function StaffReport() { global $sourcedir, $context, $txt, $smcFunc; require_once $sourcedir . '/Subs-Members.php'; // Fetch all the board names. $request = $smcFunc['db_query']('', ' SELECT id_board, name FROM {db_prefix}boards', array()); $boards = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $boards[$row['id_board']] = $row['name']; } $smcFunc['db_free_result']($request); // Get every moderator. $request = $smcFunc['db_query']('', ' SELECT mods.id_board, mods.id_member FROM {db_prefix}moderators AS mods', array()); $moderators = array(); $local_mods = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $moderators[$row['id_member']][] = $row['id_board']; $local_mods[$row['id_member']] = $row['id_member']; } $smcFunc['db_free_result']($request); // Get a list of global moderators (i.e. members with moderation powers). $global_mods = array_intersect(membersAllowedTo('moderate_board', 0), membersAllowedTo('approve_posts', 0), membersAllowedTo('remove_any', 0), membersAllowedTo('modify_any', 0)); // How about anyone else who is special? $allStaff = array_merge(membersAllowedTo('admin_forum'), membersAllowedTo('manage_membergroups'), membersAllowedTo('manage_permissions'), $local_mods, $global_mods); // Make sure everyone is there once - no admin less important than any other! $allStaff = array_unique($allStaff); // This is a bit of a cop out - but we're protecting their forum, really! if (count($allStaff) > 300) { fatal_lang_error('report_error_too_many_staff'); } // Get all the possible membergroups! $request = $smcFunc['db_query']('', ' SELECT id_group, group_name, online_color FROM {db_prefix}membergroups', array()); $groups = array(0 => $txt['full_member']); while ($row = $smcFunc['db_fetch_assoc']($request)) { $groups[$row['id_group']] = empty($row['online_color']) ? $row['group_name'] : '<span style="color: ' . $row['online_color'] . '">' . $row['group_name'] . '</span>'; } $smcFunc['db_free_result']($request); // All the fields we'll show. $staffSettings = array('position' => $txt['report_staff_position'], 'moderates' => $txt['report_staff_moderates'], 'posts' => $txt['report_staff_posts'], 'last_login' => $txt['report_staff_last_login']); // Do it in columns, it's just easier. setKeys('cols'); // Get each member! $request = $smcFunc['db_query']('', ' SELECT id_member, real_name, id_group, posts, last_login FROM {db_prefix}members WHERE id_member IN ({array_int:staff_list}) ORDER BY real_name', array('staff_list' => $allStaff)); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Each member gets their own table!. newTable($row['real_name'], '', 'left', 'auto', 'left', 200, 'center'); // First off, add in the side key. addData($staffSettings); // Create the main data array. $staffData = array('position' => isset($groups[$row['id_group']]) ? $groups[$row['id_group']] : $groups[0], 'posts' => $row['posts'], 'last_login' => timeformat($row['last_login']), 'moderates' => array()); // What do they moderate? if (in_array($row['id_member'], $global_mods)) { $staffData['moderates'] = '<em>' . $txt['report_staff_all_boards'] . '</em>'; } elseif (isset($moderators[$row['id_member']])) { // Get the names foreach ($moderators[$row['id_member']] as $board) { if (isset($boards[$board])) { $staffData['moderates'][] = $boards[$board]; } } $staffData['moderates'] = implode(', ', $staffData['moderates']); } else { $staffData['moderates'] = '<em>' . $txt['report_staff_no_boards'] . '</em>'; } // Next add the main data. addData($staffData); } $smcFunc['db_free_result']($request); }
function groupMembership2($profile_vars, $post_errors, $memID) { global $user_info, $sourcedir, $context, $user_profile, $modSettings, $txt, $smcFunc, $scripturl, $language; // Let's be extra cautious... if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership'])) { isAllowedTo('manage_membergroups'); } if (!isset($_REQUEST['gid']) && !isset($_POST['primary'])) { fatal_lang_error('no_access', false); } checkSession(isset($_GET['gid']) ? 'get' : 'post'); $old_profile =& $user_profile[$memID]; $context['can_manage_membergroups'] = allowedTo('manage_membergroups'); $context['can_manage_protected'] = allowedTo('admin_forum'); // By default the new primary is the old one. $newPrimary = $old_profile['id_group']; $addGroups = array_flip(explode(',', $old_profile['additional_groups'])); $canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0; $changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free'); // One way or another, we have a target group in mind... $group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary']; $foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false; // Sanity check!! if ($group_id == 1) { isAllowedTo('admin_forum'); } else { $request = $smcFunc['db_query']('', ' SELECT group_type FROM {db_prefix}membergroups WHERE id_group = {int:current_group} LIMIT {int:limit}', array('current_group' => $group_id, 'limit' => 1)); list($is_protected) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if ($is_protected == 1) { isAllowedTo('admin_forum'); } } // What ever we are doing, we need to determine if changing primary is possible! $request = $smcFunc['db_query']('', ' SELECT id_group, group_type, hidden, group_name FROM {db_prefix}membergroups WHERE id_group IN ({int:group_list}, {int:current_group})', array('group_list' => $group_id, 'current_group' => $old_profile['id_group'])); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Is this the new group? if ($row['id_group'] == $group_id) { $foundTarget = true; $group_name = $row['group_name']; // Does the group type match what we're doing - are we trying to request a non-requestable group? if ($changeType == 'request' && $row['group_type'] != 2) { fatal_lang_error('no_access', false); } elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']])) { fatal_lang_error('no_access', false); } elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2) { fatal_lang_error('no_access', false); } // We can't change the primary group if this is hidden! if ($row['hidden'] == 2) { $canChangePrimary = false; } } // If this is their old primary, can we change it? if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false) { $canChangePrimary = 1; } // If we are not doing a force primary move, don't do it automatically if current primary is not 0. if ($changeType != 'primary' && $old_profile['id_group'] != 0) { $canChangePrimary = false; } // If this is the one we are acting on, can we even act? if (!$context['can_manage_protected'] && $row['group_type'] == 1 || !$context['can_manage_membergroups'] && $row['group_type'] == 0) { $canChangePrimary = false; } } $smcFunc['db_free_result']($request); // Didn't find the target? if (!$foundTarget) { fatal_lang_error('no_access', false); } // Final security check, don't allow users to promote themselves to admin. if ($context['can_manage_membergroups'] && !allowedTo('admin_forum')) { $request = $smcFunc['db_query']('', ' SELECT COUNT(permission) FROM {db_prefix}permissions WHERE id_group = {int:selected_group} AND permission = {string:admin_forum} AND add_deny = {int:not_denied}', array('selected_group' => $group_id, 'not_denied' => 1, 'admin_forum' => 'admin_forum')); list($disallow) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if ($disallow) { isAllowedTo('admin_forum'); } } // If we're requesting, add the note then return. if ($changeType == 'request') { $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}log_group_requests WHERE id_member = {int:selected_member} AND id_group = {int:selected_group}', array('selected_member' => $memID, 'selected_group' => $group_id)); if ($smcFunc['db_num_rows']($request) != 0) { fatal_lang_error('profile_error_already_requested_group'); } $smcFunc['db_free_result']($request); // Log the request. $smcFunc['db_insert']('', '{db_prefix}log_group_requests', array('id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534'), array($memID, $group_id, time(), $_POST['reason']), array('id_request')); // Send an email to all group moderators etc. require_once $sourcedir . '/Subs-Post.php'; // Do we have any group moderators? $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}group_moderators WHERE id_group = {int:selected_group}', array('selected_group' => $group_id)); $moderators = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $moderators[] = $row['id_member']; } $smcFunc['db_free_result']($request); // Otherwise this is the backup! if (empty($moderators)) { require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('manage_membergroups'); } if (!empty($moderators)) { $request = $smcFunc['db_query']('', ' SELECT id_member, email_address, lngfile, member_name, mod_prefs FROM {db_prefix}members WHERE id_member IN ({array_int:moderator_list}) AND notify_types != {int:no_notifications} ORDER BY lngfile', array('moderator_list' => $moderators, 'no_notifications' => 4)); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Check whether they are interested. if (!empty($row['mod_prefs'])) { list(, , $pref_binary) = explode('|', $row['mod_prefs']); if (!($pref_binary & 4)) { continue; } } $replacements = array('RECPNAME' => $row['member_name'], 'APPYNAME' => $old_profile['member_name'], 'GROUPNAME' => $group_name, 'REASON' => $_POST['reason'], 'MODLINK' => $scripturl . '?action=moderate;area=groups;sa=requests'); $emaildata = loadEmailTemplate('request_membership', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } $smcFunc['db_free_result']($request); } return $changeType; } elseif ($changeType == 'free') { // Are we leaving? if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id])) { if ($old_profile['id_group'] == $group_id) { $newPrimary = 0; } else { unset($addGroups[$group_id]); } } else { // Can we change the primary, and do we want to? if ($canChangePrimary) { if ($old_profile['id_group'] != 0) { $addGroups[$old_profile['id_group']] = -1; } $newPrimary = $group_id; } else { $addGroups[$group_id] = -1; } } } elseif ($canChangePrimary) { if ($old_profile['id_group'] != 0) { $addGroups[$old_profile['id_group']] = -1; } if (isset($addGroups[$group_id])) { unset($addGroups[$group_id]); } $newPrimary = $group_id; } // Finally, we can make the changes! foreach ($addGroups as $id => $dummy) { if (empty($id)) { unset($addGroups[$id]); } } $addGroups = implode(',', array_flip($addGroups)); // Ensure that we don't cache permissions if the group is changing. if ($context['user']['is_owner']) { $_SESSION['mc']['time'] = 0; } else { updateSettings(array('settings_updated' => time())); } updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups)); return $changeType; }
function ReportToModerator2() { global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $sourcedir, $language, $context, $smcFunc; // You must have the proper permissions! isAllowedTo('report_any'); // Make sure they aren't spamming. spamProtection('reporttm'); require_once $sourcedir . '/Subs-Post.php'; // No errors, yet. $post_errors = array(); // Check their session. if (checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } // Make sure we have a comment and it's clean. if (!isset($_POST['comment']) || $smcFunc['htmltrim']($_POST['comment']) === '') { $post_errors[] = 'no_comment'; } $poster_comment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\n" => '', "\t" => '')); // Guests need to provide their address! if ($user_info['is_guest']) { $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']); if ($_POST['email'] === '') { $post_errors[] = 'no_email'; } elseif (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['email']) == 0) { $post_errors[] = 'bad_email'; } isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title'])); $user_info['email'] = htmlspecialchars($_POST['email']); } // Could they get the right verification code? if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'report'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { $post_errors = array_merge($post_errors, $context['require_verification']); } } // Any errors? if (!empty($post_errors)) { loadLanguage('Errors'); $context['post_errors'] = array(); foreach ($post_errors as $post_error) { $context['post_errors'][] = $txt['error_' . $post_error]; } return ReportToModerator(); } // Get the basic topic information, and make sure they can see it. $_POST['msg'] = (int) $_POST['msg']; $request = $smcFunc['db_query']('', ' SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name FROM {db_prefix}messages AS m LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member) WHERE m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic, 'id_msg' => $_POST['msg'])); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_board', false); } $message = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($message['subject']); // Get a list of members with the moderate_board permission. require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('moderate_board', $board); $request = $smcFunc['db_query']('', ' SELECT id_member, email_address, lngfile, mod_prefs FROM {db_prefix}members WHERE id_member IN ({array_int:moderator_list}) AND notify_types != {int:notify_types} ORDER BY lngfile', array('moderator_list' => $moderators, 'notify_types' => 4)); // Check that moderators do exist! if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_mods', false); } // If we get here, I believe we should make a record of this, for historical significance, yabber. if (empty($modSettings['disable_log_report'])) { $request2 = $smcFunc['db_query']('', ' SELECT id_report, ignore_all FROM {db_prefix}log_reported WHERE id_msg = {int:id_msg} AND (closed = {int:not_closed} OR ignore_all = {int:ignored}) ORDER BY ignore_all DESC', array('id_msg' => $_POST['msg'], 'not_closed' => 0, 'ignored' => 1)); if ($smcFunc['db_num_rows']($request2) != 0) { list($id_report, $ignore) = $smcFunc['db_fetch_row']($request2); } $smcFunc['db_free_result']($request2); // If we're just going to ignore these, then who gives a monkeys... if (!empty($ignore)) { redirectexit('topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']); } // Already reported? My god, we could be dealing with a real rogue here... if (!empty($id_report)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}log_reported SET num_reports = num_reports + 1, time_updated = {int:current_time} WHERE id_report = {int:id_report}', array('current_time' => time(), 'id_report' => $id_report)); } else { if (empty($message['real_name'])) { $message['real_name'] = $message['poster_name']; } $smcFunc['db_insert']('', '{db_prefix}log_reported', array('id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string', 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int', 'num_reports' => 'int', 'closed' => 'int'), array($_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'], $message['subject'], $message['body'], time(), time(), 1, 0), array('id_report')); $id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report'); } // Now just add our report... if ($id_report) { $smcFunc['db_insert']('', '{db_prefix}log_reported_comments', array('id_report' => 'int', 'id_member' => 'int', 'membername' => 'string', 'email_address' => 'string', 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int'), array($id_report, $user_info['id'], $user_info['name'], $user_info['email'], $user_info['ip'], $poster_comment, time()), array('id_comment')); } } // Find out who the real moderators are - for mod preferences. $request2 = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}moderators WHERE id_board = {int:current_board}', array('current_board' => $board)); $real_mods = array(); while ($row = $smcFunc['db_fetch_assoc']($request2)) { $real_mods[] = $row['id_member']; } $smcFunc['db_free_result']($request2); // Send every moderator an email. while ($row = $smcFunc['db_fetch_assoc']($request)) { // Maybe they don't want to know?! if (!empty($row['mod_prefs'])) { list(, , $pref_binary) = explode('|', $row['mod_prefs']); if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) { continue; } } $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'], 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']); $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // Send it to the moderator. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2); } $smcFunc['db_free_result']($request); // Keep track of when the mod reports get updated, that way we know when we need to look again. updateSettings(array('last_mod_report_action' => time())); // Back to the post we reported! redirectexit('reportsent;topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']); }
function char_sheet_approval() { global $smcFunc, $context, $sourcedir; checkSession('get'); // First, get rid of people shouldn't have a sheet at all - the OOC characters if ($context['character']['is_main']) { redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character']); } // Then if we're looking at a character who doesn't have an approved one // and the user couldn't see it... you are the weakest link, goodbye. if (empty($context['user']['is_owner'])) { redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character']); } // So which one are we offering up for approval? // First, find the last approved case. $last_approved = 0; $request = $smcFunc['db_query']('', ' SELECT MAX(id_version) AS last_approved FROM {db_prefix}character_sheet_versions WHERE id_approver != 0 AND id_character = {int:character}', array('character' => $context['character']['id_character'])); if ($row = $smcFunc['db_fetch_assoc']($request)) { $last_approved = (int) $row['last_approved']; } $smcFunc['db_free_result']($request); // Now find the highest version after the last approved (or highest ever) // for this character. $request = $smcFunc['db_query']('', ' SELECT MAX(id_version) AS highest_id FROM {db_prefix}character_sheet_versions WHERE id_version > {int:last_approved} AND id_character = {int:character}', array('last_approved' => $last_approved, 'character' => $context['character']['id_character'])); $row = $smcFunc['db_fetch_assoc']($request); if (empty($row)) { // There isn't a version to mark as pending approval. redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character']); } // OK, time to mark it as ready for approval. $request = $smcFunc['db_query']('', ' UPDATE {db_prefix}character_sheet_versions SET approval_state = 1 WHERE id_version = {int:version}', array('version' => $row['highest_id'])); // Now notify peoples that this is a thing. require_once $sourcedir . '/Subs-Members.php'; $admins = membersAllowedTo('admin_forum'); $alert_rows = []; foreach ($admins as $id_member) { $alert_rows[] = array('alert_time' => time(), 'id_member' => $id_member, 'id_member_started' => $context['id_member'], 'member_name' => $context['member']['name'], 'content_type' => 'member', 'content_id' => 0, 'content_action' => 'char_sheet_approval', 'is_read' => 0, 'extra' => json_encode(array('chars_src' => $context['character']['id_character']))); } if (!empty($alert_rows)) { $smcFunc['db_insert']('', '{db_prefix}user_alerts', array('alert_time' => 'int', 'id_member' => 'int', 'id_member_started' => 'int', 'member_name' => 'string', 'content_type' => 'string', 'content_id' => 'int', 'content_action' => 'string', 'is_read' => 'int', 'extra' => 'string'), $alert_rows, []); updateMemberData($admins, array('alerts' => '+')); } redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character'] . ';sa=sheet'); }
/** * Send the emails. * * - Sends off emails to all the moderators. * - Sends to administrators and global moderators. (1 and 2) * - Called by action_reporttm(), and thus has the same permission and setting requirements as it does. * - Accessed through ?action=reporttm when posting. */ public function action_reporttm2() { global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context; // You must have the proper permissions! isAllowedTo('report_any'); // Make sure they aren't spamming. spamProtection('reporttm'); require_once SUBSDIR . '/Mail.subs.php'; // No errors, yet. $report_errors = Error_Context::context('report', 1); // Check their session. if (checkSession('post', '', false) != '') { $report_errors->addError('session_timeout'); } // Make sure we have a comment and it's clean. if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') { $report_errors->addError('no_comment'); } $poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => '')); if (Util::strlen($poster_comment) > 254) { $report_errors->addError('post_too_long'); } // Guests need to provide their address! if ($user_info['is_guest']) { require_once SUBSDIR . '/DataValidator.class.php'; if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) { empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email'); } isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title'])); $user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8'); } // Could they get the right verification code? if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'report'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $error) { $report_errors->addError($error, 0); } } } // Any errors? if ($report_errors->hasErrors()) { return $this->action_reporttm(); } // Get the basic topic information, and make sure they can see it. $msg_id = (int) $_POST['msg']; $message = posterDetails($msg_id, $topic); if (empty($message)) { fatal_lang_error('no_board', false); } $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($message['subject']); // Get a list of members with the moderate_board permission. require_once SUBSDIR . '/Members.subs.php'; $moderators = membersAllowedTo('moderate_board', $board); $result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile')); $mod_to_notify = array(); foreach ($result as $row) { if ($row['notify_types'] != 4) { $mod_to_notify[] = $row; } } // Check that moderators do exist! if (empty($mod_to_notify)) { fatal_lang_error('no_mods', false); } // If we get here, I believe we should make a record of this, for historical significance, yabber. if (empty($modSettings['disable_log_report'])) { require_once SUBSDIR . '/Messages.subs.php'; $id_report = recordReport($message, $poster_comment); // If we're just going to ignore these, then who gives a monkeys... if ($id_report === false) { redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id); } } // Find out who the real moderators are - for mod preferences. require_once SUBSDIR . '/Boards.subs.php'; $real_mods = getBoardModerators($board, true); // Send every moderator an email. foreach ($mod_to_notify as $row) { // Maybe they don't want to know?! if (!empty($row['mod_prefs'])) { list(, , $pref_binary) = explode('|', $row['mod_prefs']); if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) { continue; } } $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']); $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // Send it to the moderator. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2); } // Keep track of when the mod reports get updated, that way we know when we need to look again. updateSettings(array('last_mod_report_action' => time())); // Back to the post we reported! redirectexit('reportsent;topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id); }
function ReportToModerator2() { global $txt, $scripturl, $db_prefix, $topic, $board, $user_info, $ID_MEMBER, $modSettings, $sourcedir, $language; // Check their session... don't want them redirected here without their knowledge. checkSession(); spamProtection('spam'); // You must have the proper permissions! isAllowedTo('report_any'); require_once $sourcedir . '/Subs-Post.php'; // Get the basic topic information, and make sure they can see it. $_POST['msg'] = (int) $_POST['msg']; $request = db_query("\n\t\tSELECT m.subject, m.ID_MEMBER, m.posterName, mem.realName\n\t\tFROM {$db_prefix}messages AS m\n\t\t\tLEFT JOIN {$db_prefix}members AS mem ON (m.ID_MEMBER = mem.ID_MEMBER)\n\t\tWHERE m.ID_MSG = {$_POST['msg']}\n\t\t\tAND m.ID_TOPIC = {$topic}\n\t\tLIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { fatal_lang_error('smf232'); } list($subject, $member, $posterName, $realName) = mysql_fetch_row($request); mysql_free_result($request); if ($member == $ID_MEMBER) { fatal_lang_error('rtm_not_own', false); } $posterName = un_htmlspecialchars($realName) . ($realName != $posterName ? ' (' . $posterName . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($subject); // Get a list of members with the moderate_board permission. require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('moderate_board', $board); $request = db_query("\n\t\tSELECT ID_MEMBER, emailAddress, lngfile\n\t\tFROM {$db_prefix}members\n\t\tWHERE ID_MEMBER IN (" . implode(', ', $moderators) . ")\n\t\t\tAND notifyTypes != 4\n\t\tORDER BY lngfile", __FILE__, __LINE__); // Check that moderators do exist! if (mysql_num_rows($request) == 0) { fatal_lang_error('rtm11', false); } // Send every moderator an email. while ($row = mysql_fetch_assoc($request)) { loadLanguage('Post', empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], false); // Send it to the moderator. sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName, sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($ID_MEMBER) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" . $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'] . "\n\n" . $txt['rtm_email_comment'] . ":\n" . $_POST['comment'] . "\n\n" . $txt[130], $user_info['email']); } mysql_free_result($request); // Back to the board! (you probably don't want to see the post anymore..) redirectexit('board=' . $board . '.0'); }
function sp_staff($parameters, $id, $return_parameters = false) { global $smcFunc, $sourcedir, $scripturl, $modSettings, $color_profile; $block_parameters = array('lmod' => 'check'); if ($return_parameters) { return $block_parameters; } require_once $sourcedir . '/Subs-Members.php'; if (empty($parameters['lmod'])) { $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}moderators AS mods', array()); $local_mods = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $local_mods[$row['id_member']] = $row['id_member']; } $smcFunc['db_free_result']($request); if (count($local_mods) > 10) { $local_mods = array(); } } else { $local_mods = array(); } $global_mods = membersAllowedTo('moderate_board', 0); $admins = membersAllowedTo('admin_forum'); $all_staff = array_merge($local_mods, $global_mods, $admins); $all_staff = array_unique($all_staff); $request = $smcFunc['db_query']('', ' SELECT m.id_member, m.real_name, m.avatar, mg.group_name, a.id_attach, a.attachment_type, a.filename FROM {db_prefix}members AS m LEFT JOIN {db_prefix}attachments AS a ON (a.id_member = m.id_member) LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN m.id_group = {int:reg_group_id} THEN m.id_post_group ELSE m.id_group END) WHERE m.id_member IN ({array_int:staff_list})', array('staff_list' => $all_staff, 'reg_group_id' => 0)); $staff_list = array(); $colorids = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $colorids[$row['id_member']] = $row['id_member']; if ($modSettings['avatar_action_too_large'] == 'option_html_resize' || $modSettings['avatar_action_too_large'] == 'option_js_resize') { $avatar_width = !empty($modSettings['avatar_max_width_external']) ? ' width="' . $modSettings['avatar_max_width_external'] . '"' : ''; $avatar_height = !empty($modSettings['avatar_max_height_external']) ? ' height="' . $modSettings['avatar_max_height_external'] . '"' : ''; } else { $avatar_width = ''; $avatar_height = ''; } if (in_array($row['id_member'], $admins)) { $row['type'] = 1; } elseif (in_array($row['id_member'], $global_mods)) { $row['type'] = 2; } else { $row['type'] = 3; } $staff_list[$row['type'] . '-' . $row['id_member']] = array('id' => $row['id_member'], 'name' => $row['real_name'], 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>', 'group' => $row['group_name'], 'type' => $row['type'], 'avatar' => array('name' => $row['avatar'], 'image' => $row['avatar'] == '' ? $row['id_attach'] > 0 ? '<img src="' . (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="" class="avatar" border="0" />' : '' : (stristr($row['avatar'], 'http://') ? '<img src="' . $row['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" class="avatar" border="0" />' : '<img src="' . $modSettings['avatar_url'] . '/' . htmlspecialchars($row['avatar']) . '" alt="" class="avatar" border="0" />'), 'href' => $row['avatar'] == '' ? $row['id_attach'] > 0 ? empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename'] : '' : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar']), 'url' => $row['avatar'] == '' ? '' : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar']))); } $smcFunc['db_free_result']($request); ksort($staff_list); $staff_count = count($staff_list); $count = 0; $icons = array(1 => 'admin', 'gmod', 'lmod'); if (!empty($colorids) && sp_loadColors($colorids) !== false) { foreach ($staff_list as $k => $p) { if (!empty($color_profile[$p['id']]['link'])) { $staff_list[$k]['link'] = $color_profile[$p['id']]['link']; } } } echo ' <table class="sp_fullwidth">'; foreach ($staff_list as $staff) { echo ' <tr> <td class="sp_staff sp_center">', !empty($staff['avatar']['href']) ? ' <a href="' . $scripturl . '?action=profile;u=' . $staff['id'] . '"><img src="' . $staff['avatar']['href'] . '" alt="' . $staff['name'] . '" width="40" /></a>' : '', ' </td> <td class="sp_staff_info', $staff_count != ++$count ? ' sp_staff_divider' : '', '"> ', sp_embed_image($icons[$staff['type']]), ' ', $staff['link'], '<br /> ', $staff['group'], ' </td> </tr>'; } echo ' </table>'; }
/** * Staff Block, show the list of forum staff members * * @param mixed[] $parameters * 'lmod' => set to include local moderators as well * @param int $id - not used in this block * @param boolean $return_parameters if true returns the configuration options for the block */ function sp_staff($parameters, $id, $return_parameters = false) { global $scripturl, $modSettings, $color_profile; $db = database(); $block_parameters = array('lmod' => 'check'); if ($return_parameters) { return $block_parameters; } require_once SUBSDIR . '/Members.subs.php'; // Including local board moderators if (empty($parameters['lmod'])) { $request = $db->query('', ' SELECT id_member FROM {db_prefix}moderators', array()); $local_mods = array(); while ($row = $db->fetch_assoc($request)) { $local_mods[$row['id_member']] = $row['id_member']; } $db->free_result($request); if (count($local_mods) > 10) { $local_mods = array(); } } else { $local_mods = array(); } $global_mods = membersAllowedTo('moderate_board', 0); $admins = membersAllowedTo('admin_forum'); $all_staff = array_merge($local_mods, $global_mods, $admins); $all_staff = array_unique($all_staff); $request = $db->query('', ' SELECT m.id_member, m.real_name, m.avatar, m.email_address, mg.group_name, a.id_attach, a.attachment_type, a.filename FROM {db_prefix}members AS m LEFT JOIN {db_prefix}attachments AS a ON (a.id_member = m.id_member) LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN m.id_group = {int:reg_group_id} THEN m.id_post_group ELSE m.id_group END) WHERE m.id_member IN ({array_int:staff_list})', array('staff_list' => $all_staff, 'reg_group_id' => 0)); $staff_list = array(); $colorids = array(); while ($row = $db->fetch_assoc($request)) { $colorids[$row['id_member']] = $row['id_member']; if (in_array($row['id_member'], $admins)) { $row['type'] = 1; } elseif (in_array($row['id_member'], $global_mods)) { $row['type'] = 2; } else { $row['type'] = 3; } $staff_list[$row['type'] . '-' . $row['id_member']] = array('id' => $row['id_member'], 'name' => $row['real_name'], 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>', 'group' => $row['group_name'], 'type' => $row['type'], 'avatar' => determineAvatar(array('avatar' => $row['avatar'], 'filename' => $row['filename'], 'id_attach' => $row['id_attach'], 'email_address' => $row['email_address'], 'attachment_type' => $row['attachment_type']))); } $db->free_result($request); ksort($staff_list); $staff_count = count($staff_list); $count = 0; $icons = array(1 => 'admin', 'gmod', 'lmod'); if (!empty($colorids) && sp_loadColors($colorids) !== false) { foreach ($staff_list as $k => $p) { if (!empty($color_profile[$p['id']]['link'])) { $staff_list[$k]['link'] = $color_profile[$p['id']]['link']; } } } echo ' <table class="sp_fullwidth">'; foreach ($staff_list as $staff) { echo ' <tr> <td class="sp_staff centertext">', !empty($staff['avatar']['href']) ? ' <a href="' . $scripturl . '?action=profile;u=' . $staff['id'] . '"> <img src="' . $staff['avatar']['href'] . '" alt="' . $staff['name'] . '" style="max-width:40px" /> </a>' : '', ' </td> <td ', sp_embed_class($icons[$staff['type']], '', 'sp_staff_info' . $staff_count != ++$count ? ' sp_staff_divider' : ''), '>', $staff['link'], '<br />', $staff['group'], ' </td> </tr>'; } echo ' </table>'; }
function sportal_information($in_admin = true) { global $context, $scripturl, $txt, $sourcedir, $sportal_version, $user_profile; $context['sp_credits'] = array(array('pretext' => $txt['sp-info_intro'], 'title' => $txt['sp-info_team'], 'groups' => array(array('title' => $txt['sp-info_groups_pm'], 'members' => array('Eliana Tamerin', 'Huw')), array('title' => $txt['sp-info_groups_dev'], 'members' => array('<span onclick="if (getInnerHTML(this).indexOf(\'Sinan\') == -1) setInnerHTML(this, \'Sinan "[SiNaN]" Çevik\'); return false;">Selman "[SiNaN]" Eser</span>', 'ディン1031', 'Nathaniel Baxter')), array('title' => $txt['sp-info_groups_support'], 'members' => array('<span onclick="if (getInnerHTML(this).indexOf(\'Queen\') == -1) setInnerHTML(this, \'Angelina "Queen of Support" Belle\'); return false;">AngelinaBelle</span>')), array('title' => $txt['sp-info_groups_customize'], 'members' => array('Robbo', 'Berat "grafitus" Doğan', 'Blue')), array('title' => $txt['sp-info_groups_language'], 'members' => array('Jade "Alundra" Elizabeth', '<span onclick="if (getInnerHTML(this).indexOf(\'King\') == -1) setInnerHTML(this, \'130 "King of Pirates" 860\'); return false;">130860</span>')), array('title' => $txt['sp-info_groups_marketing'], 'members' => array('Runic')), array('title' => $txt['sp-info_groups_beta'], 'members' => array('Özgür', 'Willerby', 'David', 'Dr. Deejay', 'Brack1', 'c23_Mike', 'Underdog')))), array('title' => $txt['sp-info_special'], 'posttext' => $txt['sp-info_anyone'], 'groups' => array(array('title' => $txt['sp-info_groups_translators'], 'members' => array($txt['sp-info_translators_message'])), array('title' => $txt['sp-info_groups_founder'], 'members' => array()), array('title' => $txt['sp-info_groups_orignal_pm'], 'members' => array()), array('title' => $txt['sp-info_fam_fam'], 'members' => array($txt['sp-info_fam_fam_message']))))); if (!$in_admin) { loadTemplate('PortalAdmin'); $context['robot_no_index'] = true; $context['in_admin'] = false; } else { $context['in_admin'] = true; $context['sp_version'] = $sportal_version; $context['sp_managers'] = array(); require_once $sourcedir . '/Subs-Members.php'; $manager_ids = loadMemberData(membersAllowedTo('sp_admin'), false, 'minimal'); if ($manager_ids) { foreach ($manager_ids as $member) { $context['sp_managers'][] = '<a href="' . $scripturl . '?action=profile;u=' . $user_profile[$member]['id_member'] . '">' . $user_profile[$member]['real_name'] . '</a>'; } } } $context['sub_template'] = 'information'; $context['page_title'] = $txt['sp-info_title']; }
/** * Report for showing all the forum staff members - quite a feat! * functions ending with "Report" are responsible for generating data * for reporting. * they are all called from action_index. * never access the context directly, but use the data handling * functions to do so. */ public function action_staff() { global $txt; require_once SUBSDIR . '/Members.subs.php'; require_once SUBSDIR . '/Boards.subs.php'; require_once SUBSDIR . '/Membergroups.subs.php'; // Fetch all the board names. $boards = fetchBoardsInfo('all'); $moderators = allBoardModerators(true); $boards_moderated = array(); foreach ($moderators as $id_member => $rows) { foreach ($rows as $row) { $boards_moderated[$id_member][] = $row['id_board']; } } // Get a list of global moderators (i.e. members with moderation powers). $global_mods = array_intersect(membersAllowedTo('moderate_board', 0), membersAllowedTo('approve_posts', 0), membersAllowedTo('remove_any', 0), membersAllowedTo('modify_any', 0)); // How about anyone else who is special? $allStaff = array_merge(membersAllowedTo('admin_forum'), membersAllowedTo('manage_membergroups'), membersAllowedTo('manage_permissions'), array_keys($moderators), $global_mods); // Make sure everyone is there once - no admin less important than any other! $allStaff = array_unique($allStaff); // This is a bit of a cop out - but we're protecting their forum, really! if (count($allStaff) > 300) { fatal_lang_error('report_error_too_many_staff'); } // Get all the possible membergroups! $all_groups = getBasicMembergroupData(array('all'), array(), null, false); $groups = array(0 => $txt['full_member']); foreach ($all_groups as $row) { $groups[$row['id']] = empty($row['online_color']) ? $row['name'] : '<span style="color: ' . $row['online_color'] . '">' . $row['name'] . '</span>'; } // All the fields we'll show. $staffSettings = array('position' => $txt['report_staff_position'], 'moderates' => $txt['report_staff_moderates'], 'posts' => $txt['report_staff_posts'], 'last_login' => $txt['report_staff_last_login']); // Do it in columns, it's just easier. setKeys('cols'); // Get the latest activated member's display name. $result = getBasicMemberData($allStaff, array('moderation' => true, 'sort' => 'real_name')); foreach ($result as $row) { // Each member gets their own table!. newTable($row['real_name'], '', 'left', 'auto', 'left', 200, 'center'); // First off, add in the side key. addData($staffSettings); // Create the main data array. $staffData = array('position' => isset($groups[$row['id_group']]) ? $groups[$row['id_group']] : $groups[0], 'posts' => $row['posts'], 'last_login' => standardTime($row['last_login']), 'moderates' => array()); // What do they moderate? if (in_array($row['id_member'], $global_mods)) { $staffData['moderates'] = '<em>' . $txt['report_staff_all_boards'] . '</em>'; } elseif (isset($boards_moderated[$row['id_member']])) { // Get the names foreach ($boards_moderated[$row['id_member']] as $board) { if (isset($boards[$board])) { $staffData['moderates'][] = $boards[$board]['name']; } } $staffData['moderates'] = implode(', ', $staffData['moderates']); } else { $staffData['moderates'] = '<em>' . $txt['report_staff_no_boards'] . '</em>'; } // Next add the main data. addData($staffData); } }
function method_report_post() { global $context, $mobdb, $modSettings, $scripturl, $user_info, $sourcedir, $txt; // Get the message ID if (!isset($context['mob_request']['params'][0])) { outputRPCResult(false, $txt['smf272']); } $id_msg = (int) $context['mob_request']['params'][0][0]; $reason = utf8ToAscii(base64_decode($context['mob_request']['params'][1][0])); require_once $sourcedir . '/Subs-Post.php'; $mobdb->query("\n SELECT m.subject, m.ID_MEMBER, m.posterName, mem.realName, m.ID_TOPIC, m.ID_BOARD\n FROM {db_prefix}messages AS m\n LEFT JOIN {db_prefix}members AS mem ON (m.ID_MEMBER = mem.ID_MEMBER)\n WHERE m.ID_MSG = {$id_msg}\n LIMIT 1", array()); if ($mobdb->num_rows() == 0) { outputRPCResult(false, $txt['smf272']); } $message_info = $mobdb->fetch_assoc(); global $topic, $board; list($subject, $member, $posterName, $realName, $topic, $board) = array($message_info['subject'], $message_info['ID_MEMBER'], $message_info['posterName'], $message_info['realName'], $message_info['ID_TOPIC'], $message_info['ID_BOARD']); $mobdb->free_result(); loadBoard(); loadPermissions(); // You can't use this if it's off or you are not allowed to do it. if (!allowedTo('report_any')) { outputRPCResult(false, $txt['cannot_report_any']); } spamProtection('spam'); if ($member == $user_info['id']) { outputRPCResult(false, $txt['rtm_not_own']); } $posterName = un_htmlspecialchars($realName) . ($realName != $posterName ? ' (' . $posterName . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($subject); // Get a list of members with the moderate_board permission. require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('moderate_board', $board); $mobdb->query("\n SELECT ID_MEMBER, emailAddress, lngfile\n FROM {db_prefix}members\n WHERE ID_MEMBER IN (" . implode(', ', $moderators) . ")\n AND notifyTypes != 4\n ORDER BY lngfile", array()); // Check that moderators do exist! if ($mobdb->num_rows() == 0) { outputRPCResult(false, $txt['rtm11']); } // Send every moderator an email. while ($row = $mobdb->fetch_assoc()) { loadLanguage('Post', empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], false); // Send it to the moderator. sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName, sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($user_info['id']) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" . $scripturl . '?topic=' . $topic . '.msg' . $id_msg . '#msg' . $id_msg . "\n\n" . $txt['rtm_email_comment'] . ":\n" . $reason . "\n\n" . $txt[130], $user_info['email']); } $mobdb->free_result(); outputRPCResult(true); }
function memberAllowedTo($permission, $memID) { if (!is_array($permission)) { $permission = array($permission); } if (!is_array($memID)) { foreach ($permission as $perm) { if (in_array($memID, membersAllowedTo($perm))) { return true; } } return false; } $allowed = array(); foreach ($permission as $perm) { $members = membersAllowedTo($perm); foreach ($memID as $i => $id) { if (in_array($id, $members)) { $allowed[] = $id; unset($memID[$i]); if (empty($memID)) { return $allowed; } } } } return $allowed; }