public function deletepost($id) { global $lang_common, $lang_post, $pd; if ($this->user->g_read_board == '0') { message($lang_common['No view'], '403'); } // Fetch some informations about the post, the topic and the forum $cur_post = $this->model->get_info_delete($id); if ($this->config['o_censoring'] == '1') { $cur_post['subject'] = censor_words($cur_post['subject']); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_post['moderators'] != '' ? unserialize($cur_post['moderators']) : array(); $is_admmod = $this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && array_key_exists($this->user->username, $mods_array) ? true : false; $is_topic_post = $id == $cur_post['first_post_id'] ? true : false; // Do we have permission to edit this post? if (($this->user->g_delete_posts == '0' || $this->user->g_delete_topics == '0' && $is_topic_post || $cur_post['poster_id'] != $this->user->id || $cur_post['closed'] == '1') && !$is_admmod) { message($lang_common['No permission'], '403'); } if ($is_admmod && $this->user->g_id != FEATHER_ADMIN && in_array($cur_post['poster_id'], get_admin_ids())) { message($lang_common['No permission'], '403'); } // Load the delete.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/delete.php'; if ($this->feather->request()->isPost()) { $this->model->handle_deletion($is_topic_post, $id, $cur_post['tid'], $cur_post['fid']); } $page_title = array(feather_escape($this->config['o_board_title']), $lang_delete['Delete post']); define('FEATHER_ACTIVE_PAGE', 'delete'); $this->header->setTitle($page_title)->display(); require FEATHER_ROOT . 'include/parser.php'; $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']); $this->feather->render('delete.php', array('lang_common' => $lang_common, 'lang_delete' => $lang_delete, 'cur_post' => $cur_post, 'id' => $id, 'is_topic_post' => $is_topic_post)); $this->footer->display(); }
public function display($id = null, $name = null, $page = null, $pid = null) { global $lang_common, $lang_post, $lang_topic, $lang_bbeditor, $pd; if ($this->user->g_read_board == '0') { message($lang_common['No view'], '403'); } // Load the viewtopic.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/topic.php'; // Load the post.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/post.php'; // Antispam feature require FEATHER_ROOT . 'lang/' . $this->user->language . '/antispam.php'; $index_questions = rand(0, count($lang_antispam_questions) - 1); // BBcode toolbar feature require FEATHER_ROOT . 'lang/' . $this->user['language'] . '/bbeditor.php'; // Load the viewtopic.php model file require_once FEATHER_ROOT . 'model/viewtopic.php'; // Fetch some informations about the topic TODO $cur_topic = $this->model->get_info_topic($id); // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_topic['moderators'] != '' ? unserialize($cur_topic['moderators']) : array(); $is_admmod = $this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && array_key_exists($this->user->username, $mods_array) ? true : false; if ($is_admmod) { $admin_ids = get_admin_ids(); } // Can we or can we not post replies? $post_link = $this->model->get_post_link($id, $cur_topic['closed'], $cur_topic['post_replies'], $is_admmod); // Add/update this topic in our list of tracked topics if (!$this->user->is_guest) { $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$id] = time(); set_tracked_topics($tracked_topics); } // Determine the post offset (based on $_GET['p']) $num_pages = ceil(($cur_topic['num_replies'] + 1) / $this->user->disp_posts); $p = !isset($page) || $page <= 1 || $page > $num_pages ? 1 : intval($page); $start_from = $this->user->disp_posts * ($p - 1); $url_topic = url_friendly($cur_topic['subject']); $url_forum = url_friendly($cur_topic['forum_name']); // Generate paging links $paging_links = '<span class="pages-label">' . $lang_common['Pages'] . ' </span>' . paginate($num_pages, $p, 'topic/' . $id . '/' . $url_topic . '/#'); if ($this->config['o_censoring'] == '1') { $cur_topic['subject'] = censor_words($cur_topic['subject']); } $quickpost = $this->model->is_quickpost($cur_topic['post_replies'], $cur_topic['closed'], $is_admmod); $subscraction = $this->model->get_subscraction($cur_topic['is_subscribed'], $id); // Add relationship meta tags $page_head = $this->model->get_page_head($id, $num_pages, $p, $url_topic); $page_title = array(feather_escape($this->config['o_board_title']), feather_escape($cur_topic['forum_name']), feather_escape($cur_topic['subject'])); define('FEATHER_ALLOW_INDEX', 1); define('FEATHER_ACTIVE_PAGE', 'viewtopic'); $this->header->setTitle($page_title)->setPage($p)->setPagingLinks($paging_links)->setPageHead($page_head)->display(); $forum_id = $cur_topic['forum_id']; require FEATHER_ROOT . 'include/parser.php'; $this->feather->render('viewtopic.php', array('id' => $id, 'p' => $p, 'post_data' => $this->model->print_posts($id, $start_from, $cur_topic, $is_admmod), 'lang_common' => $lang_common, 'lang_topic' => $lang_topic, 'lang_post' => $lang_post, 'lang_bbeditor' => $lang_bbeditor, 'cur_topic' => $cur_topic, 'subscraction' => $subscraction, 'is_admmod' => $is_admmod, 'feather_config' => $this->config, 'paging_links' => $paging_links, 'post_link' => $post_link, 'start_from' => $start_from, 'lang_antispam' => $lang_antispam, 'pid' => $pid, 'quickpost' => $quickpost, 'index_questions' => $index_questions, 'lang_antispam_questions' => $lang_antispam_questions, 'url_forum' => $url_forum, 'url_topic' => $url_topic, 'feather' => $this->feather)); // Increment "num_views" for topic $this->model->increment_views($id); $this->footer->display('viewtopic', $id, $p, $pid, $cur_topic['forum_id'], $num_pages); }
public function editpost($id) { global $lang_common, $lang_prof_reg, $lang_post, $lang_register; if ($this->user->g_read_board == '0') { message($lang_common['No view'], '403'); } // Fetch some informations about the post, the topic and the forum $cur_post = $this->model->get_info_edit($id); // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_post['moderators'] != '' ? unserialize($cur_post['moderators']) : array(); $is_admmod = $this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && array_key_exists($this->user->username, $mods_array) ? true : false; $can_edit_subject = $id == $cur_post['first_post_id']; if ($this->config['o_censoring'] == '1') { $cur_post['subject'] = censor_words($cur_post['subject']); $cur_post['message'] = censor_words($cur_post['message']); } // Do we have permission to edit this post? if (($this->user->g_edit_posts == '0' || $cur_post['poster_id'] != $this->user->id || $cur_post['closed'] == '1') && !$is_admmod) { message($lang_common['No permission'], '403'); } if ($is_admmod && $this->user->g_id != FEATHER_ADMIN && in_array($cur_post['poster_id'], get_admin_ids())) { message($lang_common['No permission'], '403'); } // Load the post.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/post.php'; // Load the bbeditor.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/bbeditor.php'; // Start with a clean slate $errors = array(); if ($this->feather->request()->isPost()) { // Let's see if everything went right $errors = $this->model->check_errors_before_edit($id, $can_edit_subject, $errors); // Setup some variables before post $post = $this->model->setup_variables($cur_post, $is_admmod, $can_edit_subject, $errors); // Did everything go according to plan? if (empty($errors) && !$this->request->post('preview')) { // Edit the post $this->model->edit_post($id, $can_edit_subject, $post, $cur_post, $is_admmod); redirect(get_link('post/' . $id . '/#p' . $id), $lang_post['Post redirect']); } } else { $post = ''; } $page_title = array(feather_escape($this->config['o_board_title']), $lang_post['Edit post']); $required_fields = array('req_subject' => $lang_common['Subject'], 'req_message' => $lang_common['Message']); $focus_element = array('edit', 'req_message'); define('FEATHER_ACTIVE_PAGE', 'edit'); $this->header->setTitle($page_title)->setFocusElement($focus_element)->setRequiredFields($required_fields)->display(); if ($this->request->post('preview')) { require_once FEATHER_ROOT . 'include/parser.php'; $preview_message = parse_message($post['message'], $post['hide_smilies']); } else { $preview_message = ''; } $this->feather->render('edit.php', array('lang_common' => $lang_common, 'cur_post' => $cur_post, 'lang_post' => $lang_post, 'errors' => $errors, 'preview_message' => $preview_message, 'id' => $id, 'feather_config' => $this->config, 'feather_user' => $this->user, 'checkboxes' => $this->model->get_checkboxes($can_edit_subject, $is_admmod, $cur_post, 1), 'feather' => $this->feather, 'can_edit_subject' => $can_edit_subject, 'post' => $post, 'lang_bbeditor' => $lang_bbeditor)); $this->footer->display(); }
message($lang_common['Bad request'], false, '404 Not Found'); } $cur_post = $ps->fetch(); // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_post['moderators'] != '' ? unserialize($cur_post['moderators']) : array(); $is_admmod = $panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_global_moderator'] || array_key_exists($panther_user['username'], $mods_array)) ? true : false; $can_edit_subject = $id == $cur_post['first_post_id'] && $panther_user['g_edit_subject'] == '1'; if ($panther_config['o_censoring'] == '1') { $cur_post['subject'] = censor_words($cur_post['subject']); $cur_post['message'] = censor_words($cur_post['message']); } // Do we have permission to edit this post? if (($panther_user['g_edit_posts'] == '0' || $cur_post['poster_id'] != $panther_user['id'] || $cur_post['closed'] == '1' || $panther_user['g_deledit_interval'] != 0 && time() - $cur_post['pposted'] > $panther_user['g_deledit_interval']) && !$is_admmod) { message($lang_common['No permission'], false, '403 Forbidden'); } if ($is_admmod && (!$panther_user['is_admin'] && (in_array($cur_post['poster_id'], get_admin_ids()) && $panther_user['g_mod_edit_admin_posts'] == '0'))) { message($lang_common['No permission'], false, '403 Forbidden'); } // Load the post.php language file require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php'; check_posting_ban(); if ($cur_post['archived'] == '1') { message($lang_post['Topic archived']); } if ($cur_post['password'] != '') { check_forum_login_cookie($cur_post['fid'], $cur_post['password']); } // Start with a clean slate $errors = array(); if (isset($_POST['form_sent'])) { // Make sure they got here from the site
if (!$db->num_rows($result)) { message($lang_common['Bad request'], false, '404 Not Found'); } $cur_post = $db->fetch_assoc($result); if ($pun_config['o_censoring'] == '1') { $cur_post['subject'] = censor_words($cur_post['subject']); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_post['moderators'] != '' ? unserialize($cur_post['moderators']) : array(); $is_admmod = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_moderator'] == '1' && array_key_exists($pun_user['username'], $mods_array) ? true : false; $is_topic_post = $id == $cur_post['first_post_id'] ? true : false; // Do we have permission to edit this post? if (($pun_user['g_delete_posts'] == '0' || $pun_user['g_delete_topics'] == '0' && $is_topic_post || $cur_post['poster_id'] != $pun_user['id'] || $cur_post['closed'] == '1') && !$is_admmod) { message($lang_common['No permission'], false, '403 Forbidden'); } if ($is_admmod && $pun_user['g_id'] != PUN_ADMIN && in_array($cur_post['poster_id'], get_admin_ids())) { message($lang_common['No permission'], false, '403 Forbidden'); } // Load the delete.php language file require PUN_ROOT . 'lang/' . $pun_user['language'] . '/delete.php'; if (isset($_POST['delete'])) { // Make sure they got here from the site confirm_referrer('delete.php'); require PUN_ROOT . 'include/search_idx.php'; if ($is_topic_post) { // Delete the topic and all of its posts delete_topic($cur_post['tid']); update_forum($cur_post['fid']); redirect(fluxrewrite($cur_post['fid'], $cur_post['forum_name'], 'f', false, false, false), $lang_delete['Topic del redirect']); } else { // Delete just this one post
/** * 删除帖子 */ public function deletePost() { $aPostId = I('post.post_id', 0, 'intval'); // dump($aPostId);exit; $postModel = M('GroupPost'); $map = array('id' => $aPostId, 'status' => 1); $post = $postModel->where($map)->find(); if (!$post) { $this->ajaxReturn(array('status' => 0, 'info' => '不存在该帖子!', 'url' => U('Group/Index/groups'))); } $this->checkAuth('Group/Index/deletePost', get_admin_ids($aPostId, 3, 0), '你没有删除贴子的权限!'); $res = $postModel->where($map)->setField('status', -1); if ($res) { $this->ajaxReturn(array('status' => 1, 'info' => '删除成功!', 'url' => U('Group/Index/group', array('id' => $post['group_id'])))); } else { $this->ajaxReturn(array('status' => 0, 'info' => '删除失败!' . $postModel->getError())); } }
message($lang_misc['No topics selected']); } if (isset($_POST['delete_topics_comply'])) { confirm_referrer('moderate.php'); if (@preg_match('%[^0-9,]%', $topics)) { message($lang_common['Bad request'], false, '404 Not Found'); } require PUN_ROOT . 'include/search_idx.php'; // Verify that the topic IDs are valid $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'topics WHERE id IN(' . $topics . ') AND forum_id=' . $fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result) != substr_count($topics, ',') + 1) { message($lang_common['Bad request'], false, '404 Not Found'); } // Verify that the posts are not by admins if ($pun_user['g_id'] != PUN_ADMIN) { $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'posts WHERE topic_id IN(' . $topics . ') AND poster_id IN(' . implode(',', get_admin_ids()) . ')') or error('Unable to check posts', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { message($lang_common['No permission'], false, '403 Forbidden'); } } // Delete the topics and any redirect topics $db->query('DELETE FROM ' . $db->prefix . 'topics WHERE id IN(' . $topics . ') OR moved_to IN(' . $topics . ')') or error('Unable to delete topic', __FILE__, __LINE__, $db->error()); // Delete any subscriptions $db->query('DELETE FROM ' . $db->prefix . 'topic_subscriptions WHERE topic_id IN(' . $topics . ')') or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error()); // Create a list of the post IDs in this topic and then strip the search index $result = $db->query('SELECT id FROM ' . $db->prefix . 'posts WHERE topic_id IN(' . $topics . ')') or error('Unable to fetch posts', __FILE__, __LINE__, $db->error()); $post_ids = ''; while ($row = $db->fetch_row($result)) { $post_ids .= $post_ids != '' ? ',' . $row[0] : $row[0]; } // We have to check that we actually have a list of post IDs since we could be deleting just a redirect topic
function get_post_admin($post_id) { return get_admin_ids($post_id, 3, 1); }
if (!$db->num_rows($result)) { message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } $cur_comment = $db->fetch_assoc($result); if ($luna_config['o_censoring'] == '1') { $cur_comment['subject'] = censor_words($cur_comment['subject']); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_comment['moderators'] != '' ? unserialize($cur_comment['moderators']) : array(); $is_admmod = $luna_user['g_id'] == LUNA_ADMIN || $luna_user['g_moderator'] == '1' && array_key_exists($luna_user['username'], $mods_array) ? true : false; $is_thread_comment = $id == $cur_comment['first_comment_id'] ? true : false; // Do we have permission to edit this comment? if (($luna_user['g_delete_comments'] == '0' || $luna_user['g_delete_threads'] == '0' && $is_thread_comment || $cur_comment['commenter_id'] != $luna_user['id'] || $cur_comment['closed'] == '1') && !$is_admmod) { message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden'); } if ($is_admmod && $luna_user['g_id'] != LUNA_ADMIN && in_array($cur_comment['commenter_id'], get_admin_ids())) { message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden'); } // Soft delete comments if (isset($_POST['soft_delete'])) { // Make sure they got here from the site confirm_referrer('delete.php'); require LUNA_ROOT . 'include/search_idx.php'; if ($is_thread_comment) { // Delete the thread and all of its comments delete_thread($cur_comment['tid'], "soft"); update_forum($cur_comment['fid']); redirect('viewforum.php?id=' . $cur_comment['fid']); } else { // Delete just this one comment $db->query('UPDATE ' . $db->prefix . 'comments SET soft = 1 WHERE id=' . $id) or error('Unable to soft delete comment', __FILE__, __LINE__, $db->error());
message_backstage(__('You must select at least one thread for move/delete/open/close.', 'luna')); } if (isset($_POST['delete_threads_comply'])) { confirm_referrer('backstage/moderate.php'); if (@preg_match('%[^0-9,]%', $threads)) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } require LUNA_ROOT . 'include/search_idx.php'; // Verify that the thread IDs are valid $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'threads WHERE id IN(' . $threads . ') AND forum_id=' . $fid) or error('Unable to check threads', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result) != substr_count($threads, ',') + 1) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } // Verify that the comments are not by admins if ($luna_user['g_id'] != LUNA_ADMIN) { $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'comments WHERE thread_id IN(' . $threads . ') AND commenter_id IN(' . implode(',', get_admin_ids()) . ')') or error('Unable to check comments', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { message_backstage(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden'); } } // Delete the threads and any redirect threads $db->query('DELETE FROM ' . $db->prefix . 'threads WHERE id IN(' . $threads . ') OR moved_to IN(' . $threads . ')') or error('Unable to delete thread', __FILE__, __LINE__, $db->error()); // Delete any subscriptions $db->query('DELETE FROM ' . $db->prefix . 'thread_subscriptions WHERE thread_id IN(' . $threads . ')') or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error()); // Create a list of the comment IDs in this thread and then strip the search index $result = $db->query('SELECT id FROM ' . $db->prefix . 'comments WHERE thread_id IN(' . $threads . ')') or error('Unable to fetch comments', __FILE__, __LINE__, $db->error()); $comment_ids = ''; while ($row = $db->fetch_row($result)) { $comment_ids .= $comment_ids != '' ? ',' . $row[0] : $row[0]; } // We have to check that we actually have a list of comment IDs since we could be deleting just a redirect thread
$action = isset($_GET['action']) ? panther_trim($_GET['action']) : ''; $page_title = array($panther_config['o_board_title'], $lang_warnings['Warning system']); if (isset($_GET['warn'])) { $errors = array(); if ($panther_user['g_mod_warn_users'] == '0' && !$panther_user['is_admin']) { message($lang_common['No permission']); } $user_id = isset($_GET['warn']) ? intval($_GET['warn']) : 0; $post_id = isset($_GET['pid']) ? intval($_GET['pid']) : 0; if ($user_id < 1) { message($lang_common['Bad request']); } if ($post_id < 0) { message($lang_common['Bad request']); } if ($user_id == $panther_user['id'] || $user_id < 2 || in_array($user_id, get_admin_ids())) { message($lang_common['Bad request']); } // Check whether user has been warned already for this post (users can only receive one warning per post) if ($post_id) { $data = array(':id' => $post_id); $ps = $db->select('warnings', 'id', $data, 'post_id=:id'); if ($ps->rowCount()) { $warning_id = $ps->fetchColumn(); $warning_link = panther_link($panther_url['warning_details'], array($warning_id)); message(sprintf($lang_warnings['Already warned'], '<a href="' . $warning_link . '">' . $warning_link . '</a>')); } } if (isset($_POST['form_sent'])) { confirm_referrer('warnings.php'); $data = array(':id' => $user_id);
if (!$db->num_rows($result)) { message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } $cur_post = $db->fetch_assoc($result); if ($luna_config['o_censoring'] == '1') { $cur_post['subject'] = censor_words($cur_post['subject']); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_post['moderators'] != '' ? unserialize($cur_post['moderators']) : array(); $is_admmod = $luna_user['g_id'] == FORUM_ADMIN || $luna_user['g_moderator'] == '1' && array_key_exists($luna_user['username'], $mods_array) ? true : false; $is_topic_post = $id == $cur_post['first_post_id'] ? true : false; // Do we have permission to edit this post? if (($luna_user['g_delete_posts'] == '0' || $luna_user['g_delete_topics'] == '0' && $is_topic_post || $cur_post['poster_id'] != $luna_user['id'] || $cur_post['closed'] == '1') && !$is_admmod) { message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden'); } if ($is_admmod && $luna_user['g_id'] != FORUM_ADMIN && in_array($cur_post['poster_id'], get_admin_ids())) { message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden'); } // Soft delete posts if (isset($_POST['soft_delete'])) { // Make sure they got here from the site confirm_referrer('delete.php'); require FORUM_ROOT . 'include/search_idx.php'; if ($is_topic_post) { // Delete the thread and all of its posts delete_topic($cur_post['tid'], "soft"); update_forum($cur_post['fid']); redirect('viewforum.php?id=' . $cur_post['fid']); } else { // Delete just this one post $db->query('UPDATE ' . $db->prefix . 'posts SET soft = 1 WHERE id=' . $id) or error('Unable to soft delete post', __FILE__, __LINE__, $db->error());
function get_lzl_admin($lzl_id) { return get_admin_ids($lzl_id, 1, 1); }
$db->update('config', $update, 'conf_name=\'o_admin_notes\''); if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_config_cache(); $db->end_transaction(); exit; } } } $alerts = array(); if ($panther_user['is_admin']) { if (is_file(PANTHER_ROOT . 'install.php')) { $alerts[] = sprintf($lang_admin_index['Install file exists'], '<a href="' . panther_link($panther_url['remove_install_file']) . '">' . $lang_admin_index['Delete install file'] . '</a>'); } foreach (get_admin_ids() as $admin) { if ($admin == '2') { // No restrictions for the original administrator continue; } $data = array(':admin' => $admin); $ps = $db->select('restrictions', 1, $data, 'admin_id=:admin'); if (!$ps->rowCount()) { $alerts[] = sprintf($lang_admin_index['No restrictions'], panther_link($panther_url['admin_restrictions'])); break; } } $update_downloaded = file_exists(PANTHER_ROOT . 'include/updates/panther-update-patch-' . $updater->version_friendly($updater->panther_updates['version']) . '.zip') ? true : false; if (version_compare($panther_config['o_cur_version'], $updater->panther_updates['version'], '<') && !$update_downloaded) { $alerts[] = sprintf($lang_admin_index['New version'], $updater->panther_updates['version'], panther_link($panther_url['admin_updates'])); }
public function delete_topics($topics, $fid) { global $lang_misc, $lang_common; if (@preg_match('%[^0-9,]%', $topics)) { message($lang_common['Bad request'], '404'); } require FEATHER_ROOT . 'include/search_idx.php'; $topics_sql = explode(',', $topics); // Verify that the topic IDs are valid $result = DB::for_table('topics')->where_in('id', $topics_sql)->where('forum_id', $fid)->find_many(); if (count($result) != substr_count($topics, ',') + 1) { message($lang_common['Bad request'], '404'); } // Verify that the posts are not by admins if ($this->user->g_id != FEATHER_ADMIN) { $authorized = DB::for_table('posts')->where_in('topic_id', $topics_sql)->where('poster_id', get_admin_ids())->find_many(); if ($authorized) { message($lang_common['No permission'], '403'); } } // Delete the topics DB::for_table('topics')->where_in('id', $topics_sql)->delete_many(); // Delete any redirect topics DB::for_table('topics')->where_in('moved_to', $topics_sql)->delete_many(); // Delete any subscriptions DB::for_table('topic_subscriptions')->where_in('topic_id', $topics_sql)->delete_many(); // Create a list of the post IDs in this topic and then strip the search index $find_ids = DB::for_table('posts')->select('id')->where_in('topic_id', $topics_sql)->find_many(); foreach ($find_ids as $id) { $ids_post[] = $id['id']; } $post_ids = implode(', ', $ids_post); // We have to check that we actually have a list of post IDs since we could be deleting just a redirect topic if ($post_ids != '') { strip_search_index($post_ids); } // Delete posts DB::for_table('posts')->where_in('topic_id', $topics_sql)->delete_many(); update_forum($fid); redirect(get_link('forum/' . $fid . '/'), $lang_misc['Delete topics redirect']); }
if (!$panther_user['is_guest']) { $data[':id'] = $panther_user['id']; $ps = $db->run('SELECT pf.forum_name AS parent, f.parent_forum, f.protected, t.subject, t.poster, t.closed, t.archived, t.question, t.num_replies, t.sticky, t.first_post_id, t.last_post, p.type, p.options, p.votes, p.voters, p.posted, f.id AS forum_id, f.forum_name, f.use_reputation, f.moderators, f.password, fp.post_replies, fp.download, s.user_id AS is_subscribed FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'topic_subscriptions AS s ON (t.id=s.topic_id AND s.user_id=:id) LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=:gid) LEFT JOIN ' . $db->prefix . 'forums AS pf ON f.parent_forum=pf.id LEFT JOIN ' . $db->prefix . 'polls AS p ON t.id=p.topic_id WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=:tid AND t.moved_to IS NULL AND t.approved=1 AND t.deleted=0', $data); } else { $ps = $db->run('SELECT pf.forum_name AS parent, f.parent_forum, f.protected, t.subject, t.poster, t.closed, t.archived, t.question, t.num_replies, t.sticky, t.first_post_id, t.last_post, p.type, p.options, p.votes, p.voters, p.posted, f.id AS forum_id, f.forum_name, f.use_reputation, f.moderators, f.password, fp.post_replies, fp.download, 0 AS is_subscribed FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=:gid) LEFT JOIN ' . $db->prefix . 'forums AS pf ON f.parent_forum=pf.id LEFT JOIN ' . $db->prefix . 'polls AS p ON t.id=p.topic_id WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=:tid AND t.moved_to IS NULL AND t.approved=1 AND t.deleted=0', $data); } if (!$ps->rowCount()) { message($lang_common['Bad request'], false, '404 Not Found'); } else { $cur_topic = $ps->fetch(); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_topic['moderators'] != '' ? unserialize($cur_topic['moderators']) : array(); $is_admmod = $panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_global_moderator'] || isset($mods_array[$panther_user['username']])) ? true : false; if ($is_admmod) { $admin_ids = get_admin_ids(); } if ($cur_topic['password'] != '') { check_forum_login_cookie($cur_topic['forum_id'], $cur_topic['password']); } if ($cur_topic['protected'] == '1' && $panther_user['username'] != $cur_topic['poster'] && !$is_admmod) { message($lang_common['No permission']); } if ($panther_config['o_archiving'] == '1' && $cur_topic['archived'] == '0') { if ($cur_topic['archived'] !== '2') { $archive_rules = unserialize($panther_config['o_archive_rules']); $cur_topic['archived'] = check_archive_rules($archive_rules, $id); } } // Add/update this topic in our list of tracked topics if (!$panther_user['is_guest']) {
if (!$ps->rowCount()) { message($lang_common['Bad request']); } list($username, $group_id) = $ps->fetch(PDO::FETCH_NUM); if ($panther_groups[$group_id]['g_admin'] != '1' && $group_id != PANTHER_ADMIN) { message($lang_common['Bad request']); } // Then we're adding restrictions if (!isset($admins[$user])) { $admins[$user] = array('admin_options' => 1, 'admin_permissions' => 1, 'admin_categories' => 1, 'admin_forums' => 1, 'admin_groups' => 1, 'admin_censoring' => 1, 'admin_maintenance' => 1, 'admin_plugins' => 1, 'admin_restrictions' => 1, 'admin_users' => 1, 'admin_moderate' => 1, 'admin_ranks' => 1, 'admin_updates' => 1, 'admin_archive' => 1, 'admin_smilies' => 1, 'admin_warnings' => 1, 'admin_attachments' => 1, 'admin_robots' => 1, 'admin_addons' => 1, 'admin_tasks' => 1); } generate_admin_menu('restrictions'); $tpl = load_template('edit_restriction.tpl'); echo $tpl->render(array('lang_admin_restrictions' => $lang_admin_restrictions, 'admin' => $admins[$user], 'user' => $user, 'csrf_token' => $csrf_token, 'lang_common' => $lang_common, 'lang_admin_common' => $lang_admin_common, 'form_action' => panther_link($panther_url['admin_restrictions_query'], array('action=' . $action . '&stage=3')), 'username' => $username)); } else { if (count(get_admin_ids()) < 2) { message($lang_admin_restrictions['no admins available']); } $data = array(':admin' => PANTHER_ADMIN); $administrators = $restrictions = array(); $ps = $db->run('SELECT u.username, u.id FROM ' . $db->prefix . 'users AS u LEFT JOIN ' . $db->prefix . 'restrictions AS ar ON u.id=ar.admin_id INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id WHERE (u.group_id=:admin OR g.g_admin=1) AND u.id!=2 AND ar.admin_id IS NULL ORDER BY u.id ASC', $data); foreach ($ps as $admin) { $administrators[] = array('id' => $admin['id'], 'username' => $admin['username']); } $ps = $db->run('SELECT u.username, u.id FROM ' . $db->prefix . 'users AS u LEFT JOIN ' . $db->prefix . 'restrictions AS ar ON u.id=ar.admin_id INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id WHERE (u.group_id=:admin OR g.g_admin=1) AND u.id!=2 AND ar.admin_id IS NOT NULL ORDER BY u.id ASC', $data); foreach ($ps as $admin) { $restrictions[] = array('id' => $admin['id'], 'username' => $admin['username']); } generate_admin_menu('restrictions'); $tpl = load_template('admin_restrictions.tpl'); echo $tpl->render(array('lang_admin_common' => $lang_admin_common, 'lang_admin_restrictions' => $lang_admin_restrictions, 'csrf_token' => $csrf_token, 'add_action' => panther_link($panther_url['admin_restrictions_query'], array('action=add&stage=2')), 'edit_action' => panther_link($panther_url['admin_restrictions_query'], array('action=edit&stage=2')), 'delete_action' => panther_link($panther_url['admin_restrictions_query'], array('action=delete&stage=2')), 'lang_common' => $lang_common, 'restrictions' => $restrictions, 'administrators' => $administrators));