function main($id, $mode)
{
global $config, $db, $user, $table_prefix, $auth, $template, $phpbb_root_path, $phpEx;
define('TABLE_PREFIX', $table_prefix);
require_once 'class_ulogin.php';
$uLogin = new uLogin($db);
if ($config['require_activation'] == USER_ACTIVATION_DISABLE) {
trigger_error('UCP_REGISTER_DISABLE');
}
if (!($user_id = $uLogin->auth())) {
$user_id = $uLogin->register();
}
if ($user_id) {
$session = $user->session_create($user_id, 0, 1);
}
if (!$session) {
page_header($user->lang['LOGIN'], false);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
exit;
}
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
$message = $user->lang['LOGIN_REDIRECT'];
$l_redirect = $redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE'];
$redirect = reapply_sid($redirect);
if (defined('IN_CHECK_BAN') && $session['user_row']['user_type'] != USER_FOUNDER) {
return false;
}
$redirect = meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
/**
* Set data used in javascript
*/
public function set_javascript_data($route, $style_id)
{
$board_url = generate_board_url();
$ajax_url = $board_url . (!$this->config['enable_mod_rewrite'] ? '/app.' . $this->php_ext : '');
$is_default_route = $u_default_route = false;
if ($this->config['sitemaker_default_layout']) {
$is_default_route = $this->config['sitemaker_default_layout'] === $route ? true : false;
$u_default_route .= $board_url . '/' . $this->config['sitemaker_default_layout'];
$u_default_route = reapply_sid($u_default_route);
}
$this->template->assign_vars(array('S_IS_DEFAULT' => $is_default_route, 'PAGE_URL' => build_url(array('style')), 'UA_ROUTE' => $route, 'UA_AJAX_URL' => $ajax_url, 'UA_BOARD_URL' => $board_url, 'UA_STYLE_ID' => $style_id, 'U_VIEW_DEFAULT' => $u_default_route));
}
/**
* {@inheritdoc}
*/
public function display(array $bdata, $edit_mode = false)
{
$settings = $bdata['settings'];
$content = '';
if (!$this->user->data['is_registered'] || $edit_mode === true) {
$this->ptemplate->assign_vars(array('S_SHOW_HIDE_ME' => $settings['show_hide_me'] ? true : false, 'S_AUTOLOGIN_ENABLED' => $settings['allow_autologin'] ? true : false, 'S_LOGIN_ACTION' => append_sid("{$this->phpbb_root_path}ucp" . $this->php_ext, 'mode=login'), 'U_REGISTER' => append_sid("{$this->phpbb_root_path}ucp" . $this->php_ext, 'mode=register'), 'U_SEND_PASSWORD' => append_sid("{$this->phpbb_root_path}ucp" . $this->php_ext, 'mode=sendpassword'), 'U_REDIRECT' => reapply_sid(ltrim(rtrim(build_url(array('edit_mode')), '?'), './../'))));
$content = $this->ptemplate->render_view('blitze/sitemaker', 'blocks/login.html', 'login_block');
} else {
if ($settings['show_member_menu']) {
$block = $this->phpbb_container->get('blitze.sitemaker.block.member_menu');
$block->set_template($this->ptemplate);
return $block->display(array(), $edit_mode);
}
}
return array('title' => 'LOGIN', 'content' => $content);
}
/**
* Controller for /idea/{idea_id}
*
* @param $idea_id int The ID of the requested idea, maybe?
* @throws http_exception
* @return \Symfony\Component\HttpFoundation\Response A Symfony Response object
*/
public function idea($idea_id)
{
if (!$this->is_available()) {
throw new http_exception(404, 'IDEAS_NOT_AVAILABLE');
}
$this->data = $this->ideas->get_idea($idea_id);
if (!$this->data) {
throw new http_exception(404, 'IDEA_NOT_FOUND');
}
$mode = $this->request->variable('mode', '');
if ($this->request->is_ajax() && !empty($mode)) {
$result = call_user_func(array($this, $mode));
return new \Symfony\Component\HttpFoundation\JsonResponse($result);
}
$url = reapply_sid(generate_board_url() . "/viewtopic.{$this->php_ext}?f={$this->config['ideas_forum_id']}&t={$this->data['topic_id']}");
return new RedirectResponse($url);
}
/**
* Main method, is called by p_master to run the module
*/
public function main($mode, $id)
{
// Fetch all the data
$fid = request_var('f', 0);
$pid = request_var('prefixid', 0);
$red = request_var('redirect', 'index.' . PHP_EXT);
$tid = request_var('t', 0);
$red = reapply_sid($red);
// Get the prefix data
$tree = $forums = array();
sp_phpbb::$cache->obtain_prefix_forum_tree($tree, $forums);
// Nothing for this forum
if (empty($tree[$fid])) {
return;
}
// Fetch the current data for this forum
$sql = 'SELECT subject_prefix_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id = ' . $tid;
$result = sp_phpbb::$db->sql_query($sql);
$_c_pid = sp_phpbb::$db->sql_fetchfield('subject_prefix_id', false, $result);
sp_phpbb::$db->sql_freeresult($result);
// No change
if ($pid == $_c_pid) {
meta_refresh(2, $red);
trigger_error(sp_phpbb::$user->lang['PREFIX_NOT_CHANGED'] . '<br /><br />' . sprintf(sp_phpbb::$user->lang['RETURN_PAGE'], '<a href="' . $red . '">', '</a>'));
}
// The selected prefix can be used in this forum?
if (!isset($tree[$fid][$pid]) && $pid > 0) {
meta_refresh(2, $red);
trigger_error(sp_phpbb::$user->lang['PREFIX_NOT_ALLOWED'] . '<br /><br />' . sprintf(sp_phpbb::$user->lang['RETURN_PAGE'], '<a href="' . $red . '">', '</a>'));
}
// Update
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET subject_prefix_id = ' . $pid . '
WHERE topic_id = ' . $tid;
sp_phpbb::$db->sql_query($sql);
if (sp_phpbb::$db->sql_affectedrows() == -1) {
trigger_error('PREFIX_UPDATE_FAILED');
} else {
sp_cache::subject_prefix_quick_clear();
meta_refresh(2, $red);
trigger_error(sp_phpbb::$user->lang['PREFIX_UPDATED_SUCCESS'] . '<br /><br />' . sprintf(sp_phpbb::$user->lang['RETURN_PAGE'], '<a href="' . $red . '">', '</a>'));
}
}
/**
* Board Announcements controller accessed from the URL /boardannouncements/close
*
* @throws \phpbb\exception\http_exception An http exception
* @return \Symfony\Component\HttpFoundation\JsonResponse A Symfony JSON Response object
* @access public
*/
public function close_announcement()
{
// Check the link hash to protect against CSRF/XSRF attacks
if (!check_link_hash($this->request->variable('hash', ''), 'close_boardannouncement') || !$this->config['board_announcements_dismiss']) {
throw new \phpbb\exception\http_exception(403, 'NO_AUTH_OPERATION');
}
// Set a cookie
$response = $this->set_board_announcement_cookie();
// Close the announcement for registered users
if ($this->user->data['is_registered']) {
$response = $this->update_board_announcement_status();
}
// Send a JSON response if an AJAX request was used
if ($this->request->is_ajax()) {
return new \Symfony\Component\HttpFoundation\JsonResponse(array('success' => $response));
}
// Redirect the user back to their last viewed page (non-AJAX requests)
$redirect = $this->request->variable('redirect', $this->user->data['session_page']);
$redirect = reapply_sid($redirect);
redirect($redirect);
// We shouldn't get here, but throw an http exception just in case
throw new \phpbb\exception\http_exception(500, 'GENERAL_ERROR');
}
/**
* Fork Topic
*/
function mcp_fork_topic($topic_ids)
{
global $auth, $user, $db, $template, $config;
global $phpEx, $phpbb_root_path;
if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_'))) {
return;
}
$to_forum_id = request_var('to_forum_id', 0);
$forum_id = request_var('f', 0);
$redirect = request_var('redirect', build_url(array('action', 'quickmod')));
$additional_msg = $success_msg = '';
$s_hidden_fields = build_hidden_fields(array('topic_id_list' => $topic_ids, 'f' => $forum_id, 'action' => 'fork', 'redirect' => $redirect));
if ($to_forum_id) {
$forum_data = get_forum_data($to_forum_id, 'f_post');
if (!sizeof($topic_ids)) {
$additional_msg = $user->lang['NO_TOPIC_SELECTED'];
} else {
if (!sizeof($forum_data)) {
$additional_msg = $user->lang['FORUM_NOT_EXIST'];
} else {
$forum_data = $forum_data[$to_forum_id];
if ($forum_data['forum_type'] != FORUM_POST) {
$additional_msg = $user->lang['FORUM_NOT_POSTABLE'];
} else {
if (!$auth->acl_get('f_post', $to_forum_id)) {
$additional_msg = $user->lang['USER_CANNOT_POST'];
}
}
}
}
} else {
if (isset($_POST['confirm'])) {
$additional_msg = $user->lang['FORUM_NOT_EXIST'];
}
}
if ($additional_msg) {
unset($_POST['confirm']);
unset($_REQUEST['confirm_key']);
}
if (confirm_box(true)) {
$topic_data = get_topic_data($topic_ids, 'f_post');
$total_posts = 0;
$new_topic_id_list = array();
if ($topic_data['enable_indexing']) {
// Select the search method and do some additional checks to ensure it can actually be utilised
$search_type = basename($config['search_type']);
if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) {
trigger_error('NO_SUCH_SEARCH_MODULE');
}
if (!class_exists($search_type)) {
include "{$phpbb_root_path}includes/search/{$search_type}.{$phpEx}";
}
$error = false;
$search = new $search_type($error);
$search_mode = 'post';
if ($error) {
trigger_error($error);
}
} else {
$search_type = false;
}
foreach ($topic_data as $topic_id => $topic_row) {
$sql_ary = array('forum_id' => (int) $to_forum_id, 'icon_id' => (int) $topic_row['icon_id'], 'topic_attachment' => (int) $topic_row['topic_attachment'], 'topic_approved' => 1, 'topic_reported' => 0, 'topic_title' => (string) $topic_row['topic_title'], 'topic_poster' => (int) $topic_row['topic_poster'], 'topic_time' => (int) $topic_row['topic_time'], 'topic_replies' => (int) $topic_row['topic_replies_real'], 'topic_replies_real' => (int) $topic_row['topic_replies_real'], 'topic_status' => (int) $topic_row['topic_status'], 'topic_type' => (int) $topic_row['topic_type'], 'topic_first_poster_name' => (string) $topic_row['topic_first_poster_name'], 'topic_last_poster_id' => (int) $topic_row['topic_last_poster_id'], 'topic_last_poster_name' => (string) $topic_row['topic_last_poster_name'], 'topic_last_post_time' => (int) $topic_row['topic_last_post_time'], 'topic_last_view_time' => (int) $topic_row['topic_last_view_time'], 'topic_bumped' => (int) $topic_row['topic_bumped'], 'topic_bumper' => (int) $topic_row['topic_bumper'], 'poll_title' => (string) $topic_row['poll_title'], 'poll_start' => (int) $topic_row['poll_start'], 'poll_length' => (int) $topic_row['poll_length'], 'poll_max_options' => (int) $topic_row['poll_max_options'], 'poll_vote_change' => (int) $topic_row['poll_vote_change']);
$db->sql_query('INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$new_topic_id = $db->sql_nextid();
$new_topic_id_list[$topic_id] = $new_topic_id;
if ($topic_row['poll_start']) {
$poll_rows = array();
$sql = 'SELECT *
FROM ' . POLL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE topic_id = {$topic_id}";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql_ary = array('poll_option_id' => (int) $row['poll_option_id'], 'topic_id' => (int) $new_topic_id, 'poll_option_text' => (string) $row['poll_option_text'], 'poll_option_total' => 0);
$db->sql_query('INSERT INTO ' . POLL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
}
}
$sql = 'SELECT *
FROM ' . POSTS_TABLE . "\n\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tORDER BY post_time ASC";
$result = $db->sql_query($sql);
$post_rows = array();
while ($row = $db->sql_fetchrow($result)) {
$post_rows[] = $row;
}
$db->sql_freeresult($result);
if (!sizeof($post_rows)) {
continue;
}
$total_posts += sizeof($post_rows);
foreach ($post_rows as $row) {
$sql_ary = array('topic_id' => (int) $new_topic_id, 'forum_id' => (int) $to_forum_id, 'poster_id' => (int) $row['poster_id'], 'icon_id' => (int) $row['icon_id'], 'poster_ip' => (string) $row['poster_ip'], 'post_time' => (int) $row['post_time'], 'post_approved' => 1, 'post_reported' => 0, 'enable_bbcode' => (int) $row['enable_bbcode'], 'enable_smilies' => (int) $row['enable_smilies'], 'enable_magic_url' => (int) $row['enable_magic_url'], 'enable_sig' => (int) $row['enable_sig'], 'post_username' => (string) $row['post_username'], 'post_subject' => (string) $row['post_subject'], 'post_text' => (string) $row['post_text'], 'post_edit_reason' => (string) $row['post_edit_reason'], 'post_edit_user' => (int) $row['post_edit_user'], 'post_checksum' => (string) $row['post_checksum'], 'post_attachment' => (int) $row['post_attachment'], 'bbcode_bitfield' => $row['bbcode_bitfield'], 'bbcode_uid' => (string) $row['bbcode_uid'], 'post_edit_time' => (int) $row['post_edit_time'], 'post_edit_count' => (int) $row['post_edit_count'], 'post_edit_locked' => (int) $row['post_edit_locked'], 'post_postcount' => 0);
$db->sql_query('INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$new_post_id = $db->sql_nextid();
// Copy whether the topic is dotted
markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']);
if ($search_type) {
$search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], $topic_row['topic_type'] == POST_GLOBAL ? 0 : $to_forum_id);
$search_mode = 'reply';
// After one we index replies
}
// Copy Attachments
if ($row['post_attachment']) {
$sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\tWHERE post_msg_id = {$row['post_id']}\n\t\t\t\t\t\t\tAND topic_id = {$topic_id}\n\t\t\t\t\t\t\tAND in_message = 0";
$result = $db->sql_query($sql);
$sql_ary = array();
while ($attach_row = $db->sql_fetchrow($result)) {
$sql_ary[] = array('post_msg_id' => (int) $new_post_id, 'topic_id' => (int) $new_topic_id, 'in_message' => 0, 'is_orphan' => (int) $attach_row['is_orphan'], 'poster_id' => (int) $attach_row['poster_id'], 'physical_filename' => (string) utf8_basename($attach_row['physical_filename']), 'real_filename' => (string) utf8_basename($attach_row['real_filename']), 'download_count' => (int) $attach_row['download_count'], 'attach_comment' => (string) $attach_row['attach_comment'], 'extension' => (string) $attach_row['extension'], 'mimetype' => (string) $attach_row['mimetype'], 'filesize' => (int) $attach_row['filesize'], 'filetime' => (int) $attach_row['filetime'], 'thumbnail' => (int) $attach_row['thumbnail']);
}
$db->sql_freeresult($result);
if (sizeof($sql_ary)) {
$db->sql_multi_insert(ATTACHMENTS_TABLE, $sql_ary);
}
}
}
$sql = 'SELECT user_id, notify_status
FROM ' . TOPICS_WATCH_TABLE . '
WHERE topic_id = ' . $topic_id;
$result = $db->sql_query($sql);
$sql_ary = array();
while ($row = $db->sql_fetchrow($result)) {
$sql_ary[] = array('topic_id' => (int) $new_topic_id, 'user_id' => (int) $row['user_id'], 'notify_status' => (int) $row['notify_status']);
}
$db->sql_freeresult($result);
if (sizeof($sql_ary)) {
$db->sql_multi_insert(TOPICS_WATCH_TABLE, $sql_ary);
}
}
// Sync new topics, parent forums and board stats
sync('topic', 'topic_id', $new_topic_id_list);
$sync_sql = array();
$sync_sql[$to_forum_id][] = 'forum_posts = forum_posts + ' . $total_posts;
$sync_sql[$to_forum_id][] = 'forum_topics = forum_topics + ' . sizeof($new_topic_id_list);
$sync_sql[$to_forum_id][] = 'forum_topics_real = forum_topics_real + ' . sizeof($new_topic_id_list);
foreach ($sync_sql as $forum_id_key => $array) {
$sql = 'UPDATE ' . FORUMS_TABLE . '
SET ' . implode(', ', $array) . '
WHERE forum_id = ' . $forum_id_key;
$db->sql_query($sql);
}
sync('forum', 'forum_id', $to_forum_id);
set_config_count('num_topics', sizeof($new_topic_id_list), true);
set_config_count('num_posts', $total_posts, true);
foreach ($new_topic_id_list as $topic_id => $new_topic_id) {
add_log('mod', $to_forum_id, $new_topic_id, 'LOG_FORK', $topic_row['forum_name']);
}
$success_msg = sizeof($topic_ids) == 1 ? 'TOPIC_FORKED_SUCCESS' : 'TOPICS_FORKED_SUCCESS';
} else {
$template->assign_vars(array('S_FORUM_SELECT' => make_forum_select($to_forum_id, false, false, true, true, true), 'S_CAN_LEAVE_SHADOW' => false, 'ADDITIONAL_MSG' => $additional_msg));
confirm_box(false, 'FORK_TOPIC' . (sizeof($topic_ids) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_move.html');
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
redirect($redirect);
} else {
$redirect_url = append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id);
meta_refresh(3, $redirect_url);
$return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>');
if ($forum_id != $to_forum_id) {
$return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $to_forum_id) . '">', '</a>');
}
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
}
}
function oauth_login()
{
global $phpEx, $config, $auth, $user;
$info = false;
$method = trim(basename($config['auth_method']));
include_once $phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx;
$method = 'oauth_redirect_info_' . $method;
if (function_exists($method)) {
$info = $method();
}
if (!$info) {
redirect('index.' . $phpEx);
}
// // Hack code
// $_POST['login'] = '******';
// $_REQUEST['credential'] = ($info->admin) ? md5(unique_id()) : false;
// $_REQUEST['redirect'] = $info ->redirect;
// login_box($info ->redirect, $info->l_explain, $info->l_success, $info->admin);
$admin = $info->admin;
$redirect = $info->redirect;
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login('', '', false, 0, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT'];
$l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
$redirect = meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
if ($result['status'] == LOGIN_CONTINUE) {
oauth_show_register($result['oauth_extra']);
}
trigger_error("Extern auth error!");
}
/**
* Get username details for placing into templates.
* This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id.
*
* @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link)
* @param int $user_id The users id
* @param string $username The users name
* @param string $username_colour The users colour
* @param string $guest_username optional parameter to specify the guest username. It will be used in favor of the GUEST language variable then.
* @param string $custom_profile_url optional parameter to specify a profile url. The user id get appended to this url as &u={user_id}
*
* @return string A string consisting of what is wanted based on $mode.
* @author BartVB, Acyd Burn
*/
function get_username_string($mode, $user_id, $username, $username_colour = '', $guest_username = false, $custom_profile_url = false)
{
static $_profile_cache;
// We cache some common variables we need within this function
if (empty($_profile_cache)) {
global $phpbb_root_path, $phpEx;
$_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=viewprofile&u={USER_ID}');
$_profile_cache['tpl_noprofile'] = '{USERNAME}';
$_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';
$_profile_cache['tpl_profile'] = '<a href="{PROFILE_URL}">{USERNAME}</a>';
$_profile_cache['tpl_profile_colour'] = '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</a>';
}
global $user, $auth;
// This switch makes sure we only run code required for the mode
switch ($mode) {
case 'full':
case 'no_profile':
case 'colour':
// Build correct username colour
$username_colour = $username_colour ? '#' . $username_colour : '';
// Return colour
if ($mode == 'colour') {
return $username_colour;
}
// no break;
// no break;
case 'username':
// Build correct username
if ($guest_username === false) {
$username = $username ? $username : $user->lang['GUEST'];
} else {
$username = $user_id && $user_id != ANONYMOUS ? $username : (!empty($guest_username) ? $guest_username : $user->lang['GUEST']);
}
// Return username
if ($mode == 'username') {
return $username;
}
// no break;
// no break;
case 'profile':
// Build correct profile url - only show if not anonymous and permission to view profile if registered user
// For anonymous the link leads to a login page.
if ($user_id && $user_id != ANONYMOUS && ($user->data['user_id'] == ANONYMOUS || $auth->acl_get('u_viewprofile'))) {
// www.phpBB-SEO.com SEO TOOLKIT BEGIN
// $profile_url = ($custom_profile_url !== false) ? $custom_profile_url . '&u=' . (int) $user_id : str_replace(array('={USER_ID}', '=%7BUSER_ID%7D'), '=' . (int) $user_id, $_profile_cache['base_url']);
global $phpbb_seo, $phpbb_root_path, $phpEx;
$phpbb_seo->set_user_url($username, $user_id);
if ($custom_profile_url !== false) {
$profile_url = reapply_sid($custom_profile_url . (strpos($custom_profile_url, '?') !== false ? '&' : '?') . 'u=' . (int) $user_id);
} else {
$profile_url = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=viewprofile&u=' . (int) $user_id);
}
// www.phpBB-SEO.com SEO TOOLKIT END
} else {
$profile_url = '';
}
// Return profile
if ($mode == 'profile') {
return $profile_url;
}
// no break;
}
if ($mode == 'full' && !$profile_url || $mode == 'no_profile') {
return str_replace(array('{USERNAME_COLOUR}', '{USERNAME}'), array($username_colour, $username), !$username_colour ? $_profile_cache['tpl_noprofile'] : $_profile_cache['tpl_noprofile_colour']);
}
return str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), !$username_colour ? $_profile_cache['tpl_profile'] : $_profile_cache['tpl_profile_colour']);
}
/**
* Merge selected posts into selected topic
*/
function merge_posts($topic_id, $to_topic_id)
{
global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
if (!$to_topic_id) {
$template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']);
return;
}
$topic_data = get_topic_data(array($to_topic_id), 'm_merge');
if (!sizeof($topic_data)) {
$template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']);
return;
}
$topic_data = $topic_data[$to_topic_id];
$post_id_list = request_var('post_id_list', array(0));
$start = request_var('start', 0);
if (!sizeof($post_id_list)) {
$template->assign_var('MESSAGE', $user->lang['NO_POST_SELECTED']);
return;
}
if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_merge'))) {
return;
}
$redirect = request_var('redirect', $user->data['session_page']);
$s_hidden_fields = build_hidden_fields(array('i' => 'main', 'post_id_list' => $post_id_list, 'to_topic_id' => $to_topic_id, 'mode' => 'topic_view', 'action' => 'merge_posts', 'start' => $start, 'redirect' => $redirect, 'f' => $forum_id, 't' => $topic_id));
$success_msg = $return_link = '';
if (confirm_box(true)) {
$to_forum_id = $topic_data['forum_id'];
move_posts($post_id_list, $to_topic_id);
add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $topic_data['topic_title']);
// Message and return links
$success_msg = 'POSTS_MERGED_SUCCESS';
// Does the original topic still exist? If yes, link back to it
$topic_data = get_topic_data(array($topic_id));
if (sizeof($topic_data)) {
$return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $forum_id . '&t=' . $topic_id) . '">', '</a>');
}
// Link to the new topic
$return_link .= ($return_link ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>');
} else {
confirm_box(false, 'MERGE_POSTS', $s_hidden_fields);
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
return;
} else {
meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "f={$to_forum_id}&t={$to_topic_id}"));
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
}
}
/**
* Build Confirm box
* @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box
* @param string $title Title/Message used for confirm box.
* message text is _CONFIRM appended to title.
* If title cannot be found in user->lang a default one is displayed
* If title_CONFIRM cannot be found in user->lang the text given is used.
* @param string $hidden Hidden variables
* @param string $html_body Template used for confirm box
* @param string $u_action Custom form action
*/
function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.tpl', $u_action = '')
{
global $db, $user, $lang, $template;
if (isset($_POST['cancel'])) {
return false;
}
$confirm = false;
if (isset($_POST['confirm'])) {
// language frontier
if ($_POST['confirm'] === $lang['YES']) {
$confirm = true;
}
}
if ($check && $confirm) {
$user_id = request_var('confirm_uid', 0);
$session_id = request_var('sess', '');
if ($user_id != $user->data['user_id'] || $session_id != $user->session_id) {
return false;
}
return true;
} elseif ($check) {
return false;
}
$s_hidden_fields = build_hidden_fields(array('confirm_uid' => $user->data['user_id'], 'sess' => $user->session_id, 'sid' => $user->session_id));
// re-add sid / transform & to & for user->page (user->page is always using &)
$use_page = $u_action ? IP_ROOT_PATH . $u_action : IP_ROOT_PATH . str_replace('&', '&', $user->page['page']);
$u_action = reapply_sid($use_page);
$u_action .= strpos($u_action, '?') === false ? '?' : '&';
$confirm_title = !isset($lang[$title]) ? $lang['Confirm'] : $lang[$title];
$template->assign_vars(array('MESSAGE_TITLE' => $confirm_title, 'MESSAGE_TEXT' => !isset($lang[$title . '_CONFIRM']) ? $title : $lang[$title . '_CONFIRM'], 'YES_VALUE' => $lang['YES'], 'S_CONFIRM_ACTION' => $u_action, 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields));
full_page_generation($html_body, $confirm_title, '', '');
}
/**
* Merge selected topics into selected topic
*/
function merge_topics($forum_id, $topic_ids, $to_topic_id)
{
global $db, $template, $user, $phpEx, $phpbb_root_path, $phpbb_log, $request;
if (!sizeof($topic_ids)) {
$template->assign_var('MESSAGE', $user->lang['NO_TOPIC_SELECTED']);
return;
}
if (!$to_topic_id) {
$template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']);
return;
}
$sync_topics = array_merge($topic_ids, array($to_topic_id));
$topic_data = phpbb_get_topic_data($sync_topics, 'm_merge');
if (!sizeof($topic_data) || empty($topic_data[$to_topic_id])) {
$template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']);
return;
}
$sync_forums = array();
foreach ($topic_data as $data) {
$sync_forums[$data['forum_id']] = $data['forum_id'];
}
$topic_data = $topic_data[$to_topic_id];
$post_id_list = $request->variable('post_id_list', array(0));
$start = $request->variable('start', 0);
if (!sizeof($post_id_list) && sizeof($topic_ids)) {
$sql = 'SELECT post_id
FROM ' . POSTS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
$post_id_list = array();
while ($row = $db->sql_fetchrow($result)) {
$post_id_list[] = $row['post_id'];
}
$db->sql_freeresult($result);
}
if (!sizeof($post_id_list)) {
$template->assign_var('MESSAGE', $user->lang['NO_POST_SELECTED']);
return;
}
if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_merge'))) {
return;
}
$redirect = $request->variable('redirect', build_url(array('quickmod')));
$s_hidden_fields = build_hidden_fields(array('i' => 'main', 'f' => $forum_id, 'post_id_list' => $post_id_list, 'to_topic_id' => $to_topic_id, 'mode' => 'forum_view', 'action' => 'merge_topics', 'start' => $start, 'redirect' => $redirect, 'topic_id_list' => $topic_ids));
$return_link = '';
if (confirm_box(true)) {
$to_forum_id = $topic_data['forum_id'];
move_posts($post_id_list, $to_topic_id, false);
$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_MERGE', false, array('forum_id' => $to_forum_id, 'topic_id' => $to_topic_id, $topic_data['topic_title']));
// Message and return links
$success_msg = 'POSTS_MERGED_SUCCESS';
if (!function_exists('phpbb_update_rows_avoiding_duplicates_notify_status')) {
include $phpbb_root_path . 'includes/functions_database_helper.' . $phpEx;
}
// Update the topic watch table.
phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', $topic_ids, $to_topic_id);
// Update the bookmarks table.
phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', $topic_ids, $to_topic_id);
// Re-sync the topics and forums because the auto-sync was deactivated in the call of move_posts()
sync('topic_reported', 'topic_id', $sync_topics);
sync('topic_attachment', 'topic_id', $sync_topics);
sync('topic', 'topic_id', $sync_topics, true);
sync('forum', 'forum_id', $sync_forums, true, true);
// Link to the new topic
$return_link .= ($return_link ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>');
$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.{$phpEx}?f={$to_forum_id}&t={$to_topic_id}");
$redirect = reapply_sid($redirect);
meta_refresh(3, $redirect);
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
} else {
confirm_box(false, 'MERGE_TOPICS', $s_hidden_fields);
}
}
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
global $request, $phpbb_container, $phpbb_dispatcher;
$err = '';
// Make sure user->setup() has been called
if (empty($user->lang)) {
$user->setup();
}
/**
* This event allows an extension to modify the login process
*
* @event core.login_box_before
* @var string redirect Redirect string
* @var string l_explain Explain language string
* @var string l_success Success language string
* @var bool admin Is admin?
* @var bool s_display Display full login form?
* @var string err Error string
* @since 3.1.9-RC1
*/
$vars = array('redirect', 'l_explain', 'l_success', 'admin', 's_display', 'err');
extract($phpbb_dispatcher->trigger_event('core.login_box_before', compact($vars)));
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (empty($err) && ($request->is_set_post('login') || $request->is_set('login') && $request->variable('login', '') == 'external')) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = $request->untrimmed_variable('password_' . $credential, '', true);
} else {
$password = $request->untrimmed_variable('password', '', true);
}
$username = request_var('username', '', true);
$autologin = $request->is_set_post('autologin');
$viewonline = (int) (!$request->is_set_post('viewonline'));
$admin = $admin ? 1 : 0;
$viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
/**
* This event allows an extension to modify the redirection when a user successfully logs in
*
* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?
* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable
*/
$vars = array('redirect', 'admin');
extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
redirect($redirect);
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', '<a href="' . phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx) . '">', '</a>');
break;
case LOGIN_ERROR_ATTEMPTS:
$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
// $captcha->reset();
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
// no break;
// Username, password, etc...
// no break;
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = sprintf($user->lang[$result['error_msg']], '<a href="' . append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=contactadmin') . '">', '</a>');
}
break;
}
/**
* This event allows an extension to process when a user fails a login attempt
*
* @event core.login_box_failed
* @var array result Login result data
* @var string username User name used to login
* @var string password Password used to login
* @var string err Error message
* @since 3.1.3-RC1
*/
$vars = array('result', 'username', 'password', 'err');
extract($phpbb_dispatcher->trigger_event('core.login_box_failed', compact($vars)));
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('sid' => $user->session_id);
if ($redirect) {
$s_hidden_fields['redirect'] = $redirect;
}
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$provider_collection = $phpbb_container->get('auth.provider_collection');
$auth_provider = $provider_collection->get_provider();
$auth_provider_data = $auth_provider->get_login_data();
if ($auth_provider_data) {
if (isset($auth_provider_data['VARS'])) {
$template->assign_vars($auth_provider_data['VARS']);
}
if (isset($auth_provider_data['BLOCK_VAR_NAME'])) {
foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars) {
$template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars);
}
}
$template->assign_vars(array('PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE']));
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
page_header($user->lang['LOGIN']);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
}
/**
* Build Confirm box for Ajax requests
* @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box
* @param string $title Title/Message used for confirm box.
* message text is _CONFIRM appended to title.
* If title cannot be found in user->lang a default one is displayed
* If title_CONFIRM cannot be found in user->lang the text given is used.
* @param string $hidden Hidden variables
* @param string $u_action Custom form action
*/
public static function ajax_confirm_box($check, $title = '', $hidden = '', $u_action = '')
{
global $user, $db, $request;
if (!$request->is_ajax()) {
return false;
}
$confirm = $user->lang['YES'] === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST);
if ($check && $confirm) {
$user_id = $request->variable('confirm_uid', 0);
$session_id = $request->variable('sess', '');
$confirm_key = $request->variable('confirm_key', '');
if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || !$confirm_key || !$user->data['user_last_confirm_key'] || $confirm_key != $user->data['user_last_confirm_key']) {
return false;
}
// Reset user_last_confirm_key
$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = ''\n\t\t\t\t\tWHERE user_id = " . $user->data['user_id'];
$db->sql_query($sql);
return true;
} else {
if ($check) {
return false;
}
}
$s_hidden_fields = build_hidden_fields(array('confirm_uid' => $user->data['user_id'], 'sess' => $user->session_id, 'sid' => $user->session_id));
// generate activation key
$confirm_key = gen_rand_string(10);
// If activation key already exist, we better do not re-use the key (something very strange is going on...)
if ($request->variable('confirm_key', '')) {
// This should not occur, therefore we cancel the operation to safe the user
return false;
}
$use_page = $u_action ? $u_action : objects::$phpbb_root_path . str_replace('&', '&', $user->page['page']);
$u_action = reapply_sid($use_page);
$u_action .= (strpos($u_action, '?') === false ? '?' : '&') . 'confirm_key=' . $confirm_key;
$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "'\n\t\t\t\tWHERE user_id = " . $user->data['user_id'];
$db->sql_query($sql);
$u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id;
$json_response = new \phpbb\json_response();
$json_response->send(array('MESSAGE_TITLE' => !isset($user->lang[$title]) ? $user->lang['CONFIRM'] : $user->lang[$title], 'MESSAGE_TEXT' => !isset($user->lang[$title . '_CONFIRM']) ? $title : $user->lang[$title . '_CONFIRM'], 'YES_VALUE' => $user->lang['YES'], 'NO_VALUE' => $user->lang['NO'], 'S_CONFIRM_ACTION' => str_replace('&', '&', $u_action), 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields));
}
/**
* Closes a report
*/
function close_report($post_id_list, $mode, $action)
{
global $db, $template, $user, $config;
global $phpEx, $phpbb_root_path;
if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_report'))) {
trigger_error('NOT_AUTHORIZED');
}
if ($action == 'delete' && strpos($user->data['session_page'], 'mode=report_details') !== false) {
$redirect = request_var('redirect', build_url(array('mode')) . '&mode=reports');
} else {
$redirect = request_var('redirect', $user->data['session_page']);
}
$success_msg = '';
$s_hidden_fields = build_hidden_fields(array('i' => 'reports', 'mode' => $mode, 'post_id_list' => $post_id_list, 'f' => $forum_id, 'action' => $action, 'redirect' => $redirect));
if (confirm_box(true)) {
$post_info = get_post_data($post_id_list, 'm_report');
$sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type
FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u
WHERE r.post_id IN (' . implode(',', array_keys($post_info)) . ')
' . ($action == 'close' ? 'AND r.report_closed = 0' : '') . '
AND r.user_id = u.user_id';
$result = $db->sql_query($sql);
$reports = array();
while ($report = $db->sql_fetchrow($result)) {
$reports[$report['post_id']] = $report;
}
$db->sql_freeresult($result);
$close_report_posts = $close_report_topics = $notify_reporters = array();
foreach ($post_info as $post_id => $post_data) {
if (isset($reports[$post_id])) {
$close_report_posts[] = $post_id;
$close_report_topics[] = $post_data['topic_id'];
if ($reports[$post_id]['user_notify'] && !$reports[$post_id]['report_closed']) {
$notify_reporters[$post_id] = $reports[$post_id];
}
}
}
if (sizeof($close_report_posts)) {
$close_report_topics = array_unique($close_report_topics);
// Get a list of topics that still contain reported posts
$sql = 'SELECT DISTINCT topic_id
FROM ' . POSTS_TABLE . '
WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')
AND post_reported = 1
AND post_id NOT IN (' . implode(', ', $close_report_posts) . ')';
$result = $db->sql_query($sql);
$keep_report_topics = array();
while ($row = $db->sql_fetchrow($result)) {
$keep_report_topics[] = $row['topic_id'];
}
$db->sql_freeresult($result);
$close_report_topics = array_diff($close_report_topics, $keep_report_topics);
unset($keep_report_topics);
$db->sql_transaction('begin');
if ($action == 'close') {
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET report_closed = 1
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
} else {
$sql = 'DELETE FROM ' . REPORTS_TABLE . '
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
}
$db->sql_query($sql);
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_reported = 0
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
$db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 0
WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')';
$db->sql_query($sql);
$db->sql_transaction('commit');
}
unset($close_report_posts, $close_report_topics);
$messenger = new messenger();
// Notify reporters
if (sizeof($notify_reporters)) {
$email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']);
foreach ($notify_reporters as $post_id => $reporter) {
if ($reporter['user_id'] == ANONYMOUS) {
continue;
}
$messenger->template('report_' . $action . 'd', $reporter['user_lang']);
$messenger->replyto($config['board_email']);
$messenger->to($reporter['user_email'], $reporter['username']);
$messenger->im($reporter['user_jabber'], $reporter['username']);
$messenger->assign_vars(array('EMAIL_SIG' => $email_sig, 'SITENAME' => $config['sitename'], 'USERNAME' => html_entity_decode($reporter['username']), 'CLOSER_NAME' => html_entity_decode($user->data['username']), 'POST_SUBJECT' => html_entity_decode(censor_text($post_info[$post_id]['post_subject'])), 'TOPIC_TITLE' => html_entity_decode(censor_text($post_info[$post_id]['topic_title']))));
$messenger->send($reporter['user_notify_type']);
$messenger->reset();
}
$messenger->save_queue();
}
unset($notify_reporters, $post_info);
$success_msg = sizeof($post_id_list) == 1 ? 'REPORT_' . strtoupper($action) . 'D_SUCCESS' : 'REPORTS_' . strtoupper($action) . 'D_SUCCESS';
} else {
confirm_box(false, $user->lang[strtoupper($action) . '_REPORT' . (sizeof($post_id_list) == 1 ? '' : 'S') . '_CONFIRM'], $s_hidden_fields);
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
redirect($redirect);
} else {
meta_refresh(3, $redirect);
trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>'));
}
}
/**
* Отправляет данные как ответ на ajax запрос, если код выполняется в результате вызова callback функции,
* либо добавляет сообщение в сессию для вывода в режиме redirect
* @param array $params
*/
protected function sendMessage($params = array())
{
$params = array('title' => isset($params['title']) ? $params['title'] : '', 'msg' => isset($params['msg']) ? $params['msg'] : '', 'type' => isset($params['type']) ? $params['type'] : '', 'script' => isset($params['script']) ? $params['script'] : '', 'networks' => isset($params['networks']) ? $params['networks'] : '');
if ($this->doRedirect) {
$redirect = urldecode($this->request->variable('redirect', '', false, \phpbb\request\request_interface::GET));
// append/replace SID (may change during the session for AOL users)
if ($params['type'] == 'success') {
$redirect = reapply_sid($redirect);
redirect($redirect);
}
if ($params['type'] == 'error') {
$type = E_USER_WARNING;
} else {
$type = E_USER_NOTICE;
}
$message = (!empty($params['title']) ? '<strong>' . $params['title'] . '</strong><br/>' : '') . $params['msg'];
$message .= "<p><a href='{$redirect}' class='back-url'><- " . $this->user->lang['ULOGIN_BACK_URL'] . "</a></p>";
if (!empty($params['script'])) {
$token = !empty($params['script']['token']) ? $params['script']['token'] : '';
$identity = !empty($params['script']['identity']) ? $params['script']['identity'] : '';
$s = '';
if ($token && $identity) {
$s = "uLogin.mergeAccounts('{$token}', '{$identity}');";
} else {
if ($token) {
$s = "uLogin.mergeAccounts('{$token}');";
}
}
if ($s) {
$message .= "<script type=\"text/javascript\" src=\"//ulogin.ru/js/ulogin.js\"></script>" . "<script type=\"text/javascript\">{$s}</script>";
}
}
trigger_error($message, $type);
} else {
$json_response = new \phpbb\json_response();
$json_response->send($params);
exit;
}
}
/**
* Fork Topic
*/
function mcp_fork_topic($topic_ids)
{
global $auth, $user, $db, $template, $config;
global $phpEx, $phpbb_root_path;
if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_'))) {
return;
}
$to_forum_id = request_var('to_forum_id', 0);
$redirect = request_var('redirect', $user->data['session_page']);
$additional_msg = $success_msg = '';
$s_hidden_fields = build_hidden_fields(array('topic_id_list' => $topic_ids, 'f' => $forum_id, 'action' => 'fork', 'redirect' => $redirect));
if ($to_forum_id) {
$forum_data = get_forum_data($to_forum_id);
if (!sizeof($topic_ids)) {
$additional_msg = $user->lang['NO_TOPICS_SELECTED'];
} else {
if (!sizeof($forum_data)) {
$additional_msg = $user->lang['FORUM_NOT_EXIST'];
} else {
$forum_data = $forum_data[$to_forum_id];
if ($forum_data['forum_type'] != FORUM_POST) {
$additional_msg = $user->lang['FORUM_NOT_POSTABLE'];
} else {
if (!$auth->acl_get('f_post', $to_forum_id)) {
$additional_msg = $user->lang['USER_CANNOT_POST'];
}
}
}
}
}
if (!$to_forum_id || $additional_msg) {
unset($_POST['confirm']);
}
if (confirm_box(true)) {
$topic_data = get_topic_data($topic_ids);
$total_posts = 0;
$new_topic_id_list = array();
foreach ($topic_data as $topic_id => $topic_row) {
$sql_ary = array('forum_id' => (int) $to_forum_id, 'icon_id' => (int) $topic_row['icon_id'], 'topic_attachment' => (int) $topic_row['topic_attachment'], 'topic_approved' => 1, 'topic_reported' => 0, 'topic_title' => (string) $topic_row['topic_title'], 'topic_poster' => (int) $topic_row['topic_poster'], 'topic_time' => (int) $topic_row['topic_time'], 'topic_replies' => (int) $topic_row['topic_replies_real'], 'topic_replies_real' => (int) $topic_row['topic_replies_real'], 'topic_status' => (int) $topic_row['topic_status'], 'topic_type' => (int) $topic_row['topic_type'], 'topic_first_poster_name' => (string) $topic_row['topic_first_poster_name'], 'topic_last_poster_id' => (int) $topic_row['topic_last_poster_id'], 'topic_last_poster_name' => (string) $topic_row['topic_last_poster_name'], 'topic_last_post_time' => (int) $topic_row['topic_last_post_time'], 'topic_last_view_time' => (int) $topic_row['topic_last_view_time'], 'topic_bumped' => (int) $topic_row['topic_bumped'], 'topic_bumper' => (int) $topic_row['topic_bumper'], 'poll_title' => (string) $topic_row['poll_title'], 'poll_start' => (int) $topic_row['poll_start'], 'poll_length' => (int) $topic_row['poll_length']);
$db->sql_query('INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$new_topic_id = $db->sql_nextid();
$new_topic_id_list[$topic_id] = $new_topic_id;
/**
* @todo enable? (is this still needed?)
* markread('topic', $to_forum_id, $new_topic_id);
*/
if ($topic_row['poll_start']) {
$poll_rows = array();
$sql = 'SELECT *
FROM ' . POLL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE topic_id = {$topic_id}";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql_ary = array('poll_option_id' => (int) $row['poll_option_id'], 'topic_id' => (int) $new_topic_id, 'poll_option_text' => (string) $row['poll_option_text'], 'poll_option_total' => 0);
$db->sql_query('INSERT INTO ' . POLL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
}
}
$sql = 'SELECT *
FROM ' . POSTS_TABLE . "\n\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tORDER BY post_id ASC";
$result = $db->sql_query($sql);
$post_rows = array();
while ($row = $db->sql_fetchrow($result)) {
$post_rows[] = $row;
}
$db->sql_freeresult($result);
if (!sizeof($post_rows)) {
continue;
}
$total_posts += sizeof($post_rows);
foreach ($post_rows as $row) {
$sql_ary = array('topic_id' => (int) $new_topic_id, 'forum_id' => (int) $to_forum_id, 'poster_id' => (int) $row['poster_id'], 'icon_id' => (int) $row['icon_id'], 'poster_ip' => (string) $row['poster_ip'], 'post_time' => (int) $row['post_time'], 'post_approved' => 1, 'post_reported' => 0, 'enable_bbcode' => (int) $row['enable_bbcode'], 'enable_smilies' => (int) $row['enable_smilies'], 'enable_magic_url' => (int) $row['enable_magic_url'], 'enable_sig' => (int) $row['enable_sig'], 'post_username' => (string) $row['post_username'], 'post_subject' => (string) $row['post_subject'], 'post_text' => (string) $row['post_text'], 'post_edit_reason' => (string) $row['post_edit_reason'], 'post_edit_user' => (int) $row['post_edit_user'], 'post_checksum' => (string) $row['post_checksum'], 'post_encoding' => (string) $row['post_encoding'], 'post_attachment' => (int) $row['post_attachment'], 'bbcode_bitfield' => (int) $row['bbcode_bitfield'], 'bbcode_uid' => (string) $row['bbcode_uid'], 'post_edit_time' => (int) $row['post_edit_time'], 'post_edit_count' => (int) $row['post_edit_count'], 'post_edit_locked' => (int) $row['post_edit_locked']);
$db->sql_query('INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$new_post_id = $db->sql_nextid();
// Copy whether the topic is dotted
markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']);
// Copy Attachments
if ($row['post_attachment']) {
$sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\tWHERE post_msg_id = {$row['post_id']}\n\t\t\t\t\t\t\tAND topic_id = {$topic_id}\n\t\t\t\t\t\t\tAND in_message = 0";
$result = $db->sql_query($sql);
while ($attach_row = $db->sql_fetchrow($result)) {
$sql_ary = array('post_msg_id' => (int) $new_post_id, 'topic_id' => (int) $new_topic_id, 'in_message' => 0, 'poster_id' => (int) $attach_row['poster_id'], 'physical_filename' => (string) basename($attach_row['physical_filename']), 'real_filename' => (string) basename($attach_row['real_filename']), 'download_count' => (int) $attach_row['download_count'], 'comment' => (string) $attach_row['comment'], 'extension' => (string) $attach_row['extension'], 'mimetype' => (string) $attach_row['mimetype'], 'filesize' => (int) $attach_row['filesize'], 'filetime' => (int) $attach_row['filetime'], 'thumbnail' => (int) $attach_row['thumbnail']);
$db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
}
$db->sql_freeresult($result);
}
}
}
// Sync new topics, parent forums and board stats
sync('topic', 'topic_id', $new_topic_id_list, true);
sync('forum', 'forum_id', $to_forum_id, true);
set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list));
set_config('num_posts', $config['num_posts'] + $total_posts);
foreach ($new_topic_id_list as $topic_id => $new_topic_id) {
add_log('mod', $to_forum_id, $new_topic_id, 'LOG_FORK', $topic_row['forum_name']);
}
$success_msg = sizeof($topic_ids) == 1 ? 'TOPIC_FORKED_SUCCESS' : 'TOPICS_FORKED_SUCCESS';
} else {
$template->assign_vars(array('S_FORUM_SELECT' => make_forum_select($to_forum_id, false, false, true, true), 'S_CAN_LEAVE_SHADOW' => false, 'ADDITIONAL_MSG' => $additional_msg));
confirm_box(false, 'FORK_TOPIC' . (sizeof($topic_ids) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_move.html');
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
redirect($redirect);
} else {
$redirect_url = append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id);
meta_refresh(3, $redirect_url);
$return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>');
if ($forum_id != $to_forum_id) {
$return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $to_forum_id) . '">', '</a>');
}
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
}
}
/**
* Validate URLs and execute apppend_sid if necessary
*
* @param string $url URL to process
*
* @return string Processed URL
*/
protected function validate_url($url)
{
$url = str_replace("\r\n", "\n", str_replace('\\"', '"', trim($url)));
$url = str_replace(' ', '%20', $url);
$url = str_replace('&', '&', $url);
// if there is no scheme, then add http schema
if (!preg_match('#^[a-z][a-z\\d+\\-.]*:/{2}#i', $url)) {
$url = 'http://' . $url;
}
// Is this a link to somewhere inside this board? If so then run reapply_sid()
if (strpos($url, generate_board_url()) !== false) {
$url = reapply_sid($url);
}
return $url;
}
/**
* Disapprove Post
*
* @param $post_id_list array IDs of the posts to disapprove/delete
* @param $id mixed Category of the current active module
* @param $mode string Active module
* @return null
*/
public static function disapprove_posts($post_id_list, $id, $mode)
{
global $db, $template, $user, $config, $phpbb_container, $phpbb_dispatcher;
global $phpEx, $phpbb_root_path, $request, $phpbb_log;
if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) {
trigger_error('NOT_AUTHORISED');
}
$redirect = $request->variable('redirect', build_url(array('t', 'mode', 'quickmod')) . "&mode={$mode}");
$redirect = reapply_sid($redirect);
$reason = $request->variable('reason', '', true);
$reason_id = $request->variable('reason_id', 0);
$success_msg = $additional_msg = '';
$s_hidden_fields = build_hidden_fields(array('i' => $id, 'mode' => $mode, 'post_id_list' => $post_id_list, 'action' => 'disapprove', 'redirect' => $redirect));
$notify_poster = $request->is_set('notify_poster');
$disapprove_reason = '';
if ($reason_id) {
$sql = 'SELECT reason_title, reason_description
FROM ' . REPORTS_REASONS_TABLE . "\n\t\t\t\tWHERE reason_id = {$reason_id}";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row || !$reason && strtolower($row['reason_title']) == 'other') {
$additional_msg = $user->lang['NO_REASON_DISAPPROVAL'];
$request->overwrite('confirm', null, \phpbb\request\request_interface::POST);
$request->overwrite('confirm_key', null, \phpbb\request\request_interface::POST);
$request->overwrite('confirm_key', null, \phpbb\request\request_interface::REQUEST);
} else {
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
$disapprove_reason = strtolower($row['reason_title']) != 'other' ? isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description'] : '';
$disapprove_reason .= $reason ? "\n\n" . $reason : '';
if (isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) {
$disapprove_reason_lang = strtoupper($row['reason_title']);
}
}
}
$post_info = phpbb_get_post_data($post_id_list, 'm_approve');
$is_disapproving = false;
foreach ($post_info as $post_id => $post_data) {
if ($post_data['post_visibility'] == ITEM_DELETED) {
continue;
}
$is_disapproving = true;
}
if (confirm_box(true)) {
$disapprove_log = $disapprove_log_topics = $disapprove_log_posts = array();
$topic_posts_unapproved = $post_disapprove_list = $topic_information = array();
// Build a list of posts to be disapproved and get the related topics real replies count
foreach ($post_info as $post_id => $post_data) {
$post_disapprove_list[$post_id] = $post_data['topic_id'];
if (!isset($topic_posts_unapproved[$post_data['topic_id']])) {
$topic_information[$post_data['topic_id']] = $post_data;
$topic_posts_unapproved[$post_data['topic_id']] = 0;
}
$topic_posts_unapproved[$post_data['topic_id']]++;
}
// Now we build the log array
foreach ($post_disapprove_list as $post_id => $topic_id) {
// If the count of disapproved posts for the topic is equal
// to the number of unapproved posts in the topic, and there are no different
// posts, we disapprove the hole topic
if ($topic_information[$topic_id]['topic_posts_approved'] == 0 && $topic_information[$topic_id]['topic_posts_softdeleted'] == 0 && $topic_information[$topic_id]['topic_posts_unapproved'] == $topic_posts_unapproved[$topic_id]) {
// Don't write the log more than once for every topic
if (!isset($disapprove_log_topics[$topic_id])) {
// Build disapproved topics log
$disapprove_log_topics[$topic_id] = array('type' => 'topic', 'post_subject' => $post_info[$post_id]['topic_title'], 'forum_id' => $post_info[$post_id]['forum_id'], 'topic_id' => 0, 'post_username' => $post_info[$post_id]['poster_id'] == ANONYMOUS && !empty($post_info[$post_id]['post_username']) ? $post_info[$post_id]['post_username'] : $post_info[$post_id]['username']);
}
} else {
// Build disapproved posts log
$disapprove_log_posts[] = array('type' => 'post', 'post_subject' => $post_info[$post_id]['post_subject'], 'forum_id' => $post_info[$post_id]['forum_id'], 'topic_id' => $post_info[$post_id]['topic_id'], 'post_username' => $post_info[$post_id]['poster_id'] == ANONYMOUS && !empty($post_info[$post_id]['post_username']) ? $post_info[$post_id]['post_username'] : $post_info[$post_id]['username']);
}
}
// Get disapproved posts/topics counts separately
$num_disapproved_topics = sizeof($disapprove_log_topics);
$num_disapproved_posts = sizeof($disapprove_log_posts);
// Build the whole log
$disapprove_log = array_merge($disapprove_log_topics, $disapprove_log_posts);
// Unset unneeded arrays
unset($post_data, $disapprove_log_topics, $disapprove_log_posts);
// Let's do the job - delete disapproved posts
if (sizeof($post_disapprove_list)) {
if (!function_exists('delete_posts')) {
include $phpbb_root_path . 'includes/functions_admin.' . $phpEx;
}
// We do not check for permissions here, because the moderator allowed approval/disapproval should be allowed to delete the disapproved posts
// Note: function delete_posts triggers related forums/topics sync,
// so we don't need to call update_post_information later and to adjust real topic replies or forum topics count manually
delete_posts('post_id', array_keys($post_disapprove_list));
foreach ($disapprove_log as $log_data) {
if ($is_disapproving) {
$l_log_message = $log_data['type'] == 'topic' ? 'LOG_TOPIC_DISAPPROVED' : 'LOG_POST_DISAPPROVED';
$phpbb_log->add('mod', $user->data['user_id'], $user->ip, $l_log_message, false, array('forum_id' => $log_data['forum_id'], 'topic_id' => $log_data['topic_id'], $log_data['post_subject'], $disapprove_reason, $log_data['post_username']));
} else {
$l_log_message = $log_data['type'] == 'topic' ? 'LOG_DELETE_TOPIC' : 'LOG_DELETE_POST';
$phpbb_log->add('mod', $user->data['user_id'], $user->ip, $l_log_message, false, array('forum_id' => $log_data['forum_id'], 'topic_id' => $log_data['topic_id'], $log_data['post_subject'], $log_data['post_username']));
}
}
}
/* @var $phpbb_notifications \phpbb\notification\manager */
$phpbb_notifications = $phpbb_container->get('notification_manager');
$lang_reasons = array();
foreach ($post_info as $post_id => $post_data) {
$disapprove_all_posts_in_topic = $topic_information[$topic_id]['topic_posts_approved'] == 0 && $topic_information[$topic_id]['topic_posts_softdeleted'] == 0 && $topic_information[$topic_id]['topic_posts_unapproved'] == $topic_posts_unapproved[$topic_id];
$phpbb_notifications->delete_notifications('notification.type.post_in_queue', $post_id);
// Do we disapprove the whole topic? Remove potential notifications
if ($disapprove_all_posts_in_topic) {
$phpbb_notifications->delete_notifications('notification.type.topic_in_queue', $post_data['topic_id']);
}
// Notify Poster?
if ($notify_poster) {
if ($post_data['poster_id'] == ANONYMOUS) {
continue;
}
$post_data['disapprove_reason'] = $disapprove_reason;
if (isset($disapprove_reason_lang)) {
// Okay we need to get the reason from the posters language
if (!isset($lang_reasons[$post_data['user_lang']])) {
// Assign the current users translation as the default, this is not ideal but getting the board default adds another layer of complexity.
$lang_reasons[$post_data['user_lang']] = $user->lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
// Only load up the language pack if the language is different to the current one
if ($post_data['user_lang'] != $user->lang_name && file_exists($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx)) {
// Load up the language pack
$lang = array();
@(include $phpbb_root_path . '/language/' . basename($post_data['user_lang']) . '/mcp.' . $phpEx);
// If we find the reason in this language pack use it
if (isset($lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang])) {
$lang_reasons[$post_data['user_lang']] = $lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
}
unset($lang);
// Free memory
}
}
$post_data['disapprove_reason'] = $lang_reasons[$post_data['user_lang']];
$post_data['disapprove_reason'] .= $reason ? "\n\n" . $reason : '';
}
if ($disapprove_all_posts_in_topic && $topic_information[$topic_id]['topic_posts_unapproved'] == 1) {
// If there is only 1 post when disapproving the topic,
// we send the user a "disapprove topic" notification...
$phpbb_notifications->add_notifications('notification.type.disapprove_topic', $post_data);
} else {
// ... otherwise there are multiple unapproved posts and
// all of them are disapproved as posts.
$phpbb_notifications->add_notifications('notification.type.disapprove_post', $post_data);
}
}
}
if ($num_disapproved_topics) {
$success_msg = $num_disapproved_topics == 1 ? 'TOPIC' : 'TOPICS';
} else {
$success_msg = $num_disapproved_posts == 1 ? 'POST' : 'POSTS';
}
if ($is_disapproving) {
$success_msg .= '_DISAPPROVED_SUCCESS';
} else {
$success_msg .= '_DELETED_SUCCESS';
}
// If we came from viewtopic, we try to go back to it.
if (strpos($redirect, $phpbb_root_path . 'viewtopic.' . $phpEx) === 0) {
if ($num_disapproved_topics == 0) {
// So we need to remove the post id part from the Url
$redirect = str_replace("&p={$post_id_list[0]}#p{$post_id_list[0]}", '', $redirect);
} else {
// However this is only possible if the topic still exists,
// Otherwise we go back to the viewforum page
$redirect = append_sid($phpbb_root_path . 'viewforum.' . $phpEx, 'f=' . $request->variable('f', 0));
}
}
/**
* Perform additional actions during post(s) disapproval
*
* @event core.disapprove_posts_after
* @var array post_info Array containing info for all posts being disapproved
* @var array topic_information Array containing information for the topics
* @var array topic_posts_unapproved Array containing list of topic ids and the count of disapproved posts in them
* @var array post_disapprove_list Array containing list of posts and their topic id
* @var int num_disapproved_topics Variable containing the number of disapproved topics
* @var int num_disapproved_posts Variable containing the number of disapproved posts
* @var array lang_reasons Array containing the language keys for reasons
* @var string disapprove_reason Variable containing the language key for the success message
* @var string disapprove_reason_lang Variable containing the language key for the success message
* @var bool is_disapproving Variable telling if anything is going to be disapproved
* @var bool notify_poster Variable telling if the post should be notified or not
* @var string success_msg Variable containing the language key for the success message
* @var string redirect Variable containing the redirect url
* @since 3.1.4-RC1
*/
$vars = array('post_info', 'topic_information', 'topic_posts_unapproved', 'post_disapprove_list', 'num_disapproved_topics', 'num_disapproved_posts', 'lang_reasons', 'disapprove_reason', 'disapprove_reason_lang', 'is_disapproving', 'notify_poster', 'success_msg', 'redirect');
extract($phpbb_dispatcher->trigger_event('core.disapprove_posts_after', compact($vars)));
unset($lang_reasons, $post_info, $disapprove_reason, $disapprove_reason_lang);
meta_refresh(3, $redirect);
$message = $user->lang[$success_msg];
if ($request->is_ajax()) {
$json_response = new \phpbb\json_response();
$json_response->send(array('MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $message, 'REFRESH_DATA' => null, 'visible' => false));
}
$message .= '<br /><br />' . $user->lang('RETURN_PAGE', '<a href="' . $redirect . '">', '</a>');
trigger_error($message);
} else {
$show_notify = false;
foreach ($post_info as $post_data) {
if ($post_data['poster_id'] == ANONYMOUS) {
continue;
} else {
$show_notify = true;
break;
}
}
$l_confirm_msg = 'DISAPPROVE_POST';
$confirm_template = 'mcp_approve.html';
if ($is_disapproving) {
$phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id);
} else {
$user->add_lang('posting');
$l_confirm_msg = 'DELETE_POST_PERMANENTLY';
$confirm_template = 'confirm_delete_body.html';
}
$l_confirm_msg .= sizeof($post_id_list) == 1 ? '' : 'S';
$template->assign_vars(array('S_NOTIFY_POSTER' => $show_notify, 'S_APPROVE' => false, 'REASON' => $is_disapproving ? $reason : '', 'ADDITIONAL_MSG' => $additional_msg));
confirm_box(false, $l_confirm_msg, $s_hidden_fields, $confirm_template);
}
redirect($redirect);
}
/**
* Fork Topic
*/
function mcp_fork_topic($topic_ids)
{
global $auth, $user, $db, $template, $config;
global $phpEx, $phpbb_root_path, $phpbb_log, $request, $phpbb_dispatcher;
if (!phpbb_check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_'))) {
return;
}
$to_forum_id = $request->variable('to_forum_id', 0);
$forum_id = $request->variable('f', 0);
$redirect = $request->variable('redirect', build_url(array('action', 'quickmod')));
$additional_msg = $success_msg = '';
$counter = array();
$s_hidden_fields = build_hidden_fields(array('topic_id_list' => $topic_ids, 'f' => $forum_id, 'action' => 'fork', 'redirect' => $redirect));
if ($to_forum_id) {
$forum_data = phpbb_get_forum_data($to_forum_id, 'f_post');
if (!sizeof($topic_ids)) {
$additional_msg = $user->lang['NO_TOPIC_SELECTED'];
} else {
if (!sizeof($forum_data)) {
$additional_msg = $user->lang['FORUM_NOT_EXIST'];
} else {
$forum_data = $forum_data[$to_forum_id];
if ($forum_data['forum_type'] != FORUM_POST) {
$additional_msg = $user->lang['FORUM_NOT_POSTABLE'];
} else {
if (!$auth->acl_get('f_post', $to_forum_id)) {
$additional_msg = $user->lang['USER_CANNOT_POST'];
}
}
}
}
} else {
if (isset($_POST['confirm'])) {
$additional_msg = $user->lang['FORUM_NOT_EXIST'];
}
}
if ($additional_msg) {
$request->overwrite('confirm', null, \phpbb\request\request_interface::POST);
$request->overwrite('confirm_key', null);
}
if (confirm_box(true)) {
$topic_data = phpbb_get_topic_data($topic_ids, 'f_post');
$total_topics = $total_topics_unapproved = $total_topics_softdeleted = 0;
$total_posts = $total_posts_unapproved = $total_posts_softdeleted = 0;
$new_topic_id_list = array();
foreach ($topic_data as $topic_id => $topic_row) {
if (!isset($search_type) && $topic_row['enable_indexing']) {
// Select the search method and do some additional checks to ensure it can actually be utilised
$search_type = $config['search_type'];
if (!class_exists($search_type)) {
trigger_error('NO_SUCH_SEARCH_MODULE');
}
$error = false;
$search = new $search_type($error, $phpbb_root_path, $phpEx, $auth, $config, $db, $user, $phpbb_dispatcher);
$search_mode = 'post';
if ($error) {
trigger_error($error);
}
} else {
if (!isset($search_type) && !$topic_row['enable_indexing']) {
$search_type = false;
}
}
$sql_ary = array('forum_id' => (int) $to_forum_id, 'icon_id' => (int) $topic_row['icon_id'], 'topic_attachment' => (int) $topic_row['topic_attachment'], 'topic_visibility' => (int) $topic_row['topic_visibility'], 'topic_reported' => 0, 'topic_title' => (string) $topic_row['topic_title'], 'topic_poster' => (int) $topic_row['topic_poster'], 'topic_time' => (int) $topic_row['topic_time'], 'topic_posts_approved' => (int) $topic_row['topic_posts_approved'], 'topic_posts_unapproved' => (int) $topic_row['topic_posts_unapproved'], 'topic_posts_softdeleted' => (int) $topic_row['topic_posts_softdeleted'], 'topic_status' => (int) $topic_row['topic_status'], 'topic_type' => (int) $topic_row['topic_type'], 'topic_first_poster_name' => (string) $topic_row['topic_first_poster_name'], 'topic_last_poster_id' => (int) $topic_row['topic_last_poster_id'], 'topic_last_poster_name' => (string) $topic_row['topic_last_poster_name'], 'topic_last_post_time' => (int) $topic_row['topic_last_post_time'], 'topic_last_view_time' => (int) $topic_row['topic_last_view_time'], 'topic_bumped' => (int) $topic_row['topic_bumped'], 'topic_bumper' => (int) $topic_row['topic_bumper'], 'poll_title' => (string) $topic_row['poll_title'], 'poll_start' => (int) $topic_row['poll_start'], 'poll_length' => (int) $topic_row['poll_length'], 'poll_max_options' => (int) $topic_row['poll_max_options'], 'poll_vote_change' => (int) $topic_row['poll_vote_change']);
$db->sql_query('INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$new_topic_id = $db->sql_nextid();
$new_topic_id_list[$topic_id] = $new_topic_id;
switch ($topic_row['topic_visibility']) {
case ITEM_APPROVED:
$total_topics++;
break;
case ITEM_UNAPPROVED:
case ITEM_REAPPROVE:
$total_topics_unapproved++;
break;
case ITEM_DELETED:
$total_topics_softdeleted++;
break;
}
if ($topic_row['poll_start']) {
$poll_rows = array();
$sql = 'SELECT *
FROM ' . POLL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE topic_id = {$topic_id}";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql_ary = array('poll_option_id' => (int) $row['poll_option_id'], 'topic_id' => (int) $new_topic_id, 'poll_option_text' => (string) $row['poll_option_text'], 'poll_option_total' => 0);
$db->sql_query('INSERT INTO ' . POLL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
}
$db->sql_freeresult($result);
}
$sql = 'SELECT *
FROM ' . POSTS_TABLE . "\n\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tORDER BY post_time ASC, post_id ASC";
$result = $db->sql_query($sql);
$post_rows = array();
while ($row = $db->sql_fetchrow($result)) {
$post_rows[] = $row;
}
$db->sql_freeresult($result);
if (!sizeof($post_rows)) {
continue;
}
foreach ($post_rows as $row) {
$sql_ary = array('topic_id' => (int) $new_topic_id, 'forum_id' => (int) $to_forum_id, 'poster_id' => (int) $row['poster_id'], 'icon_id' => (int) $row['icon_id'], 'poster_ip' => (string) $row['poster_ip'], 'post_time' => (int) $row['post_time'], 'post_visibility' => (int) $row['post_visibility'], 'post_reported' => 0, 'enable_bbcode' => (int) $row['enable_bbcode'], 'enable_smilies' => (int) $row['enable_smilies'], 'enable_magic_url' => (int) $row['enable_magic_url'], 'enable_sig' => (int) $row['enable_sig'], 'post_username' => (string) $row['post_username'], 'post_subject' => (string) $row['post_subject'], 'post_text' => (string) $row['post_text'], 'post_edit_reason' => (string) $row['post_edit_reason'], 'post_edit_user' => (int) $row['post_edit_user'], 'post_checksum' => (string) $row['post_checksum'], 'post_attachment' => (int) $row['post_attachment'], 'bbcode_bitfield' => $row['bbcode_bitfield'], 'bbcode_uid' => (string) $row['bbcode_uid'], 'post_edit_time' => (int) $row['post_edit_time'], 'post_edit_count' => (int) $row['post_edit_count'], 'post_edit_locked' => (int) $row['post_edit_locked'], 'post_postcount' => $row['post_postcount']);
// Adjust post count only if the post can be incremented to the user counter
if ($row['post_postcount']) {
if (isset($counter[$row['poster_id']])) {
++$counter[$row['poster_id']];
} else {
$counter[$row['poster_id']] = 1;
}
}
$db->sql_query('INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$new_post_id = $db->sql_nextid();
switch ($row['post_visibility']) {
case ITEM_APPROVED:
$total_posts++;
break;
case ITEM_UNAPPROVED:
case ITEM_REAPPROVE:
$total_posts_unapproved++;
break;
case ITEM_DELETED:
$total_posts_softdeleted++;
break;
}
// Copy whether the topic is dotted
markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']);
if (!empty($search_type)) {
$search->index($search_mode, $new_post_id, $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], $topic_row['topic_type'] == POST_GLOBAL ? 0 : $to_forum_id);
$search_mode = 'reply';
// After one we index replies
}
// Copy Attachments
if ($row['post_attachment']) {
$sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\tWHERE post_msg_id = {$row['post_id']}\n\t\t\t\t\t\t\tAND topic_id = {$topic_id}\n\t\t\t\t\t\t\tAND in_message = 0";
$result = $db->sql_query($sql);
$sql_ary = array();
while ($attach_row = $db->sql_fetchrow($result)) {
$sql_ary[] = array('post_msg_id' => (int) $new_post_id, 'topic_id' => (int) $new_topic_id, 'in_message' => 0, 'is_orphan' => (int) $attach_row['is_orphan'], 'poster_id' => (int) $attach_row['poster_id'], 'physical_filename' => (string) utf8_basename($attach_row['physical_filename']), 'real_filename' => (string) utf8_basename($attach_row['real_filename']), 'download_count' => (int) $attach_row['download_count'], 'attach_comment' => (string) $attach_row['attach_comment'], 'extension' => (string) $attach_row['extension'], 'mimetype' => (string) $attach_row['mimetype'], 'filesize' => (int) $attach_row['filesize'], 'filetime' => (int) $attach_row['filetime'], 'thumbnail' => (int) $attach_row['thumbnail']);
}
$db->sql_freeresult($result);
if (sizeof($sql_ary)) {
$db->sql_multi_insert(ATTACHMENTS_TABLE, $sql_ary);
}
}
}
// Copy topic subscriptions to new topic
$sql = 'SELECT user_id, notify_status
FROM ' . TOPICS_WATCH_TABLE . '
WHERE topic_id = ' . $topic_id;
$result = $db->sql_query($sql);
$sql_ary = array();
while ($row = $db->sql_fetchrow($result)) {
$sql_ary[] = array('topic_id' => (int) $new_topic_id, 'user_id' => (int) $row['user_id'], 'notify_status' => (int) $row['notify_status']);
}
$db->sql_freeresult($result);
if (sizeof($sql_ary)) {
$db->sql_multi_insert(TOPICS_WATCH_TABLE, $sql_ary);
}
// Copy bookmarks to new topic
$sql = 'SELECT user_id
FROM ' . BOOKMARKS_TABLE . '
WHERE topic_id = ' . $topic_id;
$result = $db->sql_query($sql);
$sql_ary = array();
while ($row = $db->sql_fetchrow($result)) {
$sql_ary[] = array('topic_id' => (int) $new_topic_id, 'user_id' => (int) $row['user_id']);
}
$db->sql_freeresult($result);
if (sizeof($sql_ary)) {
$db->sql_multi_insert(BOOKMARKS_TABLE, $sql_ary);
}
}
// Sync new topics, parent forums and board stats
$sql = 'UPDATE ' . FORUMS_TABLE . '
SET forum_posts_approved = forum_posts_approved + ' . $total_posts . ',
forum_posts_unapproved = forum_posts_unapproved + ' . $total_posts_unapproved . ',
forum_posts_softdeleted = forum_posts_softdeleted + ' . $total_posts_softdeleted . ',
forum_topics_approved = forum_topics_approved + ' . $total_topics . ',
forum_topics_unapproved = forum_topics_unapproved + ' . $total_topics_unapproved . ',
forum_topics_softdeleted = forum_topics_softdeleted + ' . $total_topics_softdeleted . '
WHERE forum_id = ' . $to_forum_id;
$db->sql_query($sql);
if (!empty($counter)) {
// Do only one query per user and not a query per post.
foreach ($counter as $user_id => $count) {
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts + ' . (int) $count . '
WHERE user_id = ' . (int) $user_id;
$db->sql_query($sql);
}
}
sync('topic', 'topic_id', $new_topic_id_list);
sync('forum', 'forum_id', $to_forum_id);
$config->increment('num_topics', sizeof($new_topic_id_list), false);
$config->increment('num_posts', $total_posts, false);
foreach ($new_topic_id_list as $topic_id => $new_topic_id) {
$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_FORK', false, array('forum_id' => $to_forum_id, 'topic_id' => $new_topic_id, $topic_row['forum_name']));
}
$success_msg = sizeof($topic_ids) == 1 ? 'TOPIC_FORKED_SUCCESS' : 'TOPICS_FORKED_SUCCESS';
} else {
$template->assign_vars(array('S_FORUM_SELECT' => make_forum_select($to_forum_id, false, false, true, true, true), 'S_CAN_LEAVE_SHADOW' => false, 'ADDITIONAL_MSG' => $additional_msg));
confirm_box(false, 'FORK_TOPIC' . (sizeof($topic_ids) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_move.html');
}
$redirect = $request->variable('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
redirect($redirect);
} else {
$redirect_url = append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id);
meta_refresh(3, $redirect_url);
$return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>');
if ($forum_id != $to_forum_id) {
$return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $to_forum_id) . '">', '</a>');
}
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
}
}
/**
* Disapprove Post/Topic
*/
function disapprove_post($post_id_list, $mode)
{
global $db, $template, $user, $config;
global $phpEx, $phpbb_root_path;
if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve'))) {
trigger_error('NOT_AUTHORIZED');
}
$redirect = request_var('redirect', build_url(array('t', 'mode')) . '&mode=unapproved_topics');
$reason = request_var('reason', '', true);
$reason_id = request_var('reason_id', 0);
$success_msg = $additional_msg = '';
$s_hidden_fields = build_hidden_fields(array('i' => 'queue', 'mode' => $mode, 'post_id_list' => $post_id_list, 'f' => $forum_id, 'action' => 'disapprove', 'redirect' => $redirect));
$notify_poster = isset($_REQUEST['notify_poster']) ? true : false;
$disapprove_reason = '';
if ($reason_id) {
$sql = 'SELECT reason_title, reason_description
FROM ' . REPORTS_REASONS_TABLE . "\n\t\t\tWHERE reason_id = {$reason_id}";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row || !$reason && $row['reason_title'] == 'other') {
$additional_msg = $user->lang['NO_REASON_DISAPPROVAL'];
unset($_POST['confirm']);
} else {
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
$disapprove_reason = $row['reason_title'] != 'other' ? isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description'] : '';
$disapprove_reason .= $reason ? "\n\n" . $reason : '';
}
}
if (confirm_box(true)) {
$post_info = get_post_data($post_id_list, 'm_approve');
// If Topic -> forum_topics_real -= 1
// If Post -> topic_replies_real -= 1
$forum_topics_real = 0;
$topic_replies_real_sql = $post_disapprove_sql = $topic_id_list = array();
foreach ($post_info as $post_id => $post_data) {
$topic_id_list[$post_data['topic_id']] = 1;
// Topic or Post. ;)
if ($post_data['topic_first_post_id'] == $post_id && $post_data['topic_last_post_id'] == $post_id) {
if ($post_data['forum_id']) {
$forum_topics_real++;
}
} else {
if (!isset($topic_replies_real_sql[$post_data['topic_id']])) {
$topic_replies_real_sql[$post_data['topic_id']] = 1;
} else {
$topic_replies_real_sql[$post_data['topic_id']]++;
}
}
$post_disapprove_sql[] = $post_id;
}
if ($forum_topics_real) {
$sql = 'UPDATE ' . FORUMS_TABLE . "\n\t\t\t\tSET forum_topics_real = forum_topics_real - {$forum_topics_real}\n\t\t\t\tWHERE forum_id = {$forum_id}";
$db->sql_query($sql);
}
if (sizeof($topic_replies_real_sql)) {
foreach ($topic_replies_real_sql as $topic_id => $num_replies) {
$sql = 'UPDATE ' . TOPICS_TABLE . "\n\t\t\t\t\tSET topic_replies_real = topic_replies_real - {$num_replies}\n\t\t\t\t\tWHERE topic_id = {$topic_id}";
$db->sql_query($sql);
}
}
if (sizeof($post_disapprove_sql)) {
if (!function_exists('delete_posts')) {
include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx;
}
// We do not check for permissions here, because the moderator allowed approval/disapproval should be allowed to delete the disapproved posts
delete_posts('post_id', $post_disapprove_sql);
}
unset($post_disapprove_sql, $topic_replies_real_sql);
update_post_information('topic', array_keys($topic_id_list));
update_post_information('forum', $forum_id);
unset($topic_id_list);
$messenger = new messenger();
// Notify Poster?
if ($notify_poster) {
$email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']);
foreach ($post_info as $post_id => $post_data) {
if ($post_data['poster_id'] == ANONYMOUS) {
continue;
}
$email_template = $post_data['post_id'] == $post_data['topic_first_post_id'] && $post_data['post_id'] == $post_data['topic_last_post_id'] ? 'topic_disapproved' : 'post_disapproved';
$messenger->template($email_template, $post_data['user_lang']);
$messenger->replyto($config['board_email']);
$messenger->to($post_data['user_email'], $post_data['username']);
$messenger->im($post_data['user_jabber'], $post_data['username']);
$messenger->assign_vars(array('EMAIL_SIG' => $email_sig, 'SITENAME' => $config['sitename'], 'USERNAME' => html_entity_decode($post_data['username']), 'REASON' => html_entity_decode($disapprove_reason), 'POST_SUBJECT' => html_entity_decode(censor_text($post_data['post_subject'])), 'TOPIC_TITLE' => html_entity_decode(censor_text($post_data['topic_title']))));
$messenger->send($post_data['user_notify_type']);
$messenger->reset();
}
$messenger->save_queue();
}
unset($post_info, $disapprove_reason);
if ($forum_topics_real) {
$success_msg = $forum_topics_real == 1 ? 'TOPIC_DISAPPROVED_SUCCESS' : 'TOPICS_DISAPPROVED_SUCCESS';
} else {
$success_msg = sizeof($post_id_list) == 1 ? 'POST_DISAPPROVED_SUCCESS' : 'POSTS_DISAPPROVED_SUCCESS';
}
} else {
include_once $phpbb_root_path . 'includes/functions_display.' . $phpEx;
display_reasons($reason_id);
$template->assign_vars(array('S_NOTIFY_POSTER' => true, 'S_APPROVE' => false, 'REASON' => $reason, 'ADDITIONAL_MSG' => $additional_msg));
confirm_box(false, 'DISAPPROVE_POST' . (sizeof($post_id_list) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html');
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
redirect($redirect);
} else {
meta_refresh(3, $redirect);
trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>'));
}
}
/**
* Closes a report
*/
function close_report($report_id_list, $mode, $action, $pm = false)
{
global $db, $template, $user, $config, $auth;
global $phpEx, $phpbb_root_path, $phpbb_container;
$pm_where = $pm ? ' AND r.post_id = 0 ' : ' AND r.pm_id = 0 ';
$id_column = $pm ? 'pm_id' : 'post_id';
$module = $pm ? 'pm_reports' : 'reports';
$pm_prefix = $pm ? 'PM_' : '';
$sql = "SELECT r.{$id_column}\n\t\tFROM " . REPORTS_TABLE . ' r
WHERE ' . $db->sql_in_set('r.report_id', $report_id_list) . $pm_where;
$result = $db->sql_query($sql);
$post_id_list = array();
while ($row = $db->sql_fetchrow($result)) {
$post_id_list[] = $row[$id_column];
}
$post_id_list = array_unique($post_id_list);
if ($pm) {
if (!$auth->acl_getf_global('m_report')) {
trigger_error('NOT_AUTHORISED');
}
} else {
if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_report'))) {
trigger_error('NOT_AUTHORISED');
}
}
if ($action == 'delete' && strpos($user->data['session_page'], 'mode=report_details') !== false) {
$redirect = request_var('redirect', build_url(array('mode', 'r', 'quickmod')) . '&mode=reports');
} else {
if ($action == 'delete' && strpos($user->data['session_page'], 'mode=pm_report_details') !== false) {
$redirect = request_var('redirect', build_url(array('mode', 'r', 'quickmod')) . '&mode=pm_reports');
} else {
if ($action == 'close' && !request_var('r', 0)) {
$redirect = request_var('redirect', build_url(array('mode', 'p', 'quickmod')) . '&mode=' . $module);
} else {
$redirect = request_var('redirect', build_url(array('quickmod')));
}
}
}
$success_msg = '';
$forum_ids = array();
$topic_ids = array();
$s_hidden_fields = build_hidden_fields(array('i' => $module, 'mode' => $mode, 'report_id_list' => $report_id_list, 'action' => $action, 'redirect' => $redirect));
if (confirm_box(true)) {
$post_info = $pm ? phpbb_get_pm_data($post_id_list) : phpbb_get_post_data($post_id_list, 'm_report');
$sql = "SELECT r.report_id, r.{$id_column}, r.report_closed, r.user_id, r.user_notify, u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type\n\t\t\tFROM " . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u
WHERE ' . $db->sql_in_set('r.report_id', $report_id_list) . '
' . ($action == 'close' ? 'AND r.report_closed = 0' : '') . '
AND r.user_id = u.user_id' . $pm_where;
$result = $db->sql_query($sql);
$reports = $close_report_posts = $close_report_topics = $notify_reporters = $report_id_list = array();
while ($report = $db->sql_fetchrow($result)) {
$reports[$report['report_id']] = $report;
$report_id_list[] = $report['report_id'];
if (!$report['report_closed']) {
$close_report_posts[] = $report[$id_column];
if (!$pm) {
$close_report_topics[] = $post_info[$report['post_id']]['topic_id'];
}
}
if ($report['user_notify'] && !$report['report_closed']) {
$notify_reporters[$report['report_id']] =& $reports[$report['report_id']];
}
}
$db->sql_freeresult($result);
if (sizeof($reports)) {
$close_report_posts = array_unique($close_report_posts);
$close_report_topics = array_unique($close_report_topics);
if (!$pm && sizeof($close_report_posts)) {
// Get a list of topics that still contain reported posts
$sql = 'SELECT DISTINCT topic_id
FROM ' . POSTS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
AND post_reported = 1
AND ' . $db->sql_in_set('post_id', $close_report_posts, true);
$result = $db->sql_query($sql);
$keep_report_topics = array();
while ($row = $db->sql_fetchrow($result)) {
$keep_report_topics[] = $row['topic_id'];
}
$db->sql_freeresult($result);
$close_report_topics = array_diff($close_report_topics, $keep_report_topics);
unset($keep_report_topics);
}
$db->sql_transaction('begin');
if ($action == 'close') {
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET report_closed = 1
WHERE ' . $db->sql_in_set('report_id', $report_id_list);
} else {
$sql = 'DELETE FROM ' . REPORTS_TABLE . '
WHERE ' . $db->sql_in_set('report_id', $report_id_list);
}
$db->sql_query($sql);
if (sizeof($close_report_posts)) {
if ($pm) {
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET message_reported = 0
WHERE ' . $db->sql_in_set('msg_id', $close_report_posts);
$db->sql_query($sql);
if ($action == 'delete') {
delete_pm(ANONYMOUS, $close_report_posts, PRIVMSGS_INBOX);
}
} else {
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_reported = 0
WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
$db->sql_query($sql);
if (sizeof($close_report_topics)) {
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 0
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
OR ' . $db->sql_in_set('topic_moved_id', $close_report_topics);
$db->sql_query($sql);
}
}
}
$db->sql_transaction('commit');
}
unset($close_report_posts, $close_report_topics);
$phpbb_notifications = $phpbb_container->get('notification_manager');
foreach ($reports as $report) {
if ($pm) {
add_log('mod', 0, 0, 'LOG_PM_REPORT_' . strtoupper($action) . 'D', $post_info[$report['pm_id']]['message_subject']);
$phpbb_notifications->delete_notifications('notification.type.report_pm', $report['pm_id']);
} else {
add_log('mod', $post_info[$report['post_id']]['forum_id'], $post_info[$report['post_id']]['topic_id'], 'LOG_REPORT_' . strtoupper($action) . 'D', $post_info[$report['post_id']]['post_subject']);
$phpbb_notifications->delete_notifications('notification.type.report_post', $report['post_id']);
}
}
// Notify reporters
if (sizeof($notify_reporters)) {
foreach ($notify_reporters as $report_id => $reporter) {
if ($reporter['user_id'] == ANONYMOUS) {
continue;
}
$post_id = $reporter[$id_column];
if ($pm) {
$phpbb_notifications->add_notifications('notification.type.report_pm_closed', array_merge($post_info[$post_id], array('reporter' => $reporter['user_id'], 'closer_id' => $user->data['user_id'], 'from_user_id' => $post_info[$post_id]['author_id'])));
} else {
$phpbb_notifications->add_notifications('notification.type.report_post_closed', array_merge($post_info[$post_id], array('reporter' => $reporter['user_id'], 'closer_id' => $user->data['user_id'])));
}
}
}
if (!$pm) {
foreach ($post_info as $post) {
$forum_ids[$post['forum_id']] = $post['forum_id'];
$topic_ids[$post['topic_id']] = $post['topic_id'];
}
}
unset($notify_reporters, $post_info, $reports);
$success_msg = sizeof($report_id_list) == 1 ? "{$pm_prefix}REPORT_" . strtoupper($action) . 'D_SUCCESS' : "{$pm_prefix}REPORTS_" . strtoupper($action) . 'D_SUCCESS';
} else {
confirm_box(false, $user->lang[strtoupper($action) . "_{$pm_prefix}REPORT" . (sizeof($report_id_list) == 1 ? '' : 'S') . '_CONFIRM'], $s_hidden_fields);
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
redirect($redirect);
} else {
meta_refresh(3, $redirect);
$return_forum = '';
$return_topic = '';
if (!$pm) {
if (sizeof($forum_ids) === 1) {
$return_forum = sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />';
}
if (sizeof($topic_ids) === 1) {
$return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 't=' . current($topic_ids) . '&f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />';
}
}
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_forum . $return_topic . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>'));
}
}
/**
* Disapprove Post/Topic
*/
function disapprove_post($post_id_list, $id, $mode)
{
global $db, $template, $user, $config;
global $phpEx, $phpbb_root_path;
if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) {
trigger_error('NOT_AUTHORISED');
}
$redirect = request_var('redirect', build_url(array('t', 'mode', 'quickmod')) . "&mode={$mode}");
$reason = utf8_normalize_nfc(request_var('reason', '', true));
$reason_id = request_var('reason_id', 0);
$success_msg = $additional_msg = '';
$s_hidden_fields = build_hidden_fields(array('i' => $id, 'mode' => $mode, 'post_id_list' => $post_id_list, 'action' => 'disapprove', 'redirect' => $redirect));
$notify_poster = isset($_REQUEST['notify_poster']) ? true : false;
$disapprove_reason = '';
if ($reason_id) {
$sql = 'SELECT reason_title, reason_description
FROM ' . REPORTS_REASONS_TABLE . "\n\t\t\tWHERE reason_id = {$reason_id}";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row || !$reason && strtolower($row['reason_title']) == 'other') {
$additional_msg = $user->lang['NO_REASON_DISAPPROVAL'];
unset($_POST['confirm']);
} else {
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
$disapprove_reason = strtolower($row['reason_title']) != 'other' ? isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description'] : '';
$disapprove_reason .= $reason ? "\n\n" . $reason : '';
if (isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) {
$disapprove_reason_lang = strtoupper($row['reason_title']);
}
$email_disapprove_reason = $disapprove_reason;
}
}
$post_info = get_post_data($post_id_list, 'm_approve');
if (confirm_box(true)) {
// If Topic -> forum_topics_real -= 1
// If Post -> topic_replies_real -= 1
$num_disapproved = 0;
$forum_topics_real = $topic_id_list = $forum_id_list = $topic_replies_real_sql = $post_disapprove_sql = $disapprove_log = array();
foreach ($post_info as $post_id => $post_data) {
$topic_id_list[$post_data['topic_id']] = 1;
if ($post_data['forum_id']) {
$forum_id_list[$post_data['forum_id']] = 1;
}
// Topic or Post. ;)
/**
* @todo this probably is a different method than the one used by delete_posts, does this cause counter inconsistency?
*/
if ($post_data['topic_first_post_id'] == $post_id && $post_data['topic_last_post_id'] == $post_id) {
if ($post_data['forum_id']) {
if (!isset($forum_topics_real[$post_data['forum_id']])) {
$forum_topics_real[$post_data['forum_id']] = 0;
}
$forum_topics_real[$post_data['forum_id']]++;
$num_disapproved++;
}
$disapprove_log[] = array('type' => 'topic', 'post_subject' => $post_data['post_subject'], 'forum_id' => $post_data['forum_id'], 'topic_id' => 0);
} else {
if (!isset($topic_replies_real_sql[$post_data['topic_id']])) {
$topic_replies_real_sql[$post_data['topic_id']] = 0;
}
$topic_replies_real_sql[$post_data['topic_id']]++;
$disapprove_log[] = array('type' => 'post', 'post_subject' => $post_data['post_subject'], 'forum_id' => $post_data['forum_id'], 'topic_id' => $post_data['topic_id']);
}
$post_disapprove_sql[] = $post_id;
}
unset($post_data);
if (sizeof($forum_topics_real)) {
foreach ($forum_topics_real as $forum_id => $topics_real) {
$sql = 'UPDATE ' . FORUMS_TABLE . "\n\t\t\t\t\tSET forum_topics_real = forum_topics_real - {$topics_real}\n\t\t\t\t\tWHERE forum_id = {$forum_id}";
$db->sql_query($sql);
}
}
if (sizeof($topic_replies_real_sql)) {
foreach ($topic_replies_real_sql as $topic_id => $num_replies) {
$sql = 'UPDATE ' . TOPICS_TABLE . "\n\t\t\t\t\tSET topic_replies_real = topic_replies_real - {$num_replies}\n\t\t\t\t\tWHERE topic_id = {$topic_id}";
$db->sql_query($sql);
}
}
if (sizeof($post_disapprove_sql)) {
if (!function_exists('delete_posts')) {
include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx;
}
// We do not check for permissions here, because the moderator allowed approval/disapproval should be allowed to delete the disapproved posts
delete_posts('post_id', $post_disapprove_sql);
foreach ($disapprove_log as $log_data) {
add_log('mod', $log_data['forum_id'], $log_data['topic_id'], $log_data['type'] == 'topic' ? 'LOG_TOPIC_DISAPPROVED' : 'LOG_POST_DISAPPROVED', $log_data['post_subject'], $disapprove_reason);
}
}
unset($post_disapprove_sql, $topic_replies_real_sql);
update_post_information('topic', array_keys($topic_id_list));
if (sizeof($forum_id_list)) {
update_post_information('forum', array_keys($forum_id_list));
}
unset($topic_id_list, $forum_id_list);
$messenger = new messenger();
// Notify Poster?
if ($notify_poster) {
$lang_reasons = array();
foreach ($post_info as $post_id => $post_data) {
if ($post_data['poster_id'] == ANONYMOUS) {
continue;
}
if (isset($disapprove_reason_lang)) {
// Okay we need to get the reason from the posters language
if (!isset($lang_reasons[$post_data['user_lang']])) {
// Assign the current users translation as the default, this is not ideal but getting the board default adds another layer of complexity.
$lang_reasons[$post_data['user_lang']] = $user->lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
// Only load up the language pack if the language is different to the current one
if ($post_data['user_lang'] != $user->lang_name && file_exists($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx)) {
// Load up the language pack
$lang = array();
@(include $phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx);
// If we find the reason in this language pack use it
if (isset($lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang])) {
$lang_reasons[$post_data['user_lang']] = $lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
}
unset($lang);
// Free memory
}
}
$email_disapprove_reason = $lang_reasons[$post_data['user_lang']];
$email_disapprove_reason .= $reason ? "\n\n" . $reason : '';
}
$email_template = $post_data['post_id'] == $post_data['topic_first_post_id'] && $post_data['post_id'] == $post_data['topic_last_post_id'] ? 'topic_disapproved' : 'post_disapproved';
$messenger->template($email_template, $post_data['user_lang']);
$messenger->to($post_data['user_email'], $post_data['username']);
$messenger->im($post_data['user_jabber'], $post_data['username']);
$messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($post_data['username']), 'REASON' => htmlspecialchars_decode($email_disapprove_reason), 'POST_SUBJECT' => htmlspecialchars_decode(censor_text($post_data['post_subject'])), 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($post_data['topic_title']))));
$messenger->send($post_data['user_notify_type']);
}
unset($lang_reasons);
}
unset($post_info, $disapprove_reason, $email_disapprove_reason, $disapprove_reason_lang);
$messenger->save_queue();
if (sizeof($forum_topics_real)) {
$success_msg = $num_disapproved == 1 ? 'TOPIC_DISAPPROVED_SUCCESS' : 'TOPICS_DISAPPROVED_SUCCESS';
} else {
$success_msg = sizeof($post_id_list) == 1 ? 'POST_DISAPPROVED_SUCCESS' : 'POSTS_DISAPPROVED_SUCCESS';
}
} else {
include_once $phpbb_root_path . 'includes/functions_display.' . $phpEx;
display_reasons($reason_id);
$show_notify = false;
foreach ($post_info as $post_data) {
if ($post_data['poster_id'] == ANONYMOUS) {
continue;
} else {
$show_notify = true;
break;
}
}
$template->assign_vars(array('S_NOTIFY_POSTER' => $show_notify, 'S_APPROVE' => false, 'REASON' => $reason, 'ADDITIONAL_MSG' => $additional_msg));
confirm_box(false, 'DISAPPROVE_POST' . (sizeof($post_id_list) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html');
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
redirect($redirect);
} else {
meta_refresh(3, $redirect);
trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>'));
}
}
$auth->login($user->data['username'], '', false, 1, true);
if (isset($_SESSION['JOSSO_ORIGINAL_URL'])) {
$backToUrl = $_SESSION['JOSSO_ORIGINAL_URL'];
unset($_SESSION['JOSSO_ORIGINAL_URL']);
} else {
if (isset($josso_defaultResource)) {
$backToUrl = $josso_defaultResource;
}
}
// Set P3P Header
$p3pHeaderValue = $josso_agent->getP3PHeaderValue();
if (isset($p3pHeaderValue)) {
header($josso_agent->getP3PHeaderValue());
}
if (isset($backToUrl)) {
$backToUrl = reapply_sid($backToUrl);
forceRedirect($backToUrl, true);
}
}
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<body onload="document.forms[0].submit()">
<noscript>
<p>
<strong>Note:</strong> Since your browser does not support JavaScript,
you must press the Continue button once to proceed.
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
if (!class_exists('phpbb_captcha_factory')) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$err = '';
// Make sure user->setup() has been called
if (empty($user->lang)) {
$user->setup();
}
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (isset($_POST['login'])) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = request_var('password_' . $credential, '', true);
} else {
$password = request_var('password', '', true);
}
$username = request_var('username', '', true);
$autologin = !empty($_POST['autologin']) ? true : false;
$viewonline = !empty($_POST['viewonline']) ? 0 : 1;
$admin = $admin ? 1 : 0;
$viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
$message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT'];
$l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
$redirect = meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_ATTEMPTS:
$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
// $captcha->reset();
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
$err = $user->lang[$result['error_msg']];
break;
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : '');
break;
// Username, password, etc...
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
}
break;
}
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('sid' => $user->session_id);
if ($redirect) {
$s_hidden_fields['redirect'] = $redirect;
}
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
page_header($user->lang['LOGIN'], false);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
}
if (isset($_SESSION['JOSSO_ORIGINAL_URL'])) {
$backToUrl = $_SESSION['JOSSO_ORIGINAL_URL'];
unset($_SESSION['JOSSO_ORIGINAL_URL']);
} else {
if (isset($josso_defaultResource)) {
$backToUrl = $josso_defaultResource;
}
}
// Set P3P Header
$p3pHeaderValue = $josso_agent->getP3PHeaderValue();
if (isset($p3pHeaderValue)) {
header($josso_agent->getP3PHeaderValue());
}
if (isset($backToUrl)) {
if (isset($jossoUser)) {
$backToUrl = str_replace('&', '&', reapply_sid($backToUrl));
}
forceRedirect($backToUrl, true);
}
// No page is stored or no session was found, just display an error one ...
?>
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<title>JOSSO - PHP Problem</title>
<meta name="description" content="Java Open Single Signon">
</head>
<body>
<h1>JOSSO Encountered a Problem!</h1>
<h2>Either you accessed this page directly or no PHP Session support is available!</h2>
/**
* Merge selected posts into selected topic
*/
function merge_posts($topic_id, $to_topic_id)
{
global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
if (!$to_topic_id) {
$template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']);
return;
}
$topic_data = get_topic_data(array($to_topic_id), 'm_merge');
if (!sizeof($topic_data)) {
$template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']);
return;
}
$topic_data = $topic_data[$to_topic_id];
$post_id_list = request_var('post_id_list', array(0));
$start = request_var('start', 0);
if (!sizeof($post_id_list)) {
$template->assign_var('MESSAGE', $user->lang['NO_POST_SELECTED']);
return;
}
if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_merge'))) {
return;
}
$redirect = request_var('redirect', build_url(array('quickmod')));
$s_hidden_fields = build_hidden_fields(array('i' => 'main', 'post_id_list' => $post_id_list, 'to_topic_id' => $to_topic_id, 'mode' => 'topic_view', 'action' => 'merge_posts', 'start' => $start, 'redirect' => $redirect, 't' => $topic_id));
$success_msg = $return_link = '';
if (confirm_box(true)) {
$to_forum_id = $topic_data['forum_id'];
move_posts($post_id_list, $to_topic_id);
add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $topic_data['topic_title']);
// Message and return links
$success_msg = 'POSTS_MERGED_SUCCESS';
// Does the original topic still exist? If yes, link back to it
$sql = 'SELECT forum_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id = ' . $topic_id;
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) {
$return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $row['forum_id'] . '&t=' . $topic_id) . '">', '</a>');
} else {
// If the topic no longer exist, we will update the topic watch table.
// To not let it error out on users watching both topics, we just return on an error...
$db->sql_return_on_error(true);
$db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . (int) $to_topic_id . ' WHERE topic_id = ' . (int) $topic_id);
$db->sql_return_on_error(false);
$db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . (int) $topic_id);
}
// Link to the new topic
$return_link .= ($return_link ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>');
} else {
confirm_box(false, 'MERGE_POSTS', $s_hidden_fields);
}
$redirect = request_var('redirect', "index.{$phpEx}");
$redirect = reapply_sid($redirect);
if (!$success_msg) {
return;
} else {
meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "f={$to_forum_id}&t={$to_topic_id}"));
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
}
}
$forum_ids = request_var('forum_id', array(0 => 0));
$cat = false;
if (!$forum_ids && !$global) {
trigger_error('NOTHING_SELECTED');
}
if ($global) {
// reset forum_ids, we don't want any user input
$forum_ids = array();
} else {
// is there a category which has been selected?
foreach ($forum_ids as $forum_id) {
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE . "\n\t\t\t\tWHERE forum_id = {$forum_id}\n\t\t\t\t\tAND forum_type = " . FORUM_CAT;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) {
$cat = true;
break;
}
}
}
// build URL only with necessary elements in correct order
$url = build_feed_url();
redirect(reapply_sid($url));
}
// Lets build a page ...
$template->assign_vars(array('S_FORUM_OPTIONS' => make_forum_select(false, false, false, false, false, false, false, true), 'S_ACTION' => append_sid("{$phpbb_root_path}create_syndication.{$phpEx}"), 'NUMBER_ITEMS' => $config['syndication_items'], 'L_SYNDICATION_ADMIN_LIMIT' => sprintf($user->lang['SYNDICATION_ADMIN_LIMIT'], $config['syndication_items'])));
page_header($user->lang['CUSTOM_SYNDICATION_TITLE']);
$template->set_filenames(array('body' => 'syndication_body.html'));
page_footer();
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
$err = '';
// Make sure user->setup() has been called
if (empty($user->lang)) {
$user->setup();
}
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (isset($_POST['login'])) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = request_var('password_' . $credential, '', true);
} else {
$password = request_var('password', '', true);
}
$username = request_var('username', '', true);
$autologin = !empty($_POST['autologin']) ? true : false;
$viewonline = !empty($_POST['viewonline']) ? 0 : 1;
$admin = $admin ? 1 : 0;
$viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
$message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT'];
$l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
$redirect = meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_ATTEMPTS:
// Show confirm image
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\t\t\tAND confirm_type = " . CONFIRM_LOGIN;
$db->sql_query($sql);
// Generate code
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));
// compute $seed % 0x7fffffff
$seed -= 0x7fffffff * floor($seed / 0x7fffffff);
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_LOGIN, 'code' => (string) $code, 'seed' => (int) $seed));
$db->sql_query($sql);
$template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN) . '" alt="" title="" />', 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')));
$err = $user->lang[$result['error_msg']];
break;
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : '');
break;
// Username, password, etc...
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
}
break;
}
}
if (!$redirect) {
// We just use what the session code determined...
// If we are not within the admin directory we use the page dir...
$redirect = '';
if (!$admin) {
$redirect .= $user->page['page_dir'] ? $user->page['page_dir'] . '/' : '';
}
$redirect .= $user->page['page_name'] . ($user->page['query_string'] ? '?' . htmlspecialchars($user->page['query_string']) : '');
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('redirect' => $redirect, 'sid' => $user->session_id);
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_LOGIN_ACTION' => !$admin ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login') : append_sid("index.{$phpEx}", false, true, $user->session_id), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
page_header($user->lang['LOGIN'], false);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
}
/**
* Reset module settings to default options
*
* @param int $id ID of the acp_portal module
* @param string|int $mode Mode of the acp_portal module
* @param int $module_id ID of the module that should be reset
* @param array $module_data Array containing the module's database row
*/
protected function reset_module($id, $mode, $module_id, $module_data)
{
if (confirm_box(true)) {
$sql_ary = array('module_name' => $this->c_class->name, 'module_image_src' => $this->c_class->image_src, 'module_group_ids' => '', 'module_image_height' => 16, 'module_image_width' => 16, 'module_status' => B3_MODULE_ENABLED);
$sql = 'UPDATE ' . PORTAL_MODULES_TABLE . '
SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
WHERE module_id = ' . (int) $module_id;
$this->db->sql_query($sql);
$affected_rows = $this->db->sql_affectedrows();
if (empty($affected_rows)) {
// We need to return to the module config
meta_refresh(3, reapply_sid($this->u_action . "&module_id={$module_id}"));
trigger_error($this->user->lang['MODULE_NOT_EXISTS'] . adm_back_link($this->u_action . "&module_id={$module_id}"), E_USER_WARNING);
}
$this->cache->destroy('config');
$this->cache->destroy('portal_config');
$portal_config = obtain_portal_config();
// we need to prevent duplicate entry errors
$this->c_class->install($module_id);
$this->cache->purge();
// We need to return to the module config
meta_refresh(3, reapply_sid($this->u_action . "&module_id={$module_id}"));
trigger_error($this->user->lang['MODULE_RESET_SUCCESS'] . adm_back_link($this->u_action . "&module_id={$module_id}"));
} else {
$confirm_text = isset($this->user->lang[$module_data['module_name']]) ? sprintf($this->user->lang['MODULE_RESET_CONFIRM'], $this->user->lang[$module_data['module_name']]) : sprintf($this->user->lang['DELETE_MODULE_CONFIRM'], utf8_normalize_nfc($module_data['module_name']));
confirm_box(false, $confirm_text, build_hidden_fields(array('i' => $id, 'mode' => $mode, 'module_reset' => true, 'module_id' => $module_id)));
}
}
