/** * Moderates an item * * This will actually perform moderation (approve or delete) one or more items * * @param array $mid Array of items * @param array $action Array of actions to perform on items * @param string $type Type of items ('story', etc.) * @param int $count Number of items to moderate * @return string HTML for "command and control" page * */ function moderation($mid, $action, $type, $count) { global $_CONF, $_TABLES; $retval = ''; switch ($type) { case 'story': $id = 'sid'; $table = $_TABLES['stories']; $submissiontable = $_TABLES['storysubmission']; $fields = 'sid,uid,tid,title,introtext,date,postmode'; break; case 'comment': $id = 'cid'; $submissiontable = $_TABLES['commentsubmissions']; $sidArray[] = ''; break; default: if (strlen($type) <= 0) { // something is terribly wrong, bail $retval .= COM_errorLog("Unable to find type of {$type} in moderation() in moderation.php"); return $retval; } list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type); } // Set true if an valid action other than delete_all is selected $formaction = false; for ($i = 0; $i < $count; $i++) { if (isset($action[$i]) and $action[$i] != '') { $formaction = true; } else { continue; } switch ($action[$i]) { case 'delete': if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $mid[$i]); } if (empty($mid[$i])) { $retval .= COM_errorLog("moderation.php just tried deleting everything in table {$submissiontable} because it got an empty id. Please report this immediately to your site administrator"); return $retval; } if ($type == 'draft') { STORY_deleteStory($mid[$i]); } else { DB_delete($submissiontable, "{$id}", $mid[$i]); } break; case 'approve': if ($type == 'story') { $result = DB_query("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '{$mid[$i]}'"); $A = DB_fetchArray($result); $A['related'] = addslashes(implode("\n", STORY_extractLinks($A['introtext']))); $A['owner_id'] = $A['uid']; $A['title'] = addslashes($A['title']); $A['introtext'] = addslashes($A['introtext']); $A['bodytext'] = addslashes($A['bodytext']); $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); $T = DB_fetchArray($result); if ($T['archive_flag'] == 1) { $frontpage = 0; } else { if (isset($_CONF['frontpage'])) { $frontpage = $_CONF['frontpage']; } else { $frontpage = 1; } } DB_save($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); DB_delete($_TABLES['storysubmission'], "{$id}", $mid[$i]); PLG_itemSaved($A['sid'], 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'draft') { DB_query("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'"); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'comment') { $sid = CMT_approveModeration($mid[$i]); if (!in_array($sid, $sidArray)) { $sidArray[$i] = $sid; } } else { // This is called in case this is a plugin. There may be some // plugin specific processing that needs to happen. DB_copy($table, $fields, $fields, $submissiontable, $id, $mid[$i]); $retval .= PLG_approveSubmission($type, $mid[$i]); } } } break; } } // after loop update comment tree and count for each story if (isset($sidArray)) { foreach ($sidArray as $sid) { CMT_rebuildTree($sid); //update comment count of stories; $comments = DB_count($_TABLES['comments'], 'sid', $sid); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid); } } //Add new comment users to group comment.submit group if (isset($_POST['publishfuture'])) { for ($i = 0; $i < count($_POST['publishfuture']); $i++) { $uid = COM_applyFilter($_POST['publishfuture'][$i], true); if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid)) { SEC_addUserToGroup($uid, 'Comment Submitters'); } } } // Check if there was no direct action used on the form // and if the delete_all submit action was used if (!$formaction and isset($_POST['delitem'])) { foreach ($_POST['delitem'] as $delitem) { $delitem = COM_applyFilter($delitem); if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $delitem); } if ($type == 'draft') { STORY_deleteStory($delitem); } else { DB_delete($submissiontable, "{$id}", $delitem); } } } $retval .= commandcontrol(SEC_createToken()); return $retval; }
/** * Displays items needing moderation * * Displays the moderation list of items from the submission tables * * @type string Type of object to build list for * */ function MODERATE_itemList($type = '', $token) { global $_CONF, $_TABLES, $LANG01, $LANG24, $LANG29, $LANG_ADMIN, $_IMAGE_TYPE; $retval = ''; if (empty($type)) { COM_errorLog("Submissions Error: Attempted to generate a moderation list for a null item type."); } else { switch ($type) { case 'user': // user ----------------------------------------------- $result = DB_query("SELECT uid,username,fullname,email,UNIX_TIMESTAMP(regdate) AS day FROM {$_TABLES['users']} WHERE status = 2"); $nrows = DB_numRows($result); if ($nrows > 0) { $data_arr = array(); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $A['edit'] = $_CONF['site_admin_url'] . '/user.php?edit=x&uid=' . $A['uid']; $A['fullname'] = $A['fullname']; $A['email'] = $A['email']; $A['_type_'] = 'user'; $A['_key_'] = 'uid'; $data_arr[$i] = $A; } $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $LANG29[16], 'field' => 1, 'nowrap' => true), array('text' => $LANG29[17], 'field' => 2), array('text' => $LANG29[18], 'field' => 3, 'nowrap' => true), array('text' => $LANG29[47], 'field' => 4, 'align' => 'center'), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px')); $text_arr = array('has_menu' => false, 'title' => $LANG29[40], 'help_url' => 'ccusersubmission.html', 'no_data' => '', 'form_url' => "{$_CONF['site_admin_url']}/moderation.php"); $actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/> ' . $LANG29[1]; $actions .= ' '; $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete']; $options = array('chkselect' => true, 'chkfield' => 'uid', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions); $form_arr['bottom'] = '<input type="hidden" name="type" value="user"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="moderation" value="x"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>'; $retval = ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token); } break; case 'draftstory': // draft story ---------------------------------- $result = DB_query("SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid,uid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL('AND') . COM_getPermSQL('AND', 0, 3) . " ORDER BY date ASC"); $nrows = DB_numRows($result); if ($nrows > 0) { $data_arr = array(); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $A['edit'] = $_CONF['site_admin_url'] . '/story.php?draft=x&sid=' . $A['id']; $A['title'] = $A['title']; $A['tid'] = $A['tid']; $A['_type_'] = 'draftstory'; $A['_key_'] = 'sid'; $data_arr[$i] = $A; } $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $LANG29[10], 'field' => 'title'), array('text' => $LANG29[14], 'field' => 'day', 'align' => 'center', 'width' => '15%'), array('text' => $LANG29[15], 'field' => 'tid', 'width' => '20%'), array('text' => $LANG29[46], 'field' => 'uid', 'width' => '15%', 'nowrap' => true), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px')); $text_arr = array('has_menu' => false, 'title' => $LANG29[35] . ' (' . $LANG24[34] . ')', 'help_url' => '', 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php"); $actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/> ' . $LANG29[1]; $actions .= ' '; $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete']; $options = array('chkselect' => true, 'chkfield' => 'id', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions); $form_arr['bottom'] = '<input type="hidden" name="type" value="draftstory"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>'; $retval .= ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token); } break; // draftstory // draftstory default: // plugin ------------------------------------------------- $function = 'plugin_itemlist_' . $type; if (function_exists($function)) { $plugin = new Plugin(); $plugin = $function($token); // if the plugin returns a string, it wants to control it's own // moderation. as far as I can tell - no plugin has used this yet // it appears to be a feature that was added in glFusion 1.1.0rc1 // but never actually used if (is_string($plugin) && !empty($plugin)) { return '<div class="block-box">' . $plugin . '</div>'; // otherwise this is a plugin object (historical approach) } elseif (is_object($plugin)) { $helpfile = $plugin->submissionhelpfile; $sql = $plugin->getsubmissionssql; $H = $plugin->submissionheading; $section_title = $plugin->submissionlabel; $section_help = $helpfile; $isplugin = true; } } // this needs to be removed when story moves into a plugin if ($type == 'story') { $isplugin = false; } // we really only need the id from this list, so that we know key/id field name list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type); // the first 4 columns default to Title, Date, Topic and Submitted By unless otherwise // specified. not sure I like this approach - but whatever - it's not // breaking anything at the momemnt if (!isset($H[0]) || empty($H[0])) { $H[0] = $LANG29[10]; } if (!isset($H[1]) || empty($H[1])) { $H[1] = $LANG29[14]; } if (!isset($H[2]) || empty($H[2])) { $H[2] = $LANG29[15]; } if (!isset($H[3]) || empty($H[3])) { $H[3] = $LANG29[46]; } // run SQL but this time ignore any errors. note that the max items for // each type that can be moderated is limited to 50 if (!empty($sql)) { $sql .= ' LIMIT 50'; // quick'n'dirty workaround to prevent timeouts $result = DB_query($sql, 1); } if (empty($sql) || DB_error()) { $nrows = 0; // more than likely a plugin that doesn't need moderation } else { $nrows = DB_numRows($result); } if ($nrows > 0) { // only generate list html if there are items to moderate $data_arr = array(); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); if ($isplugin) { $A['edit'] = $_CONF['site_admin_url'] . '/plugins/' . $type . '/index.php?moderate=x' . '&' . $key . '=' . $A[0]; } else { $A['edit'] = $_CONF['site_admin_url'] . '/' . $type . '.php?moderate=x' . '&' . $key . '=' . $A[0]; } $A['_type_'] = $type; // type of item $A['_key_'] = $key; // name of key/id field $data_arr[$i] = $A; // push row data into array } $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $H[0], 'field' => 1), array('text' => $H[1], 'field' => 2, 'align' => 'center', 'width' => '15%'), array('text' => $H[2], 'field' => 3, 'width' => '20%'), array('text' => $H[3], 'field' => 4, 'width' => '15%', 'nowrap' => true), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px')); $text_arr = array('has_menu' => false, 'title' => $section_title, 'help_url' => $section_help, 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php"); $actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/> ' . $LANG29[1]; $actions .= ' '; $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete']; $options = array('chkselect' => true, 'chkfield' => 'id', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions); $form_arr['bottom'] = '<input type="hidden" name="type" value="' . $type . '"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="moderation" value="x"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>'; $retval .= ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token); } break; // plugin } // switch ($type) } // !empty($type) return $retval; }