/** * Remove a batch of messages (or topics) * * @param int[] $messages * @param mixed[] $messageDetails * @param string $type = replies */ function removeMessages($messages, $messageDetails, $type = 'replies') { global $modSettings; // @todo something's not right, removeMessage() does check permissions, // removeTopics() doesn't if ($type == 'topics') { removeTopics($messages); // and tell the world about it foreach ($messages as $topic) { // Note, only log topic ID in native form if it's not gone forever. logAction('remove', array(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$topic]['board'] ? 'topic' : 'old_topic_id' => $topic, 'subject' => $messageDetails[$topic]['subject'], 'member' => $messageDetails[$topic]['member'], 'board' => $messageDetails[$topic]['board'])); } } else { require_once SUBSDIR . '/Messages.subs.php'; foreach ($messages as $post) { removeMessage($post); logAction('delete', array(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$post]['board'] ? 'topic' : 'old_topic_id' => $messageDetails[$post]['topic'], 'subject' => $messageDetails[$post]['subject'], 'member' => $messageDetails[$post]['member'], 'board' => $messageDetails[$post]['board'])); } } }
function deleteAccount2($profile_vars, $post_errors, $memID) { global $user_info, $sourcedir, $context, $cur_profile, $modSettings, $smcFunc; // Try get more time... @set_time_limit(600); // !!! Add a way to delete pms as well? if (!$context['user']['is_owner']) { isAllowedTo('profile_remove_any'); } elseif (!allowedTo('profile_remove_any')) { isAllowedTo('profile_remove_own'); } checkSession(); $old_profile =& $cur_profile; // Too often, people remove/delete their own only account. if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1) { // Are you allowed to administrate the forum, as they are? isAllowedTo('admin_forum'); $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}members WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AND id_member != {int:selected_member} LIMIT 1', array('admin_group' => 1, 'selected_member' => $memID)); list($another) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if (empty($another)) { fatal_lang_error('at_least_one_admin', 'critical'); } } // This file is needed for the deleteMembers function. require_once $sourcedir . '/Subs-Members.php'; // Do you have permission to delete others profiles, or is that your profile you wanna delete? if ($memID != $user_info['id']) { isAllowedTo('profile_remove_any'); // Now, have you been naughty and need your posts deleting? // !!! Should this check board permissions? if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum')) { // Include RemoveTopics - essential for this type of work! require_once $sourcedir . '/RemoveTopic.php'; // First off we delete any topics the member has started - if they wanted topics being done. if ($_POST['remove_type'] == 'topics') { // Fetch all topics started by this user within the time period. $request = $smcFunc['db_query']('', ' SELECT t.id_topic FROM {db_prefix}topics AS t WHERE t.id_member_started = {int:selected_member}', array('selected_member' => $memID)); $topicIDs = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $topicIDs[] = $row['id_topic']; } $smcFunc['db_free_result']($request); // Actually remove the topics. // !!! This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had. removeTopics($topicIDs); } // Now delete the remaining messages. $request = $smcFunc['db_query']('', ' SELECT m.id_msg FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic AND t.id_first_msg != m.id_msg) WHERE m.id_member = {int:selected_member}', array('selected_member' => $memID)); // This could take a while... but ya know it's gonna be worth it in the end. while ($row = $smcFunc['db_fetch_assoc']($request)) { if (function_exists('apache_reset_timeout')) { @apache_reset_timeout(); } removeMessage($row['id_msg']); } $smcFunc['db_free_result']($request); } // Only delete this poor members account if they are actually being booted out of camp. if (isset($_POST['deleteAccount'])) { deleteMembers($memID); } } elseif (empty($post_errors) && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum')) { // Setup their account for deletion ;) updateMemberData($memID, array('is_activated' => 4)); // Another account needs approval... updateSettings(array('unapprovedMembers' => true), true); } elseif (empty($post_errors)) { deleteMembers($memID); require_once $sourcedir . '/LogInOut.php'; LogOut(true); redirectExit(); } }
function deleteAccount2($profile_vars, $post_errors, $memID) { global $ID_MEMBER, $user_info, $sourcedir, $context, $db_prefix, $user_profile, $modSettings; // !!! Add a way to delete pms as well? if (!$context['user']['is_owner']) { isAllowedTo('profile_remove_any'); } elseif (!allowedTo('profile_remove_any')) { isAllowedTo('profile_remove_own'); } checkSession(); $old_profile =& $user_profile[$memID]; // Too often, people remove/delete their own only account. if (in_array(1, explode(',', $old_profile['additionalGroups'])) || $old_profile['ID_GROUP'] == 1) { // Are you allowed to administrate the forum, as they are? isAllowedTo('admin_forum'); $request = db_query("\n\t\t\tSELECT ID_MEMBER\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE (ID_GROUP = 1 OR FIND_IN_SET(1, additionalGroups))\n\t\t\t\tAND ID_MEMBER != {$memID}\n\t\t\tLIMIT 1", __FILE__, __LINE__); list($another) = mysql_fetch_row($request); mysql_free_result($request); if (empty($another)) { fatal_lang_error('at_least_one_admin'); } } // This file is needed for the deleteMembers function. require_once $sourcedir . '/Subs-Members.php'; // Do you have permission to delete others profiles, or is that your profile you wanna delete? if ($memID != $ID_MEMBER) { isAllowedTo('profile_remove_any'); // Now, have you been naughty and need your posts deleting? // !!! Should this check board permissions? if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum')) { // Include RemoveTopics - essential for this type of work! require_once $sourcedir . '/RemoveTopic.php'; // First off we delete any topics the member has started - if they wanted topics being done. if ($_POST['remove_type'] == 'topics') { // Fetch all topics started by this user within the time period. $request = db_query("\n\t\t\t\t\tSELECT t.ID_TOPIC\n\t\t\t\t\tFROM {$db_prefix}topics AS t\n\t\t\t\t\tWHERE t.ID_MEMBER_STARTED = {$memID}", __FILE__, __LINE__); $topicIDs = array(); while ($row = mysql_fetch_assoc($request)) { $topicIDs[] = $row['ID_TOPIC']; } mysql_free_result($request); // Actually remove the topics. // !!! This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had. removeTopics($topicIDs); } // Now delete the remaining messages. $request = db_query("\n\t\t\t\tSELECT m.ID_MSG\n\t\t\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)\n\t\t\t\tWHERE m.ID_MEMBER = {$memID}\n\t\t\t\t\tAND m.ID_TOPIC = t.ID_TOPIC\n\t\t\t\t\tAND t.ID_FIRST_MSG != m.ID_MSG", __FILE__, __LINE__); // This could take a while... but ya know it's gonna be worth it in the end. while ($row = mysql_fetch_assoc($request)) { removeMessage($row['ID_MSG']); } mysql_free_result($request); } // Only delete this poor members account if they are actually being booted out of camp. if (isset($_POST['deleteAccount'])) { deleteMembers($memID); } } elseif (empty($post_errors) && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum')) { // Setup their account for deletion ;) updateMemberData($memID, array('is_activated' => 4)); // Another account needs approval... updateSettings(array('unapprovedMembers' => true), true); } elseif (empty($post_errors)) { deleteMembers($memID); } }
function mob_m_ban_user($rpcmsg) { global $mobdb, $context, $func, $user_info, $modSettings, $user_info, $sourcedir; checkSession('session'); // Cannot ban an user? if (!allowedTo('manage_bans')) { mob_error('cannot ban users'); } $reason = strtr($func['htmlspecialchars']($rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''), array("\r" => '', "\n" => '', "\t" => '')); $username = $rpcmsg->getScalarValParam(0); require_once $sourcedir . '/Subs-Auth.php'; // If we have an user ID, use it otherwise search for the user if (!is_null($id_user)) { $request = $mobdb->query(' SELECT ID_MEMBER FROM {db_prefix}members WHERE ID_MEMBER = {int:member}', array('member' => $id_user)); if ($mobdb->num_rows($request) == 0) { $id_user = null; } else { list($id_user) = $mobdb->fetch_row($request); } $mobdb->free_result($request); } // Otherwise search from the DB, if (is_null($id_user)) { $username = utf8ToAscii($username); $members = findMembers($username); if (empty($members)) { mob_error('user not found'); } $member_ids = array_keys($members); $id_user = $members[$member_ids[0]]['id']; } $member = $id_user; // Create the ban $mobdb->query(' INSERT INTO {db_prefix}ban_groups (name, ban_time, cannot_access, expire_time, reason) VALUES ({string:name}, {int:time}, 1, NULL, {string:reason})', array('time' => time(), 'name' => 'Tapatalk ban (' . $username . ')', 'reason' => $reason)); $id_ban_group = $mobdb->insert_id(); // Insert the user into the ban $mobdb->query(' INSERT INTO {db_prefix}ban_items (ID_BAN_GROUP, ID_MEMBER) VALUES ({int:group}, {int:member})', array('group' => $id_ban_group, 'member' => $member)); // Do we have to delete every post made by this user? // !!! Optimize this if ($rpcmsg->getScalarValParam(1) == 2) { require_once $sourcedir . '/RemoveTopic.php'; @ignore_user_abort(); @set_time_limit(0); $request = $mobdb->query(' SELECT m.ID_MSG AS id_msg FROM {db_prefix}messages AS m LEFT JOIN {db_prefix}topics AS t ON (t.ID_TOPIC = m.ID_TOPIC) WHERE m.ID_MEMBER = {int:member} AND (t.ID_FIRST_MSG != m.ID_MSG OR t.numReplies = 0)', array('member' => $member)); while ($row = $mobdb->fetch_assoc($request)) { removeMessage($row['id_msg']); } $mobdb->free_result($request); } // Return a true response return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean')), 'struct')); }
function ViewWatchedUsers() { global $smcFunc, $modSettings, $context, $txt, $scripturl, $user_info, $sourcedir; // Some important context! $context['page_title'] = $txt['mc_watched_users_title']; $context['view_posts'] = isset($_GET['sa']) && $_GET['sa'] == 'post'; $context['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0; loadTemplate('ModerationCenter'); // Get some key settings! $modSettings['warning_watch'] = empty($modSettings['warning_watch']) ? 1 : $modSettings['warning_watch']; // Put some pretty tabs on cause we're gonna be doing hot stuff here... $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_watched_users_title'], 'help' => '', 'description' => $txt['mc_watched_users_desc']); // First off - are we deleting? if (!empty($_REQUEST['delete'])) { checkSession(!is_array($_REQUEST['delete']) ? 'get' : 'post'); $toDelete = array(); if (!is_array($_REQUEST['delete'])) { $toDelete[] = (int) $_REQUEST['delete']; } else { foreach ($_REQUEST['delete'] as $did) { $toDelete[] = (int) $did; } } if (!empty($toDelete)) { require_once $sourcedir . '/RemoveTopic.php'; // If they don't have permission we'll let it error - either way no chance of a security slip here! foreach ($toDelete as $did) { removeMessage($did); } } } // Start preparing the list by grabbing relevant permissions. if (!$context['view_posts']) { $approve_query = ''; $delete_boards = array(); } else { // Still obey permissions! $approve_boards = boardsAllowedTo('approve_posts'); $delete_boards = boardsAllowedTo('delete_any'); if ($approve_boards == array(0)) { $approve_query = ''; } elseif (!empty($approve_boards)) { $approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')'; } else { $approve_query = ' AND 0'; } } require_once $sourcedir . '/Subs-List.php'; // This is all the information required for a watched user listing. $listOptions = array('id' => 'watch_user_list', 'title' => $txt['mc_watched_users_title'] . ' - ' . ($context['view_posts'] ? $txt['mc_watched_users_post'] : $txt['mc_watched_users_member']), 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $context['view_posts'] ? $txt['mc_watched_users_no_posts'] : $txt['mc_watched_users_none'], 'base_href' => $scripturl . '?action=moderate;area=userwatch;sa=' . ($context['view_posts'] ? 'post' : 'member'), 'default_sort_col' => $context['view_posts'] ? '' : 'member', 'get_items' => array('function' => $context['view_posts'] ? 'list_getWatchedUserPosts' : 'list_getWatchedUsers', 'params' => array($approve_query, $delete_boards)), 'get_count' => array('function' => $context['view_posts'] ? 'list_getWatchedUserPostsCount' : 'list_getWatchedUserCount', 'params' => array($approve_query)), 'columns' => array('member' => array('header' => array('value' => $txt['mc_watched_users_member']), 'data' => array('sprintf' => array('format' => '<a href="' . $scripturl . '?action=profile;u=%1$d">%2$s</a>', 'params' => array('id' => false, 'name' => false))), 'sort' => array('default' => 'real_name', 'reverse' => 'real_name DESC')), 'warning' => array('header' => array('value' => $txt['mc_watched_users_warning']), 'data' => array('function' => create_function('$member', ' global $scripturl; return allowedTo(\'issue_warning\') ? \'<a href="\' . $scripturl . \'?action=profile;area=issuewarning;u=\' . $member[\'id\'] . \'">\' . $member[\'warning\'] . \'%</a>\' : $member[\'warning\'] . \'%\'; ')), 'sort' => array('default' => 'warning', 'reverse' => 'warning DESC')), 'posts' => array('header' => array('value' => $txt['posts']), 'data' => array('sprintf' => array('format' => '<a href="' . $scripturl . '?action=profile;u=%1$d;area=showposts;sa=messages">%2$s</a>', 'params' => array('id' => false, 'posts' => false))), 'sort' => array('default' => 'posts', 'reverse' => 'posts DESC')), 'last_login' => array('header' => array('value' => $txt['mc_watched_users_last_login']), 'data' => array('db' => 'last_login'), 'sort' => array('default' => 'last_login', 'reverse' => 'last_login DESC')), 'last_post' => array('header' => array('value' => $txt['mc_watched_users_last_post']), 'data' => array('function' => create_function('$member', ' global $scripturl; if ($member[\'last_post_id\']) return \'<a href="\' . $scripturl . \'?msg=\' . $member[\'last_post_id\'] . \'">\' . $member[\'last_post\'] . \'</a>\'; else return $member[\'last_post\']; ')))), 'form' => array('href' => $scripturl . '?action=moderate;area=userwatch;sa=post', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id'])), 'additional_rows' => array($context['view_posts'] ? array('position' => 'bottom_of_list', 'value' => ' <input type="submit" name="delete_selected" value="' . $txt['quickmod_delete_selected'] . '" class="button_submit" />', 'align' => 'right') : array())); // If this is being viewed by posts we actually change the columns to call a template each time. if ($context['view_posts']) { $listOptions['columns'] = array('posts' => array('data' => array('function' => create_function('$post', ' return template_user_watch_post_callback($post); ')))); } // Create the watched user list. createList($listOptions); $context['sub_template'] = 'show_list'; $context['default_list'] = 'watch_user_list'; }
function showPosts($memID) { global $txt, $user_info, $scripturl, $modSettings; global $context, $user_profile, $sourcedir, $board, $memberContext, $options; EoS_Smarty::loadTemplate('profile/profile_base'); $context['need_synhlt'] = true; // Some initial context. $context['start'] = (int) $_REQUEST['start']; $context['current_member'] = $memID; // Create the tabs for the template. $context[$context['profile_menu_name']]['tab_data'] = array('title' => $txt['showPosts'], 'description' => $txt['showPosts_help'], 'tabs' => array('messages' => array(), 'topics' => array(), 'attach' => array())); // Set the page title $context['page_title'] = $txt['showPosts'] . ' - ' . $user_profile[$memID]['real_name']; $context['pageindex_multiplier'] = commonAPI::getMessagesPerPage(); $context['can_approve_posts'] = false; // Is the load average too high to allow searching just now? if (!empty($context['load_average']) && !empty($modSettings['loadavg_show_posts']) && $context['load_average'] >= $modSettings['loadavg_show_posts']) { fatal_lang_error('loadavg_show_posts_disabled', false); } if (isset($_GET['sa']) && !empty($modSettings['karmaMode']) && ($_GET['sa'] == 'likes' || $_GET['sa'] == 'likesout')) { require_once $sourcedir . '/Ratings.php'; return LikesByUser($memID); } EoS_Smarty::getConfigInstance()->registerHookTemplate('profile_content_area', 'profile/show_content'); $boards_hidden_1 = boardsAllowedTo('see_hidden1'); $boards_hidden_2 = boardsAllowedTo('see_hidden2'); $boards_hidden_3 = boardsAllowedTo('see_hidden3'); // If we're specifically dealing with attachments use that function! if (isset($_GET['sa']) && $_GET['sa'] == 'attach') { return showAttachments($memID); } // Are we just viewing topics? $context['is_topics'] = isset($_GET['sa']) && $_GET['sa'] == 'topics' ? true : false; // If just deleting a message, do it and then redirect back. if (isset($_GET['delete']) && !$context['is_topics']) { checkSession('get'); // We need msg info for logging. $request = smf_db_query(' SELECT subject, id_member, id_topic, id_board FROM {db_prefix}messages WHERE id_msg = {int:id_msg}', array('id_msg' => (int) $_GET['delete'])); $info = mysql_fetch_row($request); mysql_free_result($request); // Trying to remove a message that doesn't exist. if (empty($info)) { redirectexit('action=profile;u=' . $memID . ';area=showposts;start=' . $_GET['start']); } // We can be lazy, since removeMessage() will check the permissions for us. require_once $sourcedir . '/RemoveTopic.php'; removeMessage((int) $_GET['delete']); // Add it to the mod log. if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $user_info['id'])) { logAction('delete', array('topic' => $info[2], 'subject' => $info[0], 'member' => $info[1], 'board' => $info[3])); } // Back to... where we are now ;). redirectexit('action=profile;u=' . $memID . ';area=showposts;start=' . $_GET['start']); } // Default to 10. if (empty($_REQUEST['viewscount']) || !is_numeric($_REQUEST['viewscount'])) { $_REQUEST['viewscount'] = '10'; } if ($context['is_topics']) { $request = smf_db_query(' SELECT COUNT(*) FROM {db_prefix}topics AS t' . ($user_info['query_see_board'] == '1=1' ? '' : ' INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board AND {query_see_board})') . ' WHERE t.id_member_started = {int:current_member}' . (!empty($board) ? ' AND t.id_board = {int:board}' : '') . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND t.approved = {int:is_approved}'), array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); } else { $request = smf_db_query(' SELECT COUNT(*) FROM {db_prefix}messages AS m' . ($user_info['query_see_board'] == '1=1' ? '' : ' INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})') . ' WHERE m.id_member = {int:current_member}' . (!empty($board) ? ' AND m.id_board = {int:board}' : '') . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND m.approved = {int:is_approved}'), array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); } list($msgCount) = mysql_fetch_row($request); mysql_free_result($request); $request = smf_db_query(' SELECT MIN(id_msg), MAX(id_msg) FROM {db_prefix}messages AS m WHERE m.id_member = {int:current_member}' . (!empty($board) ? ' AND m.id_board = {int:board}' : '') . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND m.approved = {int:is_approved}'), array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); list($min_msg_member, $max_msg_member) = mysql_fetch_row($request); mysql_free_result($request); $reverse = false; $range_limit = ''; $maxIndex = (int) $modSettings['defaultMaxMessages']; // Make sure the starting place makes sense and construct our friend the page index. $context['page_index'] = constructPageIndex($scripturl . '?action=profile;u=' . $memID . ';area=showposts' . ($context['is_topics'] ? ';sa=topics' : '') . (!empty($board) ? ';board=' . $board : ''), $context['start'], $msgCount, $maxIndex); $context['current_page'] = $context['start'] / $maxIndex; // Reverse the query if we're past 50% of the pages for better performance. $start = $context['start']; $reverse = $_REQUEST['start'] > $msgCount / 2; if ($reverse && !$context['is_topics']) { $maxIndex = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 && $msgCount > $context['start'] ? $msgCount - $context['start'] : (int) $modSettings['defaultMaxMessages']; $start = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 || $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] ? 0 : $msgCount - $context['start'] - $modSettings['defaultMaxMessages']; } // Guess the range of messages to be shown. if ($msgCount > 1000) { $margin = floor(($max_msg_member - $min_msg_member) * (($start + $modSettings['defaultMaxMessages']) / $msgCount) + 0.1 * ($max_msg_member - $min_msg_member)); // Make a bigger margin for topics only. if ($context['is_topics']) { $margin *= 5; $range_limit = $reverse ? 't.id_first_msg < ' . ($min_msg_member + $margin) : 't.id_first_msg > ' . ($max_msg_member - $margin); } else { $range_limit = $reverse ? 'm.id_msg < ' . ($min_msg_member + $margin) : 'm.id_msg > ' . ($max_msg_member - $margin); } } // Find this user's posts. The left join on categories somehow makes this faster, weird as it looks. $context['results_counter'] = 0; $topicids = array(); if ($context['is_topics']) { $context['postbit_callback'] = 'template_topicbit'; $prereq = smf_db_query(' SELECT t.id_topic FROM {db_prefix}topics AS t LEFT JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board) WHERE t.id_member_started = {int:current_member}' . (!empty($board) ? ' AND t.id_board = {int:board}' : '') . ' AND {query_see_board}' . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND t.approved = {int:is_approved}') . ' ORDER BY t.id_topic DESC LIMIT ' . $start . ', ' . $modSettings['defaultMaxMessages'], array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); while ($row = mysql_fetch_row($prereq)) { $topicids[] = $row[0]; } mysql_free_result($prereq); if (count($topicids)) { $request = smf_db_query(' SELECT b.id_board, b.name AS board_name, t.id_member_started, t.id_first_msg, t.id_last_msg, t.id_prefix, t.is_sticky, t.locked, t.num_views, t.num_replies, t.id_poll, t.approved, t.unapproved_posts, m.id_member, m.subject AS first_subject, m.poster_time, m.id_topic, m.id_msg, m.icon, m2.poster_name AS last_member_name, m2.id_member AS last_id_member, m2.poster_time AS last_post_time, IFNULL(meml.real_name, m2.poster_name) AS last_display_name, m2.subject AS last_subject, m2.icon AS last_icon, p.name AS prefix_name FROM {db_prefix}topics AS t LEFT JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg) LEFT JOIN {db_prefix}members AS meml ON (meml.id_member = t.id_member_updated) LEFT JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board) LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) LEFT JOIN {db_prefix}messages AS m2 ON (m2.id_msg = t.id_last_msg) LEFT JOIN {db_prefix}prefixes AS p ON (p.id_prefix = t.id_prefix) WHERE t.id_topic IN({array_int:topicids}) ORDER BY t.id_topic DESC', array('topicids' => $topicids)); } } else { $context['postbit_callback'] = 'template_postbit_compact'; $request = smf_db_query(' SELECT b.id_board, b.name AS bname, c.id_cat, c.name AS cname, m.id_topic, m.id_msg, t.id_member_started, t.id_first_msg, t.id_last_msg, m.body, m.smileys_enabled, m.id_member, m.icon, m.subject, m.poster_time, m.modified_time, m.approved, mc.body AS cached_body, ' . (!empty($modSettings['karmaMode']) ? 'c1.likes_count, c1.like_status, c1.updated AS like_updated, l.rtype AS liked, ' : '0 AS likes_count, 0 AS like_status, 0 AS like_updated, 0 AS liked, ') . ' m2.id_member AS id_first_member, m2.subject AS first_subject, m2.poster_time AS time_started, IFNULL(mem2.real_name, m2.poster_name) AS first_poster_name FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic) INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board) INNER JOIN {db_prefix}messages AS m2 ON (m2.id_msg = t.id_first_msg) LEFT JOIN {db_prefix}members AS mem2 ON (mem2.id_member = m2.id_member) LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) ' . (!empty($modSettings['karmaMode']) ? ' LEFT JOIN {db_prefix}likes AS l ON (l.id_msg = m.id_msg AND l.ctype = 1 AND l.id_user = {int:id_user}) LEFT JOIN {db_prefix}like_cache AS c1 ON (c1.id_msg = m.id_msg AND c1.ctype = 1)' : '') . ' LEFT JOIN {db_prefix}messages_cache AS mc on mc.id_msg = m.id_msg AND mc.style = {int:style} AND mc.lang = {int:lang} WHERE m.id_member = {int:current_member}' . (!empty($board) ? ' AND b.id_board = {int:board}' : '') . (empty($range_limit) ? '' : ' AND ' . $range_limit) . ' AND {query_see_board}' . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND t.approved = {int:is_approved} AND m.approved = {int:is_approved}') . ' ORDER BY m.id_msg ' . ($reverse ? 'ASC' : 'DESC') . ' LIMIT ' . $start . ', ' . $maxIndex, array('current_member' => $memID, 'is_approved' => 1, 'board' => $board, 'style' => $user_info['smiley_set_id'], 'lang' => $user_info['language_id'], 'id_user' => $user_info['id'])); } // Start counting at the number of the first message displayed. $counter = $reverse ? $context['start'] + $maxIndex + 1 : $context['start']; $context['posts'] = array(); $board_ids = array('own' => array(), 'any' => array()); if (!empty($modSettings['karmaMode'])) { require_once $sourcedir . '/lib/Subs-Ratings.php'; $boards_like_see = boardsAllowedTo('like_see'); $boards_like_give = boardsAllowedTo('like_give'); } else { $boards_like_see = array(); $boards_like_give = array(); $context['can_see_like'] = $context['can_give_like'] = false; } $time_now = time(); if ($context['is_topics']) { $context['topics_per_page'] = empty($modSettings['disableCustomPerPage']) && !empty($options['topics_per_page']) ? $options['topics_per_page'] : $modSettings['defaultMaxTopics']; $context['messages_per_page'] = commonAPI::getMessagesPerPage(); if (count($topicids)) { loadMemberContext($memID, true); while ($row = mysql_fetch_assoc($request)) { $context['results_counter']++; if ($row['num_replies'] + 1 > $context['messages_per_page']) { $pages = ' '; // We can't pass start by reference. $start = -1; $pages .= constructPageIndex(URL::topic($row['id_topic'], $row['first_subject'], '%1$d'), $start, $row['num_replies'] + 1, $context['messages_per_page'], true); // If we can use all, show all. if (!empty($modSettings['enableAllMessages']) && $row['num_replies'] + 1 < $modSettings['enableAllMessages']) { $pages .= '<a class="navPages" href="' . URL::topic($row['id_topic'], $row['first_subject'], 0) . ';all">' . $txt['show_all'] . '</a>'; } $pages .= ' '; } else { $pages = ''; } $f_post_mem_href = !empty($row['id_member_started']) ? URL::user($row['id_member_started'], $memberContext[$memID]['name']) : ''; $t_href = URL::topic($row['id_topic'], $row['first_subject'], 0); $l_post_mem_href = !empty($row['last_id_member']) ? URL::user($row['last_id_member'], $row['last_display_name']) : ''; $l_post_msg_href = URL::topic($row['id_topic'], $row['last_subject'], $user_info['is_guest'] ? !empty($options['view_newest_first']) ? 0 : (int) ($row['num_replies'] / $context['pageindex_multiplier']) * $context['pageindex_multiplier'] : 0, $user_info['is_guest'] ? true : false, $user_info['is_guest'] ? '' : '.msg' . $row['id_last_msg'], $user_info['is_guest'] ? '#msg' . $row['id_last_msg'] : '#new'); $context['topics'][$row['id_topic']] = array('id' => $row['id_topic'], 'first_post' => array('member' => array('username' => $memberContext[$memID]['username'], 'name' => $memberContext[$memID]['name'], 'id' => $memID, 'href' => $f_post_mem_href, 'link' => !empty($row['first_id_member']) ? '<a onclick="getMcard(' . $row['id_member_started'] . ', $(this));return(false);" href="' . $f_post_mem_href . '" title="' . $txt['profile_of'] . ' ' . $row['first_display_name'] . '">' . $row['first_display_name'] . '</a>' : $memberContext[$memID]['name'], 'avatar' => &$memberContext[$memID]['avatar']['image']), 'icon_url' => getPostIcon($row['icon']), 'time' => timeformat($row['poster_time']), 'href' => $t_href, 'link' => '<a href="' . $t_href . '">' . $row['first_subject'] . '</a>', 'id' => $row['id_first_msg']), 'last_post' => array('id' => $row['id_last_msg'], 'member' => array('username' => $row['last_member_name'], 'name' => $row['last_display_name'], 'id' => $row['last_id_member'], 'href' => $l_post_mem_href, 'link' => !empty($row['last_id_member']) ? '<a onclick="getMcard(' . $row['last_id_member'] . ', $(this));return(false);" href="' . $l_post_mem_href . '">' . $row['last_display_name'] . '</a>' : $row['last_display_name']), 'time' => timeformat($row['last_post_time']), 'timestamp' => forum_time(true, $row['last_post_time']), 'subject' => $row['last_subject'], 'icon' => $row['last_icon'], 'icon_url' => getPostIcon($row['last_icon']), 'href' => $l_post_msg_href, 'link' => '<a href="' . $l_post_msg_href . ($row['num_replies'] == 0 ? '' : ' rel="nofollow"') . '>' . $row['last_subject'] . '</a>'), 'is_posted_in' => false, 'new' => false, 'is_sticky' => $row['is_sticky'], 'is_locked' => $row['locked'], 'is_poll' => $modSettings['pollMode'] == '1' && $row['id_poll'] > 0, 'is_hot' => $row['num_replies'] >= $modSettings['hotTopicPosts'], 'is_very_hot' => $row['num_replies'] >= $modSettings['hotTopicVeryPosts'], 'views' => $row['num_views'], 'replies' => $row['num_replies'], 'prefix' => $row['prefix_name'] ? '<a href="' . $scripturl . '?board=' . $board . ';prefix=' . $row['id_prefix'] . '" class="prefix">' . (html_entity_decode($row['prefix_name']) . '</a>') : '', 'pages' => $pages, 'approved' => $row['approved'], 'unapproved_posts' => $row['unapproved_posts'], 'is_old' => !empty($modSettings['oldTopicDays']) ? $context['time_now'] - $row['last_post_time'] > $modSettings['oldTopicDays'] * 86400 : false, 'board' => isset($row['id_board']) && !empty($row['id_board']) ? array('name' => $row['board_name'], 'id' => $row['id_board'], 'href' => URL::board($row['id_board'], $row['board_name'])) : array('name' => '', 'id' => 0, 'href' => '')); determineTopicClass($context['topics'][$row['id_topic']]); } mysql_free_result($request); } } else { loadMemberContext($memID); while ($row = mysql_fetch_assoc($request)) { $context['results_counter']++; $check_boards = array(0, $row['id_board']); // 0 is for admin $context['can_see_hidden_level1'] = count(array_intersect($check_boards, $boards_hidden_1)) > 0; $context['can_see_hidden_level2'] = count(array_intersect($check_boards, $boards_hidden_2)) > 0; $context['can_see_hidden_level3'] = count(array_intersect($check_boards, $boards_hidden_3)) > 0; $context['can_see_like'] = count(array_intersect($check_boards, $boards_like_see)) > 0; $context['can_give_like'] = count(array_intersect($check_boards, $boards_like_give)) > 0; // Censor.... censorText($row['body']); censorText($row['subject']); getCachedPost($row); // And the array... $i = $counter += $reverse ? -1 : 1; $thref = URL::topic($row['id_topic'], $row['first_subject'], 0, false, '.msg' . $row['id_msg'], '#' . $row['id_msg']); $topichref = URL::topic($row['id_topic'], $row['first_subject'], 0); $bhref = URL::board($row['id_board'], $row['bname'], 0, false); $fhref = empty($row['id_first_member']) ? '' : URL::user($row['id_first_member'], $row['first_poster_name']); $context['posts'][$i] = array('body' => $row['body'], 'counter' => $counter, 'icon' => $row['icon'], 'icon_url' => getPostIcon($row['icon']), 'category' => array('id' => $row['id_cat'], 'name' => $row['cname'], 'href' => $scripturl . '#c' . $row['id_cat'], 'link' => '<a href="' . $scripturl . '#c' . $row['id_cat'] . '">' . $row['cname'] . '</a>'), 'board' => array('id' => $row['id_board'], 'name' => $row['bname'], 'href' => $bhref, 'link' => '<a href="' . $bhref . '">' . $row['bname'] . '</a>'), 'member' => &$memberContext[$memID], 'href' => $thref, 'link' => '<a href="' . $thref . '" rel="nofollow">' . $row['subject'] . '</a>', 'subject' => $row['subject'], 'time' => timeformat($row['poster_time']), 'timestamp' => forum_time(true, $row['poster_time']), 'first_poster' => array('id' => $row['id_first_member'], 'name' => $row['first_poster_name'], 'href' => $fhref, 'link' => empty($row['id_first_member']) ? $row['first_poster_name'] : '<a href="' . $fhref . '">' . $row['first_poster_name'] . '</a>', 'time' => timeformat($row['time_started'])), 'topic' => array('id' => $row['id_topic'], 'href' => $topichref, 'link' => '<a href="' . $topichref . '" rel="nofollow">' . $row['first_subject'] . '</a>'), 'permahref' => $scripturl . '?msg=' . $row['id_msg'], 'permalink' => $txt['view_in_thread'], 'id' => $row['id_msg'], 'id_member' => $memID, 'can_reply' => false, 'can_mark_notify' => false, 'can_delete' => false, 'delete_possible' => ($row['id_first_msg'] != $row['id_msg'] || $row['id_last_msg'] == $row['id_msg']) && (empty($modSettings['edit_disable_time']) || $row['poster_time'] + $modSettings['edit_disable_time'] * 60 >= time()), 'approved' => $row['approved'], 'likes_count' => $row['likes_count'], 'like_status' => $row['like_status'], 'liked' => $row['liked'], 'like_updated' => $row['like_updated'], 'likers' => '', 'likelink' => ''); if ($context['can_see_like']) { Ratings::addContent($context['posts'][$i], $context['can_give_like'], $time_now); } if ($user_info['id'] == $row['id_member_started']) { $board_ids['own'][$row['id_board']][] = $counter; } $board_ids['any'][$row['id_board']][] = $counter; } mysql_free_result($request); } // All posts were retrieved in reverse order, get them right again. if ($reverse) { $context['posts'] = array_reverse($context['posts'], true); } // These are all the permissions that are different from board to board.. if ($context['is_topics']) { $permissions = array('own' => array('post_reply_own' => 'can_reply'), 'any' => array('post_reply_any' => 'can_reply', 'mark_any_notify' => 'can_mark_notify')); } else { $permissions = array('own' => array('post_reply_own' => 'can_reply', 'delete_own' => 'can_delete'), 'any' => array('post_reply_any' => 'can_reply', 'mark_any_notify' => 'can_mark_notify', 'delete_any' => 'can_delete')); } // For every permission in the own/any lists... foreach ($permissions as $type => $list) { foreach ($list as $permission => $allowed) { // Get the boards they can do this on... $boards = boardsAllowedTo($permission); // Hmm, they can do it on all boards, can they? if (!empty($boards) && $boards[0] == 0) { $boards = array_keys($board_ids[$type]); } // Now go through each board they can do the permission on. foreach ($boards as $board_id) { // There aren't any posts displayed from this board. if (!isset($board_ids[$type][$board_id])) { continue; } // Set the permission to true ;). foreach ($board_ids[$type][$board_id] as $counter) { $context['posts'][$counter][$allowed] = true; } } } } // Clean up after posts that cannot be deleted and quoted. $quote_enabled = empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])); foreach ($context['posts'] as $counter => $dummy) { $context['posts'][$counter]['can_delete'] &= $context['posts'][$counter]['delete_possible']; $context['posts'][$counter]['can_quote'] = $context['posts'][$counter]['can_reply'] && $quote_enabled; } }
function removeMessages($messages, $messageDetails, $current_view = 'replies') { global $sourcedir, $modSettings; require_once $sourcedir . '/RemoveTopic.php'; if ($current_view == 'topics') { removeTopics($messages); // and tell the world about it foreach ($messages as $topic) { // Note, only log topic ID in native form if it's not gone forever. logAction('remove', array(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$topic]['board'] ? 'topic' : 'old_topic_id' => $topic, 'subject' => $messageDetails[$topic]['subject'], 'member' => $messageDetails[$topic]['member'], 'board' => $messageDetails[$topic]['board'])); } } else { foreach ($messages as $post) { removeMessage($post); logAction('delete', array(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$post]['board'] ? 'topic' : 'old_topic_id' => $messageDetails[$post]['topic'], 'subject' => $messageDetails[$post]['subject'], 'member' => $messageDetails[$post]['member'], 'board' => $messageDetails[$post]['board'])); } } }
/** * In-topic quick moderation. * Accessed by ?action=quickmod2 */ public function action_quickmod2() { global $topic, $board, $user_info, $context; // Check the session = get or post. checkSession('request'); require_once SUBSDIR . '/Messages.subs.php'; if (empty($_REQUEST['msgs'])) { redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); } $messages = array(); foreach ($_REQUEST['msgs'] as $dummy) { $messages[] = (int) $dummy; } // We are restoring messages. We handle this in another place. if (isset($_REQUEST['restore_selected'])) { redirectexit('action=restoretopic;msgs=' . implode(',', $messages) . ';' . $context['session_var'] . '=' . $context['session_id']); } if (isset($_REQUEST['split_selection'])) { $mgsOptions = basicMessageInfo(min($messages), true); $_SESSION['split_selection'][$topic] = $messages; redirectexit('action=splittopics;sa=selectTopics;topic=' . $topic . '.0;subname_enc=' . urlencode($mgsOptions['subject']) . ';' . $context['session_var'] . '=' . $context['session_id']); } require_once SUBSDIR . '/Topic.subs.php'; $topic_info = getTopicInfo($topic); // Allowed to delete any message? if (allowedTo('delete_any')) { $allowed_all = true; } elseif (allowedTo('delete_replies')) { $allowed_all = $topic_info['id_member_started'] == $user_info['id']; } else { $allowed_all = false; } // Make sure they're allowed to delete their own messages, if not any. if (!$allowed_all) { isAllowedTo('delete_own'); } // Allowed to remove which messages? $messages = determineRemovableMessages($topic, $messages, $allowed_all); // Get the first message in the topic - because you can't delete that! $first_message = $topic_info['id_first_msg']; $last_message = $topic_info['id_last_msg']; // Delete all the messages we know they can delete. ($messages) foreach ($messages as $message => $info) { // Just skip the first message - if it's not the last. if ($message == $first_message && $message != $last_message) { continue; } elseif ($message == $first_message) { $topicGone = true; } removeMessage($message); // Log this moderation action ;). if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $user_info['id'])) { logAction('delete', array('topic' => $topic, 'subject' => $info[0], 'member' => $info[1], 'board' => $board)); } } redirectexit(!empty($topicGone) ? 'board=' . $board : 'topic=' . $topic . '.' . $_REQUEST['start']); }
function DeleteMessage() { global $ID_MEMBER, $db_prefix, $topic, $board, $modSettings; checkSession('get'); $_REQUEST['msg'] = (int) $_REQUEST['msg']; // Is $topic set? if (empty($topic) && isset($_REQUEST['topic'])) { $topic = (int) $_REQUEST['topic']; } $request = db_query("\n\t\tSELECT t.ID_MEMBER_STARTED, m.ID_MEMBER, m.subject, m.posterTime\n\t\tFROM ({$db_prefix}topics AS t, {$db_prefix}messages AS m)\n\t\tWHERE t.ID_TOPIC = {$topic}\n\t\t\tAND m.ID_TOPIC = {$topic}\n\t\t\tAND m.ID_MSG = {$_REQUEST['msg']}\n\t\tLIMIT 1", __FILE__, __LINE__); list($starter, $poster, $subject, $post_time) = mysql_fetch_row($request); mysql_free_result($request); if ($poster == $ID_MEMBER) { if (!allowedTo('delete_own')) { if ($starter == $ID_MEMBER && !allowedTo('delete_any')) { isAllowedTo('delete_replies'); } elseif (!allowedTo('delete_any')) { isAllowedTo('delete_own'); } } elseif (!allowedTo('delete_any') && ($starter != $ID_MEMBER || !allowedTo('delete_replies')) && !empty($modSettings['edit_disable_time']) && $post_time + $modSettings['edit_disable_time'] * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } } elseif ($starter == $ID_MEMBER && !allowedTo('delete_any')) { isAllowedTo('delete_replies'); } else { isAllowedTo('delete_any'); } // If the full topic was removed go back to the board. $full_topic = removeMessage($_REQUEST['msg']); if (allowedTo('delete_any') && (!allowedTo('delete_own') || $poster != $ID_MEMBER)) { logAction('delete', array('topic' => $topic, 'subject' => $subject, 'member' => $starter)); } // We want to redirect back to recent action. if (isset($_REQUEST['recent'])) { redirectexit('action=recent'); } elseif ($full_topic) { redirectexit('board=' . $board . '.0'); } else { redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); } }
/** * This function removes all the messages of a certain user that are *not* * first messages of a topic * * @param int $memID The member id */ function removeNonTopicMessages($memID) { $db = database(); $request = $db->query('', ' SELECT m.id_msg FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic AND t.id_first_msg != m.id_msg) WHERE m.id_member = {int:selected_member}', array('selected_member' => $memID)); // This could take a while... but ya know it's gonna be worth it in the end. while ($row = $db->fetch_assoc($request)) { if (function_exists('apache_reset_timeout')) { @apache_reset_timeout(); } removeMessage($row['id_msg']); } $db->free_result($request); }
function QuickModeration2() { global $sourcedir, $db_prefix, $topic, $board, $ID_MEMBER, $modSettings; // Check the session = get or post. checkSession('request'); require_once $sourcedir . '/RemoveTopic.php'; if (empty($_REQUEST['msgs'])) { redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); } $messages = array(); foreach ($_REQUEST['msgs'] as $dummy) { $messages[] = (int) $dummy; } // Allowed to delete any message? if (allowedTo('delete_any')) { $allowed_all = true; } elseif (allowedTo('delete_replies')) { $request = db_query("\n\t\t\tSELECT ID_MEMBER_STARTED\n\t\t\tFROM {$db_prefix}topics\n\t\t\tWHERE ID_TOPIC = {$topic}\n\t\t\tLIMIT 1", __FILE__, __LINE__); list($starter) = mysql_fetch_row($request); mysql_free_result($request); $allowed_all = $starter == $ID_MEMBER; } else { $allowed_all = false; } // Make sure they're allowed to delete their own messages, if not any. if (!$allowed_all) { isAllowedTo('delete_own'); } // Allowed to remove which messages? $request = db_query("\n\t\tSELECT ID_MSG, subject, ID_MEMBER, posterTime\n\t\tFROM {$db_prefix}messages\n\t\tWHERE ID_MSG IN (" . implode(', ', $messages) . ")\n\t\t\tAND ID_TOPIC = {$topic}" . (!$allowed_all ? "\n\t\t\tAND ID_MEMBER = {$ID_MEMBER}" : '') . "\n\t\tLIMIT " . count($messages), __FILE__, __LINE__); $messages = array(); while ($row = mysql_fetch_assoc($request)) { if (!$allowed_all && !empty($modSettings['edit_disable_time']) && $row['posterTime'] + $modSettings['edit_disable_time'] * 60 < time()) { continue; } $messages[$row['ID_MSG']] = array($row['subject'], $row['ID_MEMBER']); } mysql_free_result($request); // Get the first message in the topic - because you can't delete that! $request = db_query("\n\t\tSELECT ID_FIRST_MSG, ID_LAST_MSG\n\t\tFROM {$db_prefix}topics\n\t\tWHERE ID_TOPIC = {$topic}\n\t\tLIMIT 1", __FILE__, __LINE__); list($first_message, $last_message) = mysql_fetch_row($request); mysql_free_result($request); // Delete all the messages we know they can delete. ($messages) foreach ($messages as $message => $info) { // Just skip the first message. if ($message == $first_message && $message != $last_message) { continue; } removeMessage($message); // Log this moderation action ;). if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $ID_MEMBER)) { logAction('delete', array('topic' => $topic, 'subject' => $info[0], 'member' => $info[1])); } } redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); }
} function getCategories($Database) { $result = $Database->query('SELECT DISTINCT action FROM message'); if (!$result) { echo 'Could not get categories: '; print_r($Database->errorInfo()); die; } return $result; } //And now ladies and gentlemen, procedural hell... //open the database $db = openDatabase($databaseFilename); //delete a message if one has been toggled for removal removeMessage($db, $remove); //this array is filled with the id's of every message display in this instance of this page. //at the end, the showCount columns for these messages are updated to reflect they have been shown. //(this is handy for marking new items are being viewed, and for seeing which messages are looked // at the most, "favourites" if you will.) $shownIds = array(); //display the filter option column titles echo '<form action="monkeyview.php" method="get">'; echo $filterTableHeader; //"added" filter box echo '<tr>'; echo '<td><select name="added">'; foreach ($addedOptions as $option) { $selected = $option == $added ? ' selected' : ''; echo '<option' . $selected . '>' . $option . '</option>'; }
/** * Show all posts by the current user. * * @todo This function needs to be split up properly. */ public function action_showPosts() { global $txt, $user_info, $scripturl, $modSettings, $context, $user_profile, $board; $memID = currentMemberID(); // Some initial context. $context['start'] = (int) $_REQUEST['start']; $context['current_member'] = $memID; loadTemplate('ProfileInfo'); // Create the tabs for the template. $context[$context['profile_menu_name']]['tab_data'] = array('title' => $txt['showPosts'], 'description' => $txt['showPosts_help'], 'class' => 'profile', 'tabs' => array('messages' => array(), 'topics' => array(), 'unwatchedtopics' => array(), 'attach' => array())); // Set the page title $context['page_title'] = $txt['showPosts'] . ' - ' . $user_profile[$memID]['real_name']; // Is the load average too high to allow searching just now? if (!empty($modSettings['loadavg_show_posts']) && $modSettings['current_load'] >= $modSettings['loadavg_show_posts']) { fatal_lang_error('loadavg_show_posts_disabled', false); } // If we're specifically dealing with attachments use that function! if (isset($_GET['sa']) && $_GET['sa'] == 'attach') { return $this->action_showAttachments(); } elseif (isset($_GET['sa']) && $_GET['sa'] == 'unwatchedtopics' && $modSettings['enable_unwatch']) { return $this->action_showUnwatched(); } // Are we just viewing topics? $context['is_topics'] = isset($_GET['sa']) && $_GET['sa'] == 'topics' ? true : false; // If just deleting a message, do it and then redirect back. if (isset($_GET['delete']) && !$context['is_topics']) { checkSession('get'); // We need msg info for logging. require_once SUBSDIR . '/Messages.subs.php'; $info = basicMessageInfo((int) $_GET['delete'], true); // Trying to remove a message that doesn't exist. if (empty($info)) { redirectexit('action=profile;u=' . $memID . ';area=showposts;start=' . $_GET['start']); } // We can be lazy, since removeMessage() will check the permissions for us. removeMessage((int) $_GET['delete']); // Add it to the mod log. if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info['id_member'] != $user_info['id'])) { logAction('delete', array('topic' => $info['id_topic'], 'subject' => $info['subject'], 'member' => $info['id_member'], 'board' => $info['id_board'])); } // Back to... where we are now ;). redirectexit('action=profile;u=' . $memID . ';area=showposts;start=' . $_GET['start']); } // Default to 10. if (empty($_REQUEST['viewscount']) || !is_numeric($_REQUEST['viewscount'])) { $_REQUEST['viewscount'] = '10'; } if ($context['is_topics']) { $msgCount = count_user_topics($memID, $board); } else { $msgCount = count_user_posts($memID, $board); } list($min_msg_member, $max_msg_member) = findMinMaxUserMessage($memID, $board); $range_limit = ''; $maxIndex = (int) $modSettings['defaultMaxMessages']; // Make sure the starting place makes sense and construct our friend the page index. $context['page_index'] = constructPageIndex($scripturl . '?action=profile;u=' . $memID . ';area=showposts' . ($context['is_topics'] ? ';sa=topics' : ';sa=messages') . (!empty($board) ? ';board=' . $board : ''), $context['start'], $msgCount, $maxIndex); $context['current_page'] = $context['start'] / $maxIndex; // Reverse the query if we're past 50% of the pages for better performance. $start = $context['start']; $reverse = $_REQUEST['start'] > $msgCount / 2; if ($reverse) { $maxIndex = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 && $msgCount > $context['start'] ? $msgCount - $context['start'] : (int) $modSettings['defaultMaxMessages']; $start = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 || $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] ? 0 : $msgCount - $context['start'] - $modSettings['defaultMaxMessages']; } // Guess the range of messages to be shown to help minimize what the query needs to do if ($msgCount > 1000) { $margin = floor(($max_msg_member - $min_msg_member) * (($start + $modSettings['defaultMaxMessages']) / $msgCount) + 0.1 * ($max_msg_member - $min_msg_member)); // Make a bigger margin for topics only. if ($context['is_topics']) { $margin *= 5; $range_limit = $reverse ? 't.id_first_msg < ' . ($min_msg_member + $margin) : 't.id_first_msg > ' . ($max_msg_member - $margin); } else { $range_limit = $reverse ? 'm.id_msg < ' . ($min_msg_member + $margin) : 'm.id_msg > ' . ($max_msg_member - $margin); } } // Find this user's posts or topics started if ($context['is_topics']) { $rows = load_user_topics($memID, $start, $maxIndex, $range_limit, $reverse, $board); } else { $rows = load_user_posts($memID, $start, $maxIndex, $range_limit, $reverse, $board); } // Start counting at the number of the first message displayed. $counter = $reverse ? $context['start'] + $maxIndex + 1 : $context['start']; $context['posts'] = array(); $board_ids = array('own' => array(), 'any' => array()); foreach ($rows as $row) { // Censor.... censorText($row['body']); censorText($row['subject']); // Do the code. $row['body'] = parse_bbc($row['body'], $row['smileys_enabled'], $row['id_msg']); // And the array... $context['posts'][$counter += $reverse ? -1 : 1] = array('body' => $row['body'], 'counter' => $counter, 'alternate' => $counter % 2, 'category' => array('name' => $row['cname'], 'id' => $row['id_cat']), 'board' => array('name' => $row['bname'], 'id' => $row['id_board'], 'link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['bname'] . '</a>'), 'topic' => array('id' => $row['id_topic'], 'link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'] . '">' . $row['subject'] . '</a>'), 'subject' => $row['subject'], 'start' => 'msg' . $row['id_msg'], 'time' => standardTime($row['poster_time']), 'html_time' => htmlTime($row['poster_time']), 'timestamp' => forum_time(true, $row['poster_time']), 'id' => $row['id_msg'], 'tests' => array('can_reply' => false, 'can_mark_notify' => false, 'can_delete' => false), 'delete_possible' => ($row['id_first_msg'] != $row['id_msg'] || $row['id_last_msg'] == $row['id_msg']) && (empty($modSettings['edit_disable_time']) || $row['poster_time'] + $modSettings['edit_disable_time'] * 60 >= time()), 'approved' => $row['approved'], 'buttons' => array('remove' => array('href' => $scripturl . '?action=deletemsg;msg=' . $row['id_msg'] . ';topic=' . $row['id_topic'] . ';profile;u=' . $context['member']['id'] . ';start=' . $context['start'], 'text' => $txt['remove'], 'test' => 'can_delete', 'custom' => 'onclick="return confirm(' . JavaScriptEscape($txt['remove_message'] . '?') . ');"'), 'notify' => array('href' => $scripturl . '?action=notify;topic=' . $row['id_topic'] . '.msg' . $row['id_msg'], 'text' => $txt['notify'], 'test' => 'can_mark_notify'), 'reply' => array('href' => $scripturl . '?action=post;topic=' . $row['id_topic'] . '.msg' . $row['id_msg'], 'text' => $txt['reply'], 'test' => 'can_reply'), 'quote' => array('href' => $scripturl . '?action=post;topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . ';quote=' . $row['id_msg'], 'text' => $txt['quote'], 'test' => 'can_quote'))); if ($user_info['id'] == $row['id_member_started']) { $board_ids['own'][$row['id_board']][] = $counter; } $board_ids['any'][$row['id_board']][] = $counter; } // All posts were retrieved in reverse order, get them right again. if ($reverse) { $context['posts'] = array_reverse($context['posts'], true); } // These are all the permissions that are different from board to board.. if ($context['is_topics']) { $permissions = array('own' => array('post_reply_own' => 'can_reply'), 'any' => array('post_reply_any' => 'can_reply', 'mark_any_notify' => 'can_mark_notify')); } else { $permissions = array('own' => array('post_reply_own' => 'can_reply', 'delete_own' => 'can_delete'), 'any' => array('post_reply_any' => 'can_reply', 'mark_any_notify' => 'can_mark_notify', 'delete_any' => 'can_delete')); } // For every permission in the own/any lists... foreach ($permissions as $type => $list) { foreach ($list as $permission => $allowed) { // Get the boards they can do this on... $boards = boardsAllowedTo($permission); // Hmm, they can do it on all boards, can they? if (!empty($boards) && $boards[0] == 0) { $boards = array_keys($board_ids[$type]); } // Now go through each board they can do the permission on. foreach ($boards as $board_id) { // There aren't any posts displayed from this board. if (!isset($board_ids[$type][$board_id])) { continue; } // Set the permission to true ;). foreach ($board_ids[$type][$board_id] as $counter) { $context['posts'][$counter]['tests'][$allowed] = true; } } } } // Clean up after posts that cannot be deleted and quoted. $quote_enabled = empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])); foreach ($context['posts'] as $counter => $dummy) { $context['posts'][$counter]['tests']['can_delete'] &= $context['posts'][$counter]['delete_possible']; $context['posts'][$counter]['tests']['can_quote'] = $context['posts'][$counter]['tests']['can_reply'] && $quote_enabled; } }
/** * Remove just a single post. * On completion redirect to the topic or to the board. */ function DeleteMessage() { global $user_info, $topic, $board, $modSettings, $smcFunc; checkSession('get'); $_REQUEST['msg'] = (int) $_REQUEST['msg']; // Is $topic set? if (empty($topic) && isset($_REQUEST['topic'])) { $topic = (int) $_REQUEST['topic']; } removeDeleteConcurrence(); $request = $smcFunc['db_query']('', ' SELECT t.id_member_started, m.id_member, m.subject, m.poster_time, m.approved FROM {db_prefix}topics AS t INNER JOIN {db_prefix}messages AS m ON (m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic}) WHERE t.id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic, 'id_msg' => $_REQUEST['msg'])); list($starter, $poster, $subject, $post_time, $approved) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Verify they can see this! if ($modSettings['postmod_active'] && !$approved && !empty($poster) && $poster != $user_info['id']) { isAllowedTo('approve_posts'); } if ($poster == $user_info['id']) { if (!allowedTo('delete_own')) { if ($starter == $user_info['id'] && !allowedTo('delete_any')) { isAllowedTo('delete_replies'); } elseif (!allowedTo('delete_any')) { isAllowedTo('delete_own'); } } elseif (!allowedTo('delete_any') && ($starter != $user_info['id'] || !allowedTo('delete_replies')) && !empty($modSettings['edit_disable_time']) && $post_time + $modSettings['edit_disable_time'] * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } } elseif ($starter == $user_info['id'] && !allowedTo('delete_any')) { isAllowedTo('delete_replies'); } else { isAllowedTo('delete_any'); } // If the full topic was removed go back to the board. $full_topic = removeMessage($_REQUEST['msg']); if (allowedTo('delete_any') && (!allowedTo('delete_own') || $poster != $user_info['id'])) { logAction('delete', array('topic' => $topic, 'subject' => $subject, 'member' => $poster, 'board' => $board)); } // We want to redirect back to recent action. if (isset($_REQUEST['recent'])) { redirectexit('action=recent'); } elseif (isset($_REQUEST['profile'], $_REQUEST['start'], $_REQUEST['u'])) { redirectexit('action=profile;u=' . $_REQUEST['u'] . ';area=showposts;start=' . $_REQUEST['start']); } elseif ($full_topic) { redirectexit('board=' . $board . '.0'); } else { redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); } }
<?php session_start(); header("Content-Type:text/plain;charset=utf-8"); include_once 'fun.inc.php'; linkDB(); $uid = $_SESSION["uid"]; $data = returnMessage($uid); removeMessage($uid); echo json_encode($data, JSON_UNESCAPED_UNICODE);
function showPosts($memID) { global $txt, $user_info, $scripturl, $modSettings; global $context, $user_profile, $sourcedir, $smcFunc, $board; // Some initial context. $context['start'] = (int) $_REQUEST['start']; $context['current_member'] = $memID; // Create the tabs for the template. $context[$context['profile_menu_name']]['tab_data'] = array('title' => $txt['showPosts'], 'description' => $txt['showPosts_help'], 'icon' => 'profile_sm.gif', 'tabs' => array('messages' => array(), 'topics' => array(), 'attach' => array())); // Set the page title $context['page_title'] = $txt['showPosts'] . ' - ' . $user_profile[$memID]['real_name']; // Is the load average too high to allow searching just now? if (!empty($context['load_average']) && !empty($modSettings['loadavg_show_posts']) && $context['load_average'] >= $modSettings['loadavg_show_posts']) { fatal_lang_error('loadavg_show_posts_disabled', false); } // If we're specifically dealing with attachments use that function! if (isset($_GET['sa']) && $_GET['sa'] == 'attach') { return showAttachments($memID); } // Are we just viewing topics? $context['is_topics'] = isset($_GET['sa']) && $_GET['sa'] == 'topics' ? true : false; // If just deleting a message, do it and then redirect back. if (isset($_GET['delete']) && !$context['is_topics']) { checkSession('get'); // We need msg info for logging. $request = $smcFunc['db_query']('', ' SELECT subject, id_member, id_topic, id_board FROM {db_prefix}messages WHERE id_msg = {int:id_msg}', array('id_msg' => (int) $_GET['delete'])); $info = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Trying to remove a message that doesn't exist. if (empty($info)) { redirectexit('action=profile;u=' . $memID . ';area=showposts;start=' . $_GET['start']); } // We can be lazy, since removeMessage() will check the permissions for us. require_once $sourcedir . '/RemoveTopic.php'; removeMessage((int) $_GET['delete']); // Add it to the mod log. if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $user_info['id'])) { logAction('delete', array('topic' => $info[2], 'subject' => $info[0], 'member' => $info[1], 'board' => $info[3])); } // Back to... where we are now ;). redirectexit('action=profile;u=' . $memID . ';area=showposts;start=' . $_GET['start']); } // Default to 10. if (empty($_REQUEST['viewscount']) || !is_numeric($_REQUEST['viewscount'])) { $_REQUEST['viewscount'] = '10'; } if ($context['is_topics']) { $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}topics AS t' . ($user_info['query_see_board'] == '1=1' ? '' : ' INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board AND {query_see_board})') . ' WHERE t.id_member_started = {int:current_member}' . (!empty($board) ? ' AND t.id_board = {int:board}' : '') . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND t.approved = {int:is_approved}'), array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); } else { $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}messages AS m' . ($user_info['query_see_board'] == '1=1' ? '' : ' INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})') . ' WHERE m.id_member = {int:current_member}' . (!empty($board) ? ' AND m.id_board = {int:board}' : '') . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND m.approved = {int:is_approved}'), array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); } list($msgCount) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT MIN(id_msg), MAX(id_msg) FROM {db_prefix}messages AS m WHERE m.id_member = {int:current_member}' . (!empty($board) ? ' AND m.id_board = {int:board}' : '') . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND m.approved = {int:is_approved}'), array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); list($min_msg_member, $max_msg_member) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $reverse = false; $range_limit = ''; $maxIndex = (int) $modSettings['defaultMaxMessages']; // Make sure the starting place makes sense and construct our friend the page index. $context['page_index'] = constructPageIndex($scripturl . '?action=profile;u=' . $memID . ';area=showposts' . ($context['is_topics'] ? ';sa=topics' : '') . (!empty($board) ? ';board=' . $board : ''), $context['start'], $msgCount, $maxIndex); $context['current_page'] = $context['start'] / $maxIndex; // Reverse the query if we're past 50% of the pages for better performance. $start = $context['start']; $reverse = $_REQUEST['start'] > $msgCount / 2; if ($reverse) { $maxIndex = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 && $msgCount > $context['start'] ? $msgCount - $context['start'] : (int) $modSettings['defaultMaxMessages']; $start = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 || $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] ? 0 : $msgCount - $context['start'] - $modSettings['defaultMaxMessages']; } // Guess the range of messages to be shown. if ($msgCount > 1000) { $margin = floor(($max_msg_member - $min_msg_member) * (($start + $modSettings['defaultMaxMessages']) / $msgCount) + 0.1 * ($max_msg_member - $min_msg_member)); // Make a bigger margin for topics only. if ($context['is_topics']) { $margin *= 5; $range_limit = $reverse ? 't.id_first_msg < ' . ($min_msg_member + $margin) : 't.id_first_msg > ' . ($max_msg_member - $margin); } else { $range_limit = $reverse ? 'm.id_msg < ' . ($min_msg_member + $margin) : 'm.id_msg > ' . ($max_msg_member - $margin); } } // Find this user's posts. The left join on categories somehow makes this faster, weird as it looks. $looped = false; while (true) { if ($context['is_topics']) { $request = $smcFunc['db_query']('', ' SELECT b.id_board, b.name AS bname, c.id_cat, c.name AS cname, t.id_member_started, t.id_first_msg, t.id_last_msg, t.approved, m.body, m.smileys_enabled, m.subject, m.poster_time, m.id_topic, m.id_msg FROM {db_prefix}topics AS t INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board) LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg) WHERE t.id_member_started = {int:current_member}' . (!empty($board) ? ' AND t.id_board = {int:board}' : '') . (empty($range_limit) ? '' : ' AND ' . $range_limit) . ' AND {query_see_board}' . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND t.approved = {int:is_approved} AND m.approved = {int:is_approved}') . ' ORDER BY t.id_first_msg ' . ($reverse ? 'ASC' : 'DESC') . ' LIMIT ' . $start . ', ' . $maxIndex, array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); } else { $request = $smcFunc['db_query']('', ' SELECT b.id_board, b.name AS bname, c.id_cat, c.name AS cname, m.id_topic, m.id_msg, t.id_member_started, t.id_first_msg, t.id_last_msg, m.body, m.smileys_enabled, m.subject, m.poster_time, m.approved FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic) INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board) LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) WHERE m.id_member = {int:current_member}' . (!empty($board) ? ' AND b.id_board = {int:board}' : '') . (empty($range_limit) ? '' : ' AND ' . $range_limit) . ' AND {query_see_board}' . (!$modSettings['postmod_active'] || $context['user']['is_owner'] ? '' : ' AND t.approved = {int:is_approved} AND m.approved = {int:is_approved}') . ' ORDER BY m.id_msg ' . ($reverse ? 'ASC' : 'DESC') . ' LIMIT ' . $start . ', ' . $maxIndex, array('current_member' => $memID, 'is_approved' => 1, 'board' => $board)); } // Make sure we quit this loop. if ($smcFunc['db_num_rows']($request) === $maxIndex || $looped) { break; } $looped = true; $range_limit = ''; } // Start counting at the number of the first message displayed. $counter = $reverse ? $context['start'] + $maxIndex + 1 : $context['start']; $context['posts'] = array(); $board_ids = array('own' => array(), 'any' => array()); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Censor.... censorText($row['body']); censorText($row['subject']); // Do the code. $row['body'] = parse_bbc($row['body'], $row['smileys_enabled'], $row['id_msg']); // And the array... $context['posts'][$counter += $reverse ? -1 : 1] = array('body' => $row['body'], 'counter' => $counter, 'alternate' => $counter % 2, 'category' => array('name' => $row['cname'], 'id' => $row['id_cat']), 'board' => array('name' => $row['bname'], 'id' => $row['id_board']), 'topic' => $row['id_topic'], 'subject' => $row['subject'], 'start' => 'msg' . $row['id_msg'], 'time' => timeformat($row['poster_time']), 'timestamp' => forum_time(true, $row['poster_time']), 'id' => $row['id_msg'], 'can_reply' => false, 'can_mark_notify' => false, 'can_delete' => false, 'delete_possible' => ($row['id_first_msg'] != $row['id_msg'] || $row['id_last_msg'] == $row['id_msg']) && (empty($modSettings['edit_disable_time']) || $row['poster_time'] + $modSettings['edit_disable_time'] * 60 >= time()), 'approved' => $row['approved']); if ($user_info['id'] == $row['id_member_started']) { $board_ids['own'][$row['id_board']][] = $counter; } $board_ids['any'][$row['id_board']][] = $counter; } $smcFunc['db_free_result']($request); // All posts were retrieved in reverse order, get them right again. if ($reverse) { $context['posts'] = array_reverse($context['posts'], true); } // These are all the permissions that are different from board to board.. if ($context['is_topics']) { $permissions = array('own' => array('post_reply_own' => 'can_reply'), 'any' => array('post_reply_any' => 'can_reply', 'mark_any_notify' => 'can_mark_notify')); } else { $permissions = array('own' => array('post_reply_own' => 'can_reply', 'delete_own' => 'can_delete'), 'any' => array('post_reply_any' => 'can_reply', 'mark_any_notify' => 'can_mark_notify', 'delete_any' => 'can_delete')); } // For every permission in the own/any lists... foreach ($permissions as $type => $list) { foreach ($list as $permission => $allowed) { // Get the boards they can do this on... $boards = boardsAllowedTo($permission); // Hmm, they can do it on all boards, can they? if (!empty($boards) && $boards[0] == 0) { $boards = array_keys($board_ids[$type]); } // Now go through each board they can do the permission on. foreach ($boards as $board_id) { // There aren't any posts displayed from this board. if (!isset($board_ids[$type][$board_id])) { continue; } // Set the permission to true ;). foreach ($board_ids[$type][$board_id] as $counter) { $context['posts'][$counter][$allowed] = true; } } } } // Clean up after posts that cannot be deleted and quoted. $quote_enabled = empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])); foreach ($context['posts'] as $counter => $dummy) { $context['posts'][$counter]['can_delete'] &= $context['posts'][$counter]['delete_possible']; $context['posts'][$counter]['can_quote'] = $context['posts'][$counter]['can_reply'] && $quote_enabled; } }
/** * Remove just a single post. * On completion redirect to the topic or to the board. * Accessed by ?action=deletemsg */ public function action_deletemsg() { global $user_info, $topic, $board, $modSettings; checkSession('get'); // This has some handy functions for topics require_once SUBSDIR . '/Topic.subs.php'; require_once SUBSDIR . '/Messages.subs.php'; $_REQUEST['msg'] = (int) $_REQUEST['msg']; // Is $topic set? if (empty($topic) && isset($_REQUEST['topic'])) { $topic = (int) $_REQUEST['topic']; } $this->removeDeleteConcurrence(); $topic_info = loadMessageDetails(array('t.id_member_started'), array('LEFT JOIN {db_prefix}topics AS t ON (m.id_topic = t.id_topic)'), array('message_list' => $_REQUEST['msg'])); // Verify they can see this! if ($modSettings['postmod_active'] && !$topic_info['approved'] && !empty($topic_info['id_member']) && $topic_info['id_member'] != $user_info['id']) { isAllowedTo('approve_posts'); } if ($topic_info['id_member'] == $user_info['id']) { if (!allowedTo('delete_own')) { if ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('delete_any')) { isAllowedTo('delete_replies'); } elseif (!allowedTo('delete_any')) { isAllowedTo('delete_own'); } } elseif (!allowedTo('delete_any') && ($topic_info['id_member_started'] != $user_info['id'] || !allowedTo('delete_replies')) && !empty($modSettings['edit_disable_time']) && $topic_info['poster_time'] + $modSettings['edit_disable_time'] * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } } elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('delete_any')) { isAllowedTo('delete_replies'); } else { isAllowedTo('delete_any'); } // If the full topic was removed go back to the board. require_once SUBSDIR . '/Messages.subs.php'; $full_topic = removeMessage($_REQUEST['msg']); if (allowedTo('delete_any') && (!allowedTo('delete_own') || $topic_info['id_member'] != $user_info['id'])) { logAction('delete', array('topic' => $topic, 'subject' => $topic_info['subject'], 'member' => $topic_info['id_member'], 'board' => $board)); } // We want to redirect back to recent action. if (isset($_REQUEST['recent'])) { redirectexit('action=recent'); } elseif (isset($_REQUEST['profile'], $_REQUEST['start'], $_REQUEST['u'])) { redirectexit('action=profile;u=' . $_REQUEST['u'] . ';area=showposts;start=' . $_REQUEST['start']); } elseif ($full_topic) { redirectexit('board=' . $board . '.0'); } else { redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); } }
} switch ($task) { case "view": viewMessage($cid[0], $option); break; case "new": newMessage($option, NULL, NULL); break; case "reply": newMessage($option, mosGetParam($_REQUEST, 'userid', 0), mosGetParam($_REQUEST, 'subject', '')); break; case "save": saveMessage($option); break; case "remove": removeMessage($cid, $option); break; case "config": editConfig($option); break; case "saveconfig": saveConfig($option); break; default: showMessages($option); break; } function editConfig($option) { global $database, $my; $database->setQuery("SELECT cfg_name, cfg_value FROM #__messages_cfg WHERE user_id='{$my->id}'");
function UnapprovedPosts() { global $txt, $scripturl, $context, $user_info, $sourcedir, $smcFunc; $context['current_view'] = isset($_GET['sa']) && $_GET['sa'] == 'topics' ? 'topics' : 'replies'; $context['page_title'] = $txt['mc_unapproved_posts']; // Work out what boards we can work in! $approve_boards = boardsAllowedTo('approve_posts'); // If we filtered by board remove ones outside of this board. //!!! Put a message saying we're filtered? if (isset($_REQUEST['brd'])) { $filter_board = array((int) $_REQUEST['brd']); $approve_boards = $approve_boards == array(0) ? $filter_board : array_intersect($approve_boards, $filter_board); } if ($approve_boards == array(0)) { $approve_query = ''; } elseif (!empty($approve_boards)) { $approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')'; } else { $approve_query = ' AND 0'; } // We also need to know where we can delete topics and/or replies to. if ($context['current_view'] == 'topics') { $delete_own_boards = boardsAllowedTo('remove_own'); $delete_any_boards = boardsAllowedTo('remove_any'); $delete_own_replies = array(); } else { $delete_own_boards = boardsAllowedTo('delete_own'); $delete_any_boards = boardsAllowedTo('delete_any'); $delete_own_replies = boardsAllowedTo('delete_own_replies'); } $toAction = array(); // Check if we have something to do? if (isset($_GET['approve'])) { $toAction[] = (int) $_GET['approve']; } elseif (isset($_GET['delete'])) { $toAction[] = (int) $_GET['delete']; } elseif (isset($_POST['item'])) { foreach ($_POST['item'] as $item) { $toAction[] = (int) $item; } } // What are we actually doing. if (isset($_GET['approve']) || isset($_POST['do']) && $_POST['do'] == 'approve') { $curAction = 'approve'; } elseif (isset($_GET['delete']) || isset($_POST['do']) && $_POST['do'] == 'delete') { $curAction = 'delete'; } // Right, so we have something to do? if (!empty($toAction) && isset($curAction)) { checkSession('request'); // Handy shortcut. $any_array = $curAction == 'approve' ? $approve_boards : $delete_any_boards; // Now for each message work out whether it's actually a topic, and what board it's on. $request = $smcFunc['db_query']('', ' SELECT m.id_msg, m.id_member, m.id_board, t.id_topic, t.id_first_msg, t.id_member_started FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic) LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board) WHERE m.id_msg IN ({array_int:message_list}) AND m.approved = {int:not_approved} AND {query_see_board}', array('message_list' => $toAction, 'not_approved' => 0)); $toAction = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { // If it's not within what our view is ignore it... if ($row['id_msg'] == $row['id_first_msg'] && $context['current_view'] != 'topics' || $row['id_msg'] != $row['id_first_msg'] && $context['current_view'] != 'replies') { continue; } $can_add = false; // If we're approving this is simple. if ($curAction == 'approve' && ($any_array == array(0) || in_array($row['id_board'], $any_array))) { $can_add = true; } elseif ($curAction == 'delete') { // Own post is easy! if ($row['id_member'] == $user_info['id'] && ($delete_own_boards == array(0) || in_array($row['id_board'], $delete_own_boards))) { $can_add = true; } elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) || in_array($row['id_board'], $delete_own_replies))) { $can_add = true; } elseif ($row['id_member'] != $user_info['id'] && ($delete_any_boards == array(0) || in_array($row['id_board'], $delete_any_boards))) { $can_add = true; } } if ($can_add) { $toAction[] = $context['current_view'] == 'topics' ? $row['id_topic'] : $row['id_msg']; } } $smcFunc['db_free_result']($request); // If we have anything left we can actually do the approving (etc). if (!empty($toAction)) { if ($curAction == 'approve') { require_once $sourcedir . '/Subs-Post.php'; if ($context['current_view'] == 'topics') { approveTopics($toAction); } else { approvePosts($toAction); } } else { require_once $sourcedir . '/RemoveTopic.php'; if ($context['current_view'] == 'topics') { removeTopics($toAction); } else { foreach ($toAction as $id) { removeMessage($id); } } } } } // How many unapproved posts are there? $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic AND t.id_first_msg != m.id_msg) INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board) WHERE m.approved = {int:not_approved} AND {query_see_board} ' . $approve_query, array('not_approved' => 0)); list($context['total_unapproved_posts']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // What about topics? Normally we'd use the table alias t for topics but lets use m so we don't have to redo our approve query. $request = $smcFunc['db_query']('', ' SELECT COUNT(m.id_topic) FROM {db_prefix}topics AS m INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board) WHERE m.approved = {int:not_approved} AND {query_see_board} ' . $approve_query, array('not_approved' => 0)); list($context['total_unapproved_topics']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $context['page_index'] = constructPageIndex($scripturl . '?action=moderate;area=postmod;sa=' . $context['current_view'] . (isset($_REQUEST['brd']) ? ';brd=' . (int) $_REQUEST['brd'] : ''), $_GET['start'], $context['current_view'] == 'topics' ? $context['total_unapproved_topics'] : $context['total_unapproved_posts'], 10); $context['start'] = $_GET['start']; // We have enough to make some pretty tabs! $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_unapproved_posts'], 'help' => 'postmod', 'description' => $txt['mc_unapproved_posts_desc']); // Update the tabs with the correct number of posts. $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] .= ' (' . $context['total_unapproved_posts'] . ')'; $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] .= ' (' . $context['total_unapproved_topics'] . ')'; // If we are filtering some boards out then make sure to send that along with the links. if (isset($_REQUEST['brd'])) { $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['add_params'] = ';brd=' . (int) $_REQUEST['brd']; $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['add_params'] = ';brd=' . (int) $_REQUEST['brd']; } // Get all unapproved posts. $request = $smcFunc['db_query']('', ' SELECT m.id_msg, m.id_topic, m.id_board, m.subject, m.body, m.id_member, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.smileys_enabled, t.id_member_started, t.id_first_msg, b.name AS board_name, c.id_cat, c.name AS cat_name FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic) INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board) LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member) LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) WHERE m.approved = {int:not_approved} AND t.id_first_msg ' . ($context['current_view'] == 'topics' ? '=' : '!=') . ' m.id_msg AND {query_see_board} ' . $approve_query . ' LIMIT ' . $context['start'] . ', 10', array('not_approved' => 0)); $context['unapproved_items'] = array(); for ($i = 1; $row = $smcFunc['db_fetch_assoc']($request); $i++) { // Can delete is complicated, let's solve it first... is it their own post? if ($row['id_member'] == $user_info['id'] && ($delete_own_boards == array(0) || in_array($row['id_board'], $delete_own_boards))) { $can_delete = true; } elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) || in_array($row['id_board'], $delete_own_replies))) { $can_delete = true; } elseif ($row['id_member'] != $user_info['id'] && ($delete_any_boards == array(0) || in_array($row['id_board'], $delete_any_boards))) { $can_delete = true; } else { $can_delete = false; } $context['unapproved_items'][] = array('id' => $row['id_msg'], 'alternate' => $i % 2, 'counter' => $context['start'] + $i, 'href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'], 'subject' => $row['subject'], 'body' => parse_bbc($row['body'], $row['smileys_enabled'], $row['id_msg']), 'time' => timeformat($row['poster_time']), 'poster' => array('id' => $row['id_member'], 'name' => $row['poster_name'], 'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['poster_name'] . '</a>' : $row['poster_name'], 'href' => $scripturl . '?action=profile;u=' . $row['id_member']), 'topic' => array('id' => $row['id_topic']), 'board' => array('id' => $row['id_board'], 'name' => $row['board_name']), 'category' => array('id' => $row['id_cat'], 'name' => $row['cat_name']), 'can_delete' => $can_delete); } $smcFunc['db_free_result']($request); $context['sub_template'] = 'unapproved_posts'; }
function QuickInTopicModeration() { global $sourcedir, $topic, $board, $user_info, $smcFunc, $modSettings, $context; // Check the session = get or post. checkSession('request'); require_once $sourcedir . '/RemoveTopic.php'; if (empty($_REQUEST['msgs'])) { redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); } $messages = array(); foreach ($_REQUEST['msgs'] as $dummy) { $messages[] = (int) $dummy; } // We are restoring messages. We handle this in another place. if (isset($_REQUEST['restore_selected'])) { redirectexit('action=restoretopic;msgs=' . implode(',', $messages) . ';' . $context['session_var'] . '=' . $context['session_id']); } // Allowed to delete any message? if (allowedTo('delete_any')) { $allowed_all = true; } elseif (allowedTo('delete_replies')) { $request = $smcFunc['db_query']('', ' SELECT id_member_started FROM {db_prefix}topics WHERE id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic)); list($starter) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $allowed_all = $starter == $user_info['id']; } else { $allowed_all = false; } // Make sure they're allowed to delete their own messages, if not any. if (!$allowed_all) { isAllowedTo('delete_own'); } // Allowed to remove which messages? $request = $smcFunc['db_query']('', ' SELECT id_msg, subject, id_member, poster_time, GREATEST(poster_time, modified_time) AS last_modified_time FROM {db_prefix}messages WHERE id_msg IN ({array_int:message_list}) AND id_topic = {int:current_topic}' . (!$allowed_all ? ' AND id_member = {int:current_member}' : '') . ' LIMIT ' . count($messages), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'message_list' => $messages)); $messages = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (!$allowed_all && !empty($modSettings['edit_disable_time']) && $row['last_modified_time'] + $modSettings['edit_disable_time'] * 60 < time()) { continue; } $messages[$row['id_msg']] = array($row['subject'], $row['id_member']); } $smcFunc['db_free_result']($request); // Get the first message in the topic - because you can't delete that! $request = $smcFunc['db_query']('', ' SELECT id_first_msg, id_last_msg FROM {db_prefix}topics WHERE id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic)); list($first_message, $last_message) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Delete all the messages we know they can delete. ($messages) foreach ($messages as $message => $info) { // Just skip the first message - if it's not the last. if ($message == $first_message && $message != $last_message) { continue; } elseif ($message == $first_message) { $topicGone = true; } removeMessage($message); // Log this moderation action ;). if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $user_info['id'])) { logAction('delete', array('topic' => $topic, 'subject' => $info[0], 'member' => $info[1], 'board' => $board)); } } redirectexit(!empty($topicGone) ? 'board=' . $board : 'topic=' . $topic . '.' . $_REQUEST['start']); }
function postAction() { global $username; global $action; global $postid; global $global_username; global $forumid; global $reason; global $nmDataService; global $access_token; if (!$forumid || !$postid || !$action) { echo json_encode(array("success" => false, "msg" => "Missing arguments")); return; } $action_username = $global_username; $author_username = $username; $token = $access_token; $hubDS = $nmDataService->getForumHubDataService($forumid); switch ($action) { case 'pa-apr': //$nativeid=$hubDS->getPostNativeId($postid); $txt = $hubDS->setPostStatus('approved', $forumid, $action_username, $postid, $reason); if ($txt) { updateMessageText($token, $postid, $txt); } if (approveMessage($token, $postid)) { $hubDS->recordPostAction(1, $postid, "", $forumid); $status_name = $hubDS->getStatusName(6); } else { $hubDS->recordPostAction(9, $postid, "", $forumid); } break; case 'pa-mod': //$nativeid=$hubDS->getPostNativeId($postid); $latestText = replaceMessageText($token, $postid, $hubDS->getForumModerationText($forumid)); // latesttext to make sure that we are not losing any user edits //removeMessage($token,$id); $hubDS->updatePostText($postid, $latestText); $hubDS->setPostStatus('pending', $forumid, $action_username, $postid, $reason); $status_name = $hubDS->getStatusName(2); break; case 'pa-mov': break; case 'pa-del': // $nativeid=$hubDS->getPostNativeId($postid); // $latestText=replaceMessageText($token,$nativeid,$hubDS->getForumDeletionText($forumid)); // latesttext to make sure that we are not losing any user edits if (removeMessage($token, $postid)) { $hubDS->recordPostAction(3, $postid, "", $forumid); $hubDS->setPostStatus('deleted', $forumid, $action_username, $postid, $reason); $status_name = $hubDS->getStatusName(3); } else { $hubDS->recordPostAction(7, $postid, "", $forumid); } break; } //$ds->insertAsyncAction($forumid,$action,$postid,$global_username,$username,$reason); echo json_encode(array("success" => true)); }