/**
* Called from a mouse click,
* works out what we want to do with attachments and actions it.
* Accessed by ?action=attachapprove
*/
public function action_attachapprove()
{
global $user_info;
// Security is our primary concern...
checkSession('get');
// If it approve or delete?
$is_approve = !isset($_GET['sa']) || $_GET['sa'] != 'reject' ? true : false;
$attachments = array();
require_once SUBSDIR . '/ManageAttachments.subs.php';
// If we are approving all ID's in a message , get the ID's.
if ($_GET['sa'] == 'all' && !empty($_GET['mid'])) {
$id_msg = (int) $_GET['mid'];
$attachments = attachmentsOfMessage($id_msg);
} elseif (!empty($_GET['aid'])) {
$attachments[] = (int) $_GET['aid'];
}
if (empty($attachments)) {
fatal_lang_error('no_access', false);
}
// @todo nb: this requires permission to approve posts, not manage attachments
// Now we have some ID's cleaned and ready to approve, but first - let's check we have permission!
$allowed_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts');
if ($allowed_boards == array(0)) {
$approve_query = '';
} elseif (!empty($allowed_boards)) {
$approve_query = ' AND m.id_board IN (' . implode(',', $allowed_boards) . ')';
} else {
$approve_query = ' AND 0';
}
// Validate the attachments exist and have the right approval state.
$attachments = validateAttachments($attachments, $approve_query);
// Set up a return link based off one of the attachments for this message
$attach_home = attachmentBelongsTo($attachments[0]);
$redirect = 'topic=' . $attach_home['id_topic'] . '.msg' . $attach_home['id_msg'] . '#msg' . $attach_home['id_msg'];
if (empty($attachments)) {
fatal_lang_error('no_access', false);
}
// Finally, we are there. Follow through!
if ($is_approve) {
// Checked and deemed worthy.
approveAttachments($attachments);
} else {
removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
}
// We approved or removed, either way we reset those numbers
cache_put_data('num_menu_errors', null, 900);
// Return to the topic....
redirectexit($redirect);
}
function enterReply($var_ticketid, $var_userid, $var_deptid, $var_refno, $var_mail_subject)
{
global $conn, $var_message_main, $var_machineip, $mimedecoder, $var_valid_size;
$sql = "insert into sptbl_replies(nReplyId,nTicketId,nUserId,dDate,tReply,vMachineIP) Values('',\n\t\t\t'" . addslashes($var_ticketid) . "',\n\t\t\t'" . addslashes($var_userid) . "',\n\t\t\tnow(),\n\t\t\t'" . addslashes($var_message_main) . "',\n\t\t\t'" . addslashes($var_machineip) . "')";
executeQuery($sql, $conn);
$var_replyid = mysql_insert_id();
$sql = "update sptbl_tickets set vStatus='open',dLastAttempted=now() where nTicketId='" . addslashes($var_ticketid) . "'";
executeQuery($sql, $conn);
$sql1 = "insert into sptbl_attachments(nReplyId,vAttachReference,vAttachUrl) values";
$sql = "";
foreach ($mimedecoder->_attachments as $objattach) {
if (validateAttachments($objattach->_attachmentname, $objattach->_attachmenttype) == true && getDataSize($objattach->_attachmentcontent) < $var_valid_size) {
$var_act_filename = uniqid("fl", true) . "." . getExtension($objattach->_attachmentname);
$sql .= ",('" . $var_replyid . "','" . $objattach->_attachmentname . "','" . addslashes($var_act_filename) . "')";
$fp = fopen("{$dotdotreal}/attachments/" . $var_act_filename, "w");
fwrite($fp, $objattach->_attachmentcontent);
fclose($fp);
}
}
$sql != "" ? executeQuery($sql1 . substr($sql, 1), $conn) : "";
mailAllStaff($var_deptid, $var_refno);
acknowledgeUserOnReply($var_deptid, $var_refno, $var_mail_subject);
}
$var_insert_id = "00" . $var_insert_id;
} else {
if ($var_insert_id < 10000) {
// 9999 09999
$var_insert_id = "0" . $var_insert_id;
}
}
}
}
$var_refno = $var_tmp_compid . $val_dept_id . $var_tmp_userid . $var_insert_id;
$sql_update_ticket = "update sptbl_tickets set vRefNo='" . $var_refno . "' where nTicketId='" . $var_ticket_id . "'";
executeQuery($sql_update_ticket, $conn);
$sql1 = "insert into sptbl_attachments(nTicketId,vAttachReference,vAttachUrl) values";
$sql = "";
foreach ($mimedecoder->_attachments as $objattach) {
if (validateAttachments($objattach->_attachmentname, $objattach->_attachmenttype) == true && getDataSize($objattach->_attachmentcontent) < $var_valid_size) {
$var_act_filename = uniqid("fl", true) . "." . getExtension($objattach->_attachmentname);
$sql .= ",('" . $var_ticket_id . "','" . $objattach->_attachmentname . "','" . addslashes($var_act_filename) . "')";
$fp = fopen("{$dotdotreal}/attachments/" . $var_act_filename, "w");
fwrite($fp, $objattach->_attachmentcontent);
fclose($fp);
}
}
$sql != "" ? executeQuery($sql1 . substr($sql, 1), $conn) : "";
/// check admin auto return mail status
if (isAutoReturnMailNeeded()) {
mailUserOnTicketCreationPop3($val, $total_count, $var_refno, $var_tmp_userid, $mimedecoder->_mailheader->_headersubject);
}
//
mailAllStaff($val, $var_refno);
mailWatcher($val, $var_refno);
/**
* View all unapproved attachments.
*/
public function action_unapproved_attachments()
{
global $txt, $scripturl, $context, $user_info, $modSettings;
$context['page_title'] = $txt['mc_unapproved_attachments'];
// Once again, permissions are king!
$approve_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts');
if ($approve_boards == array(0)) {
$approve_query = '';
} elseif (!empty($approve_boards)) {
$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
} else {
$approve_query = ' AND 0';
}
// Get together the array of things to act on, if any.
$attachments = array();
if (isset($_GET['approve'])) {
$attachments[] = (int) $_GET['approve'];
} elseif (isset($_GET['delete'])) {
$attachments[] = (int) $_GET['delete'];
} elseif (isset($_POST['item'])) {
foreach ($_POST['item'] as $item) {
$attachments[] = (int) $item;
}
}
// Are we approving or deleting?
if (isset($_GET['approve']) || isset($_POST['do']) && $_POST['do'] == 'approve') {
$curAction = 'approve';
} elseif (isset($_GET['delete']) || isset($_POST['do']) && $_POST['do'] == 'delete') {
$curAction = 'delete';
}
// Something to do, let's do it!
if (!empty($attachments) && isset($curAction)) {
checkSession('request');
// This will be handy.
require_once SUBSDIR . '/ManageAttachments.subs.php';
// Confirm the attachments are eligible for changing!
$attachments = validateAttachments($attachments, $approve_query);
// Assuming it wasn't all like, proper illegal, we can do the approving.
if (!empty($attachments)) {
if ($curAction == 'approve') {
approveAttachments($attachments);
} else {
removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
}
cache_put_data('num_menu_errors', null, 900);
}
}
require_once SUBSDIR . '/GenericList.class.php';
require_once SUBSDIR . '/ManageAttachments.subs.php';
$listOptions = array('id' => 'mc_unapproved_attach', 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_unapproved_attachments_none_found'], 'base_href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'default_sort_col' => 'attach_name', 'get_items' => array('function' => 'list_getUnapprovedAttachments', 'params' => array($approve_query)), 'get_count' => array('function' => 'list_getNumUnapprovedAttachments', 'params' => array($approve_query)), 'columns' => array('attach_name' => array('header' => array('value' => $txt['mc_unapproved_attach_name']), 'data' => array('db' => 'filename'), 'sort' => array('default' => 'a.filename', 'reverse' => 'a.filename DESC')), 'attach_size' => array('header' => array('value' => $txt['mc_unapproved_attach_size']), 'data' => array('db' => 'size'), 'sort' => array('default' => 'a.size', 'reverse' => 'a.size DESC')), 'attach_poster' => array('header' => array('value' => $txt['mc_unapproved_attach_poster']), 'data' => array('function' => create_function('$data', '
return $data[\'poster\'][\'link\'];')), 'sort' => array('default' => 'm.id_member', 'reverse' => 'm.id_member DESC')), 'date' => array('header' => array('value' => $txt['date'], 'style' => 'width: 18%;'), 'data' => array('db' => 'time', 'class' => 'smalltext', 'style' => 'white-space:nowrap;'), 'sort' => array('default' => 'm.poster_time', 'reverse' => 'm.poster_time DESC')), 'message' => array('header' => array('value' => $txt['post']), 'data' => array('function' => create_function('$data', '
global $modSettings;
return \'<a href="\' . $data[\'message\'][\'href\'] . \'">\' . Util::shorten_text($data[\'message\'][\'subject\'], !empty($modSettings[\'subject_length\']) ? $modSettings[\'subject_length\'] : 24) . \'</a>\';'), 'class' => 'smalltext', 'style' => 'width:15em;'), 'sort' => array('default' => 'm.subject', 'reverse' => 'm.subject DESC')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />', 'params' => array('id' => false))))), 'form' => array('href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id']), 'token' => 'mod-ap'), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => '
<select name="do" onchange="if (this.value != 0 && confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
<option value="0">' . $txt['with_selected'] . ':</option>
<option value="0" disabled="disabled">' . str_repeat('—', strlen($txt['approve'])) . '</option>
<option value="approve">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['approve'] . '</option>
<option value="delete">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['delete'] . '</option>
</select>
<noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>', 'class' => 'floatright')));
// Create the request list.
createToken('mod-ap');
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'mc_unapproved_attach';
$context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_unapproved_attachments'], 'help' => '', 'description' => $txt['mc_unapproved_attachments_desc']);
}
