} else {
header("Location: /post/edit/" . $_POST["id"] . "/failure");
}
break;
case "like":
$result = post_like($url_parts[4]);
header('Content-Type: application/json');
print json_encode($result);
break;
case "unlike":
$result = post_unlike($url_parts[4]);
header('Content-Type: application/json');
print json_encode($result);
break;
case "delete":
$result = post_delete($url_parts[4]);
header("Location: /" . $_SESSION["user_name"]);
break;
}
break;
// post
// post
case "comment":
require_once "lib/api/comments.php";
require_once "lib/api/likes.php";
switch ($url_parts[3]) {
case "add":
$result = comment_add();
header("Location: " . $_SERVER["HTTP_REFERER"] . "#comments");
break;
case "delete":
empty($post) and message(-1, '帖子不存在:' . $pid);
$tid = $post['tid'];
$thread = thread_read($tid);
empty($thread) and message(-1, '主题不存在:' . $tid);
$fid = $thread['fid'];
$forum = forum_read($fid);
empty($forum) and message(-1, '板块不存在:' . $fid);
$isfirst = $post['isfirst'];
!forum_access_user($fid, $gid, 'allowpost') and message(-1, '您(' . $user['groupname'] . ')无权限在此版块回帖');
$allowdelete = forum_access_mod($fid, $gid, 'allowdelete');
!$allowdelete and !$post['allowdelete'] and message(-1, '无权删除该帖');
if ($isfirst) {
// 清除所有的回复。喜欢。还有相关资源
thread_delete($tid);
} else {
post_delete($pid);
post_list_cache_delete($tid);
}
message(0, '删除成功');
// 接受 base64 文件上传
} elseif ($action == 'upload') {
// 允许的文件后缀名
$types = (include './conf/attach.conf.php');
$allowtypes = $types['all'];
empty($uid) and message(-1, '游客不允许上传文件');
empty($group['allowattach']) and $gid != 1 and message(-1, '您无权上传');
$conf['ipaccess_on'] and !ipaccess_check($longip, 'attachs') and message(-1, '您的 IP 今日上传附件数达到上限,请明天再来。');
$conf['ipaccess_on'] and !ipaccess_check($longip, 'attachsizes') and message(-1, '您的 IP 今日上传附件尺寸达到上限,请明天再来。');
$isimage = param(2, 0);
$tid = 0;
$fid = 0;
function user_delete($user_id, $delete_posts = false)
{
global $bb_cfg, $log_action;
if (!($user_csv = get_id_csv($user_id))) {
return false;
}
if (!($user_id = DB()->fetch_rowset("SELECT user_id FROM " . BB_USERS . " WHERE user_id IN({$user_csv})", 'user_id'))) {
return false;
}
$user_csv = get_id_csv($user_id);
// LOG
$log_action->admin('adm_user_delete', array('log_msg' => get_usernames_for_log($user_id)));
// Avatar
$result = DB()->query("SELECT user_id, avatar_ext_id FROM " . BB_USERS . " WHERE avatar_ext_id > 0 AND user_id IN({$user_csv})");
while ($row = DB()->fetch_next($result)) {
delete_avatar($row['user_id'], $row['avatar_ext_id']);
}
if ($delete_posts) {
post_delete('user', $user_id);
} else {
DB()->query("UPDATE " . BB_POSTS . " SET poster_id = " . DELETED . " WHERE poster_id IN({$user_csv})");
}
DB()->query("UPDATE " . BB_GROUPS . " SET group_moderator = 2 WHERE group_single_user = 0 AND group_moderator IN({$user_csv})");
DB()->query("UPDATE " . BB_TOPICS . " SET topic_poster = " . DELETED . " WHERE topic_poster IN({$user_csv})");
DB()->query("UPDATE " . BB_BT_TORRENTS . " SET poster_id = " . DELETED . " WHERE poster_id IN({$user_csv})");
DB()->query("\n\t\tDELETE ug, g, a, qt1, qt2\n\t\tFROM " . BB_USER_GROUP . " ug\n\t\tLEFT JOIN " . BB_GROUPS . " g ON(g.group_id = ug.group_id AND g.group_single_user = 1)\n\t\tLEFT JOIN " . BB_AUTH_ACCESS . " a ON(a.group_id = g.group_id)\n\t\tLEFT JOIN " . BB_QUOTA . " qt1 ON(qt1.user_id = ug.user_id)\n\t\tLEFT JOIN " . BB_QUOTA . " qt2 ON(qt2.group_id = g.group_id)\n\t\tWHERE ug.user_id IN({$user_csv})\n\t");
DB()->query("\n\t\tDELETE u, ban, pu, s, tw, asn\n\t\tFROM " . BB_USERS . " u\n\t\tLEFT JOIN " . BB_BANLIST . " ban ON(ban.ban_userid = u.user_id)\n\t\tLEFT JOIN " . BB_POLL_USERS . " pu ON(pu.user_id = u.user_id)\n\t\tLEFT JOIN " . BB_SESSIONS . " s ON(s.session_user_id = u.user_id)\n\t\tLEFT JOIN " . BB_TOPICS_WATCH . " tw ON(tw.user_id = u.user_id)\n\t\tLEFT JOIN " . BB_AUTH_ACCESS_SNAP . " asn ON(asn.user_id = u.user_id)\n\t\tWHERE u.user_id IN({$user_csv})\n\t");
DB()->query("\n\t\tDELETE btu, tr\n\t\tFROM " . BB_BT_USERS . " btu\n\t\tLEFT JOIN " . BB_BT_TRACKER . " tr ON(tr.user_id = btu.user_id)\n\t\tWHERE btu.user_id IN({$user_csv})\n\t");
// PM
DB()->query("\n\t\tDELETE pm, pmt\n\t\tFROM " . BB_PRIVMSGS . " pm\n\t\tLEFT JOIN " . BB_PRIVMSGS_TEXT . " pmt ON(pmt.privmsgs_text_id = pm.privmsgs_id)\n\t\tWHERE pm.privmsgs_from_userid IN({$user_csv})\n\t\t\tAND pm.privmsgs_type IN(" . PRIVMSGS_SENT_MAIL . ',' . PRIVMSGS_SAVED_OUT_MAIL . ")\n\t");
DB()->query("\n\t\tDELETE pm, pmt\n\t\tFROM " . BB_PRIVMSGS . " pm\n\t\tLEFT JOIN " . BB_PRIVMSGS_TEXT . " pmt ON(pmt.privmsgs_text_id = pm.privmsgs_id)\n\t\tWHERE pm.privmsgs_to_userid IN({$user_csv})\n\t\t\tAND pm.privmsgs_type IN(" . PRIVMSGS_READ_MAIL . ',' . PRIVMSGS_SAVED_IN_MAIL . ")\n\t");
DB()->query("UPDATE " . BB_PRIVMSGS . " SET privmsgs_from_userid = " . DELETED . " WHERE privmsgs_from_userid IN({$user_csv})");
DB()->query("UPDATE " . BB_PRIVMSGS . " SET privmsgs_to_userid = " . DELETED . " WHERE privmsgs_to_userid IN({$user_csv})");
// Delete user feed
foreach (explode(',', $user_csv) as $user_id) {
$file_path = $bb_cfg['atom']['path'] . '/u/' . floor($user_id / 5000) . '/' . $user_id % 100 . '/' . $user_id . '.atom';
@unlink($file_path);
}
}
function post_delete_by_tid($tid)
{
$postlist = post_find_by_tid($tid);
foreach ($postlist as $post) {
post_delete($post['pid']);
}
return count($postlist);
}
}
$is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
}
if (!defined('WORD_LIST_OBTAINED')) {
$orig_word = array();
$replace_word = array();
obtain_word_list($orig_word, $replace_word);
define('WORD_LIST_OBTAINED', true);
}
switch ($this->request['type']) {
case 'delete':
if ($post['post_id'] != $post['topic_first_post_id'] && $is_auth['auth_delete'] && ($is_auth['auth_mod'] || $userdata['user_id'] == $post['poster_id'] && $post['topic_last_post_id'] == $post['post_id'] && $post['post_time'] + 3600 * 3 > TIMENOW)) {
if (empty($this->request['confirmed'])) {
$this->prompt_for_confirm($lang['CONFIRM_DELETE']);
}
post_delete($post_id);
// Update atom feed
update_atom('topic', (int) $this->request['topic_id']);
$this->response['hide'] = true;
$this->response['post_id'] = $post_id;
} else {
$this->ajax_die(sprintf($lang['SORRY_AUTH_DELETE'], strip_tags($is_auth['auth_delete_type'])));
}
break;
case 'reply':
if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
$this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT']));
} elseif (!$is_auth['auth_reply']) {
$this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
}
$quote_username = $post['post_username'] != '' ? $post['post_username'] : get_username($post['poster_id']);
$preview_message['CONTENT'] = message_get_content($tid, $pid);
if (strlen(trim($preview_message['CONTENT'])) < 1 && !thread_is_poll($tid)) {
post_edit_refuse($tid, $pid);
}
if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
post_edit_refuse($tid, $pid);
}
if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
post_edit_refuse($tid, $pid);
}
} else {
html_draw_error(gettext("That post does not exist in this thread!"));
}
}
if (isset($_POST['delete']) && is_numeric($tid) && is_numeric($pid)) {
if (post_delete($tid, $pid)) {
post_add_edit_text($tid, $pid);
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $preview_message['FROM_UID'] != session::get_value('UID')) {
admin_add_log_entry(DELETE_POST, array($t_fid, $tid, $pid));
}
if ($thread_data['LENGTH'] > 1) {
header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&delete_success={$msg}");
exit;
} else {
header_redirect("discussion.php?webtag={$webtag}&delete_success={$msg}");
exit;
}
} else {
$error_msg_array[] = gettext("Error deleting post");
}
}
session_start();
if (isset($_SESSION['member']['time'])) {
$_SESSION['member']['time'] = time();
}
if (isset($_GET['do'])) {
$to = isset($_GET['to']) ? $_GET['to'] : 0;
$at = isset($_GET['at']) ? $_GET['at'] : 0;
switch ($_GET['do']) {
case 'view':
post_view($to);
break;
case 'edit':
post_edit($to);
break;
case 'delete':
post_delete($to);
break;
case 'reply':
comment_add($to, TRUE);
break;
case 'comment':
comment_edit($to);
break;
case 'clear':
comment_delete($to);
break;
case 'post':
post_add($at);
break;
case 'board':
board_view($at);
function delete_post($mode, $post_data, &$message, &$meta, $forum_id, $topic_id, $post_id)
{
global $lang;
$message = $lang['DELETED'];
post_delete($post_id);
set_die_append_msg($forum_id, $topic_id);
}
$deleted_topics = topic_delete($user_topics);
$deleted_posts = post_delete('user', $user_id);
$this->response['info'] = $lang['USER_DELETED_POSTS'];
} else {
$this->ajax_die($lang['NOT_ADMIN']);
}
break;
case 'delete_message':
if (empty($this->request['confirmed']) && $userdata['user_id'] == $user_id) {
$this->prompt_for_confirm($lang['DELETE_USER_POSTS_ME']);
}
if (empty($this->request['confirmed'])) {
$this->prompt_for_confirm($lang['DELETE_USER_POSTS_CONFIRM']);
}
if (IS_ADMIN) {
post_delete('user', $user_id);
$this->response['info'] = $lang['USER_DELETED_POSTS'];
} else {
$this->ajax_die($lang['NOT_ADMIN']);
}
break;
case 'user_activate':
if (empty($this->request['confirmed'])) {
$this->prompt_for_confirm($lang['DEACTIVATE_CONFIRM']);
}
DB()->query("UPDATE " . BB_USERS . " SET user_active = '1' WHERE user_id = " . $user_id);
$this->response['info'] = $lang['USER_ACTIVATE_ON'];
break;
case 'user_deactivate':
if ($userdata['user_id'] == $user_id) {
$this->ajax_die($lang['USER_DEACTIVATE_ME']);
if ($process_valid && !session::check_perm(USER_PERM_POST_EDIT | USER_PERM_POST_READ, $delete_fid)) {
$process_valid = false;
}
if ($process_valid && !session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid)) {
$process_valid = false;
}
if ($process_valid && !($thread_data = thread_get($delete_tid, false, false, true))) {
$process_valid = false;
}
if ($process_valid && !($preview_message = messages_get($delete_tid, $delete_pid, 1))) {
$process_valid = false;
}
if ($process_valid && isset($preview_message['APPROVED'])) {
$process_valid = false;
}
if ($process_valid && post_delete($delete_tid, $delete_pid)) {
post_add_edit_text($delete_tid, $delete_pid);
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid) && (!isset($preview_message['FROM_UID']) || $preview_message['FROM_UID'] != $_SESSION['UID'])) {
admin_add_log_entry(DELETE_POST, array($delete_fid, $delete_tid, $delete_pid));
}
} else {
$valid = false;
}
}
if ($valid) {
header_redirect("admin_post_approve.php?webtag={$webtag}&page={$page}&delete_success=true");
exit;
} else {
$error_msg_array[] = gettext("Failed to delete some messages");
}
} else {
}
sync('topic', array($topic_id, $new_topic_id));
sync('forum', array($forum_id, $new_forum_id));
//bot
$message = $lang['TOPIC_SPLIT'] . '<br /><br /><a href="' . "viewtopic.php?" . POST_TOPIC_URL . "={$topic_id}&sid=" . $userdata['session_id'] . '">' . $lang['TOPIC_SPLIT_OLD'] . '</a>';
$message .= ' :: <a href="' . "viewtopic.php?" . POST_TOPIC_URL . "={$new_topic_id}&sid=" . $userdata['session_id'] . '">' . $lang['TOPIC_SPLIT_NEW'] . '</a>';
// Log action
$log_action->mod('mod_topic_split', array('forum_id' => $forum_id, 'forum_id_new' => $new_forum_id, 'topic_id' => $topic_id, 'topic_title' => get_topic_title($topic_id), 'topic_id_new' => $new_topic_id, 'topic_title_new' => htmlCHR($_POST['subject'])));
bb_die($message);
}
} elseif ($post_id_sql && $delete_posts) {
if (!$is_auth['auth_delete']) {
bb_die(sprintf($lang['SORRY_AUTH_DELETE'], $is_auth['auth_delete_type']));
}
// Delete posts
$result = post_delete(explode(',', $post_id_sql));
$msg = $result ? $lang['DELETE_POSTS_SUCCESFULLY'] : 'No posts were removed';
bb_die(return_msg_mcp($msg));
} else {
$sql = "SELECT u.username, p.*, pt.post_text, p.post_username\n\t\t\t\tFROM " . BB_POSTS . " p, " . BB_USERS . " u, " . BB_POSTS_TEXT . " pt\n\t\t\t\tWHERE p.topic_id = {$topic_id}\n\t\t\t\t\tAND p.poster_id = u.user_id\n\t\t\t\t\tAND p.post_id = pt.post_id\n\t\t\t\tORDER BY p.post_time ASC";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not get topic / post information');
}
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" /><input type="hidden" name="' . POST_TOPIC_URL . '" value="' . $topic_id . '" /><input type="hidden" name="mode" value="split" />';
if (($total_posts = DB()->num_rows($result)) > 0) {
$postrow = DB()->sql_fetchrowset($result);
$template->assign_vars(array('FORUM_NAME' => htmlCHR($forum_name), 'U_VIEW_FORUM' => FORUM_URL . $forum_id, 'S_SPLIT_ACTION' => 'modcp.php', 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_FORUM_SELECT' => get_forum_select('admin', 'new_forum_id', $forum_id)));
for ($i = 0; $i < $total_posts; $i++) {
$post_id = $postrow[$i]['post_id'];
$poster_id = $postrow[$i]['poster_id'];
$poster = $postrow[$i]['username'];