/** * Called from a mouse click, * works out what we want to do with attachments and actions it. * Accessed by ?action=attachapprove */ public function action_attachapprove() { global $user_info; // Security is our primary concern... checkSession('get'); // If it approve or delete? $is_approve = !isset($_GET['sa']) || $_GET['sa'] != 'reject' ? true : false; $attachments = array(); require_once SUBSDIR . '/ManageAttachments.subs.php'; // If we are approving all ID's in a message , get the ID's. if ($_GET['sa'] == 'all' && !empty($_GET['mid'])) { $id_msg = (int) $_GET['mid']; $attachments = attachmentsOfMessage($id_msg); } elseif (!empty($_GET['aid'])) { $attachments[] = (int) $_GET['aid']; } if (empty($attachments)) { fatal_lang_error('no_access', false); } // @todo nb: this requires permission to approve posts, not manage attachments // Now we have some ID's cleaned and ready to approve, but first - let's check we have permission! $allowed_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts'); if ($allowed_boards == array(0)) { $approve_query = ''; } elseif (!empty($allowed_boards)) { $approve_query = ' AND m.id_board IN (' . implode(',', $allowed_boards) . ')'; } else { $approve_query = ' AND 0'; } // Validate the attachments exist and have the right approval state. $attachments = validateAttachments($attachments, $approve_query); // Set up a return link based off one of the attachments for this message $attach_home = attachmentBelongsTo($attachments[0]); $redirect = 'topic=' . $attach_home['id_topic'] . '.msg' . $attach_home['id_msg'] . '#msg' . $attach_home['id_msg']; if (empty($attachments)) { fatal_lang_error('no_access', false); } // Finally, we are there. Follow through! if ($is_approve) { // Checked and deemed worthy. approveAttachments($attachments); } else { removeAttachments(array('id_attach' => $attachments, 'do_logging' => true)); } // We approved or removed, either way we reset those numbers cache_put_data('num_menu_errors', null, 900); // Return to the topic.... redirectexit($redirect); }
/** * This is a helper function: approve everything unapproved. * Used from moderation panel. */ function approveAllUnapproved() { $db = database(); // Start with messages and topics. $request = $db->query('', ' SELECT id_msg FROM {db_prefix}messages WHERE approved = {int:not_approved}', array('not_approved' => 0)); $msgs = array(); while ($row = $db->fetch_row($request)) { $msgs[] = $row[0]; } $db->free_result($request); if (!empty($msgs)) { require_once SUBSDIR . '/Post.subs.php'; approvePosts($msgs); cache_put_data('num_menu_errors', null, 900); } // Now do attachments $request = $db->query('', ' SELECT id_attach FROM {db_prefix}attachments WHERE approved = {int:not_approved}', array('not_approved' => 0)); $attaches = array(); while ($row = $db->fetch_row($request)) { $attaches[] = $row[0]; } $db->free_result($request); if (!empty($attaches)) { require_once SUBSDIR . '/ManageAttachments.subs.php'; approveAttachments($attaches); cache_put_data('num_menu_errors', null, 900); } }
/** * View all unapproved attachments. */ public function action_unapproved_attachments() { global $txt, $scripturl, $context, $user_info, $modSettings; $context['page_title'] = $txt['mc_unapproved_attachments']; // Once again, permissions are king! $approve_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts'); if ($approve_boards == array(0)) { $approve_query = ''; } elseif (!empty($approve_boards)) { $approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')'; } else { $approve_query = ' AND 0'; } // Get together the array of things to act on, if any. $attachments = array(); if (isset($_GET['approve'])) { $attachments[] = (int) $_GET['approve']; } elseif (isset($_GET['delete'])) { $attachments[] = (int) $_GET['delete']; } elseif (isset($_POST['item'])) { foreach ($_POST['item'] as $item) { $attachments[] = (int) $item; } } // Are we approving or deleting? if (isset($_GET['approve']) || isset($_POST['do']) && $_POST['do'] == 'approve') { $curAction = 'approve'; } elseif (isset($_GET['delete']) || isset($_POST['do']) && $_POST['do'] == 'delete') { $curAction = 'delete'; } // Something to do, let's do it! if (!empty($attachments) && isset($curAction)) { checkSession('request'); // This will be handy. require_once SUBSDIR . '/ManageAttachments.subs.php'; // Confirm the attachments are eligible for changing! $attachments = validateAttachments($attachments, $approve_query); // Assuming it wasn't all like, proper illegal, we can do the approving. if (!empty($attachments)) { if ($curAction == 'approve') { approveAttachments($attachments); } else { removeAttachments(array('id_attach' => $attachments, 'do_logging' => true)); } cache_put_data('num_menu_errors', null, 900); } } require_once SUBSDIR . '/GenericList.class.php'; require_once SUBSDIR . '/ManageAttachments.subs.php'; $listOptions = array('id' => 'mc_unapproved_attach', 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_unapproved_attachments_none_found'], 'base_href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'default_sort_col' => 'attach_name', 'get_items' => array('function' => 'list_getUnapprovedAttachments', 'params' => array($approve_query)), 'get_count' => array('function' => 'list_getNumUnapprovedAttachments', 'params' => array($approve_query)), 'columns' => array('attach_name' => array('header' => array('value' => $txt['mc_unapproved_attach_name']), 'data' => array('db' => 'filename'), 'sort' => array('default' => 'a.filename', 'reverse' => 'a.filename DESC')), 'attach_size' => array('header' => array('value' => $txt['mc_unapproved_attach_size']), 'data' => array('db' => 'size'), 'sort' => array('default' => 'a.size', 'reverse' => 'a.size DESC')), 'attach_poster' => array('header' => array('value' => $txt['mc_unapproved_attach_poster']), 'data' => array('function' => create_function('$data', ' return $data[\'poster\'][\'link\'];')), 'sort' => array('default' => 'm.id_member', 'reverse' => 'm.id_member DESC')), 'date' => array('header' => array('value' => $txt['date'], 'style' => 'width: 18%;'), 'data' => array('db' => 'time', 'class' => 'smalltext', 'style' => 'white-space:nowrap;'), 'sort' => array('default' => 'm.poster_time', 'reverse' => 'm.poster_time DESC')), 'message' => array('header' => array('value' => $txt['post']), 'data' => array('function' => create_function('$data', ' global $modSettings; return \'<a href="\' . $data[\'message\'][\'href\'] . \'">\' . Util::shorten_text($data[\'message\'][\'subject\'], !empty($modSettings[\'subject_length\']) ? $modSettings[\'subject_length\'] : 24) . \'</a>\';'), 'class' => 'smalltext', 'style' => 'width:15em;'), 'sort' => array('default' => 'm.subject', 'reverse' => 'm.subject DESC')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />', 'params' => array('id' => false))))), 'form' => array('href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id']), 'token' => 'mod-ap'), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => ' <select name="do" onchange="if (this.value != 0 && confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();"> <option value="0">' . $txt['with_selected'] . ':</option> <option value="0" disabled="disabled">' . str_repeat('—', strlen($txt['approve'])) . '</option> <option value="approve">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['approve'] . '</option> <option value="delete">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['delete'] . '</option> </select> <noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>', 'class' => 'floatright'))); // Create the request list. createToken('mod-ap'); createList($listOptions); $context['sub_template'] = 'show_list'; $context['default_list'] = 'mc_unapproved_attach'; $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_unapproved_attachments'], 'help' => '', 'description' => $txt['mc_unapproved_attachments_desc']); }