2
0

ReportedPosts.php 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543
  1. <?php
  2. /**
  3. * Handles reported posts and moderation comments.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2014 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * Sets and call a function based on the given subaction. Acts as a dispatcher function.
  18. * It requires the moderate_forum permission.
  19. *
  20. * @uses ModerationCenter template.
  21. * @uses ModerationCenter language file.
  22. *
  23. */
  24. function ReportedPosts()
  25. {
  26. global $txt, $context, $scripturl, $user_info, $smcFunc;
  27. global $sourcedir;
  28. loadLanguage('ModerationCenter');
  29. loadTemplate('ReportedPosts');
  30. // We need this little rough gem.
  31. require_once($sourcedir . '/Subs-ReportedPosts.php');
  32. // Do we need to show a confirmation message?
  33. $context['report_post_action'] = !empty($_SESSION['rc_confirmation']) ? $_SESSION['rc_confirmation'] : array();
  34. unset($_SESSION['rc_confirmation']);
  35. // Set up the comforting bits...
  36. $context['page_title'] = $txt['mc_reported_posts'];
  37. // Put the open and closed options into tabs, because we can...
  38. $context[$context['moderation_menu_name']]['tab_data'] = array(
  39. 'title' => $txt['mc_reported_posts'],
  40. 'help' => '',
  41. 'description' => $txt['mc_reported_posts_desc'],
  42. );
  43. // This comes under the umbrella of moderating posts.
  44. if ($user_info['mod_cache']['bq'] == '0=1')
  45. isAllowedTo('moderate_forum');
  46. $sub_actions = array(
  47. 'show' => 'ShowReports',
  48. 'closed' => 'ShowClosedReports',
  49. 'handle' => 'HandleReport', // Deals with closing/opening reports.
  50. 'details' => 'ReportDetails', // Shows a single report and its comments.
  51. 'handlecomment' => 'HandleComment', // CRUD actions for moderator comments.
  52. 'editcomment' => 'EditComment',
  53. );
  54. // Go ahead and add your own sub-actions.
  55. call_integration_hook('integrate_reported_posts', array(&$sub_actions));
  56. // By default we call the open sub-action.
  57. if (isset($_REQUEST['sa']) && isset($sub_actions[$_REQUEST['sa']]))
  58. $context['sub_action'] = $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_REQUEST['sa']), ENT_QUOTES);
  59. else
  60. $context['sub_action'] = 'show';
  61. // Hi Ho Silver Away!
  62. $sub_actions[$context['sub_action']]();
  63. }
  64. /**
  65. * Shows all currently open reported posts.
  66. * Handles closing multiple reports
  67. *
  68. */
  69. function ShowReports()
  70. {
  71. global $context, $txt, $scripturl;
  72. // Showing closed or open ones? regardless, turn this to an integer for better handling.
  73. $context['view_closed'] = 0;
  74. // Call the right template.
  75. $context['sub_template'] = 'reported_posts';
  76. $context['start'] = (int) isset($_GET['start']) ? $_GET['start'] : 0;
  77. // Before anything, we need to know just how many reports do we have.
  78. $context['total_reports'] = countReports($context['view_closed']);
  79. // Just how many items are we showing per page?
  80. $context['reports_how_many'] = 10;
  81. // So, that means we can have pagination, yes?
  82. $context['page_index'] = constructPageIndex($scripturl . '?action=moderate;area=reports;sa=show', $context['start'], $context['total_reports'], $context['reports_how_many']);
  83. // Get the reports at once!
  84. $context['reports'] = getReports($context['view_closed']);
  85. // Are we closing multiple reports?
  86. if (isset($_POST['close']) && isset($_POST['close_selected']))
  87. {
  88. checkSession('post');
  89. validateToken('mod-report-close-all');
  90. // All the ones to update...
  91. $toClose = array();
  92. foreach ($_POST['close'] as $rid)
  93. $toClose[] = (int) $rid;
  94. if (!empty($toClose))
  95. updateReport('closed', 1, $toClose);
  96. // Set the confirmation message.
  97. $_SESSION['rc_confirmation'] = 'close_all';
  98. // Force a page refresh.
  99. redirectexit($scripturl . '?action=moderate;area=reports');
  100. }
  101. // Show a confirmation if the user wants to disregard a report.
  102. if (!$context['view_closed'])
  103. addInlineJavascript('
  104. $(\'.delete_message\').on(\'click\', function(){
  105. return confirm('. JavaScriptEscape($txt['mc_reportedp_delete_confirm']) .');
  106. });
  107. $(\'.report_ignore\').on(\'click\', function(){
  108. // Need to make sure to only show this when ignoring.
  109. if ($(this).data(\'ignore\') == \'1\'){
  110. return confirm('. JavaScriptEscape($txt['mc_reportedp_ignore_confirm']) .');
  111. }
  112. });', true);
  113. createToken('mod-report-close-all');
  114. createToken('mod-report-ignore', 'get');
  115. createToken('mod-report-closed', 'get');
  116. }
  117. /**
  118. * Shows all currently closed reported posts.
  119. *
  120. */
  121. function ShowClosedReports()
  122. {
  123. global $context, $txt, $scripturl;
  124. // Showing closed ones.
  125. $context['view_closed'] = 1;
  126. // Call the right template.
  127. $context['sub_template'] = 'reported_posts';
  128. $context['start'] = (int) isset($_GET['start']) ? $_GET['start'] : 0;
  129. // Before anything, we need to know just how many reports do we have.
  130. $context['total_reports'] = countReports($context['view_closed']);
  131. // Just how many items are we showing per page?
  132. $context['reports_how_many'] = 10;
  133. // So, that means we can have pagination, yes?
  134. $context['page_index'] = constructPageIndex($scripturl . '?action=moderate;area=reports;sa=closed', $context['start'], $context['total_reports'], $context['reports_how_many']);
  135. // Get the reports at once!
  136. $context['reports'] = getReports($context['view_closed']);
  137. // Show a confirmation if the user wants to disregard a report.
  138. addInlineJavascript('
  139. $(\'.delete_message\').on(\'click\', function(){
  140. return confirm('. JavaScriptEscape($txt['mc_reportedp_delete_confirm']) .');
  141. });
  142. $(\'.report_ignore\').on(\'click\', function(){
  143. // Need to make sure to only show this when ignoring.
  144. if ($(this).data(\'ignore\') == \'1\'){
  145. return confirm('. JavaScriptEscape($txt['mc_reportedp_ignore_confirm']) .');
  146. }
  147. });', true);
  148. createToken('mod-report-ignore', 'get');
  149. createToken('mod-report-closed', 'get');
  150. }
  151. /**
  152. * Shows detailed information about a report. such as report comments and moderator comments.
  153. * Shows a list of moderation actions for the specific report.
  154. *
  155. */
  156. function ReportDetails()
  157. {
  158. global $user_info, $context, $sourcedir, $scripturl, $txt;
  159. global $smcFunc;
  160. $report = array();
  161. $reportComments = array();
  162. // Have to at least give us something to work with.
  163. if (empty($_REQUEST['rid']))
  164. fatal_lang_error('mc_reportedp_none_found');
  165. // Integers only please
  166. $report_id = (int) $_REQUEST['rid'];
  167. // Get the report details.
  168. $report = getReportDetails($report_id);
  169. if(!$report)
  170. fatal_lang_error('mc_no_modreport_found');
  171. // Build the report data.
  172. $context['report'] = array(
  173. 'id' => $report['id_report'],
  174. 'topic_id' => $report['id_topic'],
  175. 'board_id' => $report['id_board'],
  176. 'message_id' => $report['id_msg'],
  177. 'message_href' => $scripturl . '?msg=' . $report['id_msg'],
  178. 'message_link' => '<a href="' . $scripturl . '?msg=' . $report['id_msg'] . '">' . $report['subject'] . '</a>',
  179. 'report_href' => $scripturl . '?action=moderate;area=reports;rid=' . $report['id_report'],
  180. 'author' => array(
  181. 'id' => $report['id_author'],
  182. 'name' => $report['author_name'],
  183. 'link' => $report['id_author'] ? '<a href="' . $scripturl . '?action=profile;u=' . $report['id_author'] . '">' . $report['author_name'] . '</a>' : $report['author_name'],
  184. 'href' => $scripturl . '?action=profile;u=' . $report['id_author'],
  185. ),
  186. 'comments' => array(),
  187. 'mod_comments' => array(),
  188. 'time_started' => timeformat($report['time_started']),
  189. 'last_updated' => timeformat($report['time_updated']),
  190. 'subject' => $report['subject'],
  191. 'body' => parse_bbc($report['body']),
  192. 'num_reports' => $report['num_reports'],
  193. 'closed' => $report['closed'],
  194. 'ignore' => $report['ignore_all']
  195. );
  196. $reportComments = getReportComments($report_id);
  197. if (!empty($reportComments))
  198. $context['report'] = array_merge($context['report'], $reportComments);
  199. // What have the other moderators done to this message?
  200. require_once($sourcedir . '/Modlog.php');
  201. require_once($sourcedir . '/Subs-List.php');
  202. loadLanguage('Modlog');
  203. // This is all the information from the moderation log.
  204. $listOptions = array(
  205. 'id' => 'moderation_actions_list',
  206. 'title' => $txt['mc_modreport_modactions'],
  207. 'items_per_page' => 15,
  208. 'no_items_label' => $txt['modlog_no_entries_found'],
  209. 'base_href' => $scripturl . '?action=moderate;area=reports;sa=details;rid=' . $context['report']['id'],
  210. 'default_sort_col' => 'time',
  211. 'get_items' => array(
  212. 'function' => 'list_getModLogEntries',
  213. 'params' => array(
  214. 'lm.id_topic = {int:id_topic}',
  215. array('id_topic' => $context['report']['topic_id']),
  216. 1,
  217. ),
  218. ),
  219. 'get_count' => array(
  220. 'function' => 'list_getModLogEntryCount',
  221. 'params' => array(
  222. 'lm.id_topic = {int:id_topic}',
  223. array('id_topic' => $context['report']['topic_id']),
  224. 1,
  225. ),
  226. ),
  227. // This assumes we are viewing by user.
  228. 'columns' => array(
  229. 'action' => array(
  230. 'header' => array(
  231. 'value' => $txt['modlog_action'],
  232. ),
  233. 'data' => array(
  234. 'db' => 'action_text',
  235. 'class' => 'smalltext',
  236. ),
  237. 'sort' => array(
  238. 'default' => 'lm.action',
  239. 'reverse' => 'lm.action DESC',
  240. ),
  241. ),
  242. 'time' => array(
  243. 'header' => array(
  244. 'value' => $txt['modlog_date'],
  245. ),
  246. 'data' => array(
  247. 'db' => 'time',
  248. 'class' => 'smalltext',
  249. ),
  250. 'sort' => array(
  251. 'default' => 'lm.log_time',
  252. 'reverse' => 'lm.log_time DESC',
  253. ),
  254. ),
  255. 'moderator' => array(
  256. 'header' => array(
  257. 'value' => $txt['modlog_member'],
  258. ),
  259. 'data' => array(
  260. 'db' => 'moderator_link',
  261. 'class' => 'smalltext',
  262. ),
  263. 'sort' => array(
  264. 'default' => 'mem.real_name',
  265. 'reverse' => 'mem.real_name DESC',
  266. ),
  267. ),
  268. 'position' => array(
  269. 'header' => array(
  270. 'value' => $txt['modlog_position'],
  271. ),
  272. 'data' => array(
  273. 'db' => 'position',
  274. 'class' => 'smalltext',
  275. ),
  276. 'sort' => array(
  277. 'default' => 'mg.group_name',
  278. 'reverse' => 'mg.group_name DESC',
  279. ),
  280. ),
  281. 'ip' => array(
  282. 'header' => array(
  283. 'value' => $txt['modlog_ip'],
  284. ),
  285. 'data' => array(
  286. 'db' => 'ip',
  287. 'class' => 'smalltext',
  288. ),
  289. 'sort' => array(
  290. 'default' => 'lm.ip',
  291. 'reverse' => 'lm.ip DESC',
  292. ),
  293. ),
  294. ),
  295. );
  296. // Create the watched user list.
  297. createList($listOptions);
  298. // Make sure to get the correct tab selected.
  299. if ($context['report']['closed'])
  300. $context[$context['moderation_menu_name']]['current_subsection'] = 'closed';
  301. addInlineJavascript('
  302. $(\'.deleteModComment\').on(\'click\', function() {
  303. return confirm('. (JavaScriptEscape($txt['mc_reportedp_delete_confirm'])) .');
  304. });', true);
  305. // Finally we are done :P
  306. $context['page_title'] = sprintf($txt['mc_viewmodreport'], $context['report']['subject'], $context['report']['author']['name']);
  307. $context['sub_template'] = 'viewmodreport';
  308. // We can ignore a report from this page too so show the confirmation on here as well.
  309. addInlineJavascript('
  310. $(\'.report_ignore\').on(\'click\', function(){
  311. // Need to make sure to only show this when ignoring.
  312. if ($(this).data(\'ignore\') == \'1\'){
  313. return confirm('. JavaScriptEscape($txt['mc_reportedp_ignore_confirm']) .');
  314. }
  315. });', true);
  316. createToken('mod-reportC-add');
  317. createToken('mod-reportC-delete', 'get');
  318. // We can "un-disregard" and close a report from here so add their respective tokens.
  319. createToken('mod-report-ignore', 'get');
  320. createToken('mod-report-closed', 'get');
  321. }
  322. /**
  323. * Creates/Deletes moderator comments.
  324. *
  325. */
  326. function HandleComment()
  327. {
  328. global $smcFunc, $scripturl, $user_info;
  329. $comment = array();
  330. // The report ID is a must.
  331. if (empty($_REQUEST['rid']))
  332. fatal_lang_error('mc_reportedp_none_found');
  333. // Integers only please.
  334. $report_id = (int) $_REQUEST['rid'];
  335. // If they are adding a comment then... add a comment.
  336. if (isset($_POST['add_comment']) && !empty($_POST['mod_comment']))
  337. {
  338. checkSession();
  339. validateToken('mod-reportC-add');
  340. $new_comment = trim($smcFunc['htmlspecialchars']($_POST['mod_comment']));
  341. saveModComment($report_id, array($report_id, $new_comment, time()));
  342. // Everything went better than expected!
  343. $_SESSION['rc_confirmation'] = 'message_saved';
  344. }
  345. // Deleting a comment?
  346. if (isset($_REQUEST['delete']) && isset($_REQUEST['mid']))
  347. {
  348. checkSession('get');
  349. validateToken('mod-reportC-delete', 'get');
  350. if (empty($_REQUEST['mid']))
  351. fatal_lang_error('mc_reportedp_comment_none_found');
  352. $comment_id = (int) $_REQUEST['mid'];
  353. // We need to verify some data, so lets load the comment details once more!
  354. $comment = getCommentModDetails($comment_id);
  355. // Perhaps somebody else already deleted this fine gem...
  356. if (empty($comment))
  357. fatal_lang_error('report_action_message_delete_issue');
  358. // Can you actually do this?
  359. $comment_owner = $user_info['id'] == $context['comment']['id_member'];
  360. // Nope! sorry.
  361. if (!allowedTo('admin_forum') || !$comment_owner)
  362. fatal_lang_error('report_action_message_delete_cannot');
  363. // All good!
  364. deleteModComment($comment_id);
  365. // Tell them the message was deleted.
  366. $_SESSION['rc_confirmation'] = 'message_deleted';
  367. }
  368. //Redirect to prevent double submission.
  369. redirectexit($scripturl . '?action=moderate;area=reports;sa=details;rid=' . $report_id);
  370. }
  371. /**
  372. * Shows a textarea for editing a moderator comment.
  373. * Handles the edited comment and stores it on the DB.
  374. *
  375. */
  376. function EditComment()
  377. {
  378. global $smcFunc, $context, $txt, $scripturl, $user_info;
  379. $comment = array();
  380. checkSession(isset($_REQUEST['save']) ? 'post' : 'get');
  381. // The report ID is a must.
  382. if (empty($_REQUEST['rid']))
  383. fatal_lang_error('mc_reportedp_none_found');
  384. if (empty($_REQUEST['mid']))
  385. fatal_lang_error('mc_reportedp_comment_none_found');
  386. // Integers only please.
  387. $context['report_id'] = (int) $_REQUEST['rid'];
  388. $context['comment_id'] = (int) $_REQUEST['mid'];
  389. $context['comment'] = getCommentModDetails($context['comment_id']);
  390. if (empty($context['comment']))
  391. fatal_lang_error('mc_reportedp_comment_none_found');
  392. // Set up the comforting bits...
  393. $context['page_title'] = $txt['mc_reported_posts'];
  394. $context['sub_template'] = 'edit_comment';
  395. if (isset($_REQUEST['save']) && isset($_POST['edit_comment']) && !empty($_POST['mod_comment']))
  396. {
  397. validateToken('mod-reportC-edit');
  398. // Make sure there is some data to edit on the DB.
  399. if (empty($context['comment']))
  400. fatal_lang_error('report_action_message_edit_issue');
  401. // Still there, good, now lets see if you can actually edit it...
  402. $comment_owner = $user_info['id'] == $context['comment']['id_member'];
  403. // So, you aren't neither an admin or the comment owner huh? that's too bad.
  404. if (!allowedTo('admin_forum') || !$comment_owner)
  405. fatal_lang_error('report_action_message_edit_cannot');
  406. // All good!
  407. $edited_comment = trim($smcFunc['htmlspecialchars']($_POST['mod_comment']));
  408. editModComment($context['comment_id'], $edited_comment);
  409. $_SESSION['rc_confirmation'] = 'message_edited';
  410. redirectexit($scripturl . '?action=moderate;area=reports;sa=details;rid=' . $context['report_id']);
  411. }
  412. createToken('mod-reportC-edit');
  413. }
  414. /**
  415. * Performs closing/ignoring actions for a given report.
  416. *
  417. */
  418. function HandleReport()
  419. {
  420. global $scripturl;
  421. checkSession('get');
  422. // We need to do something!
  423. if (empty($_GET['rid']) && (!isset($_GET['ignore']) || !isset($_GET['closed'])))
  424. fatal_lang_error('mc_reportedp_none_found');
  425. // What are we gonna do?
  426. $action = isset($_GET['ignore']) ? 'ignore' : 'closed';
  427. validateToken('mod-report-'. $action, 'get');
  428. // Are we disregarding or "un-disregarding"? "un-disregarding" thats a funny word!
  429. $value = (int) $_GET[$action];
  430. // Figuring out.
  431. $message = $action == 'ignore' ? ($value ? 'ignore' : 'unignore') : ($value ? 'close' : 'open');
  432. // Integers only please.
  433. $report_id = (int) $_REQUEST['rid'];
  434. // Update the DB entry
  435. updateReport($action, $value, $report_id);
  436. // So, time to show a confirmation message, lets do some trickery!
  437. $_SESSION['rc_confirmation'] = $message;
  438. // Done!
  439. redirectexit($scripturl . '?action=moderate;area=reports');
  440. }
  441. ?>