/
reject.php
112 lines (98 loc) · 4.06 KB
/
reject.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<?php
/******************************************************************************
Etano
===============================================================================
File: admin/reject.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
allow_dept(DEPT_MODERATOR | DEPT_ADMIN);
$tpl=new phemplate('skin/','remove_nonjs');
$returned=false;
$output=array();
if (isset($_SESSION['topass']['input'])) {
$output=$_SESSION['topass']['input'];
// our 'return' here was decoded in the processor
$output['return']=rawurlencode($output['return']);
$returned=true;
} else {
$output['t']=sanitize_and_format_gpc($_GET,'t',TYPE_INT,0,0);
$output['id']=sanitize_and_format_gpc($_GET,'id',TYPE_INT,0,0);
$output['return2']=sanitize_and_format_gpc($_GET,'return',TYPE_STRING,$__field2format[FIELD_TEXTFIELD],'');
$output['return']=rawurlencode($output['return2']);
$output['m']=sanitize_and_format_gpc($_GET,'m',TYPE_STRING,0,'');
}
$query="SELECT `amtpl_id`,`amtpl_name`,`subject`,`message_body` FROM `{$dbtable_prefix}admin_mtpls` WHERE `amtpl_type`=".$output['t'];
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$amtpls=array();
$i=0;
while ($rsrow=mysql_fetch_assoc($res)) {
$rsrow=sanitize_and_format($rsrow,TYPE_STRING,$__field2format[TEXT_DB2EDIT]);
$amtpls[$rsrow['amtpl_id']]=$rsrow['amtpl_name'];
if ($i==0 && !$returned) {
$output['reason_title']=$rsrow['subject'];
$output['reject_reason']=$rsrow['message_body'];
}
$i++;
}
$output['amtpl_id']=vector2options($amtpls);
switch ($output['t']) {
case AMTPL_REJECT_MEMBER:
$output['user_id']=$output['id'];
$output['user']=get_user_by_userid($output['id']);
$output['reject_member']=true;
$tplvars['title']='Reject a member profile';
break;
case AMTPL_REJECT_PHOTO:
$query="SELECT `fk_user_id` as `user_id`,`_user` as `user`,`photo` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id`=".$output['id'];
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
if (mysql_num_rows($res)) {
list($output['user_id'],$output['user'],$output['photo'])=mysql_fetch_row($res);
}
$output['reject_photo']=true;
$tplvars['title']='Reject a photo';
break;
case AMTPL_REJECT_BLOG:
$query="SELECT `fk_user_id` as `user_id`,`_user` as `user`,`title` FROM `{$dbtable_prefix}blog_posts` WHERE `post_id`=".$output['id'];
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
if (mysql_num_rows($res)) {
$output=array_merge($output,mysql_fetch_assoc($res));
$output['title']=sanitize_and_format($output['title'],TYPE_STRING,$__field2format[TEXT_DB2DISPLAY],'');
}
$output['reject_blog']=true;
$tplvars['title']='Reject a blog post';
break;
case AMTPL_REJECT_COMM:
switch ($output['m']) {
case 'blog':
$table="`{$dbtable_prefix}comments_blog`";
break;
case 'photo':
$table="`{$dbtable_prefix}comments_photo`";
break;
case 'user':
$table="`{$dbtable_prefix}comments_profile`";
break;
}
$query="SELECT `comment` FROM $table WHERE `comment_id`=".$output['id'];
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
if (mysql_num_rows($res)) {
$output=array_merge($output,mysql_fetch_assoc($res));
$output['comment']=sanitize_and_format($output['comment'],TYPE_STRING,$__field2format[TEXT_DB2DISPLAY],'');
}
$output['reject_comment']=true;
$tplvars['title']='Reject a comment';
break;
}
$tpl->set_file('content','reject.html');
$tpl->set_var('output',$output);
$tpl->process('content','content',TPL_OPTIONAL);
$tplvars['css']='reject.css';
$tplvars['page']='reject';
include 'frame.php';