SendTopic.php 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297
  1. <?php
  2. /**
  3. * The functions in this file deal with sending topics to a friend or moderator
  4. * Simple Machines Forum (SMF)
  5. *
  6. * @package SMF
  7. * @author Simple Machines http://www.simplemachines.org
  8. * @copyright 2014 Simple Machines and individual contributors
  9. * @license http://www.simplemachines.org/about/smf/license.php BSD
  10. *
  11. * @version 2.1 Alpha 1
  12. */
  13. if (!defined('SMF'))
  14. die('No direct access...');
  15. /**
  16. * Report a post to the moderator... ask for a comment.
  17. * Gathers data from the user to report abuse to the moderator(s).
  18. * Uses the ReportToModerator template, main sub template.
  19. * Requires the report_any permission.
  20. * Uses ReportToModerator2() if post data was sent.
  21. * Accessed through ?action=reporttm.
  22. */
  23. function ReportToModerator()
  24. {
  25. global $txt, $topic, $context, $smcFunc;
  26. $context['robot_no_index'] = true;
  27. // No guests!
  28. is_not_guest();
  29. // You can't use this if it's off or you are not allowed to do it.
  30. isAllowedTo('report_any');
  31. // If they're posting, it should be processed by ReportToModerator2.
  32. if ((isset($_POST[$context['session_var']]) || isset($_POST['save'])) && empty($context['post_errors']))
  33. ReportToModerator2();
  34. // We need a message ID to check!
  35. if (empty($_REQUEST['msg']) && empty($_REQUEST['mid']))
  36. fatal_lang_error('no_access', false);
  37. // For compatibility, accept mid, but we should be using msg. (not the flavor kind!)
  38. $_REQUEST['msg'] = empty($_REQUEST['msg']) ? (int) $_REQUEST['mid'] : (int) $_REQUEST['msg'];
  39. // Check the message's ID - don't want anyone reporting a post they can't even see!
  40. $result = $smcFunc['db_query']('', '
  41. SELECT m.id_msg, m.id_member, t.id_member_started
  42. FROM {db_prefix}messages AS m
  43. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
  44. WHERE m.id_msg = {int:id_msg}
  45. AND m.id_topic = {int:current_topic}
  46. LIMIT 1',
  47. array(
  48. 'current_topic' => $topic,
  49. 'id_msg' => $_REQUEST['msg'],
  50. )
  51. );
  52. if ($smcFunc['db_num_rows']($result) == 0)
  53. fatal_lang_error('no_board', false);
  54. list ($_REQUEST['msg'], $member, $starter) = $smcFunc['db_fetch_row']($result);
  55. $smcFunc['db_free_result']($result);
  56. // Show the inputs for the comment, etc.
  57. loadLanguage('Post');
  58. loadTemplate('SendTopic');
  59. addInlineJavascript('
  60. var error_box = $("#error_box");
  61. $("#report_comment").keyup(function() {
  62. var post_too_long = $("#error_post_too_long");
  63. if ($(this).val().length > 254)
  64. {
  65. if (post_too_long.length == 0)
  66. {
  67. error_box.show();
  68. if ($.trim(error_box.html()) == \'\')
  69. error_box.append("<ul id=\'error_list\'></ul>");
  70. $("#error_list").append("<li id=\'error_post_too_long\' class=\'error\'>" + ' . JavaScriptEscape($txt['post_too_long']) . ' + "</li>");
  71. }
  72. }
  73. else
  74. {
  75. post_too_long.remove();
  76. if ($("#error_list li").length == 0)
  77. error_box.hide();
  78. }
  79. });', true);
  80. $context['comment_body'] = !isset($_POST['comment']) ? '' : trim($_POST['comment']);
  81. // This is here so that the user could, in theory, be redirected back to the topic.
  82. $context['start'] = $_REQUEST['start'];
  83. $context['message_id'] = $_REQUEST['msg'];
  84. $context['page_title'] = $txt['report_to_mod'];
  85. $context['sub_template'] = 'report';
  86. }
  87. /**
  88. * Send the emails.
  89. * Sends off emails to all the moderators.
  90. * Sends to administrators and global moderators. (1 and 2)
  91. * Called by ReportToModerator(), and thus has the same permission and setting requirements as it does.
  92. * Accessed through ?action=reporttm when posting.
  93. */
  94. function ReportToModerator2()
  95. {
  96. global $txt, $topic, $user_info, $modSettings, $sourcedir, $context, $smcFunc;
  97. // Sorry, no guests allowed... Probably just trying to spam us anyway
  98. is_not_guest();
  99. // You must have the proper permissions!
  100. isAllowedTo('report_any');
  101. // Make sure they aren't spamming.
  102. spamProtection('reporttm');
  103. require_once($sourcedir . '/Subs-Post.php');
  104. // No errors, yet.
  105. $post_errors = array();
  106. // Check their session.
  107. if (checkSession('post', '', false) != '')
  108. $post_errors[] = 'session_timeout';
  109. // Make sure we have a comment and it's clean.
  110. if (!isset($_POST['comment']) || $smcFunc['htmltrim']($_POST['comment']) === '')
  111. $post_errors[] = 'no_comment';
  112. $poster_comment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\t" => ''));
  113. if ($smcFunc['strlen']($poster_comment) > 254)
  114. $post_errors[] = 'post_too_long';
  115. // Guests need to provide their address!
  116. if ($user_info['is_guest'])
  117. {
  118. $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
  119. if ($_POST['email'] === '')
  120. $post_errors[] = 'no_email';
  121. elseif (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['email']) == 0)
  122. $post_errors[] = 'bad_email';
  123. isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
  124. $user_info['email'] = $smcFunc['htmlspecialchars']($_POST['email']);
  125. }
  126. // Could they get the right verification code?
  127. if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha']))
  128. {
  129. require_once($sourcedir . '/Subs-Editor.php');
  130. $verificationOptions = array(
  131. 'id' => 'report',
  132. );
  133. $context['require_verification'] = create_control_verification($verificationOptions, true);
  134. if (is_array($context['require_verification']))
  135. $post_errors = array_merge($post_errors, $context['require_verification']);
  136. }
  137. // Any errors?
  138. if (!empty($post_errors))
  139. {
  140. loadLanguage('Errors');
  141. $context['post_errors'] = array();
  142. foreach ($post_errors as $post_error)
  143. $context['post_errors'][$post_error] = $txt['error_' . $post_error];
  144. return ReportToModerator();
  145. }
  146. // Get the basic topic information, and make sure they can see it.
  147. $_POST['msg'] = (int) $_POST['msg'];
  148. $request = $smcFunc['db_query']('', '
  149. SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name
  150. FROM {db_prefix}messages AS m
  151. LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member)
  152. WHERE m.id_msg = {int:id_msg}
  153. AND m.id_topic = {int:current_topic}
  154. LIMIT 1',
  155. array(
  156. 'current_topic' => $topic,
  157. 'id_msg' => $_POST['msg'],
  158. )
  159. );
  160. if ($smcFunc['db_num_rows']($request) == 0)
  161. fatal_lang_error('no_board', false);
  162. $message = $smcFunc['db_fetch_assoc']($request);
  163. $smcFunc['db_free_result']($request);
  164. $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
  165. $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
  166. $subject = un_htmlspecialchars($message['subject']);
  167. $request = $smcFunc['db_query']('', '
  168. SELECT id_report, ignore_all
  169. FROM {db_prefix}log_reported
  170. WHERE id_msg = {int:id_msg}
  171. AND (closed = {int:not_closed} OR ignore_all = {int:ignored})
  172. ORDER BY ignore_all DESC',
  173. array(
  174. 'id_msg' => $_POST['msg'],
  175. 'not_closed' => 0,
  176. 'ignored' => 1,
  177. )
  178. );
  179. if ($smcFunc['db_num_rows']($request) != 0)
  180. list ($id_report, $ignore) = $smcFunc['db_fetch_row']($request);
  181. $smcFunc['db_free_result']($request);
  182. // If we're just going to ignore these, then who gives a monkeys...
  183. if (!empty($ignore))
  184. redirectexit('topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
  185. // Already reported? My god, we could be dealing with a real rogue here...
  186. if (!empty($id_report))
  187. $smcFunc['db_query']('', '
  188. UPDATE {db_prefix}log_reported
  189. SET num_reports = num_reports + 1, time_updated = {int:current_time}
  190. WHERE id_report = {int:id_report}',
  191. array(
  192. 'current_time' => time(),
  193. 'id_report' => $id_report,
  194. )
  195. );
  196. // Otherwise, we shall make one!
  197. else
  198. {
  199. if (empty($message['real_name']))
  200. $message['real_name'] = $message['poster_name'];
  201. $smcFunc['db_insert']('',
  202. '{db_prefix}log_reported',
  203. array(
  204. 'id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string',
  205. 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int',
  206. 'num_reports' => 'int', 'closed' => 'int',
  207. ),
  208. array(
  209. $_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'],
  210. $message['subject'], $message['body'] , time(), time(), 1, 0,
  211. ),
  212. array('id_report')
  213. );
  214. $id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report');
  215. }
  216. // Now just add our report...
  217. if ($id_report)
  218. {
  219. $smcFunc['db_insert']('',
  220. '{db_prefix}log_reported_comments',
  221. array(
  222. 'id_report' => 'int', 'id_member' => 'int', 'membername' => 'string',
  223. 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int',
  224. ),
  225. array(
  226. $id_report, $user_info['id'], $user_info['name'],
  227. $user_info['ip'], $poster_comment, time(),
  228. ),
  229. array('id_comment')
  230. );
  231. // And get ready to notify people.
  232. $smcFunc['db_insert']('insert',
  233. '{db_prefix}background_tasks',
  234. array('task_file' => 'string', 'task_class' => 'string', 'task_data' => 'string', 'claimed_time' => 'int'),
  235. array('$sourcedir/tasks/MsgReport-Notify.php', 'MsgReport_Notify_Background', serialize(array(
  236. 'report_id' => $id_report,
  237. 'msg_id' => $_POST['msg'],
  238. 'topic_id' => $message['id_topic'],
  239. 'board_id' => $message['id_board'],
  240. 'sender_id' => $context['user']['id'],
  241. 'sender_name' => $context['user']['name'],
  242. 'time' => time(),
  243. )), 0),
  244. array('id_task')
  245. );
  246. }
  247. // Keep track of when the mod reports get updated, that way we know when we need to look again.
  248. updateSettings(array('last_mod_report_action' => time()));
  249. // Back to the post we reported!
  250. redirectexit('reportsent;topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
  251. }
  252. ?>