2
0

ReportToMod.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464
  1. <?php
  2. /**
  3. * The functions in this file deal with reporting posts or profiles to mods and admins
  4. * Simple Machines Forum (SMF)
  5. *
  6. * @package SMF
  7. * @author Simple Machines http://www.simplemachines.org
  8. * @copyright 2014 Simple Machines and individual contributors
  9. * @license http://www.simplemachines.org/about/smf/license.php BSD
  10. *
  11. * @version 2.1 Alpha 1
  12. */
  13. if (!defined('SMF'))
  14. die('No direct access...');
  15. /**
  16. * Report a post or profile to the moderator... ask for a comment.
  17. * Gathers data from the user to report abuse to the moderator(s).
  18. * Uses the ReportToModerator template, main sub template.
  19. * Requires the report_any permission.
  20. * Uses ReportToModerator2() if post data was sent.
  21. * Accessed through ?action=reporttm.
  22. */
  23. function ReportToModerator()
  24. {
  25. global $txt, $topic, $context, $smcFunc, $scripturl, $sourcedir;
  26. $context['robot_no_index'] = true;
  27. $context['comment_body'] = '';
  28. // No guests!
  29. is_not_guest();
  30. // You can't use this if it's off or you are not allowed to do it.
  31. // If we don't have the ID of something to report, we'll die with a no_access error below
  32. if (isset($_REQUEST['msg']))
  33. isAllowedTo('report_msg');
  34. elseif (isset($_REQUEST['u']))
  35. isAllowedTo('report_user');
  36. // Previewing or modifying?
  37. if (isset($_POST['preview']) && !isset($_POST['save']))
  38. {
  39. require_once($sourcedir . '/Subs-Post.php');
  40. // Set up the preview message.
  41. $context['preview_message'] = $smcFunc['htmlspecialchars']($_POST['comment'], ENT_QUOTES);
  42. preparsecode($context['preview_message']);
  43. // We censor for your protection...
  44. censorText($context['preview_message']);
  45. $context['comment_body'] = !empty($_POST['comment']) ? trim($_POST['comment']) : '';
  46. }
  47. // If they're posting, it should be processed by ReportToModerator2.
  48. if ((isset($_POST[$context['session_var']]) || isset($_POST['save'])) && empty($context['post_errors']) && !isset($_POST['preview']))
  49. ReportToModerator2();
  50. // We need a message ID or user ID to check!
  51. if (empty($_REQUEST['msg']) && empty($_REQUEST['mid']) && empty($_REQUEST['u']))
  52. fatal_lang_error('no_access', false);
  53. // For compatibility, accept mid, but we should be using msg. (not the flavor kind!)
  54. if (!empty($_REQUEST['msg']) || !empty($_REQUEST['mid']))
  55. $_REQUEST['msg'] = empty($_REQUEST['msg']) ? (int) $_REQUEST['mid'] : (int) $_REQUEST['msg'];
  56. // msg and mid empty - assume we're reporting a user
  57. elseif (!empty($_REQUEST['u']))
  58. $_REQUEST['u'] = (int) $_REQUEST['u'];
  59. // Set up some form values
  60. $context['report_type'] = isset($_REQUEST['msg']) ? 'msg' : 'u';
  61. $context['reported_item'] = isset($_REQUEST['msg']) ? $_REQUEST['msg'] : $_REQUEST['u'];
  62. if (isset($_REQUEST['msg']))
  63. {
  64. // Check the message's ID - don't want anyone reporting a post they can't even see!
  65. $result = $smcFunc['db_query']('', '
  66. SELECT m.id_msg, m.id_member, t.id_member_started
  67. FROM {db_prefix}messages AS m
  68. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
  69. WHERE m.id_msg = {int:id_msg}
  70. AND m.id_topic = {int:current_topic}
  71. LIMIT 1',
  72. array(
  73. 'current_topic' => $topic,
  74. 'id_msg' => $_REQUEST['msg'],
  75. )
  76. );
  77. if ($smcFunc['db_num_rows']($result) == 0)
  78. fatal_lang_error('no_board', false);
  79. list ($_REQUEST['msg'], $member, $starter) = $smcFunc['db_fetch_row']($result);
  80. $smcFunc['db_free_result']($result);
  81. // This is here so that the user could, in theory, be redirected back to the topic.
  82. $context['start'] = $_REQUEST['start'];
  83. $context['message_id'] = $_REQUEST['msg'];
  84. // The submit URL is different for users than it is for posts
  85. $context['submit_url'] = $scripturl . '?action=reporttm;msg=' . $_REQUEST['msg'] . ';topic=' . $topic;
  86. }
  87. else
  88. {
  89. // Check the user's ID
  90. $result = $smcFunc['db_query']('', '
  91. SELECT id_member, real_name, member_name
  92. FROM {db_prefix}members
  93. WHERE id_member = {int:current_user}',
  94. array(
  95. 'current_user' => $_REQUEST['u'],
  96. )
  97. );
  98. if ($smcFunc['db_num_rows']($result) == 0)
  99. fatal_lang_error('no_user', false);
  100. list($_REQUEST['u'], $display_name, $username) = $smcFunc['db_fetch_row']($result);
  101. $context['current_user'] = $_REQUEST['u'];
  102. $context['submit_url'] = $scripturl . '?action=reporttm;u=' . $_REQUEST['u'];
  103. }
  104. $context['comment_body'] = !isset($_POST['comment']) ? '' : trim($_POST['comment']);
  105. $context['page_title'] = $context['report_type'] == 'msg' ? $txt['report_to_mod'] : sprintf($txt['report_profile'], $display_name);
  106. $context['notice'] = $context['report_type'] == 'msg' ? $txt['report_to_mod_func'] : $txt['report_profile_func'];
  107. // Show the inputs for the comment, etc.
  108. loadLanguage('Post');
  109. loadTemplate('ReportToMod');
  110. addInlineJavascript('
  111. var error_box = $("#error_box");
  112. $("#report_comment").keyup(function() {
  113. var post_too_long = $("#error_post_too_long");
  114. if ($(this).val().length > 254)
  115. {
  116. if (post_too_long.length == 0)
  117. {
  118. error_box.show();
  119. if ($.trim(error_box.html()) == \'\')
  120. error_box.append("<ul id=\'error_list\'></ul>");
  121. $("#error_list").append("<li id=\'error_post_too_long\' class=\'error\'>" + ' . JavaScriptEscape($txt['post_too_long']) . ' + "</li>");
  122. }
  123. }
  124. else
  125. {
  126. post_too_long.remove();
  127. if ($("#error_list li").length == 0)
  128. error_box.hide();
  129. }
  130. });', true);
  131. }
  132. /**
  133. * Send the emails.
  134. * Sends off emails to all the moderators.
  135. * Sends to administrators and global moderators. (1 and 2)
  136. * Called by ReportToModerator(), and thus has the same permission and setting requirements as it does.
  137. * Accessed through ?action=reporttm when posting.
  138. */
  139. function ReportToModerator2()
  140. {
  141. global $txt, $topic, $user_info, $modSettings, $sourcedir, $context, $smcFunc;
  142. // Sorry, no guests allowed... Probably just trying to spam us anyway
  143. is_not_guest();
  144. // You must have the proper permissions!
  145. if (isset($_REQUEST['msg']))
  146. isAllowedTo('report_any');
  147. else
  148. isAllowedTo('report_user');
  149. // Make sure they aren't spamming.
  150. spamProtection('reporttm');
  151. require_once($sourcedir . '/Subs-Post.php');
  152. // Prevent double submission of this form.
  153. checkSubmitOnce('check');
  154. // No errors, yet.
  155. $post_errors = array();
  156. // Check their session.
  157. if (checkSession('post', '', false) != '')
  158. $post_errors[] = 'session_timeout';
  159. // Make sure we have a comment and it's clean.
  160. if (!isset($_POST['comment']) || $smcFunc['htmltrim']($_POST['comment']) === '')
  161. $post_errors[] = 'no_comment';
  162. $poster_comment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\t" => ''));
  163. if ($smcFunc['strlen']($poster_comment) > 254)
  164. $post_errors[] = 'post_too_long';
  165. // Any errors?
  166. if (!empty($post_errors))
  167. {
  168. loadLanguage('Errors');
  169. $context['post_errors'] = array();
  170. foreach ($post_errors as $post_error)
  171. $context['post_errors'][$post_error] = $txt['error_' . $post_error];
  172. return ReportToModerator();
  173. }
  174. if (isset($_POST['msg']))
  175. {
  176. // Handle this elsewhere to keep things from getting too long
  177. reportPost($_POST['msg'], $poster_comment);
  178. }
  179. else
  180. {
  181. reportUser($_POST['u'], $poster_comment);
  182. }
  183. }
  184. function reportPost($msg, $reason)
  185. {
  186. global $context, $smcFunc, $user_info;
  187. // Get the basic topic information, and make sure they can see it.
  188. $_POST['msg'] = (int) $msg;
  189. $request = $smcFunc['db_query']('', '
  190. SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name
  191. FROM {db_prefix}messages AS m
  192. LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member)
  193. WHERE m.id_msg = {int:id_msg}
  194. AND m.id_topic = {int:current_topic}
  195. LIMIT 1',
  196. array(
  197. 'current_topic' => $topic,
  198. 'id_msg' => $_POST['msg'],
  199. )
  200. );
  201. if ($smcFunc['db_num_rows']($request) == 0)
  202. fatal_lang_error('no_board', false);
  203. $message = $smcFunc['db_fetch_assoc']($request);
  204. $smcFunc['db_free_result']($request);
  205. $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
  206. $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
  207. $subject = un_htmlspecialchars($message['subject']);
  208. $request = $smcFunc['db_query']('', '
  209. SELECT id_report, ignore_all
  210. FROM {db_prefix}log_reported
  211. WHERE id_msg = {int:id_msg}
  212. AND (closed = {int:not_closed} OR ignore_all = {int:ignored})
  213. ORDER BY ignore_all DESC',
  214. array(
  215. 'id_msg' => $_POST['msg'],
  216. 'not_closed' => 0,
  217. 'ignored' => 1,
  218. )
  219. );
  220. if ($smcFunc['db_num_rows']($request) != 0)
  221. list ($id_report, $ignore) = $smcFunc['db_fetch_row']($request);
  222. $smcFunc['db_free_result']($request);
  223. // If we're just going to ignore these, then who gives a monkeys...
  224. if (!empty($ignore))
  225. redirectexit('topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
  226. // Already reported? My god, we could be dealing with a real rogue here...
  227. if (!empty($id_report))
  228. $smcFunc['db_query']('', '
  229. UPDATE {db_prefix}log_reported
  230. SET num_reports = num_reports + 1, time_updated = {int:current_time}
  231. WHERE id_report = {int:id_report}',
  232. array(
  233. 'current_time' => time(),
  234. 'id_report' => $id_report,
  235. )
  236. );
  237. // Otherwise, we shall make one!
  238. else
  239. {
  240. if (empty($message['real_name']))
  241. $message['real_name'] = $message['poster_name'];
  242. $smcFunc['db_insert']('',
  243. '{db_prefix}log_reported',
  244. array(
  245. 'id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string',
  246. 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int',
  247. 'num_reports' => 'int', 'closed' => 'int',
  248. ),
  249. array(
  250. $_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'],
  251. $message['subject'], $message['body'] , time(), time(), 1, 0,
  252. ),
  253. array('id_report')
  254. );
  255. $id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report');
  256. }
  257. // Now just add our report...
  258. if ($id_report)
  259. {
  260. $smcFunc['db_insert']('',
  261. '{db_prefix}log_reported_comments',
  262. array(
  263. 'id_report' => 'int', 'id_member' => 'int', 'membername' => 'string',
  264. 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int',
  265. ),
  266. array(
  267. $id_report, $user_info['id'], $user_info['name'],
  268. $user_info['ip'], $reason, time(),
  269. ),
  270. array('id_comment')
  271. );
  272. // And get ready to notify people.
  273. $smcFunc['db_insert']('insert',
  274. '{db_prefix}background_tasks',
  275. array('task_file' => 'string', 'task_class' => 'string', 'task_data' => 'string', 'claimed_time' => 'int'),
  276. array('$sourcedir/tasks/MsgReport-Notify.php', 'MsgReport_Notify_Background', serialize(array(
  277. 'report_id' => $id_report,
  278. 'msg_id' => $_POST['msg'],
  279. 'topic_id' => $message['id_topic'],
  280. 'board_id' => $message['id_board'],
  281. 'sender_id' => $context['user']['id'],
  282. 'sender_name' => $context['user']['name'],
  283. 'time' => time(),
  284. )), 0),
  285. array('id_task')
  286. );
  287. }
  288. // Keep track of when the mod reports get updated, that way we know when we need to look again.
  289. updateSettings(array('last_mod_report_action' => time()));
  290. // Back to the post we reported!
  291. redirectexit('reportsent;topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
  292. }
  293. function reportUser($id_member, $reason)
  294. {
  295. global $context, $smcFunc, $user_info;
  296. // Get the basic topic information, and make sure they can see it.
  297. $_POST['u'] = (int) $id_member;
  298. $request = $smcFunc['db_query']('', '
  299. SELECT id_member, real_name, member_name
  300. FROM {db_prefix}members
  301. WHERE id_member = {int:id_member}',
  302. array(
  303. 'id_member' => $_POST['u']
  304. )
  305. );
  306. if ($smcFunc['db_num_rows']($request) == 0)
  307. fatal_lang_error('no_user', false);
  308. $user = $smcFunc['db_fetch_assoc']($request);
  309. $smcFunc['db_free_result']($request);
  310. $user_name = un_htmlspecialchars($user['real_name']) . ($user['real_name'] != $user['member_name'] ? ' (' . $user['member_name'] . ')' : '');
  311. $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
  312. $request = $smcFunc['db_query']('', '
  313. SELECT id_report, ignore_all
  314. FROM {db_prefix}log_reported
  315. WHERE id_member = {int:id_member}
  316. AND id_msg = {int:not_a_reported_post}
  317. AND (closed = {int:not_closed} OR ignore_all = {int:ignored})
  318. ORDER BY ignore_all DESC',
  319. array(
  320. 'id_member' => $_POST['u'],
  321. 'not_a_reported_post' => 0,
  322. 'not_closed' => 0,
  323. 'ignored' => 1,
  324. )
  325. );
  326. if ($smcFunc['db_num_rows']($request) != 0)
  327. list ($id_report, $ignore) = $smcFunc['db_fetch_row']($request);
  328. $smcFunc['db_free_result']($request);
  329. // If we're just going to ignore these, then who gives a monkeys...
  330. if (!empty($ignore))
  331. redirectexit('action=profile;u=' . $_POST['u']);
  332. // Already reported? My god, we could be dealing with a real rogue here...
  333. if (!empty($id_report))
  334. $smcFunc['db_query']('', '
  335. UPDATE {db_prefix}log_reported
  336. SET num_reports = num_reports + 1, time_updated = {int:current_time}
  337. WHERE id_report = {int:id_report}',
  338. array(
  339. 'current_time' => time(),
  340. 'id_report' => $id_report,
  341. )
  342. );
  343. // Otherwise, we shall make one!
  344. else
  345. {
  346. $smcFunc['db_insert']('',
  347. '{db_prefix}log_reported',
  348. array(
  349. 'id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string',
  350. 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int',
  351. 'num_reports' => 'int', 'closed' => 'int',
  352. ),
  353. array(
  354. 0, 0, 0, $user['id_member'], $user_name,
  355. '', '', time(), time(), 1, 0,
  356. ),
  357. array('id_report')
  358. );
  359. $id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report');
  360. }
  361. // Now just add our report...
  362. if ($id_report)
  363. {
  364. $smcFunc['db_insert']('',
  365. '{db_prefix}log_reported_comments',
  366. array(
  367. 'id_report' => 'int', 'id_member' => 'int', 'membername' => 'string',
  368. 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int',
  369. ),
  370. array(
  371. $id_report, $user_info['id'], $user_info['name'],
  372. $user_info['ip'], $reason, time(),
  373. ),
  374. array('id_comment')
  375. );
  376. // And get ready to notify people.
  377. $smcFunc['db_insert']('insert',
  378. '{db_prefix}background_tasks',
  379. array('task_file' => 'string', 'task_class' => 'string', 'task_data' => 'string', 'claimed_time' => 'int'),
  380. array('$sourcedir/tasks/MemberReport-Notify.php', 'MemberReport_Notify_Background', serialize(array(
  381. 'report_id' => $id_report,
  382. 'user_id' => $user['id_member'],
  383. 'user_name' => $user_name,
  384. 'sender_id' => $context['user']['id'],
  385. 'sender_name' => $context['user']['name'],
  386. 'comment' => $reason,
  387. 'time' => time(),
  388. )), 0),
  389. array('id_task')
  390. );
  391. }
  392. // Keep track of when the mod reports get updated, that way we know when we need to look again.
  393. updateSettings(array('last_mod_report_action' => time()));
  394. // Back to the post we reported!
  395. redirectexit('reportsent;action=profile;u=' . $id_member);
  396. }
  397. ?>