| [ Index ] |
PHP Cross Reference of phpBB 3.0 Beta 3 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * @package mcp 5 * @version $Id: mcp.php,v 1.115 2006/10/20 13:47:57 acydburn Exp $ 6 * @copyright (c) 2005 phpBB Group 7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 8 * 9 */ 10 11 /** 12 * @ignore 13 */ 14 define('IN_PHPBB', true); 15 $phpbb_root_path = './'; 16 $phpEx = substr(strrchr(__FILE__, '.'), 1); 17 include($phpbb_root_path . 'common.' . $phpEx); 18 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); 19 require($phpbb_root_path . 'includes/functions_module.' . $phpEx); 20 21 // Start session management 22 $user->session_begin(); 23 $auth->acl($user->data); 24 $user->setup('mcp'); 25 26 $module = new p_master(); 27 28 // Setting a variable to let the style designer know where he is... 29 $template->assign_var('S_IN_MCP', true); 30 31 // Basic parameter data 32 $id = request_var('i', ''); 33 34 if (isset($_REQUEST['mode']) && is_array($_REQUEST['mode'])) 35 { 36 $mode = request_var('mode', array('')); 37 list($mode, ) = each($mode); 38 } 39 else 40 { 41 $mode = request_var('mode', ''); 42 } 43 44 // Only Moderators can go beyond this point 45 if (!$user->data['is_registered']) 46 { 47 if ($user->data['is_bot']) 48 { 49 redirect(append_sid("{$phpbb_root_path}index.$phpEx")); 50 } 51 52 login_box('', $user->lang['LOGIN_EXPLAIN_MCP']); 53 } 54 55 $quickmod = (isset($_REQUEST['quickmod'])) ? true : false; 56 $action = request_var('action', ''); 57 $action_ary = request_var('action', array('' => 0)); 58 59 if (sizeof($action_ary)) 60 { 61 list($action, ) = each($action_ary); 62 } 63 unset($action_ary); 64 65 if ($mode == 'topic_logs') 66 { 67 $id = 'logs'; 68 $quickmod = false; 69 } 70 71 $post_id = request_var('p', 0); 72 $topic_id = request_var('t', 0); 73 $forum_id = request_var('f', 0); 74 $user_id = request_var('u', 0); 75 $username = request_var('username', '', true); 76 77 if ($post_id) 78 { 79 // We determine the topic and forum id here, to make sure the moderator really has moderative rights on this post 80 $sql = 'SELECT topic_id, forum_id 81 FROM ' . POSTS_TABLE . " 82 WHERE post_id = $post_id"; 83 $result = $db->sql_query($sql); 84 $row = $db->sql_fetchrow($result); 85 $db->sql_freeresult($result); 86 87 $topic_id = (int) $row['topic_id']; 88 $forum_id = (int) ($row['forum_id']) ? $row['forum_id'] : $forum_id; 89 } 90 91 if ($topic_id && !$forum_id) 92 { 93 $sql = 'SELECT forum_id 94 FROM ' . TOPICS_TABLE . " 95 WHERE topic_id = $topic_id"; 96 $result = $db->sql_query($sql); 97 $row = $db->sql_fetchrow($result); 98 $db->sql_freeresult($result); 99 100 $forum_id = (int) $row['forum_id']; 101 } 102 103 // If the user doesn't have any moderator powers (globally or locally) he can't access the mcp 104 if (!$auth->acl_getf_global('m_')) 105 { 106 // Except he is using one of the quickmod tools for users 107 $user_quickmod_actions = array( 108 'lock' => 'f_user_lock', 109 'make_sticky' => 'f_sticky', 110 'make_announce' => 'f_announce', 111 'make_global' => 'f_announce', 112 'make_normal' => array('f_announce', 'f_sticky') 113 ); 114 115 $allow_user = false; 116 if ($quickmod && isset($user_quickmod_actions[$action]) && $user->data['is_registered'] && $auth->acl_gets($user_quickmod_actions[$action], $forum_id)) 117 { 118 $topic_info = get_topic_data(array($topic_id)); 119 if ($topic_info[$topic_id]['topic_poster'] == $user->data['user_id']) 120 { 121 $allow_user = true; 122 } 123 } 124 125 if (!$allow_user) 126 { 127 trigger_error($user->lang['NOT_AUTHORIZED']); 128 } 129 } 130 131 // if the user cannot read the forum he tries to access then we won't allow mcp access either 132 if ($forum_id && !$auth->acl_get('f_read', $forum_id)) 133 { 134 trigger_error($user->lang['NOT_AUTHORIZED']); 135 } 136 137 if ($forum_id) 138 { 139 $module->acl_forum_id = $forum_id; 140 } 141 142 // Instantiate module system and generate list of available modules 143 $module->list_modules('mcp'); 144 145 if ($quickmod) 146 { 147 $mode = 'quickmod'; 148 149 switch ($action) 150 { 151 case 'lock': 152 case 'unlock': 153 case 'lock_post': 154 case 'unlock_post': 155 case 'make_sticky': 156 case 'make_announce': 157 case 'make_global': 158 case 'make_normal': 159 case 'fork': 160 case 'move': 161 case 'delete_post': 162 case 'delete_topic': 163 $module->load('mcp', 'main', 'quickmod'); 164 exit; 165 break; 166 167 case 'topic_logs': 168 $module->set_active('logs', 'topic_logs'); 169 break; 170 171 case 'split': 172 case 'merge': 173 $module->set_active('main', 'topic_view'); 174 break; 175 176 default: 177 trigger_error("$action not allowed as quickmod"); 178 } 179 } 180 else 181 { 182 // Select the active module 183 $module->set_active($id, $mode); 184 } 185 186 // Hide some of the options if we don't have the relevant information to use them 187 if (!$post_id) 188 { 189 $module->set_display('reports', 'report_details', false); 190 $module->set_display('main', 'post_details', false); 191 $module->set_display('warn', 'warn_post', false); 192 193 if (!$topic_id || $mode == 'unapproved_posts') 194 { 195 $module->set_display('queue', 'approve_details', false); 196 } 197 } 198 199 if (!$topic_id) 200 { 201 $module->set_display('main', 'topic_view', false); 202 $module->set_display('logs', 'topic_logs', false); 203 } 204 205 if (!$forum_id) 206 { 207 $module->set_display('main', 'forum_view', false); 208 $module->set_display('logs', 'forum_logs', false); 209 } 210 211 if (!$user_id && $username == '') 212 { 213 $module->set_display('notes', 'user_notes', false); 214 $module->set_display('warn', 'warn_user', false); 215 } 216 217 // Load and execute the relevant module 218 $module->load_active(); 219 220 // Assign data to the template engine for the list of modules 221 $module->assign_tpl_vars(append_sid("{$phpbb_root_path}mcp.$phpEx")); 222 223 // Generate the page, do not display/query online list 224 $module->display($module->get_page_title(), false); 225 226 227 /** 228 * Functions used to generate additional URL paramters 229 */ 230 function _module_main_url($mode) 231 { 232 return extra_url(); 233 } 234 235 function _module_logs_url($mode) 236 { 237 return extra_url(); 238 } 239 240 function extra_url() 241 { 242 global $forum_id, $topic_id, $post_id; 243 244 $url_extra = ''; 245 $url_extra .= ($forum_id) ? "&f=$forum_id" : ''; 246 $url_extra .= ($topic_id) ? "&t=$topic_id" : ''; 247 $url_extra .= ($post_id) ? "&p=$post_id" : ''; 248 249 return $url_extra; 250 } 251 252 /** 253 * Get simple topic data 254 */ 255 function get_topic_data($topic_ids, $acl_list = false) 256 { 257 global $auth, $db; 258 static $rowset = array(); 259 260 $topics = array(); 261 262 if (!sizeof($topic_ids)) 263 { 264 return array(); 265 } 266 267 $cache_topic_ids = array_intersect($topic_ids, array_keys($rowset)); 268 $topic_ids = array_diff($topic_ids, array_keys($rowset)); 269 270 if (sizeof($topic_ids)) 271 { 272 $sql = 'SELECT f.*, t.* 273 FROM ' . TOPICS_TABLE . ' t 274 LEFT JOIN ' . FORUMS_TABLE . ' f ON t.forum_id = f.forum_id 275 WHERE ' . $db->sql_in_set('t.topic_id', $topic_ids); 276 $result = $db->sql_query($sql); 277 278 while ($row = $db->sql_fetchrow($result)) 279 { 280 if (!$row['forum_id']) 281 { 282 // Global Announcement? 283 $row['forum_id'] = request_var('f', 0); 284 } 285 286 $rowset[$row['topic_id']] = $row; 287 288 if ($acl_list && !$auth->acl_gets($acl_list, $row['forum_id'])) 289 { 290 continue; 291 } 292 293 $topics[$row['topic_id']] = $row; 294 } 295 $db->sql_freeresult($result); 296 } 297 298 foreach ($cache_topic_ids as $id) 299 { 300 if (!$acl_list || $auth->acl_gets($acl_list, $rowset[$id]['forum_id'])) 301 { 302 $topics[$id] = $rowset[$id]; 303 } 304 } 305 306 return $topics; 307 } 308 309 /** 310 * Get simple post data 311 */ 312 function get_post_data($post_ids, $acl_list = false) 313 { 314 global $db, $auth; 315 316 $rowset = array(); 317 318 if (!sizeof($post_ids)) 319 { 320 return array(); 321 } 322 323 $sql = $db->sql_build_query('SELECT', array( 324 'SELECT' => 'p.*, u.*, t.*, f.*', 325 326 'FROM' => array( 327 USERS_TABLE => 'u', 328 TOPICS_TABLE => 't', 329 POSTS_TABLE => 'p' 330 ), 331 332 'LEFT_JOIN' => array( 333 array( 334 'FROM' => array(FORUMS_TABLE => 'f'), 335 'ON' => 'f.forum_id = p.forum_id' 336 ) 337 ), 338 339 'WHERE' => $db->sql_in_set('p.post_id', $post_ids) . ' 340 AND u.user_id = p.poster_id 341 AND t.topic_id = p.topic_id', 342 )); 343 $result = $db->sql_query($sql); 344 345 while ($row = $db->sql_fetchrow($result)) 346 { 347 if (!$row['forum_id']) 348 { 349 // Global Announcement? 350 $row['forum_id'] = request_var('f', 0); 351 } 352 353 if ($acl_list && !$auth->acl_gets($acl_list, $row['forum_id'])) 354 { 355 continue; 356 } 357 358 if (!$row['post_approved'] && !$auth->acl_get('m_approve', $row['forum_id'])) 359 { 360 // Moderators without the permission to approve post should at least not see them. ;) 361 continue; 362 } 363 364 $rowset[$row['post_id']] = $row; 365 } 366 $db->sql_freeresult($result); 367 368 return $rowset; 369 } 370 371 /** 372 * Get simple forum data 373 */ 374 function get_forum_data($forum_id, $acl_list = 'f_list') 375 { 376 global $auth, $db; 377 378 $rowset = array(); 379 380 if (!is_array($forum_id)) 381 { 382 $forum_id = array($forum_id); 383 } 384 385 if (!sizeof($forum_id)) 386 { 387 return array(); 388 } 389 390 $sql = 'SELECT * 391 FROM ' . FORUMS_TABLE . ' 392 WHERE ' . $db->sql_in_set('forum_id', $forum_id); 393 $result = $db->sql_query($sql); 394 395 while ($row = $db->sql_fetchrow($result)) 396 { 397 if ($acl_list && !$auth->acl_gets($acl_list, $row['forum_id'])) 398 { 399 continue; 400 } 401 402 if ($auth->acl_get('m_approve', $row['forum_id'])) 403 { 404 $row['forum_topics'] = $row['forum_topics_real']; 405 } 406 407 $rowset[$row['forum_id']] = $row; 408 } 409 $db->sql_freeresult($result); 410 411 return $rowset; 412 } 413 414 /** 415 * sorting in mcp 416 * 417 * @param string $where_sql should either be WHERE (default if ommited) or end with AND or OR 418 */ 419 function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, &$sort_order_sql, &$total, $forum_id = 0, $topic_id = 0, $where_sql = 'WHERE') 420 { 421 global $db, $user, $auth, $template; 422 423 $sort_days = request_var('st', 0); 424 $min_time = ($sort_days) ? time() - ($sort_days * 86400) : 0; 425 426 switch ($mode) 427 { 428 case 'viewforum': 429 $type = 'topics'; 430 $default_key = 't'; 431 $default_dir = 'd'; 432 433 $sql = 'SELECT COUNT(topic_id) AS total 434 FROM ' . TOPICS_TABLE . " 435 $where_sql forum_id = $forum_id 436 AND topic_type NOT IN (" . POST_ANNOUNCE . ', ' . POST_GLOBAL . ") 437 AND topic_last_post_time >= $min_time"; 438 439 if (!$auth->acl_get('m_approve', $forum_id)) 440 { 441 $sql .= 'AND topic_approved = 1'; 442 } 443 break; 444 445 case 'viewtopic': 446 $type = 'posts'; 447 $default_key = 't'; 448 $default_dir = 'a'; 449 450 $sql = 'SELECT COUNT(post_id) AS total 451 FROM ' . POSTS_TABLE . " 452 $where_sql topic_id = $topic_id 453 AND post_time >= $min_time"; 454 455 if (!$auth->acl_get('m_approve', $forum_id)) 456 { 457 $sql .= 'AND post_approved = 1'; 458 } 459 break; 460 461 case 'unapproved_posts': 462 $type = 'posts'; 463 $default_key = 't'; 464 $default_dir = 'd'; 465 $where_sql .= ($topic_id) ? ' topic_id = ' . $topic_id . ' AND' : ''; 466 467 $sql = 'SELECT COUNT(post_id) AS total 468 FROM ' . POSTS_TABLE . " 469 $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . ' 470 AND post_approved = 0'; 471 472 if ($min_time) 473 { 474 $sql .= ' AND post_time >= ' . $min_time; 475 } 476 break; 477 478 case 'unapproved_topics': 479 $type = 'topics'; 480 $default_key = 't'; 481 $default_dir = 'd'; 482 483 $sql = 'SELECT COUNT(topic_id) AS total 484 FROM ' . TOPICS_TABLE . " 485 $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . ' 486 AND topic_approved = 0'; 487 488 if ($min_time) 489 { 490 $sql .= ' AND topic_time >= ' . $min_time; 491 } 492 break; 493 494 case 'reports': 495 case 'reports_closed': 496 $type = 'reports'; 497 $default_key = 't'; 498 $default_dir = 'd'; 499 $limit_time_sql = ($min_time) ? "AND r.report_time >= $min_time" : ''; 500 501 if ($topic_id) 502 { 503 $where_sql .= ' p.topic_id = ' . $topic_id; 504 } 505 else if ($forum_id) 506 { 507 $where_sql .= ' p.forum_id = ' . $forum_id; 508 } 509 else 510 { 511 $where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list('m_report')); 512 } 513 514 if ($mode == 'reports') 515 { 516 $where_sql .= ' AND r.report_closed = 0'; 517 } 518 else 519 { 520 $where_sql .= ' AND r.report_closed = 1'; 521 } 522 523 $sql = 'SELECT COUNT(r.report_id) AS total 524 FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . " p 525 $where_sql 526 AND p.post_id = r.post_id 527 $limit_time_sql"; 528 break; 529 530 case 'viewlogs': 531 $type = 'logs'; 532 $default_key = 't'; 533 $default_dir = 'd'; 534 535 $sql = 'SELECT COUNT(log_id) AS total 536 FROM ' . LOG_TABLE . " 537 $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_')) . ' 538 AND log_time >= ' . $min_time . ' 539 AND log_type = ' . LOG_MOD; 540 break; 541 } 542 543 $sort_key = request_var('sk', $default_key); 544 $sort_dir = request_var('sd', $default_dir); 545 $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); 546 547 switch ($type) 548 { 549 case 'topics': 550 $limit_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 551 $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'tt' => $user->lang['TOPIC_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']); 552 553 $sort_by_sql = array('a' => 't.topic_first_poster_name', 't' => 't.topic_last_post_time', 'tt' => 't.topic_time', 'r' => (($auth->acl_get('m_approve', $forum_id)) ? 't.topic_replies_real' : 't.topic_replies'), 's' => 't.topic_title', 'v' => 't.topic_views'); 554 $limit_time_sql = ($min_time) ? "AND t.topic_last_post_time >= $min_time" : ''; 555 break; 556 557 case 'posts': 558 $limit_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 559 $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); 560 $sort_by_sql = array('a' => 'u.username', 't' => 'p.post_time', 's' => 'p.post_subject'); 561 $limit_time_sql = ($min_time) ? "AND p.post_time >= $min_time" : ''; 562 break; 563 564 case 'reports': 565 $limit_days = array(0 => $user->lang['ALL_REPORTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 566 $sort_by_text = array('a' => $user->lang['AUTHOR'], 'r' => $user->lang['REPORTER'], 'p' => $user->lang['POST_TIME'], 't' => $user->lang['REPORT_TIME'], 's' => $user->lang['SUBJECT']); 567 $sort_by_sql = array('a' => 'u.username', 'r' => 'ru.username', 'p' => 'p.post_time', 't' => 'r.report_time', 's' => 'p.post_subject'); 568 break; 569 570 case 'logs': 571 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 572 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); 573 574 $sort_by_sql = array('u' => 'l.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); 575 $limit_time_sql = ($min_time) ? "AND l.log_time >= $min_time" : ''; 576 break; 577 } 578 579 if (!isset($sort_by_sql[$sort_key])) 580 { 581 $sort_key = $default_key; 582 } 583 584 $sort_order_sql = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC'); 585 586 $s_limit_days = $s_sort_key = $s_sort_dir = $sort_url = ''; 587 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $sort_url); 588 589 $template->assign_vars(array( 590 'S_SELECT_SORT_DIR' => $s_sort_dir, 591 'S_SELECT_SORT_KEY' => $s_sort_key, 592 'S_SELECT_SORT_DAYS' => $s_limit_days) 593 ); 594 595 if (($sort_days && $mode != 'viewlogs') || in_array($mode, array('reports', 'unapproved_topics', 'unapproved_posts')) || $where_sql != 'WHERE') 596 { 597 $result = $db->sql_query($sql); 598 $total = (int) $db->sql_fetchfield('total'); 599 $db->sql_freeresult($result); 600 } 601 else 602 { 603 $total = -1; 604 } 605 } 606 607 /** 608 * Validate ids 609 */ 610 function check_ids(&$ids, $table, $sql_id, $acl_list = false) 611 { 612 global $db, $auth; 613 614 if (!is_array($ids) || !$ids) 615 { 616 return 0; 617 } 618 619 // a small logical error, since global announcement are assigned to forum_id == 0 620 // If the first topic id is a global announcement, we can force the forum. Though only global announcements can be 621 // tricked... i really do not know how to prevent this atm. 622 623 // With those two queries we make sure all ids are within one forum... 624 $sql = "SELECT forum_id FROM $table 625 WHERE $sql_id = {$ids[0]}"; 626 $result = $db->sql_query($sql); 627 $forum_id = (int) $db->sql_fetchfield('forum_id'); 628 $db->sql_freeresult($result); 629 630 if (!$forum_id) 631 { 632 // Global Announcement? 633 $forum_id = request_var('f', 0); 634 } 635 636 if ($forum_id === 0) 637 { 638 // Determine first forum the user is able to read - for global announcements 639 $forum_ary = array_unique(array_keys($auth->acl_getf('!f_read', true))); 640 641 $sql = 'SELECT forum_id 642 FROM ' . FORUMS_TABLE . ' 643 WHERE forum_type = ' . FORUM_POST; 644 if (sizeof($forum_ary)) 645 { 646 $sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary, true); 647 } 648 649 $result = $db->sql_query_limit($sql, 1); 650 $forum_id = (int) $db->sql_fetchfield('forum_id'); 651 $db->sql_freeresult($result); 652 } 653 654 if ($acl_list && !$auth->acl_gets($acl_list, $forum_id)) 655 { 656 trigger_error('NOT_AUTHORIZED'); 657 } 658 659 if (!$forum_id) 660 { 661 trigger_error('Missing forum_id, has to be in url if global announcement...', E_USER_ERROR); 662 } 663 664 $sql = "SELECT $sql_id FROM $table 665 WHERE " . $db->sql_in_set($sql_id, $ids) . " 666 AND (forum_id = $forum_id OR forum_id = 0)"; 667 $result = $db->sql_query($sql); 668 669 $ids = array(); 670 while ($row = $db->sql_fetchrow($result)) 671 { 672 $ids[] = $row[$sql_id]; 673 } 674 $db->sql_freeresult($result); 675 676 return $forum_id; 677 } 678 679 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 22 00:35:05 2006 | Cross-referenced by PHPXref 0.6 |