/** * Fetches information about the selected message with permission checks * * @param integer The post we want info about * @param mixed Should a permission check be performed as well * * @return array Array of information about the message or prints an error if it doesn't exist / permission problems */ function verify_visitormessage($vmid, $alert = true, $perm_check = true) { global $vbulletin, $vbphrase; $messageinfo = fetch_visitormessageinfo($vmid); if (!$messageinfo) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } else { return 0; } } if ($perm_check) { if ($messageinfo['state'] == 'deleted') { $can_view_deleted = (can_moderate(0, 'canmoderatevisitormessages') or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile']); if (!$can_view_deleted) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } } if ($messageinfo['state'] == 'moderation') { $can_view_moderated = ($messageinfo['postuserid'] == $vbulletin->userinfo['userid'] or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile'] or can_moderate(0, 'canmoderatevisitormessages')); if (!$can_view_moderated) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } } // Need coventry support first // if (in_coventry($userinfo['userid']) AND !can_moderate()) // { // standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); // } } return $messageinfo; }
print_description_row($vbphrase['no_events_awaiting_moderation']); print_table_footer(); } else { print_submit_row(); } } // ###################### Start do message moderation ####################### if ($_POST['do'] == 'domessages') { $vbulletin->input->clean_array_gpc('p', array('messageaction' => TYPE_ARRAY_INT, 'messagesubject' => TYPE_ARRAY_STR, 'messagetext' => TYPE_ARRAY_STR)); require_once DIR . '/includes/functions_visitormessage.php'; foreach ($vbulletin->GPC['messageaction'] as $vmid => $action) { $vmid = intval($vmid); if (!can_moderate(0, 'canmoderatevisitormessages')) { continue; } $messageinfo = fetch_visitormessageinfo($vmid); if (!$messageinfo or $messageinfo['state'] != 'moderation') { continue; } $dataman =& datamanager_init('VisitorMessage', $vbulletin, ERRTYPE_SILENT); $dataman->set_existing($messageinfo); if ($action == 1) { // validate #$dataman->set('title', $vbulletin->GPC['messagesubject']["$vmid"]); if (can_moderate(0, 'caneditvisitormessages')) { $dataman->set('pagetext', $vbulletin->GPC['messagetext']["{$vmid}"]); } $dataman->set('state', 'visible'); $dataman->save(); } else { if ($action == -1 and can_moderate(0, 'candeletevisitormessages')) {