<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
class acp_bots
{
var $u_action;
function main($id, $mode)
{
global $config, $db, $user, $template, $cache, $request, $phpbb_log;
global $phpbb_root_path, $phpEx;
$action = $request->variable('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$mark = $request->variable('mark', array(0));
$bot_id = $request->variable('id', 0);
if (isset($_POST['add']))
{
$action = 'add';
}
$error = array();
$user->add_lang('acp/bots');
$this->tpl_name = 'acp_bots';
$this->page_title = 'ACP_BOTS';
$form_key = 'acp_bots';
add_form_key($form_key);
if ($submit && !check_form_key($form_key))
{
$error[] = $user->lang['FORM_INVALID'];
}
// User wants to do something, how inconsiderate of them!
switch ($action)
{
case 'activate':
if ($bot_id || count($mark))
{
$sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')';
$sql = 'UPDATE ' . BOTS_TABLE . "
SET bot_active = 1
WHERE bot_id $sql_id";
$db->sql_query($sql);
}
$cache->destroy('_bots');
break;
case 'deactivate':
if ($bot_id || count($mark))
{
$sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')';
$sql = 'UPDATE ' . BOTS_TABLE . "
SET bot_active = 0
WHERE bot_id $sql_id";
$db->sql_query($sql);
}
$cache->destroy('_bots');
break;
case 'delete':
if ($bot_id || count($mark))
{
if (confirm_box(true))
{
// We need to delete the relevant user, usergroup and bot entries ...
$sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')';
$sql = 'SELECT bot_name, user_id
FROM ' . BOTS_TABLE . "
WHERE bot_id $sql_id";
$result = $db->sql_query($sql);
$user_id_ary = $bot_name_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$user_id_ary[] = (int) $row['user_id'];
$bot_name_ary[] = $row['bot_name'];
}
$db->sql_freeresult($result);
$db->sql_transaction('begin');
$sql = 'DELETE FROM ' . BOTS_TABLE . "
WHERE bot_id $sql_id";
$db->sql_query($sql);
if (count($user_id_ary))
{
$_tables = array(USERS_TABLE, USER_GROUP_TABLE);
foreach ($_tables as $table)
{
$sql = "DELETE FROM $table
WHERE " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
}
}
$db->sql_transaction('commit');
$cache->destroy('_bots');
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_BOT_DELETE', false, array(implode(', ', $bot_name_ary)));
trigger_error($user->lang['BOT_DELETED'] . adm_back_link($this->u_action));
}
else
{
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
'mark' => $mark,
'id' => $bot_id,
'mode' => $mode,
'action' => $action))
);
}
}
break;
case 'edit':
case 'add':
if (!function_exists('user_update_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$bot_row = array(
'bot_name' => $request->variable('bot_name', '', true),
'bot_agent' => $request->variable('bot_agent', ''),
'bot_ip' => $request->variable('bot_ip', ''),
'bot_active' => $request->variable('bot_active', true),
'bot_lang' => $request->variable('bot_lang', $config['default_lang']),
'bot_style' => $request->variable('bot_style' , $config['default_style']),
);
if ($submit)
{
if (!$bot_row['bot_agent'] && !$bot_row['bot_ip'])
{
$error[] = $user->lang['ERR_BOT_NO_MATCHES'];
}
if ($bot_row['bot_ip'] && !preg_match('#^[\d\.,:]+$#', $bot_row['bot_ip']))
{
if (!$ip_list = gethostbynamel($bot_row['bot_ip']))
{
$error[] = $user->lang['ERR_BOT_NO_IP'];
}
else
{
$bot_row['bot_ip'] = implode(',', $ip_list);
}
}
$bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']);
// Make sure the admin is not adding a bot with an user agent similar to his one
if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent'], 0, 149))
{
$error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA'];
}
$bot_name = false;
if ($bot_id)
{
$sql = 'SELECT u.username_clean
FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u
WHERE b.bot_id = $bot_id
AND u.user_id = b.user_id";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$bot_row)
{
$error[] = $user->lang['NO_BOT'];
}
else
{
$bot_name = $row['username_clean'];
}
}
if (!$this->validate_botname($bot_row['bot_name'], $bot_name))
{
$error[] = $user->lang['BOT_NAME_TAKEN'];
}
if (!count($error))
{
// New bot? Create a new user and group entry
if ($action == 'add')
{
$sql = 'SELECT group_id, group_colour
FROM ' . GROUPS_TABLE . "
WHERE group_name = 'BOTS'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$group_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$group_row)
{
trigger_error($user->lang['NO_BOT_GROUP'] . adm_back_link($this->u_action . "&id=$bot_id&action=$action"), E_USER_WARNING);
}
$user_id = user_add(array(
'user_type' => (int) USER_IGNORE,
'group_id' => (int) $group_row['group_id'],
'username' => (string) $bot_row['bot_name'],
'user_regdate' => time(),
'user_password' => '',
'user_colour' => (string) $group_row['group_colour'],
'user_email' => '',
'user_lang' => (string) $bot_row['bot_lang'],
'user_style' => (int) $bot_row['bot_style'],
'user_allow_massemail' => 0,
));
$sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => (int) $user_id,
'bot_name' => (string) $bot_row['bot_name'],
'bot_active' => (int) $bot_row['bot_active'],
'bot_agent' => (string) $bot_row['bot_agent'],
'bot_ip' => (string) $bot_row['bot_ip'])
);
$db->sql_query($sql);
$log = 'ADDED';
}
else if ($bot_id)
{
$sql = 'SELECT user_id, bot_name
FROM ' . BOTS_TABLE . "
WHERE bot_id = $bot_id";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
trigger_error($user->lang['NO_BOT'] . adm_back_link($this->u_action . "&id=$bot_id&action=$action"), E_USER_WARNING);
}
$sql_ary = array(
'user_style' => (int) $bot_row['bot_style'],
'user_lang' => (string) $bot_row['bot_lang'],
);
if ($bot_row['bot_name'] !== $row['bot_name'])
{
$sql_ary['username'] = (string) $bot_row['bot_name'];
$sql_ary['username_clean'] = (string) utf8_clean_string($bot_row['bot_name']);
}
$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$sql = 'UPDATE ' . BOTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
'bot_name' => (string) $bot_row['bot_name'],
'bot_active' => (int) $bot_row['bot_active'],
'bot_agent' => (string) $bot_row['bot_agent'],
'bot_ip' => (string) $bot_row['bot_ip'])
) . " WHERE bot_id = $bot_id";
$db->sql_query($sql);
// Updated username?
if ($bot_row['bot_name'] !== $row['bot_name'])
{
user_update_name($row['bot_name'], $bot_row['bot_name']);
}
$log = 'UPDATED';
}
$cache->destroy('_bots');
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_BOT_' . $log, false, array($bot_row['bot_name']));
trigger_error($user->lang['BOT_' . $log] . adm_back_link($this->u_action));
}
}
else if ($bot_id)
{
$sql = 'SELECT b.*, u.user_lang, u.user_style
FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u
WHERE b.bot_id = $bot_id
AND u.user_id = b.user_id";
$result = $db->sql_query($sql);
$bot_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$bot_row)
{
trigger_error($user->lang['NO_BOT'] . adm_back_link($this->u_action . "&id=$bot_id&action=$action"), E_USER_WARNING);
}
$bot_row['bot_lang'] = $bot_row['user_lang'];
$bot_row['bot_style'] = $bot_row['user_style'];
unset($bot_row['user_lang'], $bot_row['user_style']);
}
$s_active_options = '';
$_options = array('0' => 'NO', '1' => 'YES');
foreach ($_options as $value => $lang)
{
$selected = ($bot_row['bot_active'] == $value) ? ' selected="selected"' : '';
$s_active_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$lang] . '</option>';
}
$style_select = style_select($bot_row['bot_style'], true);
$lang_select = language_select($bot_row['bot_lang']);
$l_title = ($action == 'edit') ? 'EDIT' : 'ADD';
$template->assign_vars(array(
'L_TITLE' => $user->lang['BOT_' . $l_title],
'U_ACTION' => $this->u_action . "&id=$bot_id&action=$action",
'U_BACK' => $this->u_action,
'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '',
'BOT_NAME' => $bot_row['bot_name'],
'BOT_IP' => $bot_row['bot_ip'],
'BOT_AGENT' => $bot_row['bot_agent'],
'S_EDIT_BOT' => true,
'S_ACTIVE_OPTIONS' => $s_active_options,
'S_STYLE_OPTIONS' => $style_select,
'S_LANG_OPTIONS' => $lang_select,
'S_ERROR' => (count($error)) ? true : false,
)
);
return;
break;
}
if ($request->is_ajax() && ($action == 'activate' || $action == 'deactivate'))
{
$json_response = new \phpbb\json_response;
$json_response->send(array(
'text' => $user->lang['BOT_' . (($action == 'activate') ? 'DE' : '') . 'ACTIVATE'],
));
}
$s_options = '';
$_options = array('activate' => 'BOT_ACTIVATE', 'deactivate' => 'BOT_DEACTIVATE', 'delete' => 'DELETE');
foreach ($_options as $value => $lang)
{
$s_options .= '<option value="' . $value . '">' . $user->lang[$lang] . '</option>';
}
$template->assign_vars(array(
'U_ACTION' => $this->u_action,
'S_BOT_OPTIONS' => $s_options)
);
$sql = 'SELECT b.bot_id, b.bot_name, b.bot_active, u.user_lastvisit
FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . ' u
WHERE u.user_id = b.user_id
ORDER BY u.user_lastvisit DESC, b.bot_name ASC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$active_lang = (!$row['bot_active']) ? 'BOT_ACTIVATE' : 'BOT_DEACTIVATE';
$active_value = (!$row['bot_active']) ? 'activate' : 'deactivate';
$template->assign_block_vars('bots', array(
'BOT_NAME' => $row['bot_name'],
'BOT_ID' => $row['bot_id'],
'LAST_VISIT' => ($row['user_lastvisit']) ? $user->format_date($row['user_lastvisit']) : $user->lang['BOT_NEVER'],
'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&id={$row['bot_id']}&action=$active_value",
'L_ACTIVATE_DEACTIVATE' => $user->lang[$active_lang],
'U_EDIT' => $this->u_action . "&id={$row['bot_id']}&action=edit",
'U_DELETE' => $this->u_action . "&id={$row['bot_id']}&action=delete")
);
}
$db->sql_freeresult($result);
}
/**
* Validate bot name against username table
*/
function validate_botname($newname, $oldname = false)
{
global $db;
if ($oldname && utf8_clean_string($newname) === $oldname)
{
return true;
}
// Admins might want to use names otherwise forbidden, thus we only check for duplicates.
$sql = 'SELECT username
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($newname)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
return ($row) ? false : true;
}
}