function main($id, $mode) { global $config, $db, $user, $table_prefix, $auth, $template, $phpbb_root_path, $phpEx; define('TABLE_PREFIX', $table_prefix); require_once 'class_ulogin.php'; $uLogin = new uLogin($db); if ($config['require_activation'] == USER_ACTIVATION_DISABLE) { trigger_error('UCP_REGISTER_DISABLE'); } if (!($user_id = $uLogin->auth())) { $user_id = $uLogin->register(); } if ($user_id) { $session = $user->session_create($user_id, 0, 1); } if (!$session) { page_header($user->lang['LOGIN'], false); $template->set_filenames(array('body' => 'login_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); page_footer(); exit; } $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}"); $message = $user->lang['LOGIN_REDIRECT']; $l_redirect = $redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']; $redirect = reapply_sid($redirect); if (defined('IN_CHECK_BAN') && $session['user_row']['user_type'] != USER_FOUNDER) { return false; } $redirect = meta_refresh(3, $redirect); trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); }
/** * Set data used in javascript */ public function set_javascript_data($route, $style_id) { $board_url = generate_board_url(); $ajax_url = $board_url . (!$this->config['enable_mod_rewrite'] ? '/app.' . $this->php_ext : ''); $is_default_route = $u_default_route = false; if ($this->config['sitemaker_default_layout']) { $is_default_route = $this->config['sitemaker_default_layout'] === $route ? true : false; $u_default_route .= $board_url . '/' . $this->config['sitemaker_default_layout']; $u_default_route = reapply_sid($u_default_route); } $this->template->assign_vars(array('S_IS_DEFAULT' => $is_default_route, 'PAGE_URL' => build_url(array('style')), 'UA_ROUTE' => $route, 'UA_AJAX_URL' => $ajax_url, 'UA_BOARD_URL' => $board_url, 'UA_STYLE_ID' => $style_id, 'U_VIEW_DEFAULT' => $u_default_route)); }
/** * {@inheritdoc} */ public function display(array $bdata, $edit_mode = false) { $settings = $bdata['settings']; $content = ''; if (!$this->user->data['is_registered'] || $edit_mode === true) { $this->ptemplate->assign_vars(array('S_SHOW_HIDE_ME' => $settings['show_hide_me'] ? true : false, 'S_AUTOLOGIN_ENABLED' => $settings['allow_autologin'] ? true : false, 'S_LOGIN_ACTION' => append_sid("{$this->phpbb_root_path}ucp" . $this->php_ext, 'mode=login'), 'U_REGISTER' => append_sid("{$this->phpbb_root_path}ucp" . $this->php_ext, 'mode=register'), 'U_SEND_PASSWORD' => append_sid("{$this->phpbb_root_path}ucp" . $this->php_ext, 'mode=sendpassword'), 'U_REDIRECT' => reapply_sid(ltrim(rtrim(build_url(array('edit_mode')), '?'), './../')))); $content = $this->ptemplate->render_view('blitze/sitemaker', 'blocks/login.html', 'login_block'); } else { if ($settings['show_member_menu']) { $block = $this->phpbb_container->get('blitze.sitemaker.block.member_menu'); $block->set_template($this->ptemplate); return $block->display(array(), $edit_mode); } } return array('title' => 'LOGIN', 'content' => $content); }
/** * Controller for /idea/{idea_id} * * @param $idea_id int The ID of the requested idea, maybe? * @throws http_exception * @return \Symfony\Component\HttpFoundation\Response A Symfony Response object */ public function idea($idea_id) { if (!$this->is_available()) { throw new http_exception(404, 'IDEAS_NOT_AVAILABLE'); } $this->data = $this->ideas->get_idea($idea_id); if (!$this->data) { throw new http_exception(404, 'IDEA_NOT_FOUND'); } $mode = $this->request->variable('mode', ''); if ($this->request->is_ajax() && !empty($mode)) { $result = call_user_func(array($this, $mode)); return new \Symfony\Component\HttpFoundation\JsonResponse($result); } $url = reapply_sid(generate_board_url() . "/viewtopic.{$this->php_ext}?f={$this->config['ideas_forum_id']}&t={$this->data['topic_id']}"); return new RedirectResponse($url); }
/** * Main method, is called by p_master to run the module */ public function main($mode, $id) { // Fetch all the data $fid = request_var('f', 0); $pid = request_var('prefixid', 0); $red = request_var('redirect', 'index.' . PHP_EXT); $tid = request_var('t', 0); $red = reapply_sid($red); // Get the prefix data $tree = $forums = array(); sp_phpbb::$cache->obtain_prefix_forum_tree($tree, $forums); // Nothing for this forum if (empty($tree[$fid])) { return; } // Fetch the current data for this forum $sql = 'SELECT subject_prefix_id FROM ' . TOPICS_TABLE . ' WHERE topic_id = ' . $tid; $result = sp_phpbb::$db->sql_query($sql); $_c_pid = sp_phpbb::$db->sql_fetchfield('subject_prefix_id', false, $result); sp_phpbb::$db->sql_freeresult($result); // No change if ($pid == $_c_pid) { meta_refresh(2, $red); trigger_error(sp_phpbb::$user->lang['PREFIX_NOT_CHANGED'] . '<br /><br />' . sprintf(sp_phpbb::$user->lang['RETURN_PAGE'], '<a href="' . $red . '">', '</a>')); } // The selected prefix can be used in this forum? if (!isset($tree[$fid][$pid]) && $pid > 0) { meta_refresh(2, $red); trigger_error(sp_phpbb::$user->lang['PREFIX_NOT_ALLOWED'] . '<br /><br />' . sprintf(sp_phpbb::$user->lang['RETURN_PAGE'], '<a href="' . $red . '">', '</a>')); } // Update $sql = 'UPDATE ' . TOPICS_TABLE . ' SET subject_prefix_id = ' . $pid . ' WHERE topic_id = ' . $tid; sp_phpbb::$db->sql_query($sql); if (sp_phpbb::$db->sql_affectedrows() == -1) { trigger_error('PREFIX_UPDATE_FAILED'); } else { sp_cache::subject_prefix_quick_clear(); meta_refresh(2, $red); trigger_error(sp_phpbb::$user->lang['PREFIX_UPDATED_SUCCESS'] . '<br /><br />' . sprintf(sp_phpbb::$user->lang['RETURN_PAGE'], '<a href="' . $red . '">', '</a>')); } }
/** * Board Announcements controller accessed from the URL /boardannouncements/close * * @throws \phpbb\exception\http_exception An http exception * @return \Symfony\Component\HttpFoundation\JsonResponse A Symfony JSON Response object * @access public */ public function close_announcement() { // Check the link hash to protect against CSRF/XSRF attacks if (!check_link_hash($this->request->variable('hash', ''), 'close_boardannouncement') || !$this->config['board_announcements_dismiss']) { throw new \phpbb\exception\http_exception(403, 'NO_AUTH_OPERATION'); } // Set a cookie $response = $this->set_board_announcement_cookie(); // Close the announcement for registered users if ($this->user->data['is_registered']) { $response = $this->update_board_announcement_status(); } // Send a JSON response if an AJAX request was used if ($this->request->is_ajax()) { return new \Symfony\Component\HttpFoundation\JsonResponse(array('success' => $response)); } // Redirect the user back to their last viewed page (non-AJAX requests) $redirect = $this->request->variable('redirect', $this->user->data['session_page']); $redirect = reapply_sid($redirect); redirect($redirect); // We shouldn't get here, but throw an http exception just in case throw new \phpbb\exception\http_exception(500, 'GENERAL_ERROR'); }
/** * Fork Topic */ function mcp_fork_topic($topic_ids) { global $auth, $user, $db, $template, $config; global $phpEx, $phpbb_root_path; if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_'))) { return; } $to_forum_id = request_var('to_forum_id', 0); $forum_id = request_var('f', 0); $redirect = request_var('redirect', build_url(array('action', 'quickmod'))); $additional_msg = $success_msg = ''; $s_hidden_fields = build_hidden_fields(array('topic_id_list' => $topic_ids, 'f' => $forum_id, 'action' => 'fork', 'redirect' => $redirect)); if ($to_forum_id) { $forum_data = get_forum_data($to_forum_id, 'f_post'); if (!sizeof($topic_ids)) { $additional_msg = $user->lang['NO_TOPIC_SELECTED']; } else { if (!sizeof($forum_data)) { $additional_msg = $user->lang['FORUM_NOT_EXIST']; } else { $forum_data = $forum_data[$to_forum_id]; if ($forum_data['forum_type'] != FORUM_POST) { $additional_msg = $user->lang['FORUM_NOT_POSTABLE']; } else { if (!$auth->acl_get('f_post', $to_forum_id)) { $additional_msg = $user->lang['USER_CANNOT_POST']; } } } } } else { if (isset($_POST['confirm'])) { $additional_msg = $user->lang['FORUM_NOT_EXIST']; } } if ($additional_msg) { unset($_POST['confirm']); unset($_REQUEST['confirm_key']); } if (confirm_box(true)) { $topic_data = get_topic_data($topic_ids, 'f_post'); $total_posts = 0; $new_topic_id_list = array(); if ($topic_data['enable_indexing']) { // Select the search method and do some additional checks to ensure it can actually be utilised $search_type = basename($config['search_type']); if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) { trigger_error('NO_SUCH_SEARCH_MODULE'); } if (!class_exists($search_type)) { include "{$phpbb_root_path}includes/search/{$search_type}.{$phpEx}"; } $error = false; $search = new $search_type($error); $search_mode = 'post'; if ($error) { trigger_error($error); } } else { $search_type = false; } foreach ($topic_data as $topic_id => $topic_row) { $sql_ary = array('forum_id' => (int) $to_forum_id, 'icon_id' => (int) $topic_row['icon_id'], 'topic_attachment' => (int) $topic_row['topic_attachment'], 'topic_approved' => 1, 'topic_reported' => 0, 'topic_title' => (string) $topic_row['topic_title'], 'topic_poster' => (int) $topic_row['topic_poster'], 'topic_time' => (int) $topic_row['topic_time'], 'topic_replies' => (int) $topic_row['topic_replies_real'], 'topic_replies_real' => (int) $topic_row['topic_replies_real'], 'topic_status' => (int) $topic_row['topic_status'], 'topic_type' => (int) $topic_row['topic_type'], 'topic_first_poster_name' => (string) $topic_row['topic_first_poster_name'], 'topic_last_poster_id' => (int) $topic_row['topic_last_poster_id'], 'topic_last_poster_name' => (string) $topic_row['topic_last_poster_name'], 'topic_last_post_time' => (int) $topic_row['topic_last_post_time'], 'topic_last_view_time' => (int) $topic_row['topic_last_view_time'], 'topic_bumped' => (int) $topic_row['topic_bumped'], 'topic_bumper' => (int) $topic_row['topic_bumper'], 'poll_title' => (string) $topic_row['poll_title'], 'poll_start' => (int) $topic_row['poll_start'], 'poll_length' => (int) $topic_row['poll_length'], 'poll_max_options' => (int) $topic_row['poll_max_options'], 'poll_vote_change' => (int) $topic_row['poll_vote_change']); $db->sql_query('INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_topic_id = $db->sql_nextid(); $new_topic_id_list[$topic_id] = $new_topic_id; if ($topic_row['poll_start']) { $poll_rows = array(); $sql = 'SELECT * FROM ' . POLL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE topic_id = {$topic_id}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $sql_ary = array('poll_option_id' => (int) $row['poll_option_id'], 'topic_id' => (int) $new_topic_id, 'poll_option_text' => (string) $row['poll_option_text'], 'poll_option_total' => 0); $db->sql_query('INSERT INTO ' . POLL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); } } $sql = 'SELECT * FROM ' . POSTS_TABLE . "\n\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tORDER BY post_time ASC"; $result = $db->sql_query($sql); $post_rows = array(); while ($row = $db->sql_fetchrow($result)) { $post_rows[] = $row; } $db->sql_freeresult($result); if (!sizeof($post_rows)) { continue; } $total_posts += sizeof($post_rows); foreach ($post_rows as $row) { $sql_ary = array('topic_id' => (int) $new_topic_id, 'forum_id' => (int) $to_forum_id, 'poster_id' => (int) $row['poster_id'], 'icon_id' => (int) $row['icon_id'], 'poster_ip' => (string) $row['poster_ip'], 'post_time' => (int) $row['post_time'], 'post_approved' => 1, 'post_reported' => 0, 'enable_bbcode' => (int) $row['enable_bbcode'], 'enable_smilies' => (int) $row['enable_smilies'], 'enable_magic_url' => (int) $row['enable_magic_url'], 'enable_sig' => (int) $row['enable_sig'], 'post_username' => (string) $row['post_username'], 'post_subject' => (string) $row['post_subject'], 'post_text' => (string) $row['post_text'], 'post_edit_reason' => (string) $row['post_edit_reason'], 'post_edit_user' => (int) $row['post_edit_user'], 'post_checksum' => (string) $row['post_checksum'], 'post_attachment' => (int) $row['post_attachment'], 'bbcode_bitfield' => $row['bbcode_bitfield'], 'bbcode_uid' => (string) $row['bbcode_uid'], 'post_edit_time' => (int) $row['post_edit_time'], 'post_edit_count' => (int) $row['post_edit_count'], 'post_edit_locked' => (int) $row['post_edit_locked'], 'post_postcount' => 0); $db->sql_query('INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_post_id = $db->sql_nextid(); // Copy whether the topic is dotted markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']); if ($search_type) { $search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], $topic_row['topic_type'] == POST_GLOBAL ? 0 : $to_forum_id); $search_mode = 'reply'; // After one we index replies } // Copy Attachments if ($row['post_attachment']) { $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\tWHERE post_msg_id = {$row['post_id']}\n\t\t\t\t\t\t\tAND topic_id = {$topic_id}\n\t\t\t\t\t\t\tAND in_message = 0"; $result = $db->sql_query($sql); $sql_ary = array(); while ($attach_row = $db->sql_fetchrow($result)) { $sql_ary[] = array('post_msg_id' => (int) $new_post_id, 'topic_id' => (int) $new_topic_id, 'in_message' => 0, 'is_orphan' => (int) $attach_row['is_orphan'], 'poster_id' => (int) $attach_row['poster_id'], 'physical_filename' => (string) utf8_basename($attach_row['physical_filename']), 'real_filename' => (string) utf8_basename($attach_row['real_filename']), 'download_count' => (int) $attach_row['download_count'], 'attach_comment' => (string) $attach_row['attach_comment'], 'extension' => (string) $attach_row['extension'], 'mimetype' => (string) $attach_row['mimetype'], 'filesize' => (int) $attach_row['filesize'], 'filetime' => (int) $attach_row['filetime'], 'thumbnail' => (int) $attach_row['thumbnail']); } $db->sql_freeresult($result); if (sizeof($sql_ary)) { $db->sql_multi_insert(ATTACHMENTS_TABLE, $sql_ary); } } } $sql = 'SELECT user_id, notify_status FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . $topic_id; $result = $db->sql_query($sql); $sql_ary = array(); while ($row = $db->sql_fetchrow($result)) { $sql_ary[] = array('topic_id' => (int) $new_topic_id, 'user_id' => (int) $row['user_id'], 'notify_status' => (int) $row['notify_status']); } $db->sql_freeresult($result); if (sizeof($sql_ary)) { $db->sql_multi_insert(TOPICS_WATCH_TABLE, $sql_ary); } } // Sync new topics, parent forums and board stats sync('topic', 'topic_id', $new_topic_id_list); $sync_sql = array(); $sync_sql[$to_forum_id][] = 'forum_posts = forum_posts + ' . $total_posts; $sync_sql[$to_forum_id][] = 'forum_topics = forum_topics + ' . sizeof($new_topic_id_list); $sync_sql[$to_forum_id][] = 'forum_topics_real = forum_topics_real + ' . sizeof($new_topic_id_list); foreach ($sync_sql as $forum_id_key => $array) { $sql = 'UPDATE ' . FORUMS_TABLE . ' SET ' . implode(', ', $array) . ' WHERE forum_id = ' . $forum_id_key; $db->sql_query($sql); } sync('forum', 'forum_id', $to_forum_id); set_config_count('num_topics', sizeof($new_topic_id_list), true); set_config_count('num_posts', $total_posts, true); foreach ($new_topic_id_list as $topic_id => $new_topic_id) { add_log('mod', $to_forum_id, $new_topic_id, 'LOG_FORK', $topic_row['forum_name']); } $success_msg = sizeof($topic_ids) == 1 ? 'TOPIC_FORKED_SUCCESS' : 'TOPICS_FORKED_SUCCESS'; } else { $template->assign_vars(array('S_FORUM_SELECT' => make_forum_select($to_forum_id, false, false, true, true, true), 'S_CAN_LEAVE_SHADOW' => false, 'ADDITIONAL_MSG' => $additional_msg)); confirm_box(false, 'FORK_TOPIC' . (sizeof($topic_ids) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_move.html'); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { redirect($redirect); } else { $redirect_url = append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id); meta_refresh(3, $redirect_url); $return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>'); if ($forum_id != $to_forum_id) { $return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $to_forum_id) . '">', '</a>'); } trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } }
function oauth_login() { global $phpEx, $config, $auth, $user; $info = false; $method = trim(basename($config['auth_method'])); include_once $phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx; $method = 'oauth_redirect_info_' . $method; if (function_exists($method)) { $info = $method(); } if (!$info) { redirect('index.' . $phpEx); } // // Hack code // $_POST['login'] = '******'; // $_REQUEST['credential'] = ($info->admin) ? md5(unique_id()) : false; // $_REQUEST['redirect'] = $info ->redirect; // login_box($info ->redirect, $info->l_explain, $info->l_success, $info->admin); $admin = $info->admin; $redirect = $info->redirect; if ($admin && !$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } // If authentication is successful we redirect user to previous page $result = $auth->login('', '', false, 0, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT']; $l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) { return; } $redirect = meta_refresh(3, $redirect); trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } if ($result['status'] == LOGIN_CONTINUE) { oauth_show_register($result['oauth_extra']); } trigger_error("Extern auth error!"); }
/** * Get username details for placing into templates. * This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id. * * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link) * @param int $user_id The users id * @param string $username The users name * @param string $username_colour The users colour * @param string $guest_username optional parameter to specify the guest username. It will be used in favor of the GUEST language variable then. * @param string $custom_profile_url optional parameter to specify a profile url. The user id get appended to this url as &u={user_id} * * @return string A string consisting of what is wanted based on $mode. * @author BartVB, Acyd Burn */ function get_username_string($mode, $user_id, $username, $username_colour = '', $guest_username = false, $custom_profile_url = false) { static $_profile_cache; // We cache some common variables we need within this function if (empty($_profile_cache)) { global $phpbb_root_path, $phpEx; $_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=viewprofile&u={USER_ID}'); $_profile_cache['tpl_noprofile'] = '{USERNAME}'; $_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>'; $_profile_cache['tpl_profile'] = '<a href="{PROFILE_URL}">{USERNAME}</a>'; $_profile_cache['tpl_profile_colour'] = '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</a>'; } global $user, $auth; // This switch makes sure we only run code required for the mode switch ($mode) { case 'full': case 'no_profile': case 'colour': // Build correct username colour $username_colour = $username_colour ? '#' . $username_colour : ''; // Return colour if ($mode == 'colour') { return $username_colour; } // no break; // no break; case 'username': // Build correct username if ($guest_username === false) { $username = $username ? $username : $user->lang['GUEST']; } else { $username = $user_id && $user_id != ANONYMOUS ? $username : (!empty($guest_username) ? $guest_username : $user->lang['GUEST']); } // Return username if ($mode == 'username') { return $username; } // no break; // no break; case 'profile': // Build correct profile url - only show if not anonymous and permission to view profile if registered user // For anonymous the link leads to a login page. if ($user_id && $user_id != ANONYMOUS && ($user->data['user_id'] == ANONYMOUS || $auth->acl_get('u_viewprofile'))) { // www.phpBB-SEO.com SEO TOOLKIT BEGIN // $profile_url = ($custom_profile_url !== false) ? $custom_profile_url . '&u=' . (int) $user_id : str_replace(array('={USER_ID}', '=%7BUSER_ID%7D'), '=' . (int) $user_id, $_profile_cache['base_url']); global $phpbb_seo, $phpbb_root_path, $phpEx; $phpbb_seo->set_user_url($username, $user_id); if ($custom_profile_url !== false) { $profile_url = reapply_sid($custom_profile_url . (strpos($custom_profile_url, '?') !== false ? '&' : '?') . 'u=' . (int) $user_id); } else { $profile_url = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=viewprofile&u=' . (int) $user_id); } // www.phpBB-SEO.com SEO TOOLKIT END } else { $profile_url = ''; } // Return profile if ($mode == 'profile') { return $profile_url; } // no break; } if ($mode == 'full' && !$profile_url || $mode == 'no_profile') { return str_replace(array('{USERNAME_COLOUR}', '{USERNAME}'), array($username_colour, $username), !$username_colour ? $_profile_cache['tpl_noprofile'] : $_profile_cache['tpl_noprofile_colour']); } return str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), !$username_colour ? $_profile_cache['tpl_profile'] : $_profile_cache['tpl_profile_colour']); }
/** * Merge selected posts into selected topic */ function merge_posts($topic_id, $to_topic_id) { global $db, $template, $user, $phpEx, $phpbb_root_path, $auth; if (!$to_topic_id) { $template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']); return; } $topic_data = get_topic_data(array($to_topic_id), 'm_merge'); if (!sizeof($topic_data)) { $template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']); return; } $topic_data = $topic_data[$to_topic_id]; $post_id_list = request_var('post_id_list', array(0)); $start = request_var('start', 0); if (!sizeof($post_id_list)) { $template->assign_var('MESSAGE', $user->lang['NO_POST_SELECTED']); return; } if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_merge'))) { return; } $redirect = request_var('redirect', $user->data['session_page']); $s_hidden_fields = build_hidden_fields(array('i' => 'main', 'post_id_list' => $post_id_list, 'to_topic_id' => $to_topic_id, 'mode' => 'topic_view', 'action' => 'merge_posts', 'start' => $start, 'redirect' => $redirect, 'f' => $forum_id, 't' => $topic_id)); $success_msg = $return_link = ''; if (confirm_box(true)) { $to_forum_id = $topic_data['forum_id']; move_posts($post_id_list, $to_topic_id); add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $topic_data['topic_title']); // Message and return links $success_msg = 'POSTS_MERGED_SUCCESS'; // Does the original topic still exist? If yes, link back to it $topic_data = get_topic_data(array($topic_id)); if (sizeof($topic_data)) { $return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $forum_id . '&t=' . $topic_id) . '">', '</a>'); } // Link to the new topic $return_link .= ($return_link ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>'); } else { confirm_box(false, 'MERGE_POSTS', $s_hidden_fields); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { return; } else { meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "f={$to_forum_id}&t={$to_topic_id}")); trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } }
/** * Build Confirm box * @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box * @param string $title Title/Message used for confirm box. * message text is _CONFIRM appended to title. * If title cannot be found in user->lang a default one is displayed * If title_CONFIRM cannot be found in user->lang the text given is used. * @param string $hidden Hidden variables * @param string $html_body Template used for confirm box * @param string $u_action Custom form action */ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.tpl', $u_action = '') { global $db, $user, $lang, $template; if (isset($_POST['cancel'])) { return false; } $confirm = false; if (isset($_POST['confirm'])) { // language frontier if ($_POST['confirm'] === $lang['YES']) { $confirm = true; } } if ($check && $confirm) { $user_id = request_var('confirm_uid', 0); $session_id = request_var('sess', ''); if ($user_id != $user->data['user_id'] || $session_id != $user->session_id) { return false; } return true; } elseif ($check) { return false; } $s_hidden_fields = build_hidden_fields(array('confirm_uid' => $user->data['user_id'], 'sess' => $user->session_id, 'sid' => $user->session_id)); // re-add sid / transform & to & for user->page (user->page is always using &) $use_page = $u_action ? IP_ROOT_PATH . $u_action : IP_ROOT_PATH . str_replace('&', '&', $user->page['page']); $u_action = reapply_sid($use_page); $u_action .= strpos($u_action, '?') === false ? '?' : '&'; $confirm_title = !isset($lang[$title]) ? $lang['Confirm'] : $lang[$title]; $template->assign_vars(array('MESSAGE_TITLE' => $confirm_title, 'MESSAGE_TEXT' => !isset($lang[$title . '_CONFIRM']) ? $title : $lang[$title . '_CONFIRM'], 'YES_VALUE' => $lang['YES'], 'S_CONFIRM_ACTION' => $u_action, 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields)); full_page_generation($html_body, $confirm_title, '', ''); }
/** * Merge selected topics into selected topic */ function merge_topics($forum_id, $topic_ids, $to_topic_id) { global $db, $template, $user, $phpEx, $phpbb_root_path, $phpbb_log, $request; if (!sizeof($topic_ids)) { $template->assign_var('MESSAGE', $user->lang['NO_TOPIC_SELECTED']); return; } if (!$to_topic_id) { $template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']); return; } $sync_topics = array_merge($topic_ids, array($to_topic_id)); $topic_data = phpbb_get_topic_data($sync_topics, 'm_merge'); if (!sizeof($topic_data) || empty($topic_data[$to_topic_id])) { $template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']); return; } $sync_forums = array(); foreach ($topic_data as $data) { $sync_forums[$data['forum_id']] = $data['forum_id']; } $topic_data = $topic_data[$to_topic_id]; $post_id_list = $request->variable('post_id_list', array(0)); $start = $request->variable('start', 0); if (!sizeof($post_id_list) && sizeof($topic_ids)) { $sql = 'SELECT post_id FROM ' . POSTS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $result = $db->sql_query($sql); $post_id_list = array(); while ($row = $db->sql_fetchrow($result)) { $post_id_list[] = $row['post_id']; } $db->sql_freeresult($result); } if (!sizeof($post_id_list)) { $template->assign_var('MESSAGE', $user->lang['NO_POST_SELECTED']); return; } if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_merge'))) { return; } $redirect = $request->variable('redirect', build_url(array('quickmod'))); $s_hidden_fields = build_hidden_fields(array('i' => 'main', 'f' => $forum_id, 'post_id_list' => $post_id_list, 'to_topic_id' => $to_topic_id, 'mode' => 'forum_view', 'action' => 'merge_topics', 'start' => $start, 'redirect' => $redirect, 'topic_id_list' => $topic_ids)); $return_link = ''; if (confirm_box(true)) { $to_forum_id = $topic_data['forum_id']; move_posts($post_id_list, $to_topic_id, false); $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_MERGE', false, array('forum_id' => $to_forum_id, 'topic_id' => $to_topic_id, $topic_data['topic_title'])); // Message and return links $success_msg = 'POSTS_MERGED_SUCCESS'; if (!function_exists('phpbb_update_rows_avoiding_duplicates_notify_status')) { include $phpbb_root_path . 'includes/functions_database_helper.' . $phpEx; } // Update the topic watch table. phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', $topic_ids, $to_topic_id); // Update the bookmarks table. phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', $topic_ids, $to_topic_id); // Re-sync the topics and forums because the auto-sync was deactivated in the call of move_posts() sync('topic_reported', 'topic_id', $sync_topics); sync('topic_attachment', 'topic_id', $sync_topics); sync('topic', 'topic_id', $sync_topics, true); sync('forum', 'forum_id', $sync_forums, true, true); // Link to the new topic $return_link .= ($return_link ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>'); $redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.{$phpEx}?f={$to_forum_id}&t={$to_topic_id}"); $redirect = reapply_sid($redirect); meta_refresh(3, $redirect); trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } else { confirm_box(false, 'MERGE_TOPICS', $s_hidden_fields); } }
/** * Generate login box or verify password */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; global $request, $phpbb_container, $phpbb_dispatcher; $err = ''; // Make sure user->setup() has been called if (empty($user->lang)) { $user->setup(); } /** * This event allows an extension to modify the login process * * @event core.login_box_before * @var string redirect Redirect string * @var string l_explain Explain language string * @var string l_success Success language string * @var bool admin Is admin? * @var bool s_display Display full login form? * @var string err Error string * @since 3.1.9-RC1 */ $vars = array('redirect', 'l_explain', 'l_success', 'admin', 's_display', 'err'); extract($phpbb_dispatcher->trigger_event('core.login_box_before', compact($vars))); // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } if (empty($err) && ($request->is_set_post('login') || $request->is_set('login') && $request->variable('login', '') == 'external')) { // Get credential if ($admin) { $credential = request_var('credential', ''); if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) { if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } $password = $request->untrimmed_variable('password_' . $credential, '', true); } else { $password = $request->untrimmed_variable('password', '', true); } $username = request_var('username', '', true); $autologin = $request->is_set_post('autologin'); $viewonline = (int) (!$request->is_set_post('viewonline')); $admin = $admin ? 1 : 0; $viewonline = $admin ? $user->data['session_viewonline'] : $viewonline; // Check if the supplied username is equal to the one stored within the database if re-authenticating if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } // If authentication is successful we redirect user to previous page $result = $auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}"); /** * This event allows an extension to modify the redirection when a user successfully logs in * * @event core.login_box_redirect * @var string redirect Redirect string * @var bool admin Is admin? * @since 3.1.0-RC5 * @changed 3.1.9-RC1 Removed undefined return variable */ $vars = array('redirect', 'admin'); extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars))); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) { return; } redirect($redirect); } // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { trigger_error($result['error_msg']); } // Special cases... determine switch ($result['status']) { case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', '<a href="' . phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx) . '">', '</a>'); break; case LOGIN_ERROR_ATTEMPTS: $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); // $captcha->reset(); $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); // no break; // Username, password, etc... // no break; // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { $err = sprintf($user->lang[$result['error_msg']], '<a href="' . append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=contactadmin') . '">', '</a>'); } break; } /** * This event allows an extension to process when a user fails a login attempt * * @event core.login_box_failed * @var array result Login result data * @var string username User name used to login * @var string password Password used to login * @var string err Error message * @since 3.1.3-RC1 */ $vars = array('result', 'username', 'password', 'err'); extract($phpbb_dispatcher->trigger_event('core.login_box_failed', compact($vars))); } // Assign credential for username/password pair $credential = $admin ? md5(unique_id()) : false; $s_hidden_fields = array('sid' => $user->session_id); if ($redirect) { $s_hidden_fields['redirect'] = $redirect; } if ($admin) { $s_hidden_fields['credential'] = $credential; } $provider_collection = $phpbb_container->get('auth.provider_collection'); $auth_provider = $provider_collection->get_provider(); $auth_provider_data = $auth_provider->get_login_data(); if ($auth_provider_data) { if (isset($auth_provider_data['VARS'])) { $template->assign_vars($auth_provider_data['VARS']); } if (isset($auth_provider_data['BLOCK_VAR_NAME'])) { foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars) { $template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars); } } $template->assign_vars(array('PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE'])); } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password')); page_header($user->lang['LOGIN']); $template->set_filenames(array('body' => 'login_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); page_footer(); }
/** * Build Confirm box for Ajax requests * @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box * @param string $title Title/Message used for confirm box. * message text is _CONFIRM appended to title. * If title cannot be found in user->lang a default one is displayed * If title_CONFIRM cannot be found in user->lang the text given is used. * @param string $hidden Hidden variables * @param string $u_action Custom form action */ public static function ajax_confirm_box($check, $title = '', $hidden = '', $u_action = '') { global $user, $db, $request; if (!$request->is_ajax()) { return false; } $confirm = $user->lang['YES'] === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST); if ($check && $confirm) { $user_id = $request->variable('confirm_uid', 0); $session_id = $request->variable('sess', ''); $confirm_key = $request->variable('confirm_key', ''); if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || !$confirm_key || !$user->data['user_last_confirm_key'] || $confirm_key != $user->data['user_last_confirm_key']) { return false; } // Reset user_last_confirm_key $sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = ''\n\t\t\t\t\tWHERE user_id = " . $user->data['user_id']; $db->sql_query($sql); return true; } else { if ($check) { return false; } } $s_hidden_fields = build_hidden_fields(array('confirm_uid' => $user->data['user_id'], 'sess' => $user->session_id, 'sid' => $user->session_id)); // generate activation key $confirm_key = gen_rand_string(10); // If activation key already exist, we better do not re-use the key (something very strange is going on...) if ($request->variable('confirm_key', '')) { // This should not occur, therefore we cancel the operation to safe the user return false; } $use_page = $u_action ? $u_action : objects::$phpbb_root_path . str_replace('&', '&', $user->page['page']); $u_action = reapply_sid($use_page); $u_action .= (strpos($u_action, '?') === false ? '?' : '&') . 'confirm_key=' . $confirm_key; $sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "'\n\t\t\t\tWHERE user_id = " . $user->data['user_id']; $db->sql_query($sql); $u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id; $json_response = new \phpbb\json_response(); $json_response->send(array('MESSAGE_TITLE' => !isset($user->lang[$title]) ? $user->lang['CONFIRM'] : $user->lang[$title], 'MESSAGE_TEXT' => !isset($user->lang[$title . '_CONFIRM']) ? $title : $user->lang[$title . '_CONFIRM'], 'YES_VALUE' => $user->lang['YES'], 'NO_VALUE' => $user->lang['NO'], 'S_CONFIRM_ACTION' => str_replace('&', '&', $u_action), 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields)); }
/** * Closes a report */ function close_report($post_id_list, $mode, $action) { global $db, $template, $user, $config; global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_report'))) { trigger_error('NOT_AUTHORIZED'); } if ($action == 'delete' && strpos($user->data['session_page'], 'mode=report_details') !== false) { $redirect = request_var('redirect', build_url(array('mode')) . '&mode=reports'); } else { $redirect = request_var('redirect', $user->data['session_page']); } $success_msg = ''; $s_hidden_fields = build_hidden_fields(array('i' => 'reports', 'mode' => $mode, 'post_id_list' => $post_id_list, 'f' => $forum_id, 'action' => $action, 'redirect' => $redirect)); if (confirm_box(true)) { $post_info = get_post_data($post_id_list, 'm_report'); $sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u WHERE r.post_id IN (' . implode(',', array_keys($post_info)) . ') ' . ($action == 'close' ? 'AND r.report_closed = 0' : '') . ' AND r.user_id = u.user_id'; $result = $db->sql_query($sql); $reports = array(); while ($report = $db->sql_fetchrow($result)) { $reports[$report['post_id']] = $report; } $db->sql_freeresult($result); $close_report_posts = $close_report_topics = $notify_reporters = array(); foreach ($post_info as $post_id => $post_data) { if (isset($reports[$post_id])) { $close_report_posts[] = $post_id; $close_report_topics[] = $post_data['topic_id']; if ($reports[$post_id]['user_notify'] && !$reports[$post_id]['report_closed']) { $notify_reporters[$post_id] = $reports[$post_id]; } } } if (sizeof($close_report_posts)) { $close_report_topics = array_unique($close_report_topics); // Get a list of topics that still contain reported posts $sql = 'SELECT DISTINCT topic_id FROM ' . POSTS_TABLE . ' WHERE topic_id IN (' . implode(', ', $close_report_topics) . ') AND post_reported = 1 AND post_id NOT IN (' . implode(', ', $close_report_posts) . ')'; $result = $db->sql_query($sql); $keep_report_topics = array(); while ($row = $db->sql_fetchrow($result)) { $keep_report_topics[] = $row['topic_id']; } $db->sql_freeresult($result); $close_report_topics = array_diff($close_report_topics, $keep_report_topics); unset($keep_report_topics); $db->sql_transaction('begin'); if ($action == 'close') { $sql = 'UPDATE ' . REPORTS_TABLE . ' SET report_closed = 1 WHERE post_id IN (' . implode(', ', $close_report_posts) . ')'; } else { $sql = 'DELETE FROM ' . REPORTS_TABLE . ' WHERE post_id IN (' . implode(', ', $close_report_posts) . ')'; } $db->sql_query($sql); $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_reported = 0 WHERE post_id IN (' . implode(', ', $close_report_posts) . ')'; $db->sql_query($sql); $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_reported = 0 WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')'; $db->sql_query($sql); $db->sql_transaction('commit'); } unset($close_report_posts, $close_report_topics); $messenger = new messenger(); // Notify reporters if (sizeof($notify_reporters)) { $email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']); foreach ($notify_reporters as $post_id => $reporter) { if ($reporter['user_id'] == ANONYMOUS) { continue; } $messenger->template('report_' . $action . 'd', $reporter['user_lang']); $messenger->replyto($config['board_email']); $messenger->to($reporter['user_email'], $reporter['username']); $messenger->im($reporter['user_jabber'], $reporter['username']); $messenger->assign_vars(array('EMAIL_SIG' => $email_sig, 'SITENAME' => $config['sitename'], 'USERNAME' => html_entity_decode($reporter['username']), 'CLOSER_NAME' => html_entity_decode($user->data['username']), 'POST_SUBJECT' => html_entity_decode(censor_text($post_info[$post_id]['post_subject'])), 'TOPIC_TITLE' => html_entity_decode(censor_text($post_info[$post_id]['topic_title'])))); $messenger->send($reporter['user_notify_type']); $messenger->reset(); } $messenger->save_queue(); } unset($notify_reporters, $post_info); $success_msg = sizeof($post_id_list) == 1 ? 'REPORT_' . strtoupper($action) . 'D_SUCCESS' : 'REPORTS_' . strtoupper($action) . 'D_SUCCESS'; } else { confirm_box(false, $user->lang[strtoupper($action) . '_REPORT' . (sizeof($post_id_list) == 1 ? '' : 'S') . '_CONFIRM'], $s_hidden_fields); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { redirect($redirect); } else { meta_refresh(3, $redirect); trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>')); } }
/** * Отправляет данные как ответ на ajax запрос, если код выполняется в результате вызова callback функции, * либо добавляет сообщение в сессию для вывода в режиме redirect * @param array $params */ protected function sendMessage($params = array()) { $params = array('title' => isset($params['title']) ? $params['title'] : '', 'msg' => isset($params['msg']) ? $params['msg'] : '', 'type' => isset($params['type']) ? $params['type'] : '', 'script' => isset($params['script']) ? $params['script'] : '', 'networks' => isset($params['networks']) ? $params['networks'] : ''); if ($this->doRedirect) { $redirect = urldecode($this->request->variable('redirect', '', false, \phpbb\request\request_interface::GET)); // append/replace SID (may change during the session for AOL users) if ($params['type'] == 'success') { $redirect = reapply_sid($redirect); redirect($redirect); } if ($params['type'] == 'error') { $type = E_USER_WARNING; } else { $type = E_USER_NOTICE; } $message = (!empty($params['title']) ? '<strong>' . $params['title'] . '</strong><br/>' : '') . $params['msg']; $message .= "<p><a href='{$redirect}' class='back-url'><- " . $this->user->lang['ULOGIN_BACK_URL'] . "</a></p>"; if (!empty($params['script'])) { $token = !empty($params['script']['token']) ? $params['script']['token'] : ''; $identity = !empty($params['script']['identity']) ? $params['script']['identity'] : ''; $s = ''; if ($token && $identity) { $s = "uLogin.mergeAccounts('{$token}', '{$identity}');"; } else { if ($token) { $s = "uLogin.mergeAccounts('{$token}');"; } } if ($s) { $message .= "<script type=\"text/javascript\" src=\"//ulogin.ru/js/ulogin.js\"></script>" . "<script type=\"text/javascript\">{$s}</script>"; } } trigger_error($message, $type); } else { $json_response = new \phpbb\json_response(); $json_response->send($params); exit; } }
/** * Fork Topic */ function mcp_fork_topic($topic_ids) { global $auth, $user, $db, $template, $config; global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_'))) { return; } $to_forum_id = request_var('to_forum_id', 0); $redirect = request_var('redirect', $user->data['session_page']); $additional_msg = $success_msg = ''; $s_hidden_fields = build_hidden_fields(array('topic_id_list' => $topic_ids, 'f' => $forum_id, 'action' => 'fork', 'redirect' => $redirect)); if ($to_forum_id) { $forum_data = get_forum_data($to_forum_id); if (!sizeof($topic_ids)) { $additional_msg = $user->lang['NO_TOPICS_SELECTED']; } else { if (!sizeof($forum_data)) { $additional_msg = $user->lang['FORUM_NOT_EXIST']; } else { $forum_data = $forum_data[$to_forum_id]; if ($forum_data['forum_type'] != FORUM_POST) { $additional_msg = $user->lang['FORUM_NOT_POSTABLE']; } else { if (!$auth->acl_get('f_post', $to_forum_id)) { $additional_msg = $user->lang['USER_CANNOT_POST']; } } } } } if (!$to_forum_id || $additional_msg) { unset($_POST['confirm']); } if (confirm_box(true)) { $topic_data = get_topic_data($topic_ids); $total_posts = 0; $new_topic_id_list = array(); foreach ($topic_data as $topic_id => $topic_row) { $sql_ary = array('forum_id' => (int) $to_forum_id, 'icon_id' => (int) $topic_row['icon_id'], 'topic_attachment' => (int) $topic_row['topic_attachment'], 'topic_approved' => 1, 'topic_reported' => 0, 'topic_title' => (string) $topic_row['topic_title'], 'topic_poster' => (int) $topic_row['topic_poster'], 'topic_time' => (int) $topic_row['topic_time'], 'topic_replies' => (int) $topic_row['topic_replies_real'], 'topic_replies_real' => (int) $topic_row['topic_replies_real'], 'topic_status' => (int) $topic_row['topic_status'], 'topic_type' => (int) $topic_row['topic_type'], 'topic_first_poster_name' => (string) $topic_row['topic_first_poster_name'], 'topic_last_poster_id' => (int) $topic_row['topic_last_poster_id'], 'topic_last_poster_name' => (string) $topic_row['topic_last_poster_name'], 'topic_last_post_time' => (int) $topic_row['topic_last_post_time'], 'topic_last_view_time' => (int) $topic_row['topic_last_view_time'], 'topic_bumped' => (int) $topic_row['topic_bumped'], 'topic_bumper' => (int) $topic_row['topic_bumper'], 'poll_title' => (string) $topic_row['poll_title'], 'poll_start' => (int) $topic_row['poll_start'], 'poll_length' => (int) $topic_row['poll_length']); $db->sql_query('INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_topic_id = $db->sql_nextid(); $new_topic_id_list[$topic_id] = $new_topic_id; /** * @todo enable? (is this still needed?) * markread('topic', $to_forum_id, $new_topic_id); */ if ($topic_row['poll_start']) { $poll_rows = array(); $sql = 'SELECT * FROM ' . POLL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE topic_id = {$topic_id}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $sql_ary = array('poll_option_id' => (int) $row['poll_option_id'], 'topic_id' => (int) $new_topic_id, 'poll_option_text' => (string) $row['poll_option_text'], 'poll_option_total' => 0); $db->sql_query('INSERT INTO ' . POLL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); } } $sql = 'SELECT * FROM ' . POSTS_TABLE . "\n\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tORDER BY post_id ASC"; $result = $db->sql_query($sql); $post_rows = array(); while ($row = $db->sql_fetchrow($result)) { $post_rows[] = $row; } $db->sql_freeresult($result); if (!sizeof($post_rows)) { continue; } $total_posts += sizeof($post_rows); foreach ($post_rows as $row) { $sql_ary = array('topic_id' => (int) $new_topic_id, 'forum_id' => (int) $to_forum_id, 'poster_id' => (int) $row['poster_id'], 'icon_id' => (int) $row['icon_id'], 'poster_ip' => (string) $row['poster_ip'], 'post_time' => (int) $row['post_time'], 'post_approved' => 1, 'post_reported' => 0, 'enable_bbcode' => (int) $row['enable_bbcode'], 'enable_smilies' => (int) $row['enable_smilies'], 'enable_magic_url' => (int) $row['enable_magic_url'], 'enable_sig' => (int) $row['enable_sig'], 'post_username' => (string) $row['post_username'], 'post_subject' => (string) $row['post_subject'], 'post_text' => (string) $row['post_text'], 'post_edit_reason' => (string) $row['post_edit_reason'], 'post_edit_user' => (int) $row['post_edit_user'], 'post_checksum' => (string) $row['post_checksum'], 'post_encoding' => (string) $row['post_encoding'], 'post_attachment' => (int) $row['post_attachment'], 'bbcode_bitfield' => (int) $row['bbcode_bitfield'], 'bbcode_uid' => (string) $row['bbcode_uid'], 'post_edit_time' => (int) $row['post_edit_time'], 'post_edit_count' => (int) $row['post_edit_count'], 'post_edit_locked' => (int) $row['post_edit_locked']); $db->sql_query('INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_post_id = $db->sql_nextid(); // Copy whether the topic is dotted markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']); // Copy Attachments if ($row['post_attachment']) { $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\tWHERE post_msg_id = {$row['post_id']}\n\t\t\t\t\t\t\tAND topic_id = {$topic_id}\n\t\t\t\t\t\t\tAND in_message = 0"; $result = $db->sql_query($sql); while ($attach_row = $db->sql_fetchrow($result)) { $sql_ary = array('post_msg_id' => (int) $new_post_id, 'topic_id' => (int) $new_topic_id, 'in_message' => 0, 'poster_id' => (int) $attach_row['poster_id'], 'physical_filename' => (string) basename($attach_row['physical_filename']), 'real_filename' => (string) basename($attach_row['real_filename']), 'download_count' => (int) $attach_row['download_count'], 'comment' => (string) $attach_row['comment'], 'extension' => (string) $attach_row['extension'], 'mimetype' => (string) $attach_row['mimetype'], 'filesize' => (int) $attach_row['filesize'], 'filetime' => (int) $attach_row['filetime'], 'thumbnail' => (int) $attach_row['thumbnail']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); } $db->sql_freeresult($result); } } } // Sync new topics, parent forums and board stats sync('topic', 'topic_id', $new_topic_id_list, true); sync('forum', 'forum_id', $to_forum_id, true); set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list)); set_config('num_posts', $config['num_posts'] + $total_posts); foreach ($new_topic_id_list as $topic_id => $new_topic_id) { add_log('mod', $to_forum_id, $new_topic_id, 'LOG_FORK', $topic_row['forum_name']); } $success_msg = sizeof($topic_ids) == 1 ? 'TOPIC_FORKED_SUCCESS' : 'TOPICS_FORKED_SUCCESS'; } else { $template->assign_vars(array('S_FORUM_SELECT' => make_forum_select($to_forum_id, false, false, true, true), 'S_CAN_LEAVE_SHADOW' => false, 'ADDITIONAL_MSG' => $additional_msg)); confirm_box(false, 'FORK_TOPIC' . (sizeof($topic_ids) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_move.html'); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { redirect($redirect); } else { $redirect_url = append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id); meta_refresh(3, $redirect_url); $return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>'); if ($forum_id != $to_forum_id) { $return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $to_forum_id) . '">', '</a>'); } trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } }
/** * Validate URLs and execute apppend_sid if necessary * * @param string $url URL to process * * @return string Processed URL */ protected function validate_url($url) { $url = str_replace("\r\n", "\n", str_replace('\\"', '"', trim($url))); $url = str_replace(' ', '%20', $url); $url = str_replace('&', '&', $url); // if there is no scheme, then add http schema if (!preg_match('#^[a-z][a-z\\d+\\-.]*:/{2}#i', $url)) { $url = 'http://' . $url; } // Is this a link to somewhere inside this board? If so then run reapply_sid() if (strpos($url, generate_board_url()) !== false) { $url = reapply_sid($url); } return $url; }
/** * Disapprove Post * * @param $post_id_list array IDs of the posts to disapprove/delete * @param $id mixed Category of the current active module * @param $mode string Active module * @return null */ public static function disapprove_posts($post_id_list, $id, $mode) { global $db, $template, $user, $config, $phpbb_container, $phpbb_dispatcher; global $phpEx, $phpbb_root_path, $request, $phpbb_log; if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) { trigger_error('NOT_AUTHORISED'); } $redirect = $request->variable('redirect', build_url(array('t', 'mode', 'quickmod')) . "&mode={$mode}"); $redirect = reapply_sid($redirect); $reason = $request->variable('reason', '', true); $reason_id = $request->variable('reason_id', 0); $success_msg = $additional_msg = ''; $s_hidden_fields = build_hidden_fields(array('i' => $id, 'mode' => $mode, 'post_id_list' => $post_id_list, 'action' => 'disapprove', 'redirect' => $redirect)); $notify_poster = $request->is_set('notify_poster'); $disapprove_reason = ''; if ($reason_id) { $sql = 'SELECT reason_title, reason_description FROM ' . REPORTS_REASONS_TABLE . "\n\t\t\t\tWHERE reason_id = {$reason_id}"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row || !$reason && strtolower($row['reason_title']) == 'other') { $additional_msg = $user->lang['NO_REASON_DISAPPROVAL']; $request->overwrite('confirm', null, \phpbb\request\request_interface::POST); $request->overwrite('confirm_key', null, \phpbb\request\request_interface::POST); $request->overwrite('confirm_key', null, \phpbb\request\request_interface::REQUEST); } else { // If the reason is defined within the language file, we will use the localized version, else just use the database entry... $disapprove_reason = strtolower($row['reason_title']) != 'other' ? isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description'] : ''; $disapprove_reason .= $reason ? "\n\n" . $reason : ''; if (isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) { $disapprove_reason_lang = strtoupper($row['reason_title']); } } } $post_info = phpbb_get_post_data($post_id_list, 'm_approve'); $is_disapproving = false; foreach ($post_info as $post_id => $post_data) { if ($post_data['post_visibility'] == ITEM_DELETED) { continue; } $is_disapproving = true; } if (confirm_box(true)) { $disapprove_log = $disapprove_log_topics = $disapprove_log_posts = array(); $topic_posts_unapproved = $post_disapprove_list = $topic_information = array(); // Build a list of posts to be disapproved and get the related topics real replies count foreach ($post_info as $post_id => $post_data) { $post_disapprove_list[$post_id] = $post_data['topic_id']; if (!isset($topic_posts_unapproved[$post_data['topic_id']])) { $topic_information[$post_data['topic_id']] = $post_data; $topic_posts_unapproved[$post_data['topic_id']] = 0; } $topic_posts_unapproved[$post_data['topic_id']]++; } // Now we build the log array foreach ($post_disapprove_list as $post_id => $topic_id) { // If the count of disapproved posts for the topic is equal // to the number of unapproved posts in the topic, and there are no different // posts, we disapprove the hole topic if ($topic_information[$topic_id]['topic_posts_approved'] == 0 && $topic_information[$topic_id]['topic_posts_softdeleted'] == 0 && $topic_information[$topic_id]['topic_posts_unapproved'] == $topic_posts_unapproved[$topic_id]) { // Don't write the log more than once for every topic if (!isset($disapprove_log_topics[$topic_id])) { // Build disapproved topics log $disapprove_log_topics[$topic_id] = array('type' => 'topic', 'post_subject' => $post_info[$post_id]['topic_title'], 'forum_id' => $post_info[$post_id]['forum_id'], 'topic_id' => 0, 'post_username' => $post_info[$post_id]['poster_id'] == ANONYMOUS && !empty($post_info[$post_id]['post_username']) ? $post_info[$post_id]['post_username'] : $post_info[$post_id]['username']); } } else { // Build disapproved posts log $disapprove_log_posts[] = array('type' => 'post', 'post_subject' => $post_info[$post_id]['post_subject'], 'forum_id' => $post_info[$post_id]['forum_id'], 'topic_id' => $post_info[$post_id]['topic_id'], 'post_username' => $post_info[$post_id]['poster_id'] == ANONYMOUS && !empty($post_info[$post_id]['post_username']) ? $post_info[$post_id]['post_username'] : $post_info[$post_id]['username']); } } // Get disapproved posts/topics counts separately $num_disapproved_topics = sizeof($disapprove_log_topics); $num_disapproved_posts = sizeof($disapprove_log_posts); // Build the whole log $disapprove_log = array_merge($disapprove_log_topics, $disapprove_log_posts); // Unset unneeded arrays unset($post_data, $disapprove_log_topics, $disapprove_log_posts); // Let's do the job - delete disapproved posts if (sizeof($post_disapprove_list)) { if (!function_exists('delete_posts')) { include $phpbb_root_path . 'includes/functions_admin.' . $phpEx; } // We do not check for permissions here, because the moderator allowed approval/disapproval should be allowed to delete the disapproved posts // Note: function delete_posts triggers related forums/topics sync, // so we don't need to call update_post_information later and to adjust real topic replies or forum topics count manually delete_posts('post_id', array_keys($post_disapprove_list)); foreach ($disapprove_log as $log_data) { if ($is_disapproving) { $l_log_message = $log_data['type'] == 'topic' ? 'LOG_TOPIC_DISAPPROVED' : 'LOG_POST_DISAPPROVED'; $phpbb_log->add('mod', $user->data['user_id'], $user->ip, $l_log_message, false, array('forum_id' => $log_data['forum_id'], 'topic_id' => $log_data['topic_id'], $log_data['post_subject'], $disapprove_reason, $log_data['post_username'])); } else { $l_log_message = $log_data['type'] == 'topic' ? 'LOG_DELETE_TOPIC' : 'LOG_DELETE_POST'; $phpbb_log->add('mod', $user->data['user_id'], $user->ip, $l_log_message, false, array('forum_id' => $log_data['forum_id'], 'topic_id' => $log_data['topic_id'], $log_data['post_subject'], $log_data['post_username'])); } } } /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $lang_reasons = array(); foreach ($post_info as $post_id => $post_data) { $disapprove_all_posts_in_topic = $topic_information[$topic_id]['topic_posts_approved'] == 0 && $topic_information[$topic_id]['topic_posts_softdeleted'] == 0 && $topic_information[$topic_id]['topic_posts_unapproved'] == $topic_posts_unapproved[$topic_id]; $phpbb_notifications->delete_notifications('notification.type.post_in_queue', $post_id); // Do we disapprove the whole topic? Remove potential notifications if ($disapprove_all_posts_in_topic) { $phpbb_notifications->delete_notifications('notification.type.topic_in_queue', $post_data['topic_id']); } // Notify Poster? if ($notify_poster) { if ($post_data['poster_id'] == ANONYMOUS) { continue; } $post_data['disapprove_reason'] = $disapprove_reason; if (isset($disapprove_reason_lang)) { // Okay we need to get the reason from the posters language if (!isset($lang_reasons[$post_data['user_lang']])) { // Assign the current users translation as the default, this is not ideal but getting the board default adds another layer of complexity. $lang_reasons[$post_data['user_lang']] = $user->lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang]; // Only load up the language pack if the language is different to the current one if ($post_data['user_lang'] != $user->lang_name && file_exists($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx)) { // Load up the language pack $lang = array(); @(include $phpbb_root_path . '/language/' . basename($post_data['user_lang']) . '/mcp.' . $phpEx); // If we find the reason in this language pack use it if (isset($lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang])) { $lang_reasons[$post_data['user_lang']] = $lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang]; } unset($lang); // Free memory } } $post_data['disapprove_reason'] = $lang_reasons[$post_data['user_lang']]; $post_data['disapprove_reason'] .= $reason ? "\n\n" . $reason : ''; } if ($disapprove_all_posts_in_topic && $topic_information[$topic_id]['topic_posts_unapproved'] == 1) { // If there is only 1 post when disapproving the topic, // we send the user a "disapprove topic" notification... $phpbb_notifications->add_notifications('notification.type.disapprove_topic', $post_data); } else { // ... otherwise there are multiple unapproved posts and // all of them are disapproved as posts. $phpbb_notifications->add_notifications('notification.type.disapprove_post', $post_data); } } } if ($num_disapproved_topics) { $success_msg = $num_disapproved_topics == 1 ? 'TOPIC' : 'TOPICS'; } else { $success_msg = $num_disapproved_posts == 1 ? 'POST' : 'POSTS'; } if ($is_disapproving) { $success_msg .= '_DISAPPROVED_SUCCESS'; } else { $success_msg .= '_DELETED_SUCCESS'; } // If we came from viewtopic, we try to go back to it. if (strpos($redirect, $phpbb_root_path . 'viewtopic.' . $phpEx) === 0) { if ($num_disapproved_topics == 0) { // So we need to remove the post id part from the Url $redirect = str_replace("&p={$post_id_list[0]}#p{$post_id_list[0]}", '', $redirect); } else { // However this is only possible if the topic still exists, // Otherwise we go back to the viewforum page $redirect = append_sid($phpbb_root_path . 'viewforum.' . $phpEx, 'f=' . $request->variable('f', 0)); } } /** * Perform additional actions during post(s) disapproval * * @event core.disapprove_posts_after * @var array post_info Array containing info for all posts being disapproved * @var array topic_information Array containing information for the topics * @var array topic_posts_unapproved Array containing list of topic ids and the count of disapproved posts in them * @var array post_disapprove_list Array containing list of posts and their topic id * @var int num_disapproved_topics Variable containing the number of disapproved topics * @var int num_disapproved_posts Variable containing the number of disapproved posts * @var array lang_reasons Array containing the language keys for reasons * @var string disapprove_reason Variable containing the language key for the success message * @var string disapprove_reason_lang Variable containing the language key for the success message * @var bool is_disapproving Variable telling if anything is going to be disapproved * @var bool notify_poster Variable telling if the post should be notified or not * @var string success_msg Variable containing the language key for the success message * @var string redirect Variable containing the redirect url * @since 3.1.4-RC1 */ $vars = array('post_info', 'topic_information', 'topic_posts_unapproved', 'post_disapprove_list', 'num_disapproved_topics', 'num_disapproved_posts', 'lang_reasons', 'disapprove_reason', 'disapprove_reason_lang', 'is_disapproving', 'notify_poster', 'success_msg', 'redirect'); extract($phpbb_dispatcher->trigger_event('core.disapprove_posts_after', compact($vars))); unset($lang_reasons, $post_info, $disapprove_reason, $disapprove_reason_lang); meta_refresh(3, $redirect); $message = $user->lang[$success_msg]; if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $message, 'REFRESH_DATA' => null, 'visible' => false)); } $message .= '<br /><br />' . $user->lang('RETURN_PAGE', '<a href="' . $redirect . '">', '</a>'); trigger_error($message); } else { $show_notify = false; foreach ($post_info as $post_data) { if ($post_data['poster_id'] == ANONYMOUS) { continue; } else { $show_notify = true; break; } } $l_confirm_msg = 'DISAPPROVE_POST'; $confirm_template = 'mcp_approve.html'; if ($is_disapproving) { $phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id); } else { $user->add_lang('posting'); $l_confirm_msg = 'DELETE_POST_PERMANENTLY'; $confirm_template = 'confirm_delete_body.html'; } $l_confirm_msg .= sizeof($post_id_list) == 1 ? '' : 'S'; $template->assign_vars(array('S_NOTIFY_POSTER' => $show_notify, 'S_APPROVE' => false, 'REASON' => $is_disapproving ? $reason : '', 'ADDITIONAL_MSG' => $additional_msg)); confirm_box(false, $l_confirm_msg, $s_hidden_fields, $confirm_template); } redirect($redirect); }
/** * Fork Topic */ function mcp_fork_topic($topic_ids) { global $auth, $user, $db, $template, $config; global $phpEx, $phpbb_root_path, $phpbb_log, $request, $phpbb_dispatcher; if (!phpbb_check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_'))) { return; } $to_forum_id = $request->variable('to_forum_id', 0); $forum_id = $request->variable('f', 0); $redirect = $request->variable('redirect', build_url(array('action', 'quickmod'))); $additional_msg = $success_msg = ''; $counter = array(); $s_hidden_fields = build_hidden_fields(array('topic_id_list' => $topic_ids, 'f' => $forum_id, 'action' => 'fork', 'redirect' => $redirect)); if ($to_forum_id) { $forum_data = phpbb_get_forum_data($to_forum_id, 'f_post'); if (!sizeof($topic_ids)) { $additional_msg = $user->lang['NO_TOPIC_SELECTED']; } else { if (!sizeof($forum_data)) { $additional_msg = $user->lang['FORUM_NOT_EXIST']; } else { $forum_data = $forum_data[$to_forum_id]; if ($forum_data['forum_type'] != FORUM_POST) { $additional_msg = $user->lang['FORUM_NOT_POSTABLE']; } else { if (!$auth->acl_get('f_post', $to_forum_id)) { $additional_msg = $user->lang['USER_CANNOT_POST']; } } } } } else { if (isset($_POST['confirm'])) { $additional_msg = $user->lang['FORUM_NOT_EXIST']; } } if ($additional_msg) { $request->overwrite('confirm', null, \phpbb\request\request_interface::POST); $request->overwrite('confirm_key', null); } if (confirm_box(true)) { $topic_data = phpbb_get_topic_data($topic_ids, 'f_post'); $total_topics = $total_topics_unapproved = $total_topics_softdeleted = 0; $total_posts = $total_posts_unapproved = $total_posts_softdeleted = 0; $new_topic_id_list = array(); foreach ($topic_data as $topic_id => $topic_row) { if (!isset($search_type) && $topic_row['enable_indexing']) { // Select the search method and do some additional checks to ensure it can actually be utilised $search_type = $config['search_type']; if (!class_exists($search_type)) { trigger_error('NO_SUCH_SEARCH_MODULE'); } $error = false; $search = new $search_type($error, $phpbb_root_path, $phpEx, $auth, $config, $db, $user, $phpbb_dispatcher); $search_mode = 'post'; if ($error) { trigger_error($error); } } else { if (!isset($search_type) && !$topic_row['enable_indexing']) { $search_type = false; } } $sql_ary = array('forum_id' => (int) $to_forum_id, 'icon_id' => (int) $topic_row['icon_id'], 'topic_attachment' => (int) $topic_row['topic_attachment'], 'topic_visibility' => (int) $topic_row['topic_visibility'], 'topic_reported' => 0, 'topic_title' => (string) $topic_row['topic_title'], 'topic_poster' => (int) $topic_row['topic_poster'], 'topic_time' => (int) $topic_row['topic_time'], 'topic_posts_approved' => (int) $topic_row['topic_posts_approved'], 'topic_posts_unapproved' => (int) $topic_row['topic_posts_unapproved'], 'topic_posts_softdeleted' => (int) $topic_row['topic_posts_softdeleted'], 'topic_status' => (int) $topic_row['topic_status'], 'topic_type' => (int) $topic_row['topic_type'], 'topic_first_poster_name' => (string) $topic_row['topic_first_poster_name'], 'topic_last_poster_id' => (int) $topic_row['topic_last_poster_id'], 'topic_last_poster_name' => (string) $topic_row['topic_last_poster_name'], 'topic_last_post_time' => (int) $topic_row['topic_last_post_time'], 'topic_last_view_time' => (int) $topic_row['topic_last_view_time'], 'topic_bumped' => (int) $topic_row['topic_bumped'], 'topic_bumper' => (int) $topic_row['topic_bumper'], 'poll_title' => (string) $topic_row['poll_title'], 'poll_start' => (int) $topic_row['poll_start'], 'poll_length' => (int) $topic_row['poll_length'], 'poll_max_options' => (int) $topic_row['poll_max_options'], 'poll_vote_change' => (int) $topic_row['poll_vote_change']); $db->sql_query('INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_topic_id = $db->sql_nextid(); $new_topic_id_list[$topic_id] = $new_topic_id; switch ($topic_row['topic_visibility']) { case ITEM_APPROVED: $total_topics++; break; case ITEM_UNAPPROVED: case ITEM_REAPPROVE: $total_topics_unapproved++; break; case ITEM_DELETED: $total_topics_softdeleted++; break; } if ($topic_row['poll_start']) { $poll_rows = array(); $sql = 'SELECT * FROM ' . POLL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE topic_id = {$topic_id}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $sql_ary = array('poll_option_id' => (int) $row['poll_option_id'], 'topic_id' => (int) $new_topic_id, 'poll_option_text' => (string) $row['poll_option_text'], 'poll_option_total' => 0); $db->sql_query('INSERT INTO ' . POLL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); } $db->sql_freeresult($result); } $sql = 'SELECT * FROM ' . POSTS_TABLE . "\n\t\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tORDER BY post_time ASC, post_id ASC"; $result = $db->sql_query($sql); $post_rows = array(); while ($row = $db->sql_fetchrow($result)) { $post_rows[] = $row; } $db->sql_freeresult($result); if (!sizeof($post_rows)) { continue; } foreach ($post_rows as $row) { $sql_ary = array('topic_id' => (int) $new_topic_id, 'forum_id' => (int) $to_forum_id, 'poster_id' => (int) $row['poster_id'], 'icon_id' => (int) $row['icon_id'], 'poster_ip' => (string) $row['poster_ip'], 'post_time' => (int) $row['post_time'], 'post_visibility' => (int) $row['post_visibility'], 'post_reported' => 0, 'enable_bbcode' => (int) $row['enable_bbcode'], 'enable_smilies' => (int) $row['enable_smilies'], 'enable_magic_url' => (int) $row['enable_magic_url'], 'enable_sig' => (int) $row['enable_sig'], 'post_username' => (string) $row['post_username'], 'post_subject' => (string) $row['post_subject'], 'post_text' => (string) $row['post_text'], 'post_edit_reason' => (string) $row['post_edit_reason'], 'post_edit_user' => (int) $row['post_edit_user'], 'post_checksum' => (string) $row['post_checksum'], 'post_attachment' => (int) $row['post_attachment'], 'bbcode_bitfield' => $row['bbcode_bitfield'], 'bbcode_uid' => (string) $row['bbcode_uid'], 'post_edit_time' => (int) $row['post_edit_time'], 'post_edit_count' => (int) $row['post_edit_count'], 'post_edit_locked' => (int) $row['post_edit_locked'], 'post_postcount' => $row['post_postcount']); // Adjust post count only if the post can be incremented to the user counter if ($row['post_postcount']) { if (isset($counter[$row['poster_id']])) { ++$counter[$row['poster_id']]; } else { $counter[$row['poster_id']] = 1; } } $db->sql_query('INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_post_id = $db->sql_nextid(); switch ($row['post_visibility']) { case ITEM_APPROVED: $total_posts++; break; case ITEM_UNAPPROVED: case ITEM_REAPPROVE: $total_posts_unapproved++; break; case ITEM_DELETED: $total_posts_softdeleted++; break; } // Copy whether the topic is dotted markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']); if (!empty($search_type)) { $search->index($search_mode, $new_post_id, $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], $topic_row['topic_type'] == POST_GLOBAL ? 0 : $to_forum_id); $search_mode = 'reply'; // After one we index replies } // Copy Attachments if ($row['post_attachment']) { $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\t\t\tWHERE post_msg_id = {$row['post_id']}\n\t\t\t\t\t\t\tAND topic_id = {$topic_id}\n\t\t\t\t\t\t\tAND in_message = 0"; $result = $db->sql_query($sql); $sql_ary = array(); while ($attach_row = $db->sql_fetchrow($result)) { $sql_ary[] = array('post_msg_id' => (int) $new_post_id, 'topic_id' => (int) $new_topic_id, 'in_message' => 0, 'is_orphan' => (int) $attach_row['is_orphan'], 'poster_id' => (int) $attach_row['poster_id'], 'physical_filename' => (string) utf8_basename($attach_row['physical_filename']), 'real_filename' => (string) utf8_basename($attach_row['real_filename']), 'download_count' => (int) $attach_row['download_count'], 'attach_comment' => (string) $attach_row['attach_comment'], 'extension' => (string) $attach_row['extension'], 'mimetype' => (string) $attach_row['mimetype'], 'filesize' => (int) $attach_row['filesize'], 'filetime' => (int) $attach_row['filetime'], 'thumbnail' => (int) $attach_row['thumbnail']); } $db->sql_freeresult($result); if (sizeof($sql_ary)) { $db->sql_multi_insert(ATTACHMENTS_TABLE, $sql_ary); } } } // Copy topic subscriptions to new topic $sql = 'SELECT user_id, notify_status FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . $topic_id; $result = $db->sql_query($sql); $sql_ary = array(); while ($row = $db->sql_fetchrow($result)) { $sql_ary[] = array('topic_id' => (int) $new_topic_id, 'user_id' => (int) $row['user_id'], 'notify_status' => (int) $row['notify_status']); } $db->sql_freeresult($result); if (sizeof($sql_ary)) { $db->sql_multi_insert(TOPICS_WATCH_TABLE, $sql_ary); } // Copy bookmarks to new topic $sql = 'SELECT user_id FROM ' . BOOKMARKS_TABLE . ' WHERE topic_id = ' . $topic_id; $result = $db->sql_query($sql); $sql_ary = array(); while ($row = $db->sql_fetchrow($result)) { $sql_ary[] = array('topic_id' => (int) $new_topic_id, 'user_id' => (int) $row['user_id']); } $db->sql_freeresult($result); if (sizeof($sql_ary)) { $db->sql_multi_insert(BOOKMARKS_TABLE, $sql_ary); } } // Sync new topics, parent forums and board stats $sql = 'UPDATE ' . FORUMS_TABLE . ' SET forum_posts_approved = forum_posts_approved + ' . $total_posts . ', forum_posts_unapproved = forum_posts_unapproved + ' . $total_posts_unapproved . ', forum_posts_softdeleted = forum_posts_softdeleted + ' . $total_posts_softdeleted . ', forum_topics_approved = forum_topics_approved + ' . $total_topics . ', forum_topics_unapproved = forum_topics_unapproved + ' . $total_topics_unapproved . ', forum_topics_softdeleted = forum_topics_softdeleted + ' . $total_topics_softdeleted . ' WHERE forum_id = ' . $to_forum_id; $db->sql_query($sql); if (!empty($counter)) { // Do only one query per user and not a query per post. foreach ($counter as $user_id => $count) { $sql = 'UPDATE ' . USERS_TABLE . ' SET user_posts = user_posts + ' . (int) $count . ' WHERE user_id = ' . (int) $user_id; $db->sql_query($sql); } } sync('topic', 'topic_id', $new_topic_id_list); sync('forum', 'forum_id', $to_forum_id); $config->increment('num_topics', sizeof($new_topic_id_list), false); $config->increment('num_posts', $total_posts, false); foreach ($new_topic_id_list as $topic_id => $new_topic_id) { $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_FORK', false, array('forum_id' => $to_forum_id, 'topic_id' => $new_topic_id, $topic_row['forum_name'])); } $success_msg = sizeof($topic_ids) == 1 ? 'TOPIC_FORKED_SUCCESS' : 'TOPICS_FORKED_SUCCESS'; } else { $template->assign_vars(array('S_FORUM_SELECT' => make_forum_select($to_forum_id, false, false, true, true, true), 'S_CAN_LEAVE_SHADOW' => false, 'ADDITIONAL_MSG' => $additional_msg)); confirm_box(false, 'FORK_TOPIC' . (sizeof($topic_ids) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_move.html'); } $redirect = $request->variable('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { redirect($redirect); } else { $redirect_url = append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id); meta_refresh(3, $redirect_url); $return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>'); if ($forum_id != $to_forum_id) { $return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $to_forum_id) . '">', '</a>'); } trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } }
/** * Disapprove Post/Topic */ function disapprove_post($post_id_list, $mode) { global $db, $template, $user, $config; global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve'))) { trigger_error('NOT_AUTHORIZED'); } $redirect = request_var('redirect', build_url(array('t', 'mode')) . '&mode=unapproved_topics'); $reason = request_var('reason', '', true); $reason_id = request_var('reason_id', 0); $success_msg = $additional_msg = ''; $s_hidden_fields = build_hidden_fields(array('i' => 'queue', 'mode' => $mode, 'post_id_list' => $post_id_list, 'f' => $forum_id, 'action' => 'disapprove', 'redirect' => $redirect)); $notify_poster = isset($_REQUEST['notify_poster']) ? true : false; $disapprove_reason = ''; if ($reason_id) { $sql = 'SELECT reason_title, reason_description FROM ' . REPORTS_REASONS_TABLE . "\n\t\t\tWHERE reason_id = {$reason_id}"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row || !$reason && $row['reason_title'] == 'other') { $additional_msg = $user->lang['NO_REASON_DISAPPROVAL']; unset($_POST['confirm']); } else { // If the reason is defined within the language file, we will use the localized version, else just use the database entry... $disapprove_reason = $row['reason_title'] != 'other' ? isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description'] : ''; $disapprove_reason .= $reason ? "\n\n" . $reason : ''; } } if (confirm_box(true)) { $post_info = get_post_data($post_id_list, 'm_approve'); // If Topic -> forum_topics_real -= 1 // If Post -> topic_replies_real -= 1 $forum_topics_real = 0; $topic_replies_real_sql = $post_disapprove_sql = $topic_id_list = array(); foreach ($post_info as $post_id => $post_data) { $topic_id_list[$post_data['topic_id']] = 1; // Topic or Post. ;) if ($post_data['topic_first_post_id'] == $post_id && $post_data['topic_last_post_id'] == $post_id) { if ($post_data['forum_id']) { $forum_topics_real++; } } else { if (!isset($topic_replies_real_sql[$post_data['topic_id']])) { $topic_replies_real_sql[$post_data['topic_id']] = 1; } else { $topic_replies_real_sql[$post_data['topic_id']]++; } } $post_disapprove_sql[] = $post_id; } if ($forum_topics_real) { $sql = 'UPDATE ' . FORUMS_TABLE . "\n\t\t\t\tSET forum_topics_real = forum_topics_real - {$forum_topics_real}\n\t\t\t\tWHERE forum_id = {$forum_id}"; $db->sql_query($sql); } if (sizeof($topic_replies_real_sql)) { foreach ($topic_replies_real_sql as $topic_id => $num_replies) { $sql = 'UPDATE ' . TOPICS_TABLE . "\n\t\t\t\t\tSET topic_replies_real = topic_replies_real - {$num_replies}\n\t\t\t\t\tWHERE topic_id = {$topic_id}"; $db->sql_query($sql); } } if (sizeof($post_disapprove_sql)) { if (!function_exists('delete_posts')) { include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx; } // We do not check for permissions here, because the moderator allowed approval/disapproval should be allowed to delete the disapproved posts delete_posts('post_id', $post_disapprove_sql); } unset($post_disapprove_sql, $topic_replies_real_sql); update_post_information('topic', array_keys($topic_id_list)); update_post_information('forum', $forum_id); unset($topic_id_list); $messenger = new messenger(); // Notify Poster? if ($notify_poster) { $email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']); foreach ($post_info as $post_id => $post_data) { if ($post_data['poster_id'] == ANONYMOUS) { continue; } $email_template = $post_data['post_id'] == $post_data['topic_first_post_id'] && $post_data['post_id'] == $post_data['topic_last_post_id'] ? 'topic_disapproved' : 'post_disapproved'; $messenger->template($email_template, $post_data['user_lang']); $messenger->replyto($config['board_email']); $messenger->to($post_data['user_email'], $post_data['username']); $messenger->im($post_data['user_jabber'], $post_data['username']); $messenger->assign_vars(array('EMAIL_SIG' => $email_sig, 'SITENAME' => $config['sitename'], 'USERNAME' => html_entity_decode($post_data['username']), 'REASON' => html_entity_decode($disapprove_reason), 'POST_SUBJECT' => html_entity_decode(censor_text($post_data['post_subject'])), 'TOPIC_TITLE' => html_entity_decode(censor_text($post_data['topic_title'])))); $messenger->send($post_data['user_notify_type']); $messenger->reset(); } $messenger->save_queue(); } unset($post_info, $disapprove_reason); if ($forum_topics_real) { $success_msg = $forum_topics_real == 1 ? 'TOPIC_DISAPPROVED_SUCCESS' : 'TOPICS_DISAPPROVED_SUCCESS'; } else { $success_msg = sizeof($post_id_list) == 1 ? 'POST_DISAPPROVED_SUCCESS' : 'POSTS_DISAPPROVED_SUCCESS'; } } else { include_once $phpbb_root_path . 'includes/functions_display.' . $phpEx; display_reasons($reason_id); $template->assign_vars(array('S_NOTIFY_POSTER' => true, 'S_APPROVE' => false, 'REASON' => $reason, 'ADDITIONAL_MSG' => $additional_msg)); confirm_box(false, 'DISAPPROVE_POST' . (sizeof($post_id_list) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { redirect($redirect); } else { meta_refresh(3, $redirect); trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>')); } }
/** * Closes a report */ function close_report($report_id_list, $mode, $action, $pm = false) { global $db, $template, $user, $config, $auth; global $phpEx, $phpbb_root_path, $phpbb_container; $pm_where = $pm ? ' AND r.post_id = 0 ' : ' AND r.pm_id = 0 '; $id_column = $pm ? 'pm_id' : 'post_id'; $module = $pm ? 'pm_reports' : 'reports'; $pm_prefix = $pm ? 'PM_' : ''; $sql = "SELECT r.{$id_column}\n\t\tFROM " . REPORTS_TABLE . ' r WHERE ' . $db->sql_in_set('r.report_id', $report_id_list) . $pm_where; $result = $db->sql_query($sql); $post_id_list = array(); while ($row = $db->sql_fetchrow($result)) { $post_id_list[] = $row[$id_column]; } $post_id_list = array_unique($post_id_list); if ($pm) { if (!$auth->acl_getf_global('m_report')) { trigger_error('NOT_AUTHORISED'); } } else { if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_report'))) { trigger_error('NOT_AUTHORISED'); } } if ($action == 'delete' && strpos($user->data['session_page'], 'mode=report_details') !== false) { $redirect = request_var('redirect', build_url(array('mode', 'r', 'quickmod')) . '&mode=reports'); } else { if ($action == 'delete' && strpos($user->data['session_page'], 'mode=pm_report_details') !== false) { $redirect = request_var('redirect', build_url(array('mode', 'r', 'quickmod')) . '&mode=pm_reports'); } else { if ($action == 'close' && !request_var('r', 0)) { $redirect = request_var('redirect', build_url(array('mode', 'p', 'quickmod')) . '&mode=' . $module); } else { $redirect = request_var('redirect', build_url(array('quickmod'))); } } } $success_msg = ''; $forum_ids = array(); $topic_ids = array(); $s_hidden_fields = build_hidden_fields(array('i' => $module, 'mode' => $mode, 'report_id_list' => $report_id_list, 'action' => $action, 'redirect' => $redirect)); if (confirm_box(true)) { $post_info = $pm ? phpbb_get_pm_data($post_id_list) : phpbb_get_post_data($post_id_list, 'm_report'); $sql = "SELECT r.report_id, r.{$id_column}, r.report_closed, r.user_id, r.user_notify, u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type\n\t\t\tFROM " . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u WHERE ' . $db->sql_in_set('r.report_id', $report_id_list) . ' ' . ($action == 'close' ? 'AND r.report_closed = 0' : '') . ' AND r.user_id = u.user_id' . $pm_where; $result = $db->sql_query($sql); $reports = $close_report_posts = $close_report_topics = $notify_reporters = $report_id_list = array(); while ($report = $db->sql_fetchrow($result)) { $reports[$report['report_id']] = $report; $report_id_list[] = $report['report_id']; if (!$report['report_closed']) { $close_report_posts[] = $report[$id_column]; if (!$pm) { $close_report_topics[] = $post_info[$report['post_id']]['topic_id']; } } if ($report['user_notify'] && !$report['report_closed']) { $notify_reporters[$report['report_id']] =& $reports[$report['report_id']]; } } $db->sql_freeresult($result); if (sizeof($reports)) { $close_report_posts = array_unique($close_report_posts); $close_report_topics = array_unique($close_report_topics); if (!$pm && sizeof($close_report_posts)) { // Get a list of topics that still contain reported posts $sql = 'SELECT DISTINCT topic_id FROM ' . POSTS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . ' AND post_reported = 1 AND ' . $db->sql_in_set('post_id', $close_report_posts, true); $result = $db->sql_query($sql); $keep_report_topics = array(); while ($row = $db->sql_fetchrow($result)) { $keep_report_topics[] = $row['topic_id']; } $db->sql_freeresult($result); $close_report_topics = array_diff($close_report_topics, $keep_report_topics); unset($keep_report_topics); } $db->sql_transaction('begin'); if ($action == 'close') { $sql = 'UPDATE ' . REPORTS_TABLE . ' SET report_closed = 1 WHERE ' . $db->sql_in_set('report_id', $report_id_list); } else { $sql = 'DELETE FROM ' . REPORTS_TABLE . ' WHERE ' . $db->sql_in_set('report_id', $report_id_list); } $db->sql_query($sql); if (sizeof($close_report_posts)) { if ($pm) { $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET message_reported = 0 WHERE ' . $db->sql_in_set('msg_id', $close_report_posts); $db->sql_query($sql); if ($action == 'delete') { delete_pm(ANONYMOUS, $close_report_posts, PRIVMSGS_INBOX); } } else { $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_reported = 0 WHERE ' . $db->sql_in_set('post_id', $close_report_posts); $db->sql_query($sql); if (sizeof($close_report_topics)) { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_reported = 0 WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . ' OR ' . $db->sql_in_set('topic_moved_id', $close_report_topics); $db->sql_query($sql); } } } $db->sql_transaction('commit'); } unset($close_report_posts, $close_report_topics); $phpbb_notifications = $phpbb_container->get('notification_manager'); foreach ($reports as $report) { if ($pm) { add_log('mod', 0, 0, 'LOG_PM_REPORT_' . strtoupper($action) . 'D', $post_info[$report['pm_id']]['message_subject']); $phpbb_notifications->delete_notifications('notification.type.report_pm', $report['pm_id']); } else { add_log('mod', $post_info[$report['post_id']]['forum_id'], $post_info[$report['post_id']]['topic_id'], 'LOG_REPORT_' . strtoupper($action) . 'D', $post_info[$report['post_id']]['post_subject']); $phpbb_notifications->delete_notifications('notification.type.report_post', $report['post_id']); } } // Notify reporters if (sizeof($notify_reporters)) { foreach ($notify_reporters as $report_id => $reporter) { if ($reporter['user_id'] == ANONYMOUS) { continue; } $post_id = $reporter[$id_column]; if ($pm) { $phpbb_notifications->add_notifications('notification.type.report_pm_closed', array_merge($post_info[$post_id], array('reporter' => $reporter['user_id'], 'closer_id' => $user->data['user_id'], 'from_user_id' => $post_info[$post_id]['author_id']))); } else { $phpbb_notifications->add_notifications('notification.type.report_post_closed', array_merge($post_info[$post_id], array('reporter' => $reporter['user_id'], 'closer_id' => $user->data['user_id']))); } } } if (!$pm) { foreach ($post_info as $post) { $forum_ids[$post['forum_id']] = $post['forum_id']; $topic_ids[$post['topic_id']] = $post['topic_id']; } } unset($notify_reporters, $post_info, $reports); $success_msg = sizeof($report_id_list) == 1 ? "{$pm_prefix}REPORT_" . strtoupper($action) . 'D_SUCCESS' : "{$pm_prefix}REPORTS_" . strtoupper($action) . 'D_SUCCESS'; } else { confirm_box(false, $user->lang[strtoupper($action) . "_{$pm_prefix}REPORT" . (sizeof($report_id_list) == 1 ? '' : 'S') . '_CONFIRM'], $s_hidden_fields); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { redirect($redirect); } else { meta_refresh(3, $redirect); $return_forum = ''; $return_topic = ''; if (!$pm) { if (sizeof($forum_ids) === 1) { $return_forum = sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />'; } if (sizeof($topic_ids) === 1) { $return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 't=' . current($topic_ids) . '&f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />'; } } trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_forum . $return_topic . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>')); } }
/** * Disapprove Post/Topic */ function disapprove_post($post_id_list, $id, $mode) { global $db, $template, $user, $config; global $phpEx, $phpbb_root_path; if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) { trigger_error('NOT_AUTHORISED'); } $redirect = request_var('redirect', build_url(array('t', 'mode', 'quickmod')) . "&mode={$mode}"); $reason = utf8_normalize_nfc(request_var('reason', '', true)); $reason_id = request_var('reason_id', 0); $success_msg = $additional_msg = ''; $s_hidden_fields = build_hidden_fields(array('i' => $id, 'mode' => $mode, 'post_id_list' => $post_id_list, 'action' => 'disapprove', 'redirect' => $redirect)); $notify_poster = isset($_REQUEST['notify_poster']) ? true : false; $disapprove_reason = ''; if ($reason_id) { $sql = 'SELECT reason_title, reason_description FROM ' . REPORTS_REASONS_TABLE . "\n\t\t\tWHERE reason_id = {$reason_id}"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row || !$reason && strtolower($row['reason_title']) == 'other') { $additional_msg = $user->lang['NO_REASON_DISAPPROVAL']; unset($_POST['confirm']); } else { // If the reason is defined within the language file, we will use the localized version, else just use the database entry... $disapprove_reason = strtolower($row['reason_title']) != 'other' ? isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description'] : ''; $disapprove_reason .= $reason ? "\n\n" . $reason : ''; if (isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) { $disapprove_reason_lang = strtoupper($row['reason_title']); } $email_disapprove_reason = $disapprove_reason; } } $post_info = get_post_data($post_id_list, 'm_approve'); if (confirm_box(true)) { // If Topic -> forum_topics_real -= 1 // If Post -> topic_replies_real -= 1 $num_disapproved = 0; $forum_topics_real = $topic_id_list = $forum_id_list = $topic_replies_real_sql = $post_disapprove_sql = $disapprove_log = array(); foreach ($post_info as $post_id => $post_data) { $topic_id_list[$post_data['topic_id']] = 1; if ($post_data['forum_id']) { $forum_id_list[$post_data['forum_id']] = 1; } // Topic or Post. ;) /** * @todo this probably is a different method than the one used by delete_posts, does this cause counter inconsistency? */ if ($post_data['topic_first_post_id'] == $post_id && $post_data['topic_last_post_id'] == $post_id) { if ($post_data['forum_id']) { if (!isset($forum_topics_real[$post_data['forum_id']])) { $forum_topics_real[$post_data['forum_id']] = 0; } $forum_topics_real[$post_data['forum_id']]++; $num_disapproved++; } $disapprove_log[] = array('type' => 'topic', 'post_subject' => $post_data['post_subject'], 'forum_id' => $post_data['forum_id'], 'topic_id' => 0); } else { if (!isset($topic_replies_real_sql[$post_data['topic_id']])) { $topic_replies_real_sql[$post_data['topic_id']] = 0; } $topic_replies_real_sql[$post_data['topic_id']]++; $disapprove_log[] = array('type' => 'post', 'post_subject' => $post_data['post_subject'], 'forum_id' => $post_data['forum_id'], 'topic_id' => $post_data['topic_id']); } $post_disapprove_sql[] = $post_id; } unset($post_data); if (sizeof($forum_topics_real)) { foreach ($forum_topics_real as $forum_id => $topics_real) { $sql = 'UPDATE ' . FORUMS_TABLE . "\n\t\t\t\t\tSET forum_topics_real = forum_topics_real - {$topics_real}\n\t\t\t\t\tWHERE forum_id = {$forum_id}"; $db->sql_query($sql); } } if (sizeof($topic_replies_real_sql)) { foreach ($topic_replies_real_sql as $topic_id => $num_replies) { $sql = 'UPDATE ' . TOPICS_TABLE . "\n\t\t\t\t\tSET topic_replies_real = topic_replies_real - {$num_replies}\n\t\t\t\t\tWHERE topic_id = {$topic_id}"; $db->sql_query($sql); } } if (sizeof($post_disapprove_sql)) { if (!function_exists('delete_posts')) { include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx; } // We do not check for permissions here, because the moderator allowed approval/disapproval should be allowed to delete the disapproved posts delete_posts('post_id', $post_disapprove_sql); foreach ($disapprove_log as $log_data) { add_log('mod', $log_data['forum_id'], $log_data['topic_id'], $log_data['type'] == 'topic' ? 'LOG_TOPIC_DISAPPROVED' : 'LOG_POST_DISAPPROVED', $log_data['post_subject'], $disapprove_reason); } } unset($post_disapprove_sql, $topic_replies_real_sql); update_post_information('topic', array_keys($topic_id_list)); if (sizeof($forum_id_list)) { update_post_information('forum', array_keys($forum_id_list)); } unset($topic_id_list, $forum_id_list); $messenger = new messenger(); // Notify Poster? if ($notify_poster) { $lang_reasons = array(); foreach ($post_info as $post_id => $post_data) { if ($post_data['poster_id'] == ANONYMOUS) { continue; } if (isset($disapprove_reason_lang)) { // Okay we need to get the reason from the posters language if (!isset($lang_reasons[$post_data['user_lang']])) { // Assign the current users translation as the default, this is not ideal but getting the board default adds another layer of complexity. $lang_reasons[$post_data['user_lang']] = $user->lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang]; // Only load up the language pack if the language is different to the current one if ($post_data['user_lang'] != $user->lang_name && file_exists($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx)) { // Load up the language pack $lang = array(); @(include $phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx); // If we find the reason in this language pack use it if (isset($lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang])) { $lang_reasons[$post_data['user_lang']] = $lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang]; } unset($lang); // Free memory } } $email_disapprove_reason = $lang_reasons[$post_data['user_lang']]; $email_disapprove_reason .= $reason ? "\n\n" . $reason : ''; } $email_template = $post_data['post_id'] == $post_data['topic_first_post_id'] && $post_data['post_id'] == $post_data['topic_last_post_id'] ? 'topic_disapproved' : 'post_disapproved'; $messenger->template($email_template, $post_data['user_lang']); $messenger->to($post_data['user_email'], $post_data['username']); $messenger->im($post_data['user_jabber'], $post_data['username']); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($post_data['username']), 'REASON' => htmlspecialchars_decode($email_disapprove_reason), 'POST_SUBJECT' => htmlspecialchars_decode(censor_text($post_data['post_subject'])), 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($post_data['topic_title'])))); $messenger->send($post_data['user_notify_type']); } unset($lang_reasons); } unset($post_info, $disapprove_reason, $email_disapprove_reason, $disapprove_reason_lang); $messenger->save_queue(); if (sizeof($forum_topics_real)) { $success_msg = $num_disapproved == 1 ? 'TOPIC_DISAPPROVED_SUCCESS' : 'TOPICS_DISAPPROVED_SUCCESS'; } else { $success_msg = sizeof($post_id_list) == 1 ? 'POST_DISAPPROVED_SUCCESS' : 'POSTS_DISAPPROVED_SUCCESS'; } } else { include_once $phpbb_root_path . 'includes/functions_display.' . $phpEx; display_reasons($reason_id); $show_notify = false; foreach ($post_info as $post_data) { if ($post_data['poster_id'] == ANONYMOUS) { continue; } else { $show_notify = true; break; } } $template->assign_vars(array('S_NOTIFY_POSTER' => $show_notify, 'S_APPROVE' => false, 'REASON' => $reason, 'ADDITIONAL_MSG' => $additional_msg)); confirm_box(false, 'DISAPPROVE_POST' . (sizeof($post_id_list) == 1 ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { redirect($redirect); } else { meta_refresh(3, $redirect); trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], "<a href=\"{$redirect}\">", '</a>')); } }
$auth->login($user->data['username'], '', false, 1, true); if (isset($_SESSION['JOSSO_ORIGINAL_URL'])) { $backToUrl = $_SESSION['JOSSO_ORIGINAL_URL']; unset($_SESSION['JOSSO_ORIGINAL_URL']); } else { if (isset($josso_defaultResource)) { $backToUrl = $josso_defaultResource; } } // Set P3P Header $p3pHeaderValue = $josso_agent->getP3PHeaderValue(); if (isset($p3pHeaderValue)) { header($josso_agent->getP3PHeaderValue()); } if (isset($backToUrl)) { $backToUrl = reapply_sid($backToUrl); forceRedirect($backToUrl, true); } } } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <body onload="document.forms[0].submit()"> <noscript> <p> <strong>Note:</strong> Since your browser does not support JavaScript, you must press the Continue button once to proceed.
/** * Generate login box or verify password */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; if (!class_exists('phpbb_captcha_factory')) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; } $err = ''; // Make sure user->setup() has been called if (empty($user->lang)) { $user->setup(); } // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } if (isset($_POST['login'])) { // Get credential if ($admin) { $credential = request_var('credential', ''); if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) { if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } $password = request_var('password_' . $credential, '', true); } else { $password = request_var('password', '', true); } $username = request_var('username', '', true); $autologin = !empty($_POST['autologin']) ? true : false; $viewonline = !empty($_POST['viewonline']) ? 0 : 1; $admin = $admin ? 1 : 0; $viewonline = $admin ? $user->data['session_viewonline'] : $viewonline; // Check if the supplied username is equal to the one stored within the database if re-authenticating if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } // If authentication is successful we redirect user to previous page $result = $auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}"); $message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT']; $l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) { return; } $redirect = meta_refresh(3, $redirect); trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { trigger_error($result['error_msg']); } // Special cases... determine switch ($result['status']) { case LOGIN_ERROR_ATTEMPTS: $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); // $captcha->reset(); $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); $err = $user->lang[$result['error_msg']]; break; case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : ''); break; // Username, password, etc... // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { $err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'); } break; } } // Assign credential for username/password pair $credential = $admin ? md5(unique_id()) : false; $s_hidden_fields = array('sid' => $user->session_id); if ($redirect) { $s_hidden_fields['redirect'] = $redirect; } if ($admin) { $s_hidden_fields['credential'] = $credential; } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password')); page_header($user->lang['LOGIN'], false); $template->set_filenames(array('body' => 'login_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); page_footer(); }
if (isset($_SESSION['JOSSO_ORIGINAL_URL'])) { $backToUrl = $_SESSION['JOSSO_ORIGINAL_URL']; unset($_SESSION['JOSSO_ORIGINAL_URL']); } else { if (isset($josso_defaultResource)) { $backToUrl = $josso_defaultResource; } } // Set P3P Header $p3pHeaderValue = $josso_agent->getP3PHeaderValue(); if (isset($p3pHeaderValue)) { header($josso_agent->getP3PHeaderValue()); } if (isset($backToUrl)) { if (isset($jossoUser)) { $backToUrl = str_replace('&', '&', reapply_sid($backToUrl)); } forceRedirect($backToUrl, true); } // No page is stored or no session was found, just display an error one ... ?> <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <head> <title>JOSSO - PHP Problem</title> <meta name="description" content="Java Open Single Signon"> </head> <body> <h1>JOSSO Encountered a Problem!</h1> <h2>Either you accessed this page directly or no PHP Session support is available!</h2>
/** * Merge selected posts into selected topic */ function merge_posts($topic_id, $to_topic_id) { global $db, $template, $user, $phpEx, $phpbb_root_path, $auth; if (!$to_topic_id) { $template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']); return; } $topic_data = get_topic_data(array($to_topic_id), 'm_merge'); if (!sizeof($topic_data)) { $template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']); return; } $topic_data = $topic_data[$to_topic_id]; $post_id_list = request_var('post_id_list', array(0)); $start = request_var('start', 0); if (!sizeof($post_id_list)) { $template->assign_var('MESSAGE', $user->lang['NO_POST_SELECTED']); return; } if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_merge'))) { return; } $redirect = request_var('redirect', build_url(array('quickmod'))); $s_hidden_fields = build_hidden_fields(array('i' => 'main', 'post_id_list' => $post_id_list, 'to_topic_id' => $to_topic_id, 'mode' => 'topic_view', 'action' => 'merge_posts', 'start' => $start, 'redirect' => $redirect, 't' => $topic_id)); $success_msg = $return_link = ''; if (confirm_box(true)) { $to_forum_id = $topic_data['forum_id']; move_posts($post_id_list, $to_topic_id); add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $topic_data['topic_title']); // Message and return links $success_msg = 'POSTS_MERGED_SUCCESS'; // Does the original topic still exist? If yes, link back to it $sql = 'SELECT forum_id FROM ' . TOPICS_TABLE . ' WHERE topic_id = ' . $topic_id; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $row['forum_id'] . '&t=' . $topic_id) . '">', '</a>'); } else { // If the topic no longer exist, we will update the topic watch table. // To not let it error out on users watching both topics, we just return on an error... $db->sql_return_on_error(true); $db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . ' SET topic_id = ' . (int) $to_topic_id . ' WHERE topic_id = ' . (int) $topic_id); $db->sql_return_on_error(false); $db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . (int) $topic_id); } // Link to the new topic $return_link .= ($return_link ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>'); } else { confirm_box(false, 'MERGE_POSTS', $s_hidden_fields); } $redirect = request_var('redirect', "index.{$phpEx}"); $redirect = reapply_sid($redirect); if (!$success_msg) { return; } else { meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "f={$to_forum_id}&t={$to_topic_id}")); trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } }
$forum_ids = request_var('forum_id', array(0 => 0)); $cat = false; if (!$forum_ids && !$global) { trigger_error('NOTHING_SELECTED'); } if ($global) { // reset forum_ids, we don't want any user input $forum_ids = array(); } else { // is there a category which has been selected? foreach ($forum_ids as $forum_id) { $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . "\n\t\t\t\tWHERE forum_id = {$forum_id}\n\t\t\t\t\tAND forum_type = " . FORUM_CAT; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $cat = true; break; } } } // build URL only with necessary elements in correct order $url = build_feed_url(); redirect(reapply_sid($url)); } // Lets build a page ... $template->assign_vars(array('S_FORUM_OPTIONS' => make_forum_select(false, false, false, false, false, false, false, true), 'S_ACTION' => append_sid("{$phpbb_root_path}create_syndication.{$phpEx}"), 'NUMBER_ITEMS' => $config['syndication_items'], 'L_SYNDICATION_ADMIN_LIMIT' => sprintf($user->lang['SYNDICATION_ADMIN_LIMIT'], $config['syndication_items']))); page_header($user->lang['CUSTOM_SYNDICATION_TITLE']); $template->set_filenames(array('body' => 'syndication_body.html')); page_footer();
/** * Generate login box or verify password */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; $err = ''; // Make sure user->setup() has been called if (empty($user->lang)) { $user->setup(); } // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } if (isset($_POST['login'])) { // Get credential if ($admin) { $credential = request_var('credential', ''); if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) { if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } $password = request_var('password_' . $credential, '', true); } else { $password = request_var('password', '', true); } $username = request_var('username', '', true); $autologin = !empty($_POST['autologin']) ? true : false; $viewonline = !empty($_POST['viewonline']) ? 0 : 1; $admin = $admin ? 1 : 0; $viewonline = $admin ? $user->data['session_viewonline'] : $viewonline; // Check if the supplied username is equal to the one stored within the database if re-authenticating if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } // If authentication is successful we redirect user to previous page $result = $auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}"); $message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT']; $l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) { return; } $redirect = meta_refresh(3, $redirect); trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { trigger_error($result['error_msg']); } // Special cases... determine switch ($result['status']) { case LOGIN_ERROR_ATTEMPTS: // Show confirm image $sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\t\t\tAND confirm_type = " . CONFIRM_LOGIN; $db->sql_query($sql); // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); $seed = hexdec(substr(unique_id(), 4, 10)); // compute $seed % 0x7fffffff $seed -= 0x7fffffff * floor($seed / 0x7fffffff); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_LOGIN, 'code' => (string) $code, 'seed' => (int) $seed)); $db->sql_query($sql); $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN) . '" alt="" title="" />', 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'))); $err = $user->lang[$result['error_msg']]; break; case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : ''); break; // Username, password, etc... // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { $err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'); } break; } } if (!$redirect) { // We just use what the session code determined... // If we are not within the admin directory we use the page dir... $redirect = ''; if (!$admin) { $redirect .= $user->page['page_dir'] ? $user->page['page_dir'] . '/' : ''; } $redirect .= $user->page['page_name'] . ($user->page['query_string'] ? '?' . htmlspecialchars($user->page['query_string']) : ''); } // Assign credential for username/password pair $credential = $admin ? md5(unique_id()) : false; $s_hidden_fields = array('redirect' => $redirect, 'sid' => $user->session_id); if ($admin) { $s_hidden_fields['credential'] = $credential; } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_LOGIN_ACTION' => !$admin ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login') : append_sid("index.{$phpEx}", false, true, $user->session_id), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password')); page_header($user->lang['LOGIN'], false); $template->set_filenames(array('body' => 'login_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); page_footer(); }
/** * Reset module settings to default options * * @param int $id ID of the acp_portal module * @param string|int $mode Mode of the acp_portal module * @param int $module_id ID of the module that should be reset * @param array $module_data Array containing the module's database row */ protected function reset_module($id, $mode, $module_id, $module_data) { if (confirm_box(true)) { $sql_ary = array('module_name' => $this->c_class->name, 'module_image_src' => $this->c_class->image_src, 'module_group_ids' => '', 'module_image_height' => 16, 'module_image_width' => 16, 'module_status' => B3_MODULE_ENABLED); $sql = 'UPDATE ' . PORTAL_MODULES_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE module_id = ' . (int) $module_id; $this->db->sql_query($sql); $affected_rows = $this->db->sql_affectedrows(); if (empty($affected_rows)) { // We need to return to the module config meta_refresh(3, reapply_sid($this->u_action . "&module_id={$module_id}")); trigger_error($this->user->lang['MODULE_NOT_EXISTS'] . adm_back_link($this->u_action . "&module_id={$module_id}"), E_USER_WARNING); } $this->cache->destroy('config'); $this->cache->destroy('portal_config'); $portal_config = obtain_portal_config(); // we need to prevent duplicate entry errors $this->c_class->install($module_id); $this->cache->purge(); // We need to return to the module config meta_refresh(3, reapply_sid($this->u_action . "&module_id={$module_id}")); trigger_error($this->user->lang['MODULE_RESET_SUCCESS'] . adm_back_link($this->u_action . "&module_id={$module_id}")); } else { $confirm_text = isset($this->user->lang[$module_data['module_name']]) ? sprintf($this->user->lang['MODULE_RESET_CONFIRM'], $this->user->lang[$module_data['module_name']]) : sprintf($this->user->lang['DELETE_MODULE_CONFIRM'], utf8_normalize_nfc($module_data['module_name'])); confirm_box(false, $confirm_text, build_hidden_fields(array('i' => $id, 'mode' => $mode, 'module_reset' => true, 'module_id' => $module_id))); } }