2020-12-26 01:42:23 +08:00
|
|
|
<?php
|
2021-01-13 19:32:26 +08:00
|
|
|
require "../include/bittorrent.php";
|
2020-12-26 01:42:23 +08:00
|
|
|
dbconn();
|
2025-04-24 18:11:59 +07:00
|
|
|
//require(get_langfile_path("",true));
|
2020-12-26 01:42:23 +08:00
|
|
|
loggedinorreturn();
|
|
|
|
|
|
|
|
|
|
function puke()
|
|
|
|
|
{
|
|
|
|
|
$msg = "User ".$CURUSER["username"]." (id: ".$CURUSER["id"].") is hacking user's profile. IP : ".getip();
|
|
|
|
|
write_log($msg,'mod');
|
|
|
|
|
stderr("Error", "Permission denied. For security reason, we logged this action");
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-20 19:11:28 +08:00
|
|
|
if (!user_can('prfmanage'))
|
2020-12-26 01:42:23 +08:00
|
|
|
puke();
|
|
|
|
|
|
|
|
|
|
$action = $_POST["action"];
|
|
|
|
|
if ($action == "confirmuser")
|
|
|
|
|
{
|
|
|
|
|
$userid = $_POST["userid"];
|
|
|
|
|
$confirm = $_POST["confirm"];
|
|
|
|
|
sql_query('UPDATE `users` SET `status` = \''.mysql_real_escape_string($confirm).'\', `info` = NULL WHERE `id` = '.mysql_real_escape_string($userid).' LIMIT 1;') or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
header("Location: " . get_protocol_prefix() . "$BASEURL/unco.php?status=1");
|
|
|
|
|
die;
|
|
|
|
|
}
|
|
|
|
|
if ($action == "edituser")
|
|
|
|
|
{
|
|
|
|
|
$userid = $_POST["userid"];
|
2023-04-13 01:33:35 +08:00
|
|
|
$userInfo = \App\Models\User::query()->findOrFail($userid);
|
|
|
|
|
// $class = intval($_POST["class"] ?? 0);
|
|
|
|
|
$class = $userInfo->class;
|
2025-04-21 02:53:56 +07:00
|
|
|
$locale = get_user_locale($userid);
|
2026-01-31 12:35:50 +07:00
|
|
|
// $vip_added = ($_POST["vip_added"] == 'yes' ? 'yes' : 'no');
|
|
|
|
|
$vip_added = $userInfo->vip_added;
|
|
|
|
|
// $vip_until = !empty($_POST["vip_until"]) ? $_POST['vip_until'] : null;
|
|
|
|
|
$vip_until = $userInfo->vip_until;
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2021-02-26 15:18:53 +08:00
|
|
|
$warned = $_POST["warned"] ?? '';
|
2021-01-06 00:56:13 +08:00
|
|
|
$warnlength = intval($_POST["warnlength"] ?? 0);
|
2020-12-26 01:42:23 +08:00
|
|
|
$warnpm = $_POST["warnpm"];
|
|
|
|
|
$title = $_POST["title"];
|
|
|
|
|
$avatar = $_POST["avatar"];
|
|
|
|
|
$signature = $_POST["signature"];
|
|
|
|
|
|
|
|
|
|
$enabled = $_POST["enabled"];
|
|
|
|
|
$uploadpos = $_POST["uploadpos"];
|
|
|
|
|
$downloadpos = $_POST["downloadpos"];
|
|
|
|
|
$noad = $_POST["noad"];
|
|
|
|
|
$noaduntil = $_POST["noaduntil"];
|
|
|
|
|
$privacy = $_POST["privacy"];
|
|
|
|
|
$forumpost = $_POST["forumpost"];
|
|
|
|
|
$chpassword = $_POST["chpassword"];
|
|
|
|
|
$passagain = $_POST["passagain"];
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2020-12-26 01:42:23 +08:00
|
|
|
$supportlang = $_POST["supportlang"];
|
|
|
|
|
$support = $_POST["support"];
|
2021-05-12 13:45:00 +08:00
|
|
|
$supportfor = $_POST["supportfor"];
|
|
|
|
|
|
2020-12-26 01:42:23 +08:00
|
|
|
$moviepicker = $_POST["moviepicker"];
|
|
|
|
|
$pickfor = $_POST["pickfor"];
|
|
|
|
|
$stafffor = $_POST["staffduties"];
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2020-12-26 01:42:23 +08:00
|
|
|
if (!is_valid_id($userid) || !is_valid_user_class($class))
|
|
|
|
|
stderr("Error", "Bad user ID or class ID.");
|
|
|
|
|
if (get_user_class() <= $class)
|
|
|
|
|
stderr("Error", "You have no permission to change user's class to ".get_user_class_name($class,false,false,true).". BTW, how do you get here?");
|
|
|
|
|
$res = sql_query("SELECT * FROM users WHERE id = ".sqlesc($userid)) or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
$arr = mysql_fetch_assoc($res) or puke();
|
2021-05-12 13:45:00 +08:00
|
|
|
$user = \App\Models\User::query()->findOrFail($userid);
|
|
|
|
|
|
2020-12-26 01:42:23 +08:00
|
|
|
$curenabled = $arr["enabled"];
|
|
|
|
|
$curparked = $arr["parked"];
|
|
|
|
|
$curuploadpos = $arr["uploadpos"];
|
|
|
|
|
$curdownloadpos = $arr["downloadpos"];
|
|
|
|
|
$curforumpost = $arr["forumpost"];
|
|
|
|
|
$curclass = $arr["class"];
|
|
|
|
|
$curwarned = $arr["warned"];
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2020-12-26 01:42:23 +08:00
|
|
|
$updateset[] = "stafffor = " . sqlesc($stafffor);
|
|
|
|
|
$updateset[] = "pickfor = " . sqlesc($pickfor);
|
|
|
|
|
$updateset[] = "picker = " . sqlesc($moviepicker);
|
2022-11-08 19:06:37 +08:00
|
|
|
//migrate to management
|
|
|
|
|
// $updateset[] = "enabled = " . sqlesc($enabled);
|
2020-12-26 01:42:23 +08:00
|
|
|
$updateset[] = "uploadpos = " . sqlesc($uploadpos);
|
|
|
|
|
$updateset[] = "downloadpos = " . sqlesc($downloadpos);
|
|
|
|
|
$updateset[] = "forumpost = " . sqlesc($forumpost);
|
|
|
|
|
$updateset[] = "avatar = " . sqlesc($avatar);
|
|
|
|
|
$updateset[] = "signature = " . sqlesc($signature);
|
|
|
|
|
$updateset[] = "title = " . sqlesc($title);
|
|
|
|
|
$updateset[] = "support = " . sqlesc($support);
|
|
|
|
|
$updateset[] = "supportfor = " . sqlesc($supportfor);
|
|
|
|
|
$updateset[] = "supportlang = ".sqlesc($supportlang);
|
2021-05-12 13:45:00 +08:00
|
|
|
$banLog = [];
|
2025-02-06 22:32:36 +08:00
|
|
|
$userModifyLogs = [];
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2025-02-06 22:32:36 +08:00
|
|
|
// if(!user_can('cruprfmanage'))
|
|
|
|
|
// {
|
|
|
|
|
// $modcomment = $arr["modcomment"];
|
|
|
|
|
// }
|
2022-08-20 19:11:28 +08:00
|
|
|
if(user_can('cruprfmanage'))
|
2020-12-26 01:42:23 +08:00
|
|
|
{
|
|
|
|
|
$email = $_POST["email"];
|
|
|
|
|
$username = $_POST["username"];
|
|
|
|
|
$modcomment = $_POST["modcomment"];
|
|
|
|
|
$downloaded = $_POST["downloaded"];
|
|
|
|
|
$ori_downloaded = $_POST["ori_downloaded"];
|
|
|
|
|
$uploaded = $_POST["uploaded"];
|
|
|
|
|
$ori_uploaded = $_POST["ori_uploaded"];
|
|
|
|
|
$bonus = $_POST["bonus"];
|
|
|
|
|
$ori_bonus = $_POST["ori_bonus"];
|
|
|
|
|
$invites = $_POST["invites"];
|
|
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
|
|
|
|
if ($arr['email'] != $email){
|
|
|
|
|
$updateset[] = "email = " . sqlesc($email);
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Email changed from $arr[email] to $email by {$CURUSER['username']}.\n". $modcomment;
|
2025-09-08 03:05:55 +07:00
|
|
|
$modifyLog = "Email changed from $arr[email] to $email by {$CURUSER['username']}.";
|
|
|
|
|
do_log($modifyLog, "alert");
|
|
|
|
|
$userModifyLogs[] = $modifyLog;
|
2025-04-21 02:53:56 +07:00
|
|
|
$locale = get_user_locale($userid);
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_email_change", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_email_changed_from", [], $locale).$arr['email'].nexus_trans("user.msg_to_new", [], $locale) . $email .nexus_trans("user.msg_by", [], $locale).$CURUSER['username'];
|
|
|
|
|
|
|
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
if ($arr['username'] != $username){
|
|
|
|
|
$updateset[] = "username = " . sqlesc($username);
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Username changed from {$arr['username']} to $username by {$CURUSER['username']}.\n". $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Username changed from {$arr['username']} to $username by {$CURUSER['username']}";
|
2025-04-21 02:53:56 +07:00
|
|
|
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_username_change", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_username_changed_from", [], $locale).$arr['username'].nexus_trans("user.msg_to_new", [], $locale) . $username .nexus_trans("user.msg_by", [], $locale).$CURUSER['username'];
|
|
|
|
|
|
|
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
|
|
|
|
|
2022-08-10 23:38:10 +08:00
|
|
|
$changeLog = [
|
|
|
|
|
'uid' => $arr['id'],
|
|
|
|
|
'operator' => $CURUSER['username'],
|
|
|
|
|
'change_type' => \App\Models\UsernameChangeLog::CHANGE_TYPE_ADMIN,
|
|
|
|
|
'username_old' => $arr['username'],
|
|
|
|
|
'username_new' => $username,
|
|
|
|
|
];
|
|
|
|
|
\App\Models\UsernameChangeLog::query()->create($changeLog);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
2022-11-08 19:06:37 +08:00
|
|
|
//migrate to management
|
|
|
|
|
// if ($ori_downloaded != $downloaded){
|
|
|
|
|
// $updateset[] = "downloaded = " . sqlesc($downloaded);
|
|
|
|
|
// $modcomment = date("Y-m-d") . " - Downloaded amount changed from $arr[downloaded] to $downloaded by {$CURUSER['username']}.\n". $modcomment;
|
|
|
|
|
// $subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_downloaded_change']);
|
|
|
|
|
// $msg = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_your_downloaded_changed_from'].mksize($arr['downloaded']).$lang_modtask_target[get_user_lang($userid)]['msg_to_new'] . mksize($downloaded) .$lang_modtask_target[get_user_lang($userid)]['msg_by'].$CURUSER['username']);
|
|
|
|
|
// sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, $userid, $subject, $msg, $added)") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// if ($ori_uploaded != $uploaded){
|
|
|
|
|
// $updateset[] = "uploaded = " . sqlesc($uploaded);
|
|
|
|
|
// $modcomment = date("Y-m-d") . " - Uploaded amount changed from $arr[uploaded] to $uploaded by {$CURUSER['username']}.\n". $modcomment;
|
|
|
|
|
// $subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_uploaded_change']);
|
|
|
|
|
// $msg = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_your_uploaded_changed_from'].mksize($arr['uploaded']).$lang_modtask_target[get_user_lang($userid)]['msg_to_new'] . mksize($uploaded) .$lang_modtask_target[get_user_lang($userid)]['msg_by'].$CURUSER['username']);
|
|
|
|
|
// sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, $userid, $subject, $msg, $added)") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
// }
|
|
|
|
|
// if ($ori_bonus != $bonus){
|
|
|
|
|
// $updateset[] = "seedbonus = " . sqlesc($bonus);
|
|
|
|
|
// $modcomment = date("Y-m-d") . " - Bonus amount changed from $arr[seedbonus] to $bonus by {$CURUSER['username']}.\n". $modcomment;
|
|
|
|
|
// $subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_bonus_change']);
|
|
|
|
|
// $msg = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_your_bonus_changed_from'].$arr['seedbonus'].$lang_modtask_target[get_user_lang($userid)]['msg_to_new'] . $bonus .$lang_modtask_target[get_user_lang($userid)]['msg_by'].$CURUSER['username']);
|
|
|
|
|
// sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, $userid, $subject, $msg, $added)") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
// }
|
|
|
|
|
// if ($arr['invites'] != $invites){
|
|
|
|
|
// $updateset[] = "invites = " . sqlesc($invites);
|
|
|
|
|
// $modcomment = date("Y-m-d") . " - Invite amount changed from $arr[invites] to $invites by {$CURUSER['username']}.\n". $modcomment;
|
|
|
|
|
// $subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_invite_change']);
|
|
|
|
|
// $msg = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_your_invite_changed_from'].$arr['invites'].$lang_modtask_target[get_user_lang($userid)]['msg_to_new'] . $invites .$lang_modtask_target[get_user_lang($userid)]['msg_by'].$CURUSER['username']);
|
|
|
|
|
// sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, $userid, $subject, $msg, $added)") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
// }
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
if(get_user_class() == UC_STAFFLEADER)
|
|
|
|
|
{
|
|
|
|
|
$donor = $_POST["donor"];
|
2022-11-08 19:06:37 +08:00
|
|
|
$donoruntil = !empty($_POST['donoruntil']) ? $_POST['donoruntil'] : null;
|
2020-12-26 01:42:23 +08:00
|
|
|
$donated = $_POST["donated"];
|
|
|
|
|
$donated_cny = $_POST["donated_cny"];
|
|
|
|
|
$this_donated_usd = $donated - $arr["donated"];
|
|
|
|
|
$this_donated_cny = $donated_cny - $arr["donated_cny"];
|
|
|
|
|
$memo = sqlesc(htmlspecialchars($_POST["donation_memo"]));
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2021-02-26 15:23:00 +08:00
|
|
|
if ($donated != $arr['donated'] || $donated_cny != $arr['donated_cny']) {
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
|
|
|
|
sql_query("INSERT INTO funds (usd, cny, user, added, memo) VALUES ($this_donated_usd, $this_donated_cny, $userid, $added, $memo)") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
$updateset[] = "donated = " . sqlesc($donated);
|
|
|
|
|
$updateset[] = "donated_cny = " . sqlesc($donated_cny);
|
|
|
|
|
}
|
|
|
|
|
$updateset[] = "donor = " . sqlesc($donor);
|
2022-11-08 19:06:37 +08:00
|
|
|
$updateset[] = "donoruntil = " . sqlesc($donoruntil);
|
|
|
|
|
|
|
|
|
|
if (($donor != $arr['donor']) && (($donor == 'yes' && $donoruntil && $donoruntil >= date('Y-m-d H:i:s')) || ($donor == 'no'))) {
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_your_donor_status_changed", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_donor_status_changed_by", [], $locale).$CURUSER['username'];
|
2022-11-08 19:06:37 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
|
|
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
|
|
|
|
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - donor status changed by {$CURUSER['username']}. Current donor status: $donor \n". $modcomment;
|
|
|
|
|
$userModifyLogs[] = "donor status changed by {$CURUSER['username']}. Current donor status: $donor";
|
2022-11-08 19:06:37 +08:00
|
|
|
}
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
2025-10-30 10:28:52 +07:00
|
|
|
//migrate to management
|
|
|
|
|
// if ($chpassword != "" AND $passagain != "") {
|
|
|
|
|
// unset($passupdate);
|
|
|
|
|
// $passupdate=false;
|
|
|
|
|
//
|
|
|
|
|
// if ($chpassword == $username OR strlen($chpassword) > 40 OR strlen($chpassword) < 6 OR $chpassword != $passagain)
|
|
|
|
|
// $passupdate=false;
|
|
|
|
|
// else
|
|
|
|
|
// $passupdate=true;
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// if (isset($passupdate) && $passupdate) {
|
|
|
|
|
// $sec = mksecret();
|
|
|
|
|
// $passhash = md5($sec . $chpassword . $sec);
|
|
|
|
|
// $updateset[] = "secret = " . sqlesc($sec);
|
|
|
|
|
// $updateset[] = "passhash = " . sqlesc($passhash);
|
|
|
|
|
// }
|
2020-12-26 01:42:23 +08:00
|
|
|
|
|
|
|
|
if ($curclass >= get_user_class())
|
|
|
|
|
puke();
|
|
|
|
|
|
2023-01-07 19:34:59 +08:00
|
|
|
//migrate to management
|
|
|
|
|
// if (user_can('user-change-class') && $curclass != $class)
|
|
|
|
|
// {
|
|
|
|
|
// $what = ($class > $curclass ? $lang_modtask_target[get_user_lang($userid)]['msg_promoted'] : $lang_modtask_target[get_user_lang($userid)]['msg_demoted']);
|
|
|
|
|
// $subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_class_change']);
|
|
|
|
|
// $msg = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_you_have_been'].$what.$lang_modtask_target[get_user_lang($userid)]['msg_to'] . get_user_class_name($class) .$lang_modtask_target[get_user_lang($userid)]['msg_by'].$CURUSER['username']);
|
|
|
|
|
// $added = sqlesc(date("Y-m-d H:i:s"));
|
|
|
|
|
// sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, $userid, $subject, $msg, $added)") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
// $updateset[] = "class = $class";
|
|
|
|
|
// $what = ($class > $curclass ? "Promoted" : "Demoted");
|
|
|
|
|
// $modcomment = date("Y-m-d") . " - $what to '" . get_user_class_name($class) . "' by {$CURUSER['username']}.\n". $modcomment;
|
|
|
|
|
// }
|
2026-01-31 12:35:50 +07:00
|
|
|
// if ($class == UC_VIP)
|
|
|
|
|
// {
|
|
|
|
|
// $updateset[] = "vip_added = ".sqlesc($vip_added);
|
|
|
|
|
// if ($vip_added == 'yes')
|
|
|
|
|
// $updateset[] = "vip_until = ".sqlesc($vip_until);
|
|
|
|
|
// $subject = nexus_trans("user.msg_your_vip_status_changed", [], $locale);
|
|
|
|
|
// $msg = nexus_trans("user.msg_vip_status_changed_by", [], $locale).$CURUSER['username'];
|
|
|
|
|
// $added = sqlesc(date("Y-m-d H:i:s"));
|
|
|
|
|
//
|
|
|
|
|
// \App\Models\Message::add([
|
|
|
|
|
// 'sender' => 0,
|
|
|
|
|
// 'receiver' => $userid,
|
|
|
|
|
// 'subject' => $subject,
|
|
|
|
|
// 'msg' => $msg,
|
|
|
|
|
// 'added' => now(),
|
|
|
|
|
// ]);
|
|
|
|
|
//
|
|
|
|
|
//// $modcomment = date("Y-m-d") . " - VIP status changed by {$CURUSER['username']}. VIP added: ".$vip_added.($vip_added == 'yes' ? "; VIP until: ".$vip_until : "").".\n". $modcomment;
|
|
|
|
|
// $userModifyLogs[] = "VIP status changed by {$CURUSER['username']}. VIP added: ".$vip_added.($vip_added == 'yes' ? "; VIP until: ".$vip_until : "");
|
|
|
|
|
// }
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2020-12-26 01:42:23 +08:00
|
|
|
if ($warned && $curwarned != $warned)
|
|
|
|
|
{
|
|
|
|
|
$updateset[] = "warned = " . sqlesc($warned);
|
2021-01-19 17:35:05 +08:00
|
|
|
$updateset[] = "warneduntil = null";
|
2020-12-26 01:42:23 +08:00
|
|
|
|
|
|
|
|
if ($warned == 'no')
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Warning removed by {$CURUSER['username']}.\n". $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Warning removed by {$CURUSER['username']}";
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_warn_removed", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_warning_removed_by", [], $locale) . $CURUSER['username'] . ".";
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
//sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES (0, $userid, $subject, $msg, $added)") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
elseif ($warnlength)
|
|
|
|
|
{
|
|
|
|
|
if ($warnlength == 255)
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Warned by " . $CURUSER['username'] . ".\nReason: $warnpm.\n". $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Warned by " . $CURUSER['username'] . ".\nReason: $warnpm.";
|
|
|
|
|
|
2025-09-16 20:14:51 +08:00
|
|
|
$msg = nexus_trans("user.msg_you_are_warned_by", [], $locale).$CURUSER['username']."." . ($warnpm ? nexus_trans("user.msg_reason", [], $locale).$warnpm : "");
|
2021-01-19 17:35:05 +08:00
|
|
|
$updateset[] = "warneduntil = null";
|
2020-12-26 01:42:23 +08:00
|
|
|
}else{
|
2021-05-12 13:45:00 +08:00
|
|
|
$warneduntil = date("Y-m-d H:i:s",(strtotime(date("Y-m-d H:i:s")) + $warnlength * 604800));
|
2025-04-21 02:53:56 +07:00
|
|
|
$dur = $warnlength . nexus_trans("user.msg_week", [], $locale) . ($warnlength > 1 ? nexus_trans("user.msg_s", [], $locale) : "");
|
2025-09-16 20:14:51 +08:00
|
|
|
$msg = nexus_trans("user.msg_you_are_warned_for", [], $locale).$dur.nexus_trans("user.msg_by", [], $locale) . $CURUSER['username'] . "." . ($warnpm ? nexus_trans("user.msg_reason", [], $locale).$warnpm : "");
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Warned for $dur by " . $CURUSER['username'] . ".\nReason: $warnpm.\n". $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Warned for $dur by " . $CURUSER['username'] . ".Reason: $warnpm";
|
2020-12-26 01:42:23 +08:00
|
|
|
$updateset[] = "warneduntil = '$warneduntil'";
|
|
|
|
|
}
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_you_are_warned", [], $locale);
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
|
|
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
|
|
|
|
|
2021-02-26 15:23:00 +08:00
|
|
|
$updateset[] = "warned = 'yes', timeswarned = timeswarned+1, lastwarned=$added, warnedby={$CURUSER['id']}";
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
2022-11-08 19:06:37 +08:00
|
|
|
//migrate to management
|
|
|
|
|
// if ($enabled != $curenabled)
|
|
|
|
|
// {
|
|
|
|
|
// if ($enabled == 'yes') {
|
|
|
|
|
// $modcomment = date("Y-m-d") . " - Enabled by " . $CURUSER['username']. ".\n". $modcomment;
|
|
|
|
|
// if (get_single_value("users","class","WHERE id = ".sqlesc($userid)) == UC_PEASANT){
|
|
|
|
|
// $length = 30*86400; // warn users until 30 days
|
|
|
|
|
// $until = sqlesc(date("Y-m-d H:i:s",(strtotime(date("Y-m-d H:i:s")) + $length)));
|
|
|
|
|
// sql_query("UPDATE users SET enabled='yes', leechwarn='yes', leechwarnuntil=$until WHERE id = ".sqlesc($userid));
|
|
|
|
|
// }
|
|
|
|
|
// else{
|
|
|
|
|
// sql_query("UPDATE users SET enabled='yes', leechwarn='no' WHERE id = ".sqlesc($userid)) or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
// }
|
|
|
|
|
// } else {
|
|
|
|
|
// $modcomment = date("Y-m-d") . " - Disabled by " . $CURUSER['username']. ".\n". $modcomment;
|
|
|
|
|
// $banLog = [
|
|
|
|
|
// 'uid' => $userid,
|
|
|
|
|
// 'username' => $user->username,
|
|
|
|
|
// 'operator' => $CURUSER['id'],
|
|
|
|
|
// 'reason' => nexus_trans('user.edit_ban_reason', [], $user->locale),
|
|
|
|
|
// ];
|
|
|
|
|
// }
|
|
|
|
|
// }
|
2020-12-26 01:42:23 +08:00
|
|
|
if ($arr['noad'] != $noad){
|
|
|
|
|
$updateset[]='noad = '.sqlesc($noad);
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - No Ad set to ".$noad." by ". $CURUSER['username']. ".\n". $modcomment;
|
|
|
|
|
$userModifyLogs[] = "No Ad set to ".$noad." by ". $CURUSER['username'];
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
if ($arr['noaduntil'] != $noaduntil){
|
|
|
|
|
$updateset[]='noaduntil = '.sqlesc($noaduntil);
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - No Ad Until set to ".$noaduntil." by ". $CURUSER['username']. ".\n". $modcomment;
|
|
|
|
|
$userModifyLogs[] = "No Ad Until set to ".$noaduntil." by ". $CURUSER['username'];
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
if ($privacy == "low" OR $privacy == "normal" OR $privacy == "strong")
|
|
|
|
|
$updateset[] = "privacy = " . sqlesc($privacy);
|
2021-05-12 13:45:00 +08:00
|
|
|
|
2021-02-28 02:15:11 +08:00
|
|
|
if (isset($_POST["resetkey"]) && $_POST["resetkey"] == "yes")
|
2020-12-26 01:42:23 +08:00
|
|
|
{
|
|
|
|
|
$newpasskey = md5($arr['username'].date("Y-m-d H:i:s").$arr['passhash']);
|
|
|
|
|
$updateset[] = "passkey = ".sqlesc($newpasskey);
|
|
|
|
|
}
|
|
|
|
|
if ($forumpost != $curforumpost)
|
|
|
|
|
{
|
|
|
|
|
if ($forumpost == 'yes')
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Posting enabled by " . $CURUSER['username'] . ".\n" . $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Posting enabled by " . $CURUSER['username'];
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_posting_rights_restored", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_posting_rights_restored", [], $locale). $CURUSER['username'] . nexus_trans("user.msg_you_can_post", [], $locale);
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Posting disabled by " . $CURUSER['username'] . ".\n" . $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Posting disabled by " . $CURUSER['username'];
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_posting_rights_removed", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_posting_rights_removed", [], $locale) . $CURUSER['username'] . nexus_trans("user.msg_probable_reason", [], $locale);
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ($uploadpos != $curuploadpos)
|
|
|
|
|
{
|
|
|
|
|
if ($uploadpos == 'yes')
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Upload enabled by " . $CURUSER['username'] . ".\n" . $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Upload enabled by " . $CURUSER['username'];
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_upload_rights_restored", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_upload_rights_restored", [], $locale) . $CURUSER['username'] . nexus_trans("user.msg_you_upload_can_upload", [], $locale);
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Upload disabled by " . $CURUSER['username'] . ".\n" . $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Upload disabled by " . $CURUSER['username'];
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_upload_rights_removed", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_upload_rights_removed", [], $locale) . $CURUSER['username'] . nexus_trans("user.msg_probably_reason_two", [], $locale);
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ($downloadpos != $curdownloadpos)
|
|
|
|
|
{
|
|
|
|
|
if ($downloadpos == 'yes')
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Download enabled by " . $CURUSER['username'] . ".\n" . $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Download enabled by " . $CURUSER['username'];
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_download_rights_restored", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_download_rights_restored", [], $locale). $CURUSER['username'] . nexus_trans("user.msg_you_can_download", [], $locale);
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-09-16 20:14:51 +08:00
|
|
|
|
|
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2025-02-06 22:32:36 +08:00
|
|
|
// $modcomment = date("Y-m-d") . " - Download disabled by " . $CURUSER['username'] . ".\n" . $modcomment;
|
|
|
|
|
$userModifyLogs[] = "Download disabled by " . $CURUSER['username'];
|
2025-09-16 20:14:51 +08:00
|
|
|
$subject = nexus_trans("user.msg_download_rights_removed", [], $locale);
|
|
|
|
|
$msg = nexus_trans("user.msg_your_download_rights_removed", [], $locale) . $CURUSER['username'] . nexus_trans("user.msg_probably_reason_three", [], $locale);
|
2020-12-26 01:42:23 +08:00
|
|
|
$added = sqlesc(date("Y-m-d H:i:s"));
|
2025-10-30 10:28:52 +07:00
|
|
|
|
2025-09-16 20:14:51 +08:00
|
|
|
\App\Models\Message::add([
|
|
|
|
|
'sender' => 0,
|
|
|
|
|
'receiver' => $userid,
|
|
|
|
|
'subject' => $subject,
|
|
|
|
|
'msg' => $msg,
|
|
|
|
|
'added' => now(),
|
|
|
|
|
]);
|
2020-12-26 01:42:23 +08:00
|
|
|
}
|
2021-05-12 13:45:00 +08:00
|
|
|
}
|
|
|
|
|
|
2025-02-06 22:32:36 +08:00
|
|
|
// $updateset[] = "modcomment = " . sqlesc($modcomment);
|
2021-05-12 13:45:00 +08:00
|
|
|
sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
|
|
|
|
|
if (!empty($banLog)) {
|
|
|
|
|
\App\Models\UserBanLog::query()->insert($banLog);
|
|
|
|
|
}
|
2025-02-06 22:32:36 +08:00
|
|
|
if (!empty($userModifyLogs)) {
|
|
|
|
|
$userModifyLogsInsert = [];
|
|
|
|
|
foreach ($userModifyLogs as $userModifyLog) {
|
|
|
|
|
$userModifyLogsInsert[] = [
|
|
|
|
|
"user_id" => $userid,
|
|
|
|
|
"content" => $userModifyLog,
|
|
|
|
|
"created_at" => date("Y-m-d H:i:s"),
|
|
|
|
|
"updated_at" => date("Y-m-d H:i:s"),
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
\App\Models\UserModifyLog::query()->insert($userModifyLogsInsert);
|
|
|
|
|
}
|
2022-08-22 23:48:26 +08:00
|
|
|
clear_user_cache($userid, $userInfo->passkey);
|
2020-12-26 01:42:23 +08:00
|
|
|
$returnto = htmlspecialchars($_POST["returnto"]);
|
|
|
|
|
header("Location: " . get_protocol_prefix() . "$BASEURL/$returnto");
|
|
|
|
|
die;
|
|
|
|
|
}
|
|
|
|
|
puke();
|
|
|
|
|
?>
|
