public function undelete($id) { //SQL injection safe $pid = (int) $id; $qry = 'SELECT uid FROM ' . PREFIX . 'codo_posts WHERE post_id=' . $pid; $res = $this->db->query($qry); $result = $res->fetch(); if ($result) { $puid = $result['uid']; if ($puid == \CODOF\User\CurrentUser\CurrentUser::id()) { $has_permission = \CODOF\Access\Access::hasPermission(array('edit my posts', 'edit all posts')); } else { $has_permission = \CODOF\Access\Access::hasPermission('edit all posts'); } if ($has_permission) { $post = new \CODOF\Forum\Post($this->db); //Delete post ie set status as 0 $post->undelete($pid); echo 'success'; } else { echo "Unauthorized request to delete post " . $id; exit; } } else { echo 'no post found'; } }
public function delete($id) { //post id $tid = (int) $id; $topic = new \CODOF\Forum\Topic($this->db); $topic_info = $topic->get_topic_info($tid); $cid = $topic_info['cat_id']; $tuid = $topic_info['uid']; if ($topic->canViewTopic($tuid, $cid, $tid) && $topic->canDeleteTopic($tuid, $cid, $tid)) { $isSpam = $_POST['isSpam']; if ($isSpam == 'yes') { $text = \DB::table(PREFIX . 'codo_posts AS p')->join(PREFIX . 'codo_topics AS t', 'p.topic_id', '=', 't.topic_id')->where('t.topic_id', '=', $tid)->pluck('p.imessage'); $filter = new \CODOF\SpamFilter(); $filter->spam($text); } //Set topic as deleted $topic->delete($cid, $tid); //update all posts linked with this topic as deleted $post = new \CODOF\Forum\Post($this->db); $post->deleteOfTopic($cid, $tid); echo 'success'; } else { exit('access denied'); } }
public function approveReply($_pid) { $db = \DB::getPDO(); $pid = (int) $_pid; $qry = 'SELECT p.post_status, p.cat_id, p.topic_id, p.uid,p.post_created, p.imessage FROM ' . PREFIX . 'codo_posts AS p' . ' WHERE p.post_id=' . $pid; $res = $db->query($qry); if ($res) { $row = $res->fetch(); $status = $row['post_status']; $cid = $row['cat_id']; $text = $row['imessage']; $user = \CODOF\User\User::get(); if ($user->can('moderate posts', $cid)) { $qry = 'UPDATE ' . PREFIX . 'codo_posts SET post_status=' . \CODOF\Forum\Forum::APPROVED . ' WHERE post_id=' . $pid; $db->query($qry); $post = new \CODOF\Forum\Post($db); $post->incPostCount($cid, $row['topic_id'], $row['uid']); $options = array(":pid" => $pid, ":uid" => $user->id, ":name" => $user->name, ":time" => $row['post_created'], ":tid" => $row['topic_id']); $topic = new \CODOF\Forum\Topic($db); $topic->update_last_post_details($options); //If a post considered as spam by filter is being approved //it means the filter needs to relearn that it is not spam if ($status == \CODOF\Forum\Forum::MODERATION_BY_FILTER) { $filter = new \CODOF\SpamFilter(); $filter->ham($text); } } } }
public function topic($tid, $page) { $topic = new \CODOF\Forum\Topic($this->db); $post = new \CODOF\Forum\Post($this->db); $topic_info = $topic->get_topic_info($tid); if ($topic_info['topic_status'] == \CODOF\Forum\Forum::MERGED_REDIRECT_ONLY) { $tid = $topic_info['redirect_to']; $topic_info = $topic->get_topic_info($tid); } if ($topic_info['topic_status'] == \CODOF\Forum\Forum::MODERATION_BY_FILTER) { $topic_is_spam = true; } else { $topic_is_spam = false; } $this->smarty->assign('topic_is_spam', $topic_is_spam); $user = \CODOF\User\User::get(); if ($topic_is_spam) { if (!($user->can('moderate topics') || $user->id == $topic_info['uid'])) { $this->view = 'access_denied'; return false; } } if (!$topic->canViewTopic($topic_info['uid'], $topic_info['cat_id'], $topic_info['topic_id'])) { //\CODOF\Hook::call('page not found', array('type' => 'topic', 'id' => $tid)); \CODOF\Store::set('sub_title', _t('Access denied')); $this->view = 'access_denied'; return; } $tracker = new \CODOF\Forum\Tracker($this->db); $tracker->mark_topic_as_read($topic_info['cat_id'], $tid); if (!$topic_info) { $this->view = 'not_found'; } else { $posts_per_page = \CODOF\Util::get_opt("num_posts_per_topic"); if (strpos($page, "post-") !== FALSE) { $pid = (int) str_replace("post-", "", $page); $prev_posts = $post->get_num_prev_posts($tid, $pid); $from = floor($prev_posts / $posts_per_page); } else { $from = (int) $page - 1; } $topic_info['no_replies'] = $topic_info['no_posts'] - 1; $name = \CODOF\Filter::URL_safe($topic_info['title']); $subscriber = new \CODOF\Forum\Notification\Subscriber(); $this->smarty->assign('no_followers', $subscriber->followersOfTopic($topic_info['topic_id'])); if (\CODOF\User\CurrentUser\CurrentUser::loggedIn()) { $this->smarty->assign('my_subscription_type', $subscriber->levelForTopic($topic_info['topic_id'])); } $this->smarty->assign('tags', $topic->getTags($topic_info['topic_id'])); $api = new Ajax\forum\topic(); $posts_data = $api->get_posts($tid, $from, $topic_info); $num_pages = $posts_data['num_pages']; $posts = $posts_data['posts']; $posts_tpl = \CODOF\HB\Render::tpl('forum/topic', $posts_data); $this->smarty->assign('posts', $posts_tpl); $this->smarty->assign('topic_info', $topic_info); $this->smarty->assign('title', htmlentities($topic_info['title'], ENT_QUOTES, "UTF-8")); $search_data = array(); if (isset($_GET['str'])) { $search_data = array('str' => strip_tags($_GET['str'])); } $this->smarty->assign('search_data', json_encode($search_data)); $url = 'topic/' . $topic_info['topic_id'] . '/' . $name . '/'; $this->smarty->assign('pagination', $post->paginate($num_pages, $from + 1, $url, false, $search_data)); if (ceil(($topic_info['no_posts'] + 1) / $posts_per_page) > $num_pages) { //next reply will go to next page $this->smarty->assign('new_page', 'yes'); } else { $this->smarty->assign('new_page', 'nope'); } $cat = new \CODOF\Forum\Category($this->db); $cats = $cat->get_categories(); $cid = $topic_info['cat_id']; $parents = $cat->find_parents($cats, $cid); array_push($parents, array("name" => $topic_info['cat_name'], "alias" => $topic_info['cat_alias'])); $this->smarty->assign('can_search', $user->can('use search')); $this->smarty->assign('parents', $parents); $this->smarty->assign('num_pages', $num_pages); $this->smarty->assign('curr_page', $from + 1); //starts from 1 $this->smarty->assign('url', RURI . $url); $this->assign_editor_vars(); $tuid = $topic_info['uid']; $this->assign_admin_vars($tuid); $this->css_files = array('topic', 'editor', 'jquery.textcomplete'); $arr = array(array('topic/topic.js', array('type' => 'defer')), array('modal.js', array('type' => 'defer')), array('bootstrap-slider.js', array('type' => 'defer'))); $this->js_files = array_merge($arr, $post->get_js_editor_files()); \CODOF\Hook::call('on_topic_view', array($topic_info)); $this->view = 'forum/topic'; \CODOF\Store::set('sub_title', $topic_info['title']); \CODOF\Store::set('og:type', 'article'); \CODOF\Store::set('og:title', $topic_info['title']); \CODOF\Store::set('og:url', RURI . $url); $mesg = $posts[0]['imessage']; \CODOF\Store::set('og:desc', strlen($mesg) > 200 ? substr($mesg, 0, 197) . "..." : $mesg); if ($from > 0) { //previous page exists \CODOF\Store::set('rel:prev', RURI . $url . $from); } $curr_page = $from + 1; if ($curr_page < $num_pages) { //next page exists \CODOF\Store::set('rel:next', RURI . $url . ($curr_page + 1)); } \CODOF\Store::set('article:published', date('c', $topic_info['topic_created'])); if ($topic_info['topic_updated'] > 0) { \CODOF\Store::set('article:modified', date('c', $topic_info['topic_updated'])); } } }
if (get_magic_quotes_gpc()) { $gpc = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); array_walk_recursive($gpc, function (&$value) { $value = stripslashes($value); }); } use CODOF\Util; use CODOF\Access\Request; $db = \DB::getPDO(); Util::get_config($db); \Constants::post_boot('themes/' . Util::get_opt('theme') . "/"); CODOF\Smarty\Single::get_instance(); //-------------------------server static files -------------------------------- dispatch_get('Ajax/history/posts', function () { if (Request::valid($_GET['_token'])) { $post = new \CODOF\Forum\Post(); $post->getHistory($_GET['pid']); } }); dispatch_get('Ajax/reputation/:pid/up', function ($pid) { if (Request::valid($_GET['_token'])) { $rep = new \CODOF\Forum\Reputation(); $rep->up($pid); } }); dispatch_get('Ajax/reputation/:pid/down', function ($pid) { if (Request::valid($_GET['_token'])) { $rep = new \CODOF\Forum\Reputation(); $rep->down($pid); } });