Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1097 Commits
2 Branches
Tree: cfaf71c803
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cfaf71c803'
${ noResults }
Gazelle/sections/user/takemoderate.php

takemoderate.php 36KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944 
  1. <?php

  2. #declare(strict_types=1);

  3. 

  4. // Are they being tricky blighters?

  5. if (!$_POST['userid'] || !is_number($_POST['userid'])) {

  6.     error(404);

  7. } elseif (!check_perms('users_mod')) {

  8.     error(403);

  9. }

  10. authorize();

  11. // End checking for moronity

  12. 

  13. if (!apcu_exists('DBKEY')) {

  14.     error('Decrypt database first');

  15. }

  16. 

  17. $ENV = ENV::go();

  18. $UserID = $_POST['userid'];

  19. $DeleteKeys = false;

  20. 

  21. // Variables for database input

  22. $Class = (int)$_POST['Class'];

  23. $Username = db_string($_POST['Username']);

  24. $Title = db_string($_POST['Title']);

  25. $AdminComment = db_string($_POST['AdminComment']);

  26. $Donor = isset($_POST['Donor']) ? 1 : 0;

  27. $Artist = isset($_POST['Artist']) ? 1 : 0;

  28. 

  29. $SecondaryClasses = isset($_POST['secondary_classes']) ? $_POST['secondary_classes'] : [];

  30. foreach ($SecondaryClasses as $i => $Val) {

  31.     if (!is_number($Val)) {

  32.         unset($SecondaryClasses[$i]);

  33.     }

  34. }

  35. 

  36. $Visible = isset($_POST['Visible']) ? 1 : 0;

  37. $Invites = (int)$_POST['Invites'];

  38. $SupportFor = db_string($_POST['SupportFor']);

  39. $Pass = $_POST['ChangePassword'];

  40. $Warned = isset($_POST['Warned']) ? 1 : 0;

  41. 

  42. if (isset($_POST['Uploaded']) && isset($_POST['Downloaded'])) {

  43.     $Uploaded = ($_POST['Uploaded'] === '' ? 0 : $_POST['Uploaded']);

  44.     if ($Arithmetic = strpbrk($Uploaded, '+-')) {

  45.         $Uploaded += max(-$Uploaded, Format::get_bytes($Arithmetic));

  46.     }

  47. 

  48.     $Downloaded = ($_POST['Downloaded'] === '' ? 0 : $_POST['Downloaded']);

  49.     if ($Arithmetic = strpbrk($Downloaded, '+-')) {

  50.         $Downloaded += max(-$Downloaded, Format::get_bytes($Arithmetic));

  51.     }

  52. 

  53.     if (!is_number($Uploaded) || !is_number($Downloaded)) {

  54.         error(0);

  55.     }

  56. }

  57. 

  58. $BonusPoints = isset($_POST['BonusPoints']) ? $_POST['BonusPoints'] : 0;

  59. if (!is_number($BonusPoints)) {

  60.     error(0);

  61. }

  62. 

  63. $FLTokens = isset($_POST['FLTokens']) ? $_POST['FLTokens'] : 0;

  64. if (!is_number($FLTokens)) {

  65.     error(0);

  66. }

  67. 

  68. $Badges = isset($_POST['badges']) ? $_POST['badges'] : [];

  69. 

  70. $WarnLength = (int)$_POST['WarnLength'];

  71. $ExtendWarning = (int)$_POST['ExtendWarning'];

  72. $ReduceWarning = (int)$_POST['ReduceWarning'];

  73. $WarnReason = $_POST['WarnReason'];

  74. $UserReason = $_POST['UserReason'];

  75. 

  76. $DisableAvatar = isset($_POST['DisableAvatar']) ? 1 : 0;

  77. $DisableInvites = isset($_POST['DisableInvites']) ? 1 : 0;

  78. $DisablePosting = isset($_POST['DisablePosting']) ? 1 : 0;

  79. $DisableForums = isset($_POST['DisableForums']) ? 1 : 0;

  80. $DisableTagging = isset($_POST['DisableTagging']) ? 1 : 0;

  81. $DisableUpload = isset($_POST['DisableUpload']) ? 1 : 0;

  82. $DisableWiki = isset($_POST['DisableWiki']) ? 1 : 0;

  83. $DisablePM = isset($_POST['DisablePM']) ? 1 : 0;

  84. $DisablePoints = isset($_POST['DisablePoints']) ? 1 : 0;

  85. $DisablePromotion = isset($_POST['DisablePromotion']) ? 1 : 0;

  86. $DisableIRC = isset($_POST['DisableIRC']) ? 1 : 0;

  87. $DisableRequests = isset($_POST['DisableRequests']) ? 1 : 0;

  88. $DisableLeech = isset($_POST['DisableLeech']) ? 0 : 1;

  89. 

  90. $LockedAccount = isset($_POST['LockAccount']) ? 1 : 0;

  91. $LockType = $_POST['LockReason'];

  92. 

  93. $RestrictedForums = db_string(trim($_POST['RestrictedForums']));

  94. $PermittedForums = db_string(trim($_POST['PermittedForums']));

  95. $EnableUser = (int) $_POST['UserStatus'];

  96. $ResetRatioWatch = isset($_POST['ResetRatioWatch']) ? 1 : 0;

  97. $ResetPasskey = isset($_POST['ResetPasskey']) ? 1 : 0;

  98. $ResetAuthkey = isset($_POST['ResetAuthkey']) ? 1 : 0;

  99. 

  100. $SendHackedMail = isset($_POST['SendHackedMail']) ? 1 : 0;

  101. if ($SendHackedMail && !empty($_POST['HackedEmail'])) {

  102.     $HackedEmail = $_POST['HackedEmail'];

  103. } else {

  104.     $SendHackedMail = false;

  105. }

  106. 

  107. $MergeStatsFrom = db_string($_POST['MergeStatsFrom']);

  108. $Reason = db_string($_POST['Reason']);

  109. $HeavyUpdates = [];

  110. $LightUpdates = [];

  111. 

  112. // Get user info from the database

  113. $DB->query("

  114.   SELECT

  115.     m.Username,

  116.     m.IP,

  117.     m.Email,

  118.     m.PermissionID,

  119.     p.Level AS Class,

  120.     m.Title,

  121.     m.Enabled,

  122.     m.Uploaded,

  123.     m.Downloaded,

  124.     m.Invites,

  125.     m.can_leech,

  126.     m.Visible,

  127.     i.AdminComment,

  128.     m.torrent_pass,

  129.     i.Donor,

  130.     i.Artist,

  131.     i.Warned,

  132.     i.SupportFor,

  133.     i.RestrictedForums,

  134.     i.PermittedForums,

  135.     DisableAvatar,

  136.     DisableInvites,

  137.     DisablePosting,

  138.     DisableForums,

  139.     DisableTagging,

  140.     DisableUpload,

  141.     DisableWiki,

  142.     DisablePM,

  143.     DisablePoints,

  144.     DisablePromotion,

  145.     DisableIRC,

  146.     DisableRequests,

  147.     m.RequiredRatio,

  148.     m.FLTokens,

  149.     m.BonusPoints,

  150.     i.RatioWatchEnds,

  151.     la.Type,

  152.     SHA1(i.AdminComment) AS CommentHash,

  153.     GROUP_CONCAT(l.PermissionID SEPARATOR ',') AS SecondaryClasses

  154.   FROM users_main AS m

  155.     JOIN users_info AS i ON i.UserID = m.ID

  156.     LEFT JOIN permissions AS p ON p.ID = m.PermissionID

  157.     LEFT JOIN users_levels AS l ON l.UserID = m.ID

  158.     LEFT JOIN locked_accounts AS la ON la.UserID = m.ID

  159.   WHERE m.ID = $UserID

  160.   GROUP BY m.ID");

  161. 

  162. if (!$DB->has_results()) { // If user doesn't exist

  163.     header("Location: log.php?search=User+$UserID");

  164. }

  165. 

  166. $Cur = $DB->next_record(MYSQLI_ASSOC, false);

  167. if ($_POST['comment_hash'] != $Cur['CommentHash']) {

  168.     error("Somebody else has moderated this user since you loaded it. Please go back and refresh the page.");

  169. }

  170. 

  171. // NOW that we know the class of the current user, we can see if one staff member is trying to hax0r us

  172. if (!check_perms('users_mod', $Cur['Class'])) {

  173.     // Son of a fucking bitch

  174.     error(403);

  175.     error();

  176. }

  177. 

  178. if (!empty($_POST['donor_points_submit']) && !empty($_POST['donation_value']) && is_numeric($_POST['donation_value'])) {

  179.     Donations::regular_donate($UserID, $_POST['donation_value'], "Add Points", $_POST['donation_reason'], $_POST['donation_currency']);

  180. } elseif (!empty($_POST['donor_values_submit'])) {

  181.     Donations::update_rank($UserID, $_POST['donor_rank'], $_POST['total_donor_rank'], $_POST['reason']);

  182. }

  183. 

  184. // If we're deleting the user, we can ignore all the other crap

  185. if ($_POST['UserStatus'] === 'delete' && check_perms('users_delete_users')) {

  186.     Misc::write_log("User account $UserID (".$Cur['Username'].") was deleted by ".$LoggedUser['Username']);

  187. 

  188.     $DB->query("

  189.       DELETE FROM users_main

  190.       WHERE id = $UserID");

  191. 

  192.     $DB->query("

  193.       DELETE FROM users_info

  194.       WHERE UserID = $UserID");

  195. 

  196.     $Cache->delete_value("user_info_$UserID");

  197.     Tracker::update_tracker('remove_user', array('passkey' => $Cur['torrent_pass']));

  198. 

  199.     header("Location: log.php?search=User+$UserID");

  200.     error();

  201. }

  202. 

  203. // User was not deleted. Perform other stuff.

  204. $UpdateSet = [];

  205. $EditSummary = [];

  206. $TrackerUserUpdates = array('passkey' => $Cur['torrent_pass']);

  207. 

  208. $QueryID = G::$DB->get_query_id();

  209. 

  210. if ($LockType == '---' || $LockedAccount == 0) {

  211.     if ($Cur['Type']) {

  212.         $DB->query("DELETE FROM locked_accounts WHERE UserID = '" . $UserID . "'");

  213.         $EditSummary[] = 'Account unlocked';

  214.         $Cache->delete_value('user_' . $Cur['torrent_pass']);

  215.     }

  216. } elseif (!$Cur['Type'] || $Cur['Type'] != $LockType) {

  217.     $DB->query("INSERT INTO locked_accounts (UserID, Type)

  218.                 VALUES ('" . $UserID . "', '" . $LockType . "')

  219.                 ON DUPLICATE KEY UPDATE Type = '" . $LockType . "'");

  220.     $Cache->delete_value('user_' . $Cur['torrent_pass']);

  221. 

  222.     if ($Cur['Type'] != $LockType) {

  223.         $EditSummary[] = 'Account lock reason changed to ' . $LockType;

  224.     } else {

  225.         $EditSummary[] = 'Account locked (' . $LockType . ')';

  226.     }

  227. }

  228. 

  229. $Cache->delete_value("user_info_" . $UserID);

  230. $DB->set_query_id($QueryID);

  231. 

  232. if ($_POST['ResetRatioWatch'] && check_perms('users_edit_reset_keys')) {

  233.     $DB->query("

  234.       UPDATE users_info

  235.       SET RatioWatchEnds = NULL, RatioWatchDownload = '0', RatioWatchTimes = '0'

  236.       WHERE UserID = '$UserID'");

  237.     $EditSummary[] = 'RatioWatch history reset';

  238. }

  239. 

  240. if ($_POST['ResetIPHistory'] && check_perms('users_edit_reset_keys')) {

  241.     $GenericIP = Crypto::encrypt('127.0.0.1');

  242.     $DB->query("

  243.       DELETE FROM users_history_ips

  244.       WHERE UserID = '$UserID'");

  245. 

  246.     $DB->query("

  247.       UPDATE users_main

  248.       SET IP = '$GenericIP'

  249.       WHERE ID = '$UserID'");

  250. 

  251.     $DB->query("

  252.       UPDATE xbt_snatched

  253.       SET IP = ''

  254.       WHERE uid = '$UserID'");

  255. 

  256.     $DB->query("

  257.       UPDATE users_history_passwords

  258.       SET ChangerIP = ''

  259.       WHERE UserID = $UserID");

  260. 

  261.     $DB->query("

  262.       UPDATE users_history_passkeys

  263.       SET ChangerIP = ''

  264.       WHERE UserID = $UserID");

  265. 

  266.     $DB->query("

  267.       UPDATE users_sessions

  268.       SET IP = '$GenericIP'

  269.       WHERE UserID = $UserID");

  270. }

  271. 

  272. if ($_POST['ResetEmailHistory'] && check_perms('users_edit_reset_keys')) {

  273.     $DB->query("

  274.       DELETE FROM users_history_emails

  275.       WHERE UserID = '$UserID'");

  276. 

  277.     if ($_POST['ResetIPHistory']) {

  278.         $DB->query("

  279.           INSERT INTO users_history_emails

  280.             (UserID, Email, Time, IP)

  281.           VALUES

  282.         ('$UserID', '".Crypto::encrypt($Username.'@'.SITE_DOMAIN)."', NULL, '".Crypto::encrypt('127.0.0.1')."')");

  283.     } else {

  284.         $DB->query("

  285.           INSERT INTO users_history_emails

  286.             (UserID, Email, Time, IP)

  287.           VALUES

  288.             ('$UserID', '".Crypto::encrypt($Username.'@'.SITE_DOMAIN)."', NULL, '".$Cur['IP']."')");

  289.     }

  290. 

  291.     $DB->query("

  292.       UPDATE users_main

  293.       SET Email = '".Crypto::encrypt($Username.'@'.SITE_DOMAIN)."'

  294.       WHERE ID = '$UserID'");

  295.     $EditSummary[] = 'Email history cleared';

  296. }

  297. 

  298. if ($_POST['ResetSnatchList'] && check_perms('users_edit_reset_keys')) {

  299.     $DB->query("

  300.       DELETE FROM xbt_snatched

  301.       WHERE uid = '$UserID'");

  302.     $EditSummary[] = 'Snatch list cleared';

  303.     $Cache->delete_value("recent_snatches_$UserID");

  304. }

  305. 

  306. if ($_POST['ResetDownloadList'] && check_perms('users_edit_reset_keys')) {

  307.     $DB->query("

  308.       DELETE FROM users_downloads

  309.       WHERE UserID = '$UserID'");

  310.     $EditSummary[] = 'Download list cleared';

  311. }

  312. 

  313. if (($_POST['ResetSession'] || $_POST['LogOut']) && check_perms('users_logout')) {

  314.     $Cache->delete_value("user_info_$UserID");

  315.     $Cache->delete_value("user_info_heavy_$UserID");

  316.     $Cache->delete_value("user_stats_$UserID");

  317.     $Cache->delete_value("enabled_$UserID");

  318. 

  319.     if ($_POST['LogOut']) {

  320.         $DB->query("

  321.           SELECT SessionID

  322.           FROM users_sessions

  323.           WHERE UserID = '$UserID'");

  324. 

  325.         while (list($SessionID) = $DB->next_record()) {

  326.             $Cache->delete_value("session_{$UserID}_$SessionID");

  327.         }

  328.         $Cache->delete_value("users_sessions_$UserID");

  329. 

  330.         $DB->query("

  331.           DELETE FROM users_sessions

  332.           WHERE UserID = '$UserID'");

  333.     }

  334. }

  335. 

  336. // Start building SQL query and edit summary

  337. if ($Classes[$Class]['Level'] != $Cur['Class']

  338.   && (

  339.       ($Classes[$Class]['Level'] < $LoggedUser['Class'] && check_perms('users_promote_below', $Cur['Class']))

  340.     || ($Classes[$Class]['Level'] <= $LoggedUser['Class'] && check_perms('users_promote_to', $Cur['Class'] - 1))

  341.   )

  342.   ) {

  343.     $UpdateSet[] = "PermissionID = '$Class'";

  344.     $EditSummary[] = 'class changed to '.Users::make_class_string($Class);

  345.     $LightUpdates['PermissionID'] = $Class;

  346.     $DeleteKeys = true;

  347. 

  348.     $DB->query("

  349.       SELECT DISTINCT DisplayStaff

  350.       FROM permissions

  351.       WHERE ID = $Class

  352.         OR ID = ".$ClassLevels[$Cur['Class']]['ID']);

  353. 

  354.     if ($DB->record_count() === 2) {

  355.         if ($Classes[$Class]['Level'] < $Cur['Class']) {

  356.             $SupportFor = '';

  357.         }

  358.         $ClearStaffIDCache = true;

  359.     }

  360.     $Cache->delete_value("donor_info_$UserID");

  361. }

  362. 

  363. if ($Username != $Cur['Username'] && check_perms('users_edit_usernames', $Cur['Class'] - 1)) {

  364.     $DB->query("

  365.       SELECT ID

  366.       FROM users_main

  367.       WHERE Username = '$Username'");

  368. 

  369.     if ($DB->next_record() > 0) {

  370.         list($UsedUsernameID) = $DB->next_record();

  371.         error("Username already in use by <a href=\"user.php?id=$UsedUsernameID\">$Username</a>");

  372.         header("Location: user.php?id=$UserID");

  373.         error();

  374.     } elseif ($Username == '0' || $Username == '1') {

  375.         error('You cannot set a username of "0" or "1".');

  376.         header("Location: user.php?id=$UserID");

  377.         error();

  378.     } else {

  379.         $UpdateSet[] = "Username = '$Username'";

  380.         $EditSummary[] = "username changed from ".$Cur['Username']." to $Username";

  381.         $LightUpdates['Username'] = $Username;

  382.     }

  383. }

  384. 

  385. if ($Title != db_string($Cur['Title']) && check_perms('users_edit_titles')) {

  386.     // Using the unescaped value for the test to avoid confusion

  387.     if (strlen($_POST['Title']) > 1024) {

  388.         error("Custom titles have a maximum length of 1,024 characters.");

  389.         header("Location: user.php?id=$UserID");

  390.         error();

  391.     } else {

  392.         $UpdateSet[] = "Title = '$Title'";

  393.         $EditSummary[] = "title changed to [code]{$Title}[/code]";

  394.         $LightUpdates['Title'] = $_POST['Title'];

  395.     }

  396. }

  397. 

  398. if ($Donor != $Cur['Donor'] && check_perms('users_give_donor')) {

  399.     $UpdateSet[] = "Donor = '$Donor'";

  400.     $EditSummary[] = 'donor status changed';

  401.     $LightUpdates['Donor'] = $Donor;

  402. }

  403. 

  404. // Secondary classes

  405. $OldClasses = $Cur['SecondaryClasses'] ? explode(',', $Cur['SecondaryClasses']) : [];

  406. $DroppedClasses = array_diff($OldClasses, $SecondaryClasses);

  407. $AddedClasses   = array_diff($SecondaryClasses, $OldClasses);

  408. 

  409. if (count($DroppedClasses) > 0) {

  410.     $ClassChanges = [];

  411.     foreach ($DroppedClasses as $PermID) {

  412.         $ClassChanges[] = $Classes[$PermID]['Name'];

  413.     }

  414. 

  415.     $EditSummary[] = 'Secondary classes dropped: '.implode(', ', $ClassChanges);

  416.     $DB->query("

  417.       DELETE FROM users_levels

  418.       WHERE UserID = '$UserID'

  419.         AND PermissionID IN (".implode(',', $DroppedClasses).')');

  420. 

  421.     if (count($SecondaryClasses) > 0) {

  422.         $LightUpdates['ExtraClasses'] = array_fill_keys($SecondaryClasses, 1);

  423.     } else {

  424.         $LightUpdates['ExtraClasses'] = [];

  425.     }

  426.     $DeleteKeys = true;

  427. }

  428. 

  429. if (count($AddedClasses) > 0) {

  430.     $ClassChanges = [];

  431.     foreach ($AddedClasses as $PermID) {

  432.         $ClassChanges[] = $Classes[$PermID]['Name'];

  433.     }

  434. 

  435.     $EditSummary[] = "Secondary classes added: ".implode(', ', $ClassChanges);

  436.     $Values = [];

  437. 

  438.     foreach ($AddedClasses as $PermID) {

  439.         $Values[] = "($UserID, $PermID)";

  440.     }

  441. 

  442.     $DB->query("

  443.       INSERT INTO users_levels (UserID, PermissionID)

  444.       VALUES ".implode(', ', $Values));

  445. 

  446.     //$LightUpdates['ExtraClasses'] = array_fill_keys($SecondaryClasses, 1);

  447.     $DeleteKeys = true;

  448. }

  449. 

  450. if ($Visible != $Cur['Visible'] && check_perms('users_make_invisible')) {

  451.     $UpdateSet[] = "Visible = '$Visible'";

  452.     $EditSummary[] = 'visibility changed';

  453.     $LightUpdates['Visible'] = $Visible;

  454.     $TrackerUserUpdates['visible'] = $Visible;

  455. }

  456. 

  457. if ($Uploaded != $Cur['Uploaded'] && $Uploaded != $_POST['OldUploaded'] && (check_perms('users_edit_ratio')

  458.   || (check_perms('users_edit_own_ratio') && $UserID == $LoggedUser['ID']))) {

  459.     $UpdateSet[] = "Uploaded = '$Uploaded'";

  460.     $EditSummary[] = "uploaded changed from ".Format::get_size($Cur['Uploaded']).' to '.Format::get_size($Uploaded);

  461.     $Cache->delete_value("user_stats_$UserID");

  462. }

  463. 

  464. if ($Downloaded != $Cur['Downloaded'] && $Downloaded != $_POST['OldDownloaded'] && (check_perms('users_edit_ratio')

  465.   || (check_perms('users_edit_own_ratio') && $UserID == $LoggedUser['ID']))) {

  466.     $UpdateSet[] = "Downloaded = '$Downloaded'";

  467.     $EditSummary[] = "downloaded changed from ".Format::get_size($Cur['Downloaded']).' to '.Format::get_size($Downloaded);

  468.     $Cache->delete_value("user_stats_$UserID");

  469. }

  470. 

  471. if ($BonusPoints != $Cur['BonusPoints'] && (check_perms('users_edit_ratio') || (check_perms('users_edit_own_ratio') && $UserID == $LoggedUser['ID']))) {

  472.     $UpdateSet[] = "BonusPoints = $BonusPoints";

  473.     $EditSummary[] = "Bonus Points changed from ".$Cur['BonusPoints']." to $BonusPoints";

  474.     $HeavyUpdates['BonusPoints'] = $BonusPoints;

  475. }

  476. 

  477. if ($FLTokens != $Cur['FLTokens'] && (check_perms('users_edit_ratio') || (check_perms('users_edit_own_ratio') && $UserID == $LoggedUser['ID']))) {

  478.     $UpdateSet[] = "FLTokens = $FLTokens";

  479.     $EditSummary[] = "Freeleech Tokens changed from ".$Cur['FLTokens']." to $FLTokens";

  480.     $HeavyUpdates['FLTokens'] = $FLTokens;

  481. }

  482. 

  483. if ($Invites != $Cur['Invites'] && check_perms('users_edit_invites')) {

  484.     $UpdateSet[] = "invites = '$Invites'";

  485.     $EditSummary[] = "number of invites changed to $Invites";

  486.     $HeavyUpdates['Invites'] = $Invites;

  487. }

  488. 

  489. if (check_perms('users_edit_badges')) {

  490.     $query = "DELETE FROM users_badges WHERE UserID = $UserID";

  491.     if (!empty($Badges)) {

  492.         $query .= " AND BadgeID NOT IN (".implode(',', $Badges).")";

  493.     }

  494.     $DB->query($query);

  495. 

  496.     if (!empty($Badges)) {

  497.         $query = "INSERT IGNORE INTO users_badges (UserID, BadgeID) VALUES ";

  498.         $len = count($Badges);

  499.         foreach ($Badges as $i => $BadgeID) {

  500.             $query .= "($UserID, $BadgeID)";

  501.             if ($i < ($len-1)) {

  502.                 $query .= ", ";

  503.             }

  504.         }

  505.         $DB->query($query);

  506.     }

  507. 

  508.     $Cache->delete_value("user_badges_".$UserID);

  509. }

  510. 

  511. if ($Warned == 1 && !$Cur['Warned'] && check_perms('users_warn')) {

  512.     $Weeks = 'week' . ($WarnLength === 1 ? '' : 's');

  513.     Misc::send_pm($UserID, 0, 'You have received a warning', "You have been [url=".site_url()."wiki.php?action=article&amp;name=warnings]warned for $WarnLength {$Weeks}[/url] by [user]".$LoggedUser['Username']."[/user]. The reason given was:

  514. [quote]{$WarnReason}[/quote]");

  515.     $UpdateSet[] = "Warned = NOW() + INTERVAL $WarnLength WEEK";

  516.     $Msg = "warned for $WarnLength $Weeks";

  517. 

  518.     if ($WarnReason) {

  519.         $Msg .= " for \"$WarnReason\"";

  520.     }

  521. 

  522.     $EditSummary[] = db_string($Msg);

  523.     $LightUpdates['Warned'] = time_plus(3600 * 24 * 7 * $WarnLength);

  524. } elseif ($Warned == 0 && $Cur['Warned'] && check_perms('users_warn')) {

  525.     $UpdateSet[] = "Warned = NULL";

  526.     $EditSummary[] = 'warning removed';

  527.     $LightUpdates['Warned'] = null;

  528. } elseif ($Warned == 1 && $ExtendWarning != '---' && check_perms('users_warn')) {

  529.     $Weeks = 'week' . ($ExtendWarning === 1 ? '' : 's');

  530.     Misc::send_pm($UserID, 0, 'Your warning has been extended', "Your warning has been extended by $ExtendWarning $Weeks by [user]".$LoggedUser['Username']."[/user]. The reason given was:

  531. [quote]{$WarnReason}[/quote]");

  532. 

  533.     $UpdateSet[] = "Warned = Warned + INTERVAL $ExtendWarning WEEK";

  534.     $DB->query("

  535.       SELECT Warned + INTERVAL $ExtendWarning WEEK

  536.       FROM users_info

  537.       WHERE UserID = '$UserID'");

  538. 

  539.     list($WarnedUntil) = $DB->next_record();

  540.     $Msg = "warning extended by $ExtendWarning $Weeks to $WarnedUntil";

  541. 

  542.     if ($WarnReason) {

  543.         $Msg .= " for \"$WarnReason\"";

  544.     }

  545. 

  546.     $EditSummary[] = db_string($Msg);

  547.     $LightUpdates['Warned'] = $WarnedUntil;

  548. } elseif ($Warned == 1 && $ExtendWarning == '---' && $ReduceWarning != '---' && check_perms('users_warn')) {

  549.     $Weeks = 'week' . ($ReduceWarning === 1 ? '' : 's');

  550.     Misc::send_pm($UserID, 0, 'Your warning has been reduced', "Your warning has been reduced by $ReduceWarning $Weeks by [user]".$LoggedUser['Username']."[/user]. The reason given was:

  551. [quote]{$WarnReason}[/quote]");

  552.     $UpdateSet[] = "Warned = Warned - INTERVAL $ReduceWarning WEEK";

  553.     $DB->query("

  554.       SELECT Warned - INTERVAL $ReduceWarning WEEK

  555.       FROM users_info

  556.       WHERE UserID = '$UserID'");

  557. 

  558.     list($WarnedUntil) = $DB->next_record();

  559.     $Msg = "warning reduced by $ReduceWarning $Weeks to $WarnedUntil";

  560. 

  561.     if ($WarnReason) {

  562.         $Msg .= " for \"$WarnReason\"";

  563.     }

  564. 

  565.     $EditSummary[] = db_string($Msg);

  566.     $LightUpdates['Warned'] = $WarnedUntil;

  567. }

  568. 

  569. if ($SupportFor != db_string($Cur['SupportFor']) && (check_perms('admin_manage_fls') || (check_perms('users_mod') && $UserID == $LoggedUser['ID']))) {

  570.     $UpdateSet[] = "SupportFor = '$SupportFor'";

  571.     $EditSummary[] = "First-Line Support status changed to \"$SupportFor\"";

  572. }

  573. 

  574. if ($RestrictedForums != db_string($Cur['RestrictedForums']) && check_perms('users_mod')) {

  575.     $UpdateSet[] = "RestrictedForums = '$RestrictedForums'";

  576.     $EditSummary[] = "restricted forum(s): $RestrictedForums";

  577.     $DeleteKeys = true;

  578. }

  579. 

  580. if ($PermittedForums != db_string($Cur['PermittedForums']) && check_perms('users_mod')) {

  581.     $ForumSet = explode(',', $PermittedForums);

  582.     $ForumList = [];

  583. 

  584.     foreach ($ForumSet as $ForumID) {

  585.         if ($Forums[$ForumID]['MinClassCreate'] <= $LoggedUser['EffectiveClass']) {

  586.             $ForumList[] = $ForumID;

  587.         }

  588.     }

  589. 

  590.     $PermittedForums = implode(',', $ForumSet);

  591.     $UpdateSet[] = "PermittedForums = '$PermittedForums'";

  592.     $EditSummary[] = "permitted forum(s): $PermittedForums";

  593.     $DeleteKeys = true;

  594. }

  595. 

  596. if ($DisableAvatar != $Cur['DisableAvatar'] && check_perms('users_disable_any')) {

  597.     $UpdateSet[] = "DisableAvatar = '$DisableAvatar'";

  598.     $EditSummary[] = 'avatar privileges ' . ($DisableAvatar ? 'disabled' : 'enabled');

  599.     $HeavyUpdates['DisableAvatar'] = $DisableAvatar;

  600. 

  601.     if (!empty($UserReason)) {

  602.         Misc::send_pm($UserID, 0, 'Your avatar privileges have been disabled', "Your avatar privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  603.     }

  604. }

  605. 

  606. if ($DisableLeech != $Cur['can_leech'] && check_perms('users_disable_any')) {

  607.     $UpdateSet[] = "can_leech = '$DisableLeech'";

  608.     $EditSummary[] = "leeching status changed (".translateLeechStatus($Cur['can_leech'])." -> ".translateLeechStatus($DisableLeech).")";

  609.     $HeavyUpdates['DisableLeech'] = $DisableLeech;

  610.     $HeavyUpdates['CanLeech'] = $DisableLeech;

  611. 

  612.     if (!empty($UserReason)) {

  613.         Misc::send_pm($UserID, 0, 'Your leeching privileges have been disabled', "Your leeching privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  614.     }

  615.     $TrackerUserUpdates['can_leech'] = $DisableLeech;

  616. }

  617. 

  618. if ($DisableInvites != $Cur['DisableInvites'] && check_perms('users_disable_any')) {

  619.     $UpdateSet[] = "DisableInvites = '$DisableInvites'";

  620.     if ($DisableInvites == 1) {

  621.         //$UpdateSet[] = "Invites = '0'";

  622.         if (!empty($UserReason)) {

  623.             Misc::send_pm($UserID, 0, 'Your invite privileges have been disabled', "Your invite privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  624.         }

  625.     }

  626. 

  627.     $EditSummary[] = 'invites privileges ' . ($DisableInvites ? 'disabled' : 'enabled');

  628.     $HeavyUpdates['DisableInvites'] = $DisableInvites;

  629. }

  630. 

  631. if ($DisablePosting != $Cur['DisablePosting'] && check_perms('users_disable_posts')) {

  632.     $UpdateSet[] = "DisablePosting = '$DisablePosting'";

  633.     $EditSummary[] = 'posting privileges ' . ($DisablePosting ? 'disabled' : 'enabled');

  634.     $HeavyUpdates['DisablePosting'] = $DisablePosting;

  635. 

  636.     if (!empty($UserReason)) {

  637.         Misc::send_pm($UserID, 0, 'Your forum posting privileges have been disabled', "Your forum posting privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  638.     }

  639. }

  640. 

  641. if ($DisableForums != $Cur['DisableForums'] && check_perms('users_disable_posts')) {

  642.     $UpdateSet[] = "DisableForums = '$DisableForums'";

  643.     $EditSummary[] = 'forums privileges ' . ($DisableForums ? 'disabled' : 'enabled');

  644.     $HeavyUpdates['DisableForums'] = $DisableForums;

  645. 

  646.     if (!empty($UserReason)) {

  647.         Misc::send_pm($UserID, 0, 'Your forum privileges have been disabled', "Your forum privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  648.     }

  649. }

  650. 

  651. if ($DisableTagging != $Cur['DisableTagging'] && check_perms('users_disable_any')) {

  652.     $UpdateSet[] = "DisableTagging = '$DisableTagging'";

  653.     $EditSummary[] = 'tagging privileges ' . ($DisableTagging ? 'disabled' : 'enabled');

  654.     $HeavyUpdates['DisableTagging'] = $DisableTagging;

  655. 

  656.     if (!empty($UserReason)) {

  657.         Misc::send_pm($UserID, 0, 'Your tagging privileges have been disabled', "Your tagging privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  658.     }

  659. }

  660. 

  661. if ($DisableUpload != $Cur['DisableUpload'] && check_perms('users_disable_any')) {

  662.     $UpdateSet[] = "DisableUpload = '$DisableUpload'";

  663.     $EditSummary[] = 'upload privileges ' . ($DisableUpload ? 'disabled' : 'enabled');

  664.     $HeavyUpdates['DisableUpload'] = $DisableUpload;

  665. 

  666.     if ($DisableUpload == 1) {

  667.         Misc::send_pm($UserID, 0, 'Your upload privileges have been disabled', "Your upload privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  668.     }

  669. }

  670. 

  671. if ($DisableWiki != $Cur['DisableWiki'] && check_perms('users_disable_any')) {

  672.     $UpdateSet[] = "DisableWiki = '$DisableWiki'";

  673.     $EditSummary[] = 'wiki privileges ' . ($DisableWiki ? 'disabled' : 'enabled');

  674.     $HeavyUpdates['DisableWiki'] = $DisableWiki;

  675.     $HeavyUpdates['site_edit_wiki'] = 0;

  676. 

  677.     if (!empty($UserReason)) {

  678.         Misc::send_pm($UserID, 0, 'Your site editing privileges have been disabled', "Your site editing privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  679.     }

  680. }

  681. 

  682. if ($DisablePM != $Cur['DisablePM'] && check_perms('users_disable_any')) {

  683.     $UpdateSet[] = "DisablePM = '$DisablePM'";

  684.     $EditSummary[] = 'PM privileges ' . ($DisablePM ? 'disabled' : 'enabled');

  685.     $HeavyUpdates['DisablePM'] = $DisablePM;

  686. 

  687.     if (!empty($UserReason)) {

  688.         Misc::send_pm($UserID, 0, 'Your PM privileges have been disabled', "Your PM privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  689.     }

  690. }

  691. 

  692. if ($DisablePoints != $Cur['DisablePoints'] && check_perms('users_disable_any')) {

  693.     $UpdateSet[] = "DisablePoints = '$DisablePoints'";

  694.     $EditSummary[] = BONUS_POINTS.' earning ' . ($DisablePoints ? 'disabled' : 'enabled');

  695.     $HeavyUpdates['DisablePoints'] = $DisablePoints;

  696. 

  697.     if (!empty($UserReason)) {

  698.         Misc::send_pm($UserID, 0, 'Your '.BONUS_POINTS.'-earning ability has been disabled', "Your ".BONUS_POINTS."-earning ability has been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  699.     }

  700. }

  701. 

  702. if ($DisablePromotion != $Cur['DisablePromotion'] && check_perms('users_disable_any')) {

  703.     $UpdateSet[] = "DisablePromotion = '$DisablePromotion'";

  704.     $EditSummary[] = 'Class purchasing ' . ($DisablePromotion ? 'disabled' : 'enabled');

  705.     $HeavyUpdates['DisablePromotion'] = $DisablePromotion;

  706. 

  707.     if (!empty($UserReason)) {

  708.         Misc::send_pm($UserID, 0, 'Your promotion purchasing ability has been disabled', "Your promotion purchasing ability has been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  709.     }

  710. }

  711. 

  712. if ($DisableIRC != $Cur['DisableIRC'] && check_perms('users_disable_any')) {

  713.     $UpdateSet[] = "DisableIRC = '$DisableIRC'";

  714.     $EditSummary[] = 'IRC privileges ' . ($DisableIRC ? 'disabled' : 'enabled');

  715.     $HeavyUpdates['DisableIRC'] = $DisableIRC;

  716. 

  717.     if (!empty($UserReason)) {

  718.         Misc::send_pm($UserID, 0, 'Your IRC privileges have been disabled', "Your IRC privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url]. This loss of privileges does not affect the ability to join and talk to staff in '.DISABLED_CHAN.'.');

  719.     }

  720. }

  721. 

  722. if ($DisableRequests != $Cur['DisableRequests'] && check_perms('users_disable_any')) {

  723.     $UpdateSet[] = "DisableRequests = '$DisableRequests'";

  724.     $EditSummary[] = 'request privileges ' . ($DisableRequests ? 'disabled' : 'enabled');

  725.     $HeavyUpdates['DisableRequests'] = $DisableRequests;

  726. 

  727.     if (!empty($UserReason)) {

  728.         Misc::send_pm($UserID, 0, 'Your request privileges have been disabled', "Your request privileges have been disabled. The reason given was: [quote]{$UserReason}[/quote] If you would like to discuss this, please join ".DISABLED_CHAN.' on our IRC network. Instructions can be found [url='.site_url().'wiki.php?action=article&amp;name=IRC+-+How+to+join]here[/url].');

  729.     }

  730. }

  731. 

  732. if ($EnableUser != $Cur['Enabled'] && check_perms('users_disable_users')) {

  733.     $EnableStr = 'account '.translateUserStatus($Cur['Enabled']).'->'.translateUserStatus($EnableUser);

  734.     if ($EnableUser == '2') {

  735.         Tools::disable_users($UserID, '', 1);

  736.         $TrackerUserUpdates = [];

  737.     } elseif ($EnableUser == '1') {

  738.         $Cache->increment('stats_user_count');

  739.         $VisibleTrIP = ($Visible && Crypto::decrypt($Cur['IP']) != '127.0.0.1') ? '1' : '0';

  740.         Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $Cur['torrent_pass'], 'visible' => $VisibleTrIP));

  741. 

  742.         if (($Cur['Downloaded'] == 0) || ($Cur['Uploaded'] / $Cur['Downloaded'] >= $Cur['RequiredRatio'])) {

  743.             $UpdateSet[] = "i.RatioWatchEnds = NULL";

  744.             $CanLeech = 1;

  745.             $UpdateSet[] = "m.can_leech = '1'";

  746.             $UpdateSet[] = "i.RatioWatchDownload = '0'";

  747.         } else {

  748.             $EnableStr .= ' (Ratio: '.Format::get_ratio_html($Cur['Uploaded'], $Cur['Downloaded'], false).', RR: '.number_format($Cur['RequiredRatio'], 2).')';

  749.             if ($Cur['RatioWatchEnds']) {

  750.                 $UpdateSet[] = "i.RatioWatchEnds = NOW()";

  751.                 $UpdateSet[] = "i.RatioWatchDownload = m.Downloaded";

  752.                 $CanLeech = 0;

  753.             }

  754.             $TrackerUserUpdates['can_leech'] = 0;

  755.         }

  756. 

  757.         $UpdateSet[] = "i.BanReason = '0'";

  758.         $UpdateSet[] = "Enabled = '1'";

  759.         $LightUpdates['Enabled'] = 1;

  760.     }

  761.     $EditSummary[] = $EnableStr;

  762.     $Cache->replace_value("enabled_$UserID", $EnableUser, 0);

  763. }

  764. 

  765. if ($ResetPasskey == 1 && check_perms('users_edit_reset_keys')) {

  766.     $Passkey = db_string(Users::make_secret());

  767.     $UpdateSet[] = "torrent_pass = '$Passkey'";

  768.     $EditSummary[] = 'passkey reset';

  769.     $HeavyUpdates['torrent_pass'] = $Passkey;

  770.     $TrackerUserUpdates['passkey'] = $Passkey;

  771.     $Cache->delete_value('user_'.$Cur['torrent_pass']);

  772.     // MUST come after the case for updating can_leech

  773. 

  774.     $DB->query("

  775.       INSERT INTO users_history_passkeys

  776.         (UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)

  777.       VALUES

  778.         ('$UserID', '".$Cur['torrent_pass']."', '$Passkey', '".Crypto::encrypt('0.0.0.0')."', NOW())");

  779.     Tracker::update_tracker('change_passkey', array('oldpasskey' => $Cur['torrent_pass'], 'newpasskey' => $Passkey));

  780. }

  781. 

  782. if ($ResetAuthkey == 1 && check_perms('users_edit_reset_keys')) {

  783.     $Authkey = db_string(Users::make_secret());

  784.     $UpdateSet[] = "AuthKey = '$Authkey'";

  785.     $EditSummary[] = 'authkey reset';

  786.     $HeavyUpdates['AuthKey'] = $Authkey;

  787. }

  788. 

  789. if ($SendHackedMail && check_perms('users_disable_any')) {

  790.     $EditSummary[] = "hacked account email sent to $HackedEmail";

  791.     Misc::send_email($HackedEmail, "Your $ENV->SITE_NAME account", "Your $ENV->SITE_NAME account appears to have been compromised. As a security measure, we have disabled your account. To resolve this, please visit us on Slack.");

  792. }

  793. 

  794. if ($MergeStatsFrom && check_perms('users_edit_ratio')) {

  795.     $DB->query("

  796.       SELECT ID, Uploaded, Downloaded

  797.       FROM users_main

  798.       WHERE Username LIKE '$MergeStatsFrom'");

  799. 

  800.     if ($DB->has_results()) {

  801.         list($MergeID, $MergeUploaded, $MergeDownloaded) = $DB->next_record();

  802.         $DB->query("

  803.           UPDATE users_main AS um

  804.             JOIN users_info AS ui ON um.ID = ui.UserID

  805.           SET

  806.             um.Uploaded = 0,

  807.             um.Downloaded = 0,

  808.             ui.AdminComment = CONCAT('".sqltime().' - Stats (Uploaded: '.Format::get_size($MergeUploaded).', Downloaded: '.Format::get_size($MergeDownloaded).', Ratio: '.Format::get_ratio($MergeUploaded, $MergeDownloaded).') merged into '.site_url()."user.php?id=$UserID (".$Cur['Username'].') by '.$LoggedUser['Username']."\n\n', ui.AdminComment)

  809.           WHERE ID = $MergeID");

  810. 

  811.         $UpdateSet[] = "Uploaded = Uploaded + '$MergeUploaded'";

  812.         $UpdateSet[] = "Downloaded = Downloaded + '$MergeDownloaded'";

  813.         $EditSummary[] = 'stats merged from '.site_url()."user.php?id=$MergeID ($MergeStatsFrom) (previous stats: Uploaded: ".Format::get_size($Cur['Uploaded']).', Downloaded: '.Format::get_size($Cur['Downloaded']).', Ratio: '.Format::get_ratio($Cur['Uploaded'], $Cur['Downloaded']).')';

  814.         $Cache->delete_value("user_stats_$UserID");

  815.         $Cache->delete_value("user_stats_$MergeID");

  816.     }

  817. }

  818. 

  819. if ($Pass && check_perms('users_edit_password')) {

  820.     $UpdateSet[] = "PassHash = '".db_string(Users::make_sec_hash($Pass))."'";

  821.     $EditSummary[] = 'password reset';

  822. 

  823.     $Cache->delete_value("user_info_$UserID");

  824.     $Cache->delete_value("user_info_heavy_$UserID");

  825.     $Cache->delete_value("user_stats_$UserID");

  826.     $Cache->delete_value("enabled_$UserID");

  827. 

  828.     $DB->query("

  829.       SELECT SessionID

  830.       FROM users_sessions

  831.       WHERE UserID = '$UserID'");

  832. 

  833.     while (list($SessionID) = $DB->next_record()) {

  834.         $Cache->delete_value("session_{$UserID}_$SessionID");

  835.     }

  836. 

  837.     $Cache->delete_value("users_sessions_$UserID");

  838. 

  839.     $DB->query("

  840.       DELETE FROM users_sessions

  841.       WHERE UserID = '$UserID'");

  842. }

  843. 

  844. if (empty($UpdateSet) && empty($EditSummary)) {

  845.     if (!$Reason) {

  846.         if (str_replace("\r", '', $Cur['AdminComment']) != str_replace("\r", '', $AdminComment) && check_perms('users_disable_any')) {

  847.             $UpdateSet[] = "AdminComment = '$AdminComment'";

  848.         } else {

  849.             header("Location: user.php?id=$UserID");

  850.             error();

  851.         }

  852.     } else {

  853.         $EditSummary[] = 'notes added';

  854.     }

  855. }

  856. 

  857. if (count($TrackerUserUpdates) > 1) {

  858.     Tracker::update_tracker('update_user', $TrackerUserUpdates);

  859. }

  860. 

  861. if ($DeleteKeys) {

  862.     $Cache->delete_value("user_info_$UserID");

  863.     $Cache->delete_value("user_info_heavy_$UserID");

  864. } else {

  865.     $Cache->begin_transaction("user_info_$UserID");

  866.     $Cache->update_row(false, $LightUpdates);

  867.     $Cache->commit_transaction(0);

  868. 

  869.     $Cache->begin_transaction("user_info_heavy_$UserID");

  870.     $Cache->update_row(false, $HeavyUpdates);

  871.     $Cache->commit_transaction(0);

  872. }

  873. 

  874. $Summary = '';

  875. // Create edit summary

  876. if ($EditSummary) {

  877.     $Summary = implode(', ', $EditSummary) . ' by ' . $LoggedUser['Username'];

  878.     $Summary = sqltime() . ' - ' . ucfirst($Summary);

  879. 

  880.     if ($Reason) {

  881.         $Summary .= "\nReason: $Reason";

  882.     }

  883. 

  884. 

  885.     $Summary .= "\n\n$AdminComment";

  886. } elseif (empty($UpdateSet) && empty($EditSummary) && $Cur['AdminComment'] == $_POST['AdminComment']) {

  887.     $Summary = sqltime() . ' - Comment added by ' . $LoggedUser['Username'] . ': ' . "$Reason\n\n";

  888. }

  889. 

  890. if (!empty($Summary)) {

  891.     $UpdateSet[] = "AdminComment = '$Summary'";

  892. } else {

  893.     $UpdateSet[] = "AdminComment = '$AdminComment'";

  894. }

  895. 

  896. // Update cache

  897. 

  898. 

  899. // Build query

  900. 

  901. $SET = implode(', ', $UpdateSet);

  902. 

  903. $SQL = "

  904.   UPDATE users_main AS m

  905.     JOIN users_info AS i ON m.ID = i.UserID

  906.   SET $SET

  907.   WHERE m.ID = '$UserID'";

  908. 

  909. // Perform update

  910. //die($SQL);

  911. $DB->query($SQL);

  912. 

  913. if (isset($ClearStaffIDCache)) {

  914.     $Cache->delete_value('staff_ids');

  915. }

  916. 

  917. // redirect to user page

  918. header("location: user.php?id=$UserID");

  919. 

  920. function translateUserStatus($Status)

  921. {

  922.     switch ($Status) {

  923.     case 0:

  924.       return 'Unconfirmed';

  925.     case 1:

  926.       return 'Enabled';

  927.     case 2:

  928.       return 'Disabled';

  929.     default:

  930.       return $Status;

  931.   }

  932. }

  933. 

  934. function translateLeechStatus($Status)

  935. {

  936.     switch ($Status) {

  937.     case 0:

  938.       return 'Disabled';

  939.     case 1:

  940.       return 'Enabled';

  941.     default:

  942.       return $Status;

  943.   }

  944. }