$errors['page'] = qa_lang_html('misc/form_security_again');
 } else {
     if ($approvebutton && qa_clicked('doapprove')) {
         require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
         qa_set_user_level($userid, $useraccount['handle'], QA_USER_LEVEL_APPROVED, $useraccount['level']);
         qa_redirect(qa_request());
     }
     if (isset($maxlevelassign) && $maxuserlevel < QA_USER_LEVEL_MODERATOR) {
         if (qa_clicked('doblock')) {
             require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
             qa_set_user_blocked($userid, $useraccount['handle'], true);
             qa_redirect(qa_request());
         }
         if (qa_clicked('dounblock')) {
             require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
             qa_set_user_blocked($userid, $useraccount['handle'], false);
             qa_redirect(qa_request());
         }
         if (qa_clicked('dohideall') && !qa_user_permit_error('permit_hide_show')) {
             require_once QA_INCLUDE_DIR . 'qa-db-admin.php';
             require_once QA_INCLUDE_DIR . 'qa-app-posts.php';
             $postids = qa_db_get_user_visible_postids($userid);
             foreach ($postids as $postid) {
                 qa_post_set_hidden($postid, true, $loginuserid);
             }
             qa_redirect(qa_request());
         }
         if (qa_clicked('dodelete') && $loginlevel >= QA_USER_LEVEL_ADMIN) {
             require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
             qa_delete_user($userid);
             qa_report_event('u_delete', $loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), array('userid' => $userid, 'handle' => $useraccount['handle']));
Esempio n. 2
0
function qa_admin_single_click($entityid, $action)
{
    $userid = qa_get_logged_in_userid();
    if (!QA_FINAL_EXTERNAL_USERS && ($action == 'userapprove' || $action == 'userblock')) {
        // approve/block moderated users
        require_once QA_INCLUDE_DIR . 'db/selects.php';
        $useraccount = qa_db_select_with_pending(qa_db_user_account_selectspec($entityid, true));
        if (isset($useraccount) && qa_get_logged_in_level() >= QA_USER_LEVEL_MODERATOR) {
            switch ($action) {
                case 'userapprove':
                    if ($useraccount['level'] <= QA_USER_LEVEL_APPROVED) {
                        // don't demote higher level users
                        require_once QA_INCLUDE_DIR . 'app/users-edit.php';
                        qa_set_user_level($useraccount['userid'], $useraccount['handle'], QA_USER_LEVEL_APPROVED, $useraccount['level']);
                        return true;
                    }
                    break;
                case 'userblock':
                    require_once QA_INCLUDE_DIR . 'app/users-edit.php';
                    qa_set_user_blocked($useraccount['userid'], $useraccount['handle'], true);
                    return true;
                    break;
            }
        }
    } else {
        // something to do with a post
        require_once QA_INCLUDE_DIR . 'app/posts.php';
        $post = qa_post_get_full($entityid);
        if (isset($post)) {
            $queued = substr($post['type'], 1) == '_QUEUED';
            switch ($action) {
                case 'approve':
                    if ($queued && !qa_user_post_permit_error('permit_moderate', $post)) {
                        qa_post_set_hidden($entityid, false, $userid);
                        return true;
                    }
                    break;
                case 'reject':
                    if ($queued && !qa_user_post_permit_error('permit_moderate', $post)) {
                        qa_post_set_hidden($entityid, true, $userid);
                        return true;
                    }
                    break;
                case 'hide':
                    if (!$queued && !qa_user_post_permit_error('permit_hide_show', $post)) {
                        qa_post_set_hidden($entityid, true, $userid);
                        return true;
                    }
                    break;
                case 'reshow':
                    if ($post['hidden'] && !qa_user_post_permit_error('permit_hide_show', $post)) {
                        qa_post_set_hidden($entityid, false, $userid);
                        return true;
                    }
                    break;
                case 'delete':
                    if ($post['hidden'] && !qa_user_post_permit_error('permit_delete_hidden', $post)) {
                        qa_post_delete($entityid);
                        return true;
                    }
                    break;
                case 'clearflags':
                    require_once QA_INCLUDE_DIR . 'app/votes.php';
                    if (!qa_user_post_permit_error('permit_hide_show', $post)) {
                        qa_flags_clear_all($post, $userid, qa_get_logged_in_handle(), null);
                        return true;
                    }
                    break;
            }
        }
    }
    return false;
}