/** * Called from a mouse click, * works out what we want to do with attachments and actions it. * Accessed by ?action=attachapprove */ public function action_attachapprove() { global $user_info; // Security is our primary concern... checkSession('get'); // If it approve or delete? $is_approve = !isset($_GET['sa']) || $_GET['sa'] != 'reject' ? true : false; $attachments = array(); require_once SUBSDIR . '/ManageAttachments.subs.php'; // If we are approving all ID's in a message , get the ID's. if ($_GET['sa'] == 'all' && !empty($_GET['mid'])) { $id_msg = (int) $_GET['mid']; $attachments = attachmentsOfMessage($id_msg); } elseif (!empty($_GET['aid'])) { $attachments[] = (int) $_GET['aid']; } if (empty($attachments)) { fatal_lang_error('no_access', false); } // @todo nb: this requires permission to approve posts, not manage attachments // Now we have some ID's cleaned and ready to approve, but first - let's check we have permission! $allowed_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts'); if ($allowed_boards == array(0)) { $approve_query = ''; } elseif (!empty($allowed_boards)) { $approve_query = ' AND m.id_board IN (' . implode(',', $allowed_boards) . ')'; } else { $approve_query = ' AND 0'; } // Validate the attachments exist and have the right approval state. $attachments = validateAttachments($attachments, $approve_query); // Set up a return link based off one of the attachments for this message $attach_home = attachmentBelongsTo($attachments[0]); $redirect = 'topic=' . $attach_home['id_topic'] . '.msg' . $attach_home['id_msg'] . '#msg' . $attach_home['id_msg']; if (empty($attachments)) { fatal_lang_error('no_access', false); } // Finally, we are there. Follow through! if ($is_approve) { // Checked and deemed worthy. approveAttachments($attachments); } else { removeAttachments(array('id_attach' => $attachments, 'do_logging' => true)); } // We approved or removed, either way we reset those numbers cache_put_data('num_menu_errors', null, 900); // Return to the topic.... redirectexit($redirect); }
function enterReply($var_ticketid, $var_userid, $var_deptid, $var_refno, $var_mail_subject) { global $conn, $var_message_main, $var_machineip, $mimedecoder, $var_valid_size; $sql = "insert into sptbl_replies(nReplyId,nTicketId,nUserId,dDate,tReply,vMachineIP) Values('',\n\t\t\t'" . addslashes($var_ticketid) . "',\n\t\t\t'" . addslashes($var_userid) . "',\n\t\t\tnow(),\n\t\t\t'" . addslashes($var_message_main) . "',\n\t\t\t'" . addslashes($var_machineip) . "')"; executeQuery($sql, $conn); $var_replyid = mysql_insert_id(); $sql = "update sptbl_tickets set vStatus='open',dLastAttempted=now() where nTicketId='" . addslashes($var_ticketid) . "'"; executeQuery($sql, $conn); $sql1 = "insert into sptbl_attachments(nReplyId,vAttachReference,vAttachUrl) values"; $sql = ""; foreach ($mimedecoder->_attachments as $objattach) { if (validateAttachments($objattach->_attachmentname, $objattach->_attachmenttype) == true && getDataSize($objattach->_attachmentcontent) < $var_valid_size) { $var_act_filename = uniqid("fl", true) . "." . getExtension($objattach->_attachmentname); $sql .= ",('" . $var_replyid . "','" . $objattach->_attachmentname . "','" . addslashes($var_act_filename) . "')"; $fp = fopen("{$dotdotreal}/attachments/" . $var_act_filename, "w"); fwrite($fp, $objattach->_attachmentcontent); fclose($fp); } } $sql != "" ? executeQuery($sql1 . substr($sql, 1), $conn) : ""; mailAllStaff($var_deptid, $var_refno); acknowledgeUserOnReply($var_deptid, $var_refno, $var_mail_subject); }
$var_insert_id = "00" . $var_insert_id; } else { if ($var_insert_id < 10000) { // 9999 09999 $var_insert_id = "0" . $var_insert_id; } } } } $var_refno = $var_tmp_compid . $val_dept_id . $var_tmp_userid . $var_insert_id; $sql_update_ticket = "update sptbl_tickets set vRefNo='" . $var_refno . "' where nTicketId='" . $var_ticket_id . "'"; executeQuery($sql_update_ticket, $conn); $sql1 = "insert into sptbl_attachments(nTicketId,vAttachReference,vAttachUrl) values"; $sql = ""; foreach ($mimedecoder->_attachments as $objattach) { if (validateAttachments($objattach->_attachmentname, $objattach->_attachmenttype) == true && getDataSize($objattach->_attachmentcontent) < $var_valid_size) { $var_act_filename = uniqid("fl", true) . "." . getExtension($objattach->_attachmentname); $sql .= ",('" . $var_ticket_id . "','" . $objattach->_attachmentname . "','" . addslashes($var_act_filename) . "')"; $fp = fopen("{$dotdotreal}/attachments/" . $var_act_filename, "w"); fwrite($fp, $objattach->_attachmentcontent); fclose($fp); } } $sql != "" ? executeQuery($sql1 . substr($sql, 1), $conn) : ""; /// check admin auto return mail status if (isAutoReturnMailNeeded()) { mailUserOnTicketCreationPop3($val, $total_count, $var_refno, $var_tmp_userid, $mimedecoder->_mailheader->_headersubject); } // mailAllStaff($val, $var_refno); mailWatcher($val, $var_refno);
/** * View all unapproved attachments. */ public function action_unapproved_attachments() { global $txt, $scripturl, $context, $user_info, $modSettings; $context['page_title'] = $txt['mc_unapproved_attachments']; // Once again, permissions are king! $approve_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts'); if ($approve_boards == array(0)) { $approve_query = ''; } elseif (!empty($approve_boards)) { $approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')'; } else { $approve_query = ' AND 0'; } // Get together the array of things to act on, if any. $attachments = array(); if (isset($_GET['approve'])) { $attachments[] = (int) $_GET['approve']; } elseif (isset($_GET['delete'])) { $attachments[] = (int) $_GET['delete']; } elseif (isset($_POST['item'])) { foreach ($_POST['item'] as $item) { $attachments[] = (int) $item; } } // Are we approving or deleting? if (isset($_GET['approve']) || isset($_POST['do']) && $_POST['do'] == 'approve') { $curAction = 'approve'; } elseif (isset($_GET['delete']) || isset($_POST['do']) && $_POST['do'] == 'delete') { $curAction = 'delete'; } // Something to do, let's do it! if (!empty($attachments) && isset($curAction)) { checkSession('request'); // This will be handy. require_once SUBSDIR . '/ManageAttachments.subs.php'; // Confirm the attachments are eligible for changing! $attachments = validateAttachments($attachments, $approve_query); // Assuming it wasn't all like, proper illegal, we can do the approving. if (!empty($attachments)) { if ($curAction == 'approve') { approveAttachments($attachments); } else { removeAttachments(array('id_attach' => $attachments, 'do_logging' => true)); } cache_put_data('num_menu_errors', null, 900); } } require_once SUBSDIR . '/GenericList.class.php'; require_once SUBSDIR . '/ManageAttachments.subs.php'; $listOptions = array('id' => 'mc_unapproved_attach', 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_unapproved_attachments_none_found'], 'base_href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'default_sort_col' => 'attach_name', 'get_items' => array('function' => 'list_getUnapprovedAttachments', 'params' => array($approve_query)), 'get_count' => array('function' => 'list_getNumUnapprovedAttachments', 'params' => array($approve_query)), 'columns' => array('attach_name' => array('header' => array('value' => $txt['mc_unapproved_attach_name']), 'data' => array('db' => 'filename'), 'sort' => array('default' => 'a.filename', 'reverse' => 'a.filename DESC')), 'attach_size' => array('header' => array('value' => $txt['mc_unapproved_attach_size']), 'data' => array('db' => 'size'), 'sort' => array('default' => 'a.size', 'reverse' => 'a.size DESC')), 'attach_poster' => array('header' => array('value' => $txt['mc_unapproved_attach_poster']), 'data' => array('function' => create_function('$data', ' return $data[\'poster\'][\'link\'];')), 'sort' => array('default' => 'm.id_member', 'reverse' => 'm.id_member DESC')), 'date' => array('header' => array('value' => $txt['date'], 'style' => 'width: 18%;'), 'data' => array('db' => 'time', 'class' => 'smalltext', 'style' => 'white-space:nowrap;'), 'sort' => array('default' => 'm.poster_time', 'reverse' => 'm.poster_time DESC')), 'message' => array('header' => array('value' => $txt['post']), 'data' => array('function' => create_function('$data', ' global $modSettings; return \'<a href="\' . $data[\'message\'][\'href\'] . \'">\' . Util::shorten_text($data[\'message\'][\'subject\'], !empty($modSettings[\'subject_length\']) ? $modSettings[\'subject_length\'] : 24) . \'</a>\';'), 'class' => 'smalltext', 'style' => 'width:15em;'), 'sort' => array('default' => 'm.subject', 'reverse' => 'm.subject DESC')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />', 'params' => array('id' => false))))), 'form' => array('href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id']), 'token' => 'mod-ap'), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => ' <select name="do" onchange="if (this.value != 0 && confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();"> <option value="0">' . $txt['with_selected'] . ':</option> <option value="0" disabled="disabled">' . str_repeat('—', strlen($txt['approve'])) . '</option> <option value="approve">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['approve'] . '</option> <option value="delete">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['delete'] . '</option> </select> <noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>', 'class' => 'floatright'))); // Create the request list. createToken('mod-ap'); createList($listOptions); $context['sub_template'] = 'show_list'; $context['default_list'] = 'mc_unapproved_attach'; $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_unapproved_attachments'], 'help' => '', 'description' => $txt['mc_unapproved_attachments_desc']); }