Mirror/Gazelle
1
0
Fork 0
mirror of https://github.com/WhatCD/Gazelle.git synced 2024-12-12 18:36:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Empty commit

Browse Source
This commit is contained in:
Git 2015-10-25 08:00:28 +00:00
parent 219d4d352a
commit 80a10f0584
21 changed files with 371 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
classes/script_start.php
View File

@ -380,7 +380,18 @@ function authorize($Ajax = false) {
'query' => $_SERVER['QUERY_STRING'],
'get' => $_GET,
'post' => array_diff_key($_POST, $StripPostKeys)), 600);
require(SERVER_ROOT.'/sections/'.$Document.'/index.php');
// Locked account constant
define('STAFF_LOCKED', 1);
$AllowedPages = ['staffpm', 'ajax', 'locked', 'logout', 'login'];
if (isset(G::$LoggedUser['LockedAccount']) && !in_array($Document, $AllowedPages)) {
require(SERVER_ROOT . '/sections/locked/index.php');
} else {
require(SERVER_ROOT . '/sections/' . $Document . '/index.php');
}
$Debug->set_flag('completed module execution');
/* Required in the absence of session_start() for providing that pages will change

28
classes/siteoptions.class.php Normal file
View File

@ -0,0 +1,28 @@
<?
/**
* Class to manage site options
*/
class SiteOptions {
/**
* Get a site option
*
* @param string $Name The option name
* @param string $DefaultValue The value to default to if the name can't be found in the cache
*/
public static function getSiteOption($Name, $DefaultValue) {
$Value = G::$Cache->get_value('site_option_' . $Name);
if ($Value === false) {
G::$DB->query("SELECT Value FROM site_options WHERE Name = '" . db_string($Name) . "'");
if (G::$DB->has_results()) {
list($Value) = G::$DB->next_record();
G::$Cache->cache_value('site_option_' . $Name, $Value);
}
}
return ($Value === false ? $DefaultValue : $Value);
}
}

39
classes/users.class.php
View File

@ -52,6 +52,7 @@ public static function user_info($UserID) {
// the !isset($UserInfo['Paranoia']) can be removed after a transition period
if (empty($UserInfo) || empty($UserInfo['ID']) || !isset($UserInfo['Paranoia']) || empty($UserInfo['Class'])) {
$OldQueryID = G::$DB->get_query_id();
G::$DB->query("
SELECT
m.ID,
@ -66,12 +67,15 @@ public static function user_info($UserID) {
m.Title,
i.CatchupTime,
m.Visible,
la.Type AS LockedAccount,
GROUP_CONCAT(ul.PermissionID SEPARATOR ',') AS Levels
FROM users_main AS m
INNER JOIN users_info AS i ON i.UserID = m.ID
LEFT JOIN locked_accounts AS la ON la.UserID = m.ID
LEFT JOIN users_levels AS ul ON ul.UserID = m.ID
WHERE m.ID = '$UserID'
GROUP BY m.ID");
if (!G::$DB->has_results()) { // Deleted user, maybe?
$UserInfo = array(
'ID' => $UserID,
@ -98,6 +102,10 @@ public static function user_info($UserID) {
$UserInfo['Class'] = $Classes[$UserInfo['PermissionID']]['Level'];
}
if ($UserInfo['LockedAccount'] == "") {
unset($UserInfo['LockedAccount']);
}
if (!empty($UserInfo['Levels'])) {
$UserInfo['ExtraClasses'] = array_fill_keys(explode(',', $UserInfo['Levels']), 1);
} else {
@ -538,6 +546,7 @@ public static function format_username($UserID, $Badges = false, $IsWarned = tru
. (G::$LoggedUser['ID'] === $UserID ? ' - Expires ' . date('Y-m-d H:i', strtotime($UserInfo['Warned'])) : '')
. '" class="tooltip" /></a>' : '';
$Str .= ($IsEnabled && $UserInfo['Enabled'] == 2) ? '<a href="rules.php"><img src="'.STATIC_SERVER.'common/symbols/disabled.png" alt="Banned" title="Be good, and you won\'t end up like this user" class="tooltip" /></a>' : '';
if ($Badges) {
$ClassesDisplay = array();
@ -745,4 +754,34 @@ public static function has_autocomplete_enabled($Type, $Output = true) {
return $Enabled;
}
}
/**
* Initiate a password reset
*
* @param int $UserID The user ID
* @param string $Username The username
* @param string $Email The email address
*/
public static function resetPassword($UserID, $Username, $Email)
{
$ResetKey = Users::make_secret();
G::$DB->query("
UPDATE users_info
SET
ResetKey = '" . db_string($ResetKey) . "',
ResetExpires = '" . time_plus(60 * 60) . "'
WHERE UserID = '$UserID'");
require(SERVER_ROOT . '/classes/templates.class.php');
$TPL = NEW TEMPLATE;
$TPL->open(SERVER_ROOT . '/templates/password_reset.tpl'); // Password reset template
$TPL->set('Username', $Username);
$TPL->set('ResetKey', $ResetKey);
$TPL->set('IP', $_SERVER['REMOTE_ADDR']);
$TPL->set('SITE_NAME', SITE_NAME);
$TPL->set('SITE_URL', NONSSL_SITE_URL);
Misc::send_email($Email, 'Password reset information for ' . SITE_NAME, $TPL->get(), 'noreply');
}
}

4
classes/view.class.php
View File

@ -26,7 +26,7 @@ public static function show_header($PageTitle = '', $JSIncludes = '', $CSSInclud
empty($_REQUEST['type']) ? false : $_REQUEST['type'] // Type
);
if (!is_array(G::$LoggedUser) || empty(G::$LoggedUser['ID'])) {
if (!is_array(G::$LoggedUser) || empty(G::$LoggedUser['ID']) || $PageTitle == 'Recover Password :: ' . SITE_NAME) {
require(SERVER_ROOT.'/design/publicheader.php');
} else {
require(SERVER_ROOT.'/design/privateheader.php');
@ -43,7 +43,7 @@ public static function show_header($PageTitle = '', $JSIncludes = '', $CSSInclud
*/
public static function show_footer($Options = array()) {
global $ScriptStartTime, $SessionID, $UserSessions, $Debug, $Time, $Mobile;
if (!is_array(G::$LoggedUser)) {
if (!is_array(G::$LoggedUser) || $Options['recover'] === true) {
require(SERVER_ROOT.'/design/publicfooter.php');
} else {
require(SERVER_ROOT.'/design/privatefooter.php');

5
docs/CHANGES.txt
View File

@ -1,5 +1,10 @@
CHANGE LOG
2015-10-24 by newman
Implement locked accounts and site options. Locked accounts is an intermediary between enabled and disabled, and is presented on a user's staff tools. It limits the user to navigating to only the locked page and staffpm. Site options eliminates the need to hardcode values that may change in the future.
Users can now also reset their password without logging out.
2015-10-21 by newman
Update the IRC message sent when creating a new staff blog to be more useful

17
gazelle.sql
View File

@ -554,6 +554,13 @@ CREATE TABLE `library_contest` (
PRIMARY KEY (`UserID`,`TorrentID`)
) ENGINE=InnoDB CHARSET utf8;
CREATE TABLE `locked_accounts` (
`UserID` int(10) unsigned NOT NULL,
`Type` tinyint(1) NOT NULL,
PRIMARY KEY (`UserID`),
CONSTRAINT `fk_user_id` FOREIGN KEY (`UserID`) REFERENCES `users_main` (`ID`) ON DELETE CASCADE
) ENGINE=InnoDB CHARSET utf8;
CREATE TABLE `log` (
`ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
`Message` varchar(400) NOT NULL,
@ -795,6 +802,16 @@ CREATE TABLE `site_history` (
PRIMARY KEY (`ID`)
) ENGINE=InnoDB CHARSET utf8;
CREATE TABLE `site_options` (
`ID` int(11) NOT NULL AUTO_INCREMENT,
`Name` varchar(64) NOT NULL,
`Value` tinytext NOT NULL,
`Comment` text NOT NULL,
PRIMARY KEY (`ID`),
UNIQUE KEY `Name` (`Name`),
KEY `name_index` (`Name`)
) ENGINE=InnoDB CHARSET utf8;
CREATE TABLE `sphinx_a` (
`gid` int(11) DEFAULT NULL,
`aname` text,

1
locked.php Normal file
View File

@ -0,0 +1 @@
<? require('classes/script_start.php');

42
sections/locked/default.php Normal file
View File

@ -0,0 +1,42 @@
<?
View::show_header('Locked Account');
?>
<div class="header">
<h2>Locked Account</h2>
</div>
<? if (G::$LoggedUser['LockedAccount'] == STAFF_LOCKED) { ?>
<div class="box pad">
<p>Your account has been locked. Please send a <a href="staffpm.php">Staff PM</a> to find out how this happened.</p>
</div>
<? } /*<strip>*/ else if (G::$LoggedUser['LockedAccount'] == EXPIRED_PASSWORD || check_perms('users_mod')) { ?>
<div class="box pad">
<p>
Private tracker accounts are frequently targeted by hackers who sell accounts or invites, and over the
past few weeks a significant number of What.CD accounts have been hacked.
<strong class="important_text">Every single account that was hacked had an old password that had also
been used on other sites.</strong>
When passwords used on other sites are leaked, accounts on What.CD become vulnerable.
</p><br />
<p>
Dealing with hacked accounts is time-consuming and inconvenient for both staff members and the users
involved. If you see this page, it's because your password hasn't been changed in at least the last two
years. To continue using What.CD, you must choose a new password.
</p><br />
<p>
Remember: <strong class="important_text">NEVER use your What.CD
password on other sites.</strong>
</p><br />
<p>
Click <a href="locked.php?action=sendEmail">here</a> to send a confirmation email to verify
that the original account owner is resetting the password. <br />
<i>Note: </i> When clicking this link, click "Log In", or nagivate to any What.CD page to continue back
to the site. Resetting your password will <b>not</b> log you out.
</p><br />
<p>
If you no longer have access to your email <?=$Email?>, click
<a href="locked.php?action=staffpm">here</a> and staff will help you via the Staff Inbox.
</p>
</div>
<? }
//</strip>
View::show_footer();

8
sections/locked/index.php Normal file
View File

@ -0,0 +1,8 @@
<?
enforce_login();
if (!check_perms('users_mod') && !isset(G::$LoggedUser['LockedAccount'])) {
error(404);
}
include('defult.php');

24
sections/login/index.php
View File

@ -4,7 +4,8 @@
Add the JavaScript validation into the display page using the class
//-----------------------------------*/
if (!empty($LoggedUser['ID'])) {
// Allow users to reset their password while logged in
if(!empty($LoggedUser['ID']) && $_REQUEST['act'] != 'recover') {
header('Location: index.php');
die();
}
@ -85,7 +86,6 @@
} else {
// Either his key has expired, or he hasn't requested a pass change at all
if (strtotime($Expires) < time() && $UserID) {
// If his key has expired, clear all the reset information
$DB->query("
@ -124,25 +124,8 @@
if ($UserID) {
// Email exists in the database
// Set ResetKey, send out email, and set $Sent to 1 to show success page
$ResetKey = Users::make_secret();
$DB->query("
UPDATE users_info
SET
ResetKey = '".db_string($ResetKey)."',
ResetExpires = '".time_plus(60 * 60)."'
WHERE UserID = '$UserID'");
Users::resetPassword($UserID, $Username, $Email);
require(SERVER_ROOT.'/classes/templates.class.php');
$TPL = NEW TEMPLATE;
$TPL->open(SERVER_ROOT.'/templates/password_reset.tpl'); // Password reset template
$TPL->set('Username', $Username);
$TPL->set('ResetKey', $ResetKey);
$TPL->set('IP', $_SERVER['REMOTE_ADDR']);
$TPL->set('SITE_NAME', SITE_NAME);
$TPL->set('SITE_URL', NONSSL_SITE_URL);
Misc::send_email($Email, 'Password reset information for '.SITE_NAME, $TPL->get(),'noreply');
$Sent = 1; // If $Sent is 1, recover_step1.php displays a success message
//Log out all of the users current sessions
@ -181,7 +164,6 @@
} // End if (step 1)
} // End password recovery
// Normal login
else {
$Validate->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));

2
sections/login/recover_step1.php
View File

@ -29,5 +29,5 @@
</div>
</form>
<?
View::show_footer();
View::show_footer(['recover' => true]);
?>

2
sections/login/recover_step2.php
View File

@ -34,5 +34,5 @@
</div>
</form>
<?
View::show_footer();
View::show_footer(['recover' => true]);
?>

122
sections/tools/development/site_options.php Normal file
View File

@ -0,0 +1,122 @@
<?
if (!check_perms('admin_manage_permissions')) {
error(403);
}
if (isset($_POST['submit'])) {
authorize();
if ($_POST['submit'] == 'Delete') {
$Name = db_string($_POST['name']);
$DB->query("DELETE FROM site_options WHERE Name = '" . $Name . "'");
$Cache->delete_value('site_option_' . $Name);
} else {
$Val->SetFields('name', '1', 'regex', 'The name must be separated by underscores. No spaces are allowed.', array('regex' => '/^[a-z][_a-z0-9]{0,63}$/i'));
$Val->SetFields('value', '1', 'string', 'You must specify a value for the option.');
$Val->SetFields('comment', '1', 'string', 'You must specify a comment for the option.');
$Error = $Val->ValidateForm($_POST);
if ($Error) {
error($Error);
}
$Name = db_string($_POST['name']);
$Value = db_string($_POST['value']);
$Comment = db_string($_POST['comment']);
if ($_POST['submit'] == 'Edit') {
$DB->query("SELECT Name FROM site_options WHERE ID = '" . db_string($_POST['id']) . "'");
list($OldName) = $DB->next_record();
$DB->query("
UPDATE site_options
SET
Name = '$Name',
Value = '$Value',
Comment = '$Comment'
WHERE ID = '" . db_string($_POST['id']) . "'
");
$Cache->delete_value('site_option_' . $OldName);
} else {
$DB->query("
INSERT INTO site_options (Name, Value, Comment)
VALUES ('$Name', '$Value', '$Comment')
");
}
$Cache->delete_value('site_option_' . $Name);
}
}
$DB->query("
SELECT
ID,
Name,
Value,
Comment
FROM site_options
ORDER BY LOWER(Name) DESC
");
View::show_header('Site Options');
?>
<div class="header">
<h2>Site Options</h2>
</div>
<table width="100%">
<tr class="colhead">
<td>
<span class="tooltip" title="Words must be separated by underscores">Name</span>
</td>
<td>Value</td>
<td>Comment</td>
<td>Submit</td>
</tr>
<tr class="rowa">
<form class="create_form" name="site_option" action="" method="post">
<input type="hidden" name="action" value="site_options" />
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
<td>
<input type="text" size="40" name="name" />
</td>
<td>
<input type="text" size="20" name="value" />
</td>
<td>
<input type="text" size="75" name="comment" />
</td>
<td>
<input type="submit" name="submit" value="Create" />
</td>
</form>
</tr>
<?
$Row = 'a';
while (list($ID, $Name, $Value, $Comment) = $DB->next_record()) {
$Row = $Row === 'a' ? 'b' : 'a';
?>
<tr class="row<?=$Row?>">
<form class="manage_form" name="site_option" action="" method="post">
<input type="hidden" name="id" value="<?=$ID?>" />
<input type="hidden" name="action" value="site_options" />
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
<td>
<input type="text" size="40" name="name" value="<?=$Name?>" />
</td>
<td>
<input type="text" size="20" name="value" value="<?=$Value?>" />
</td>
<td>
<input type="text" size="75" name="comment" value="<?=$Comment?>" />
</td>
<td>
<input type="submit" name="submit" value="Edit" />
<input type="submit" name="submit" value="Delete" />
</td>
</form>
</tr>
<?
}
?>
</table>
<? View::show_footer(); ?>

4
sections/tools/index.php
View File

@ -423,6 +423,10 @@
include(SERVER_ROOT.'/sections/tools/misc/manipulate_tree.php');
break;
case 'site_options':
include(SERVER_ROOT.'/sections/tools/development/site_options.php');
break;
case 'recommendations':
include(SERVER_ROOT.'/sections/tools/misc/recommendations.php');
break;

1
sections/tools/tools.php
View File

@ -224,6 +224,7 @@ function create_row($Title, $URL, $HasPermission = false, $Tooltip = false) {
create_row("Rerender stylesheet gallery images", "tools.php?action=rerender_gallery", check_perms("site_debug") || check_perms("users_mod"));
create_row("Schedule", "schedule.php?auth=$LoggedUser[AuthKey]", check_perms("site_debug"));
create_row("Service stats", "tools.php?action=service_stats", check_perms("site_debug"));
create_row("Site options", "tools.php?action=site_options", check_perms('admin_manage_permissions'));
create_row("Tracker info", "tools.php?action=ocelot_info", check_perms("users_mod"));
create_row("Update GeoIP", "tools.php?action=update_geoip", check_perms("admin_update_geoip"));

24
sections/user/advancedsearch.php
View File

@ -152,6 +152,7 @@ function num_compare($Field, $Operand, $Num1, $Num2 = '') {
$Val->SetFields('matchtype', '0', 'inarray', 'Invalid matchtype field', array('inarray' => array('strict', 'fuzzy', 'regex')));
$Val->SetFields('lockedaccount', '0', 'inarray', 'Invalid locked account field', array('inarray' => array('any', 'locked', 'unlocked')));
$Val->SetFields('enabled', '0', 'inarray', 'Invalid enabled field', array('inarray' => array('', 0, 1, 2)));
$Val->SetFields('class', '0', 'inarray', 'Invalid class', array('inarray' => $ClassIDs));
@ -283,6 +284,19 @@ function num_compare($Field, $Operand, $Num1, $Num2 = '') {
}
}
if ($_GET['lockedaccount'] != '' && $_GET['lockedaccount'] != 'any') {
$Join['la'] = '';
if ($_GET['lockedaccount'] == 'unlocked') {
$Join['la'] .= ' LEFT';
$Where[] = ' la.UserID IS NULL';
}
$Join['la'] .= ' JOIN locked_accounts AS la ON la.UserID = um1.ID ';
}
if (!empty($_GET['cc'])) {
if ($_GET['cc_op'] == 'equal') {
$Where[] = "um1.ipcc = '".db_string($_GET['cc'])."'";
@ -516,8 +530,14 @@ function num_compare($Field, $Operand, $Num1, $Num2 = '') {
<td>
<input type="text" name="ip" size="20" value="<?=display_str($_GET['ip'])?>" />
</td>
<td class="label nobr"></td>
<td></td>
<td class="label nobr">Locked Account:</td>
<td>
<select name="lockedaccount">
<option value="any"<? if ($_GET['lockedaccount'] == 'any') { echo ' selected="selected"'; } ?>>Any</option>
<option value="locked"<? if ($_GET['lockedaccount'] == 'locked') { echo ' selected="selected"'; } ?>>Locked</option>
<option value="unlocked"<? if ($_GET['lockedaccount'] == 'unlocked') { echo ' selected="selected"'; } ?>>Unlocked</option>
</select>
</td>
<td class="label nobr">Secondary class:</td>
<td>
<select name="secclass">

3
sections/user/invite.php
View File

@ -139,7 +139,8 @@
&& ($UserCount <= USER_LIMIT || USER_LIMIT == 0 || check_perms('site_can_invite_always'))
) { ?>
<div class="box pad">
<p>Please note that the selling, trading, or publicly giving away our invitations&#8202;&mdash;&#8202;or responding to public invite requests&#8202;&mdash;&#8202;is strictly forbidden, and may result in you and your entire invite tree being banned. This includes offering to give away our invitations on any forum which is not a class-restricted forum on another private tracker.</p>
<p>Please note that selling, trading, or publicly giving away our invitations&#8202;&mdash;&#8202;or responding to public invite requests&#8202;&mdash;&#8202;is strictly forbidden, and may result in you and your entire invite tree being banned. This includes offering to give away our invitations on any forum which is not a class-restricted forum on another private tracker.</p>
<p>Do not send an invite to anyone who has previously had a <?=SITE_NAME?> account. Please direct them to <?=BOT_DISABLED_CHAN?> on <?=BOT_SERVER?> if they wish to reactivate their account.</p>
<p>Remember that you are responsible for ALL invitees, and your account and/or privileges may be disabled due to your invitees' actions. You should know the person you're inviting. If you aren't familiar enough with the user to trust them, we suggest not inviting them.</p>
<p><em>Do not send an invite if you have not read or do not understand the information above.</em></p>
</div>

5
sections/user/take_invite.php
View File

@ -70,11 +70,16 @@
}
$InviteKey = db_string(Users::make_secret());
$DisabledChan = BOT_DISABLED_CHAN;
$IRCServer = BOT_SERVER;
$Message = <<<EOT
The user $Username has invited you to join $SiteName and has specified this address ($CurEmail) as your email address. If you do not know this person, please ignore this email, and do not reply.
Please note that selling invites, trading invites, and giving invites away publicly (e.g. on a forum) is strictly forbidden. If you have received your invite as a result of any of these things, do not bother signing up - you will be banned and lose your chances of ever signing up legitimately.
If you have previously had an account at $SiteName, do not use this invite. Instead, please join $DisabledChan on $IRCServer and ask for your account to be reactivated.
To confirm your invite, click on the following link:
{$SiteURL}register.php?invite=$InviteKey

27
sections/user/takemoderate.php
View File

@ -71,6 +71,8 @@
$DisableIRC = isset($_POST['DisableIRC']) ? 1 : 0;
$DisableRequests = isset($_POST['DisableRequests']) ? 1 : 0;
$DisableLeech = isset($_POST['DisableLeech']) ? 0 : 1;
$LockedAccount = isset($_POST['LockAccount']) ? 1 : 0;
$LockType = $_POST['LockReason'];
$RestrictedForums = db_string(trim($_POST['RestrictedForums']));
$PermittedForums = db_string(trim($_POST['PermittedForums']));
@ -86,7 +88,6 @@
}
$MergeStatsFrom = db_string($_POST['MergeStatsFrom']);
$Reason = db_string($_POST['Reason']);
$HeavyUpdates = array();
$LightUpdates = array();
@ -127,12 +128,14 @@
m.RequiredRatio,
m.FLTokens,
i.RatioWatchEnds,
la.Type,
SHA1(i.AdminComment) AS CommentHash,
GROUP_CONCAT(l.PermissionID SEPARATOR ',') AS SecondaryClasses
FROM users_main AS m
JOIN users_info AS i ON i.UserID = m.ID
LEFT JOIN permissions AS p ON p.ID = m.PermissionID
LEFT JOIN users_levels AS l ON l.UserID = m.ID
LEFT JOIN locked_accounts AS la ON la.UserID = m.ID
WHERE m.ID = $UserID
GROUP BY m.ID");
@ -183,6 +186,28 @@
$EditSummary = array();
$TrackerUserUpdates = array('passkey' => $Cur['torrent_pass']);
$QueryID = G::$DB->get_query_id();
if ($LockType == '---' || $LockedAccount == 0) {
if ($Cur['Type']) {
$DB->query("DELETE FROM locked_accounts WHERE UserID = '" . $UserID . "'");
$EditSummary[] = 'Account unlocked';
}
} else if (!$Cur['Type'] || $Cur['Type'] != $LockType) {
$DB->query("INSERT INTO locked_accounts (UserID, Type)
VALUES ('" . $UserID . "', '" . $LockType . "')
ON DUPLICATE KEY UPDATE Type = '" . $LockType . "'");
if ($Cur['Type'] != $LockType) {
$EditSummary[] = 'Account lock reason changed to ' . $LockType;
} else {
$EditSummary[] = 'Account locked (' . $LockType . ')';
}
}
$Cache->delete_value("user_info_" . $UserID);
$DB->set_query_id($QueryID);
if ($_POST['ResetRatioWatch'] && check_perms('users_edit_reset_keys')) {
$DB->query("
UPDATE users_info

30
sections/user/user.php
View File

@ -66,12 +66,14 @@
i.DisableRequests," . "
m.FLTokens,
SHA1(i.AdminComment),
i.InfoTitle
i.InfoTitle,
la.Type AS LockedAccount
FROM users_main AS m
JOIN users_info AS i ON i.UserID = m.ID
LEFT JOIN users_main AS inviter ON i.Inviter = inviter.ID
LEFT JOIN permissions AS p ON p.ID = m.PermissionID
LEFT JOIN forums_posts AS posts ON posts.AuthorID = m.ID
LEFT JOIN locked_accounts AS la ON la.UserID = m.ID
WHERE m.ID = '$UserID'
GROUP BY AuthorID");
@ -79,7 +81,7 @@
header("Location: log.php?search=User+$UserID");
}
list($Username, $Email, $LastAccess, $IP, $Class, $Uploaded, $Downloaded, $RequiredRatio, $CustomTitle, $torrent_pass, $Enabled, $Paranoia, $Invites, $DisableLeech, $Visible, $JoinDate, $Info, $Avatar, $AdminComment, $Donor, $Artist, $Warned, $SupportFor, $RestrictedForums, $PermittedForums, $InviterID, $InviterName, $ForumPosts, $RatioWatchEnds, $RatioWatchDownload, $DisableAvatar, $DisableInvites, $DisablePosting, $DisableForums, $DisableTagging, $DisableUpload, $DisableWiki, $DisablePM, $DisableIRC, $DisableRequests, $FLTokens, $CommentHash, $InfoTitle) = $DB->next_record(MYSQLI_NUM, array(8, 11));
list($Username, $Email, $LastAccess, $IP, $Class, $Uploaded, $Downloaded, $RequiredRatio, $CustomTitle, $torrent_pass, $Enabled, $Paranoia, $Invites, $DisableLeech, $Visible, $JoinDate, $Info, $Avatar, $AdminComment, $Donor, $Artist, $Warned, $SupportFor, $RestrictedForums, $PermittedForums, $InviterID, $InviterName, $ForumPosts, $RatioWatchEnds, $RatioWatchDownload, $DisableAvatar, $DisableInvites, $DisablePosting, $DisableForums, $DisableTagging, $DisableUpload, $DisableWiki, $DisablePM, $DisableIRC, $DisableRequests, $FLTokens, $CommentHash, $InfoTitle, $LockedAccount) = $DB->next_record(MYSQLI_NUM, array(8, 11));
} else { // Person viewing is a normal user
$DB->query("
SELECT
@ -1219,6 +1221,30 @@ function check_paranoia_here($Setting) {
</tr>
<? } ?>
</table>
<? if (check_perms('users_disable_any')) { ?>
<table class="layout">
<tr class="colhead">
<td colspan="2">
Lock Account
</td>
</tr>
<tr>
<td class="label">Lock Account:</td>
<td>
<input type="checkbox" name="LockAccount" id="LockAccount" <? if($LockedAccount) { ?> checked="checked" <? } ?>/>
</td>
</tr>
<tr>
<td class="label">Reason:</td>
<td>
<select name="LockReason">
<option value="---">---</option>
<option value="<?=STAFF_LOCKED?>" <? if ($LockedAccount == STAFF_LOCKED) { ?> selected <? } ?>>Staff Lock</option>
</select>
</td>
</tr>
</table>
<? } ?>
<table class="layout" id="user_privs_box">
<tr class="colhead">
<td colspan="2">

2
templates/invite.tpl
View File

@ -2,6 +2,8 @@ The user {{InviterName}} has invited you to join {{SITE_NAME}}, and has specifie
Please note that selling invites, trading invites, and giving invites away publicly (e.g. on a forum) is strictly forbidden. If you have received your invite as a result of any of these things, do not bother signing up - you will be banned and lose your chances of ever signing up legitimately.
If you had previously had an account at {{SITE_NAME}}, do not use this invite. Instead, please join {{DISABLED_CHAN}} on {{IRC_SERVER}} and ask for your account to be reactivated.
To confirm your invite, click on the following link:
https://{{SITE_URL}}/register.php?invite={{InviteKey}}