memID, array('passwd' => $newPassword_sha1));
}
call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword));
$replacements = array('USERNAME' => $user, 'PASSWORD' => $newPassword);
$emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile);
// Send them the email informing them of the change - then we're done!
sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
请发表评论