members.inc.php

论坛软件系统亦称电子公告板(BBS)系统

			$jscreditsformula = str_replace('extcredits'.$i, "extcredits[$i]", $jscreditsformula);
			$creditscols .= '<td width="9%">'.(isset($extcredits[$i]) ? $extcredits[$i]['title'] : 'extcredits'.$i).'</td>';
			$creditsvalue .= '<td class="altbg'.(($i + 1) % 2 + 1).'">'.(isset($extcredits[$i]) ? '<input type="text" size="3" name="extcreditsnew['.$i.']" id="extcreditsnew['.$i.']" value="'.$member['extcredits'.$i].'" onkeyup="membercredits()"> '.$extcredits['$i']['unit'] : '<input type="text" size="3" value="N/A" disabled>').'</td>';
		}

		$creditsrangs = $member['type'] == 'member' ? "$member[creditshigher]~$member[creditslower]" : 'N/A';

		shownav('members_edit_credits');
		showtips('credits_tips');

?>
<form name="input" method="post" action="admincp.php?action=editcredits&uid=<?=$uid?>">
<input type="hidden" name="formhash" value="<?=FORMHASH?>">
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="tableborder">
<tr class="header"><td colspan="10"><?=$lang['members_edit_credits']?> - <?=$member['username']?>(<?=$member['grouptitle']?>)</td></tr>
<tr class="category" align="center"><td width="14%"><?=$lang['members_edit_credits_ranges']?></td><td width="14%"><?=$lang['credits']?></td><?=$creditscols?></tr>
<tr align="center"><td class="altbg1"><?=$creditsrangs?></td><td class="altbg2"><input type="text" name="jscredits" id="jscredits" value="<?=$membercredit?>" size="3" readonly></td><?=$creditsvalue?></tr>
</table><br>
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="tableborder">
<tr class="header"><td colspan="2"><?=$lang['members_edit_reason']?></td></tr>
<tr><td class="altbg1" width="60%"><b><?=$lang['members_edit_credits_reason']?></b><br><span class="smalltxt"><?=$lang['members_edit_credits_reason_comment']?></span></td>
<td class="altbg2" width="40%"><textarea name="reason" rows="5" cols="30" style="width: 90%"></textarea></td></tr>
</table><br><center>
<script language="JavaScript">
var extcredits = new Array();
function membercredits() {
	var credits = 0;
	for(var i = 1; i <= 8; i++) {
		e = $('extcreditsnew['+i+']');
		if(e && parseInt(e.value)) {
			extcredits[i] = parseInt(e.value);
		} else {
			extcredits[i] = 0;
		}
	}
	$('jscredits').value = Math.round(<?=$jscreditsformula?>);
}
</script>
<input class="button" type="submit" name="creditsubmit" value="<?=$lang['submit']?>">
</center></form>
<?

	} else {

		$diffarray = array();
		$sql = $comma = '';
		if(is_array($extcreditsnew)) {
			foreach($extcreditsnew as $id => $value) {
				if($member['extcredits'.$id] != ($value = intval($value))) {
					$diffarray[$id] = $value - $member['extcredits'.$id];
					$sql .= $comma."extcredits$id='$value'";
					$comma = ', ';
				}
			}
		}

		if($diffarray) {
			if(empty($reason)) {
				cpmsg('members_edit_reason_invalid');
			}

			@$fp = fopen(DISCUZ_ROOT.'./forumdata/ratelog.php', 'a');
			@flock($fp, 2);
			foreach($diffarray as $id => $diff) {
				@fwrite($fp, "$timestamp\t".dhtmlspecialchars($discuz_userss)."\t$adminid\t".dhtmlspecialchars($member['username'])."\t$id\t$diff\t0\t\t$reason\n");
			}
			$db->query("UPDATE {$tablepre}members SET $sql WHERE uid='$uid'");
			@fclose($fp);
		}

		cpmsg('members_edit_credits_succeed', "admincp.php?action=editcredits&uid=$uid");

	}

} elseif($action == 'editmedals' && $uid) {

	$query = $db->query("SELECT m.uid, m.username, mf.medals
		FROM {$tablepre}memberfields mf, {$tablepre}members m
		WHERE mf.uid='$uid' AND m.uid=mf.uid");

	if(!$member = $db->fetch_array($query)) {
		cpmsg('members_edit_nonexistence');
	}

	if(!submitcheck('medalsubmit')) {

		$medals = '';
		$membermedals = explode("\t", $member['medals']);
		$query = $db->query("SELECT * FROM {$tablepre}medals WHERE available='1'");
		while($medal = $db->fetch_array($query)) {
			$medals .= "<tr align=\"center\">\n".
				"<td class=\"altbg1\"><img src=\"images/common/$medal[image]\"></td>\n".
				"<td class=\"altbg2\">$medal[name]</td>\n".
				"<td class=\"altbg1\"><input class=\"checkbox\" type=\"checkbox\" name=\"medals[$medal[medalid]]\" value=\"1\" ".(in_array($medal['medalid'], $membermedals) ? 'checked' : '')."></td></td>\n";
		}

		if(!$medals) {
			cpmsg('members_edit_medals_nonexistence');
		}

		shownav('medals_edit');

?>
<form method="post" action="admincp.php?action=editmedals&uid=<?=$uid?>">
<input type="hidden" name="formhash" value="<?=FORMHASH?>">
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="tableborder">
<tr class="header"><td colspan="3"><?=$lang['medals_edit']?> - <?=$member['username']?></td></tr>
<tr class="category" align="center"><td><?=$lang['medals_image']?></td><td><?=$lang['name']?></td><td><?=$lang['medals_grant']?></td></tr>
<?=$medals?>
</table><br>
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="tableborder">
<tr class="header"><td colspan="2"><?=$lang['members_edit_reason']?></td></tr>
<tr><td class="altbg1" width="60%"><b><?=$lang['members_edit_medals_reason']?></b><br><span class="smalltxt"><?=$lang['members_edit_medals_reason_comment']?></span></td>
<td class="altbg2" width="40%"><textarea name="reason" rows="5" cols="30"></textarea></td></tr>
</table><br><center>
<input class="button" type="submit" name="medalsubmit" value="<?=$lang['submit']?>">
</center></form>
<?

	} else {

		$medalsarray = array();
		if(is_array($medals)) {
			foreach($medals as $medalid => $newgranted) {
				if($newgranted) {
					$medalsarray[] = intval($medalid);
				}
			}
		}

		$medalsnew = implode("\t", $medalsarray);
		$reason = preg_replace("/(\r\n|\r|\n)/", '<br />', dhtmlspecialchars(trim($reason)));

		if($member['medals'] != $medalsnew) {
			if(empty($reason)) {
				cpmsg('members_edit_reason_invalid');
			} else {
				$db->query("UPDATE {$tablepre}memberfields SET medals='$medalsnew' WHERE uid='$uid'");
			}
		}

		$origmedalsarray = explode("\t", $member['medals']);

		@$fp = fopen(DISCUZ_ROOT.'./forumdata/medalslog.php', 'a');
		@flock($fp, 2);

		foreach(array_unique(array_merge($origmedalsarray, $medalsarray)) as $medalid) {
			if($medalid) {
				$orig = in_array($medalid, $origmedalsarray);
				$new = in_array($medalid, $medalsarray);
				if($orig != $new) {
					if($orig && !$new) {
						$medalaction = 'revoke';
					} elseif(!$orig && $new) {
						$medalaction = 'grant';
					}
					@fwrite($fp, "<?PHP exit('Access Denied'); ?>\t$timestamp\t".dhtmlspecialchars($discuz_userss)."\t$onlineip\t".dhtmlspecialchars($member['username'])."\t$medalid\t$medalaction\t$reason\n");
				}
			}
		}

		@fclose($fp);

		cpmsg('members_edit_medals_succeed', "admincp.php?action=editmedals&uid=$uid");

	}

} elseif($action == 'banmember') {

	if(!$allowbanuser) {
		cpmsg('action_noaccess');
	}

	$member = $currentstatus = array();
	if(!empty($username) || !empty($uid)) {
		$query = $db->query("SELECT m.*, mf.*, u.type AS grouptype, u.allowsigbbcode, u.allowsigimgcode FROM {$tablepre}members m
			LEFT JOIN {$tablepre}memberfields mf ON mf.uid=m.uid
			LEFT JOIN {$tablepre}usergroups u ON u.groupid=m.groupid
			WHERE ".($uid ? "m.uid='$uid'" : "m.username='$username'"));

		if(!$member = $db->fetch_array($query)) {
			cpmsg('members_edit_nonexistence');
		} elseif(($member['grouptype'] == 'system' && in_array($member['groupid'], array(1, 2, 3, 6, 7, 8))) || $member['grouptype'] == 'special') {
			cpmsg('members_edit_illegal');
		}

		$member['groupterms'] = unserialize($member['groupterms']);
		$member['banexpiry'] = !empty($member['groupterms']['main']['time']) && ($member['groupid'] == 4 || $member['groupid'] == 5) ? gmdate('Y-n-j', $member['groupterms']['main']['time'] + $timeoffset * 3600) : '';
		if($member['groupid'] == 4) {
			$check['post'] = 'checked';
			$currentstatus['post'] = ' ('.$lang['members_edit_current_status'].')';
		} elseif($member['groupid'] == 5) {
			$check['visit'] = 'checked';
			$currentstatus['visit']  = ' ('.$lang['members_edit_current_status'].')';
		} else {
			$check['none'] = 'checked';
			$currentstatus['none']  = ' ('.$lang['members_edit_current_status'].')';
		}
	}

	if(!submitcheck('bansubmit')) {

		echo '<script src="include/calendar.js" type="text/javascript"></script>';
		shownav('members_edit_ban_user');
		echo '<form method="post" action="admincp.php?action=banmember&uid=&formhash='.FORMHASH.'">';
		showtype($lang['members_edit_ban_user'].($member['username'] ? ' -'.$member['username'] : ''), 'top');
		showsetting('members_edit_username', 'username', $member['username'], 'text');
		showsetting('members_edit_ban', '', '', '<input type="radio" name="bannew" value="" '.$check['none'].' class="radio"> '.$lang['members_edit_ban_none'].$currentstatus['none'].'<br><input type="radio" name="bannew" value="post" '.$check['post'].'  class="radio"> '.$lang['members_edit_ban_post'].$currentstatus['post'].'<br><input type="radio" name="bannew" value="visit" '.$check['visit'].'  class="radio"> '.$lang['members_edit_ban_visit'].$currentstatus['visit']);
		showsetting('members_edit_ban_validity', 'banexpirynew', $member['banexpiry'], 'calendar');
		if($adminid == 1) {
			showsetting('members_edit_ban_delpost', 'delpost', '', 'radio');
		}
		showsetting('members_edit_ban_reason', 'reason', '', 'textarea');
		showtype('', 'bottom');
		echo '<br><center><input class="button" type="submit" name="bansubmit" value="'.$lang['submit'].'"></center></form>';

	} else {

		$sql = 'uid=uid';
		$reason = trim($reason);
		if(!$reason && ($reasonpm == 1 || $reasonpm == 3)) {
			cpmsg('members_edit_reason_invalid');
		}

		if($bannew == 'post' || $bannew == 'visit') {
			$groupidnew = $bannew == 'post' ? 4 : 5;
			$banexpirynew = intval(@strtotime($banexpirynew) - $timeoffset * 8 + date('Z'));
			$banexpirynew = $banexpirynew > $timestamp ? $banexpirynew : 0;
			if($banexpirynew) {
				$member['groupterms']['main'] = array('time' => $banexpirynew, 'adminid' => $member['adminid'], 'groupid' => $member['groupid']);
				$member['groupterms']['ext'][$groupidnew] = $banexpirynew;
				$sql .= ', groupexpiry=\''.groupexpiry($member['groupterms']).'\'';
			}
			$adminidnew = -1;
		} elseif($member['groupid'] == 4 || $member['groupid'] == 5) {
			if(!empty($member['groupterms']['main']['groupid'])) {
				$groupidnew = $member['groupterms']['main']['groupid'];
				$adminidnew = $member['groupterms']['main']['adminid'];
				unset($member['groupterms']['main']);
				unset($member['groupterms']['ext'][$member['groupid']]);
				$sql .= ', groupexpiry=\''.groupexpiry($member['groupterms']).'\'';
			} else {
				$query = $db->query("SELECT groupid FROM {$tablepre}usergroups WHERE type='member' AND creditshigher<='$member[credits]' AND creditslower>'$member[credits]'");
				$groupidnew = $db->result($query, 0);
				$adminidnew = 0;
			}
		} else {
			$groupidnew = $member['groupid'];
			$adminidnew = $member['adminid'];
		}
		$sql .= ", adminid='$adminidnew', groupid='$groupidnew'";

		$db->query("UPDATE {$tablepre}members SET $sql WHERE uid='$member[uid]'");
		if($delpost && $bannew && $adminid == 1) {
			$query = $db->query("SELECT attachment FROM {$tablepre}attachments WHERE uid='$member[uid]'");
			while($attach = $db->fetch_array($query)) {
				@unlink($attachdir.'/'.$attach['attachment']);
			}

			$db->query("DELETE FROM {$tablepre}threads WHERE authorid='$member[uid]'", 'UNBUFFERED');
			$db->query("DELETE FROM {$tablepre}posts WHERE authorid='$member[uid]'", 'UNBUFFERED');
			$db->query("DELETE FROM {$tablepre}attachments WHERE uid='$member[uid]'", 'UNBUFFERED');
		}
		if($allowbanuser && ($db->affected