PostModeration.php 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809
  1. <?php
  2. /**
  3. * This file's job is to handle things related to post moderation.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2014 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * This is a handling function for all things post moderation.
  18. */
  19. function PostModerationMain()
  20. {
  21. global $sourcedir;
  22. // @todo We'll shift these later bud.
  23. loadLanguage('ModerationCenter');
  24. loadTemplate('ModerationCenter');
  25. // Probably need this...
  26. require_once($sourcedir . '/ModerationCenter.php');
  27. // Allowed sub-actions, you know the drill by now!
  28. $subactions = array(
  29. 'approve' => 'ApproveMessage',
  30. 'attachments' => 'UnapprovedAttachments',
  31. 'replies' => 'UnapprovedPosts',
  32. 'topics' => 'UnapprovedPosts',
  33. );
  34. // Pick something valid...
  35. if (!isset($_REQUEST['sa']) || !isset($subactions[$_REQUEST['sa']]))
  36. $_REQUEST['sa'] = 'replies';
  37. $subactions[$_REQUEST['sa']]();
  38. }
  39. /**
  40. * View all unapproved posts.
  41. */
  42. function UnapprovedPosts()
  43. {
  44. global $txt, $scripturl, $context, $user_info, $smcFunc, $options, $modSettings;
  45. $context['current_view'] = isset($_GET['sa']) && $_GET['sa'] == 'topics' ? 'topics' : 'replies';
  46. $context['page_title'] = $txt['mc_unapproved_posts'];
  47. // Work out what boards we can work in!
  48. $approve_boards = boardsAllowedTo('approve_posts');
  49. // If we filtered by board remove ones outside of this board.
  50. // @todo Put a message saying we're filtered?
  51. if (isset($_REQUEST['brd']))
  52. {
  53. $filter_board = array((int) $_REQUEST['brd']);
  54. $approve_boards = $approve_boards == array(0) ? $filter_board : array_intersect($approve_boards, $filter_board);
  55. }
  56. if ($approve_boards == array(0))
  57. $approve_query = '';
  58. elseif (!empty($approve_boards))
  59. $approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
  60. // Nada, zip, etc...
  61. else
  62. $approve_query = ' AND 1=0';
  63. // We also need to know where we can delete topics and/or replies to.
  64. if ($context['current_view'] == 'topics')
  65. {
  66. $delete_own_boards = boardsAllowedTo('remove_own');
  67. $delete_any_boards = boardsAllowedTo('remove_any');
  68. $delete_own_replies = array();
  69. }
  70. else
  71. {
  72. $delete_own_boards = boardsAllowedTo('delete_own');
  73. $delete_any_boards = boardsAllowedTo('delete_any');
  74. $delete_own_replies = boardsAllowedTo('delete_own_replies');
  75. }
  76. $toAction = array();
  77. // Check if we have something to do?
  78. if (isset($_GET['approve']))
  79. $toAction[] = (int) $_GET['approve'];
  80. // Just a deletion?
  81. elseif (isset($_GET['delete']))
  82. $toAction[] = (int) $_GET['delete'];
  83. // Lots of approvals?
  84. elseif (isset($_POST['item']))
  85. foreach ($_POST['item'] as $item)
  86. $toAction[] = (int) $item;
  87. // What are we actually doing.
  88. if (isset($_GET['approve']) || (isset($_POST['do']) && $_POST['do'] == 'approve'))
  89. $curAction = 'approve';
  90. elseif (isset($_GET['delete']) || (isset($_POST['do']) && $_POST['do'] == 'delete'))
  91. $curAction = 'delete';
  92. // Right, so we have something to do?
  93. if (!empty($toAction) && isset($curAction))
  94. {
  95. checkSession('request');
  96. // Handy shortcut.
  97. $any_array = $curAction == 'approve' ? $approve_boards : $delete_any_boards;
  98. // Now for each message work out whether it's actually a topic, and what board it's on.
  99. $request = $smcFunc['db_query']('', '
  100. SELECT m.id_msg, m.id_member, m.id_board, m.subject, t.id_topic, t.id_first_msg, t.id_member_started
  101. FROM {db_prefix}messages AS m
  102. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
  103. LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board)
  104. WHERE m.id_msg IN ({array_int:message_list})
  105. AND m.approved = {int:not_approved}
  106. AND {query_see_board}',
  107. array(
  108. 'message_list' => $toAction,
  109. 'not_approved' => 0,
  110. )
  111. );
  112. $toAction = array();
  113. $details = array();
  114. while ($row = $smcFunc['db_fetch_assoc']($request))
  115. {
  116. // If it's not within what our view is ignore it...
  117. if (($row['id_msg'] == $row['id_first_msg'] && $context['current_view'] != 'topics') || ($row['id_msg'] != $row['id_first_msg'] && $context['current_view'] != 'replies'))
  118. continue;
  119. $can_add = false;
  120. // If we're approving this is simple.
  121. if ($curAction == 'approve' && ($any_array == array(0) || in_array($row['id_board'], $any_array)))
  122. {
  123. $can_add = true;
  124. }
  125. // Delete requires more permission checks...
  126. elseif ($curAction == 'delete')
  127. {
  128. // Own post is easy!
  129. if ($row['id_member'] == $user_info['id'] && ($delete_own_boards == array(0) || in_array($row['id_board'], $delete_own_boards)))
  130. $can_add = true;
  131. // Is it a reply to their own topic?
  132. elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) || in_array($row['id_board'], $delete_own_replies)))
  133. $can_add = true;
  134. // Someone elses?
  135. elseif ($row['id_member'] != $user_info['id'] && ($delete_any_boards == array(0) || in_array($row['id_board'], $delete_any_boards)))
  136. $can_add = true;
  137. }
  138. if ($can_add)
  139. $anItem = $context['current_view'] == 'topics' ? $row['id_topic'] : $row['id_msg'];
  140. $toAction[] = $anItem;
  141. // All clear. What have we got now, what, what?
  142. $details[$anItem] = array();
  143. $details[$anItem]["subject"] = $row['subject'];
  144. $details[$anItem]["topic"] = $row['id_topic'];
  145. $details[$anItem]["member"] = ($context['current_view'] == 'topics') ? $row['id_member_started'] : $row['id_member'];
  146. $details[$anItem]["board"] = $row['id_board'];
  147. }
  148. $smcFunc['db_free_result']($request);
  149. // If we have anything left we can actually do the approving (etc).
  150. if (!empty($toAction))
  151. {
  152. if ($curAction == 'approve')
  153. {
  154. approveMessages ($toAction, $details, $context['current_view']);
  155. }
  156. else
  157. {
  158. removeMessages ($toAction, $details, $context['current_view']);
  159. }
  160. }
  161. }
  162. // How many unapproved posts are there?
  163. $request = $smcFunc['db_query']('', '
  164. SELECT COUNT(*)
  165. FROM {db_prefix}messages AS m
  166. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic AND t.id_first_msg != m.id_msg)
  167. INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)
  168. WHERE m.approved = {int:not_approved}
  169. AND {query_see_board}
  170. ' . $approve_query,
  171. array(
  172. 'not_approved' => 0,
  173. )
  174. );
  175. list ($context['total_unapproved_posts']) = $smcFunc['db_fetch_row']($request);
  176. $smcFunc['db_free_result']($request);
  177. // What about topics? Normally we'd use the table alias t for topics but lets use m so we don't have to redo our approve query.
  178. $request = $smcFunc['db_query']('', '
  179. SELECT COUNT(m.id_topic)
  180. FROM {db_prefix}topics AS m
  181. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
  182. WHERE m.approved = {int:not_approved}
  183. AND {query_see_board}
  184. ' . $approve_query,
  185. array(
  186. 'not_approved' => 0,
  187. )
  188. );
  189. list ($context['total_unapproved_topics']) = $smcFunc['db_fetch_row']($request);
  190. $smcFunc['db_free_result']($request);
  191. // Limit to how many? (obey the user setting)
  192. $limit = !empty($options['messages_per_page']) ? $options['messages_per_page'] : $modSettings['defaultMaxMessages'];
  193. $context['page_index'] = constructPageIndex($scripturl . '?action=moderate;area=postmod;sa=' . $context['current_view'] . (isset($_REQUEST['brd']) ? ';brd=' . (int) $_REQUEST['brd'] : ''), $_GET['start'], $context['current_view'] == 'topics' ? $context['total_unapproved_topics'] : $context['total_unapproved_posts'], $limit);
  194. $context['start'] = $_GET['start'];
  195. // We have enough to make some pretty tabs!
  196. $context[$context['moderation_menu_name']]['tab_data'] = array(
  197. 'title' => $txt['mc_unapproved_posts'],
  198. 'help' => 'postmod',
  199. 'description' => $txt['mc_unapproved_posts_desc'],
  200. );
  201. // Update the tabs with the correct number of posts.
  202. $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] .= ' (' . $context['total_unapproved_posts'] . ')';
  203. $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] .= ' (' . $context['total_unapproved_topics'] . ')';
  204. // If we are filtering some boards out then make sure to send that along with the links.
  205. if (isset($_REQUEST['brd']))
  206. {
  207. $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['add_params'] = ';brd=' . (int) $_REQUEST['brd'];
  208. $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['add_params'] = ';brd=' . (int) $_REQUEST['brd'];
  209. }
  210. // Get all unapproved posts.
  211. $request = $smcFunc['db_query']('', '
  212. SELECT m.id_msg, m.id_topic, m.id_board, m.subject, m.body, m.id_member,
  213. IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.smileys_enabled,
  214. t.id_member_started, t.id_first_msg, b.name AS board_name, c.id_cat, c.name AS cat_name
  215. FROM {db_prefix}messages AS m
  216. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
  217. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
  218. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  219. LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
  220. WHERE m.approved = {int:not_approved}
  221. AND t.id_first_msg ' . ($context['current_view'] == 'topics' ? '=' : '!=') . ' m.id_msg
  222. AND {query_see_board}
  223. ' . $approve_query . '
  224. LIMIT {int:start}, {int:limit}',
  225. array(
  226. 'not_approved' => 0,
  227. 'start' => $context['start'],
  228. 'limit' => $limit,
  229. )
  230. );
  231. $context['unapproved_items'] = array();
  232. for ($i = 1; $row = $smcFunc['db_fetch_assoc']($request); $i++)
  233. {
  234. // Can delete is complicated, let's solve it first... is it their own post?
  235. if ($row['id_member'] == $user_info['id'] && ($delete_own_boards == array(0) || in_array($row['id_board'], $delete_own_boards)))
  236. $can_delete = true;
  237. // Is it a reply to their own topic?
  238. elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) || in_array($row['id_board'], $delete_own_replies)))
  239. $can_delete = true;
  240. // Someone elses?
  241. elseif ($row['id_member'] != $user_info['id'] && ($delete_any_boards == array(0) || in_array($row['id_board'], $delete_any_boards)))
  242. $can_delete = true;
  243. else
  244. $can_delete = false;
  245. $context['unapproved_items'][] = array(
  246. 'id' => $row['id_msg'],
  247. 'alternate' => $i % 2,
  248. 'counter' => $context['start'] + $i,
  249. 'href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'],
  250. 'link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'] . '">' . $row['subject'] . '</a>',
  251. 'subject' => $row['subject'],
  252. 'body' => parse_bbc($row['body'], $row['smileys_enabled'], $row['id_msg']),
  253. 'time' => timeformat($row['poster_time']),
  254. 'poster' => array(
  255. 'id' => $row['id_member'],
  256. 'name' => $row['poster_name'],
  257. 'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['poster_name'] . '</a>' : $row['poster_name'],
  258. 'href' => $scripturl . '?action=profile;u=' . $row['id_member'],
  259. ),
  260. 'topic' => array(
  261. 'id' => $row['id_topic'],
  262. ),
  263. 'board' => array(
  264. 'id' => $row['id_board'],
  265. 'name' => $row['board_name'],
  266. 'link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['board_name'] . '</a>',
  267. ),
  268. 'category' => array(
  269. 'id' => $row['id_cat'],
  270. 'name' => $row['cat_name'],
  271. 'link' => '<a href="' . $scripturl . '#c' . $row['id_cat'] . '">' . $row['cat_name'] . '</a>',
  272. ),
  273. 'can_delete' => $can_delete,
  274. );
  275. }
  276. $smcFunc['db_free_result']($request);
  277. $context['sub_template'] = 'unapproved_posts';
  278. }
  279. /**
  280. * View all unapproved attachments.
  281. */
  282. function UnapprovedAttachments()
  283. {
  284. global $txt, $scripturl, $context, $sourcedir, $smcFunc, $modSettings;
  285. $context['page_title'] = $txt['mc_unapproved_attachments'];
  286. // Once again, permissions are king!
  287. $approve_boards = boardsAllowedTo('approve_posts');
  288. if ($approve_boards == array(0))
  289. $approve_query = '';
  290. elseif (!empty($approve_boards))
  291. $approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
  292. else
  293. $approve_query = ' AND 1=0';
  294. // Get together the array of things to act on, if any.
  295. $attachments = array();
  296. if (isset($_GET['approve']))
  297. $attachments[] = (int) $_GET['approve'];
  298. elseif (isset($_GET['delete']))
  299. $attachments[] = (int) $_GET['delete'];
  300. elseif (isset($_POST['item']))
  301. foreach ($_POST['item'] as $item)
  302. $attachments[] = (int) $item;
  303. // Are we approving or deleting?
  304. if (isset($_GET['approve']) || (isset($_POST['do']) && $_POST['do'] == 'approve'))
  305. $curAction = 'approve';
  306. elseif (isset($_GET['delete']) || (isset($_POST['do']) && $_POST['do'] == 'delete'))
  307. $curAction = 'delete';
  308. // Something to do, let's do it!
  309. if (!empty($attachments) && isset($curAction))
  310. {
  311. checkSession('request');
  312. // This will be handy.
  313. require_once($sourcedir . '/ManageAttachments.php');
  314. // Confirm the attachments are eligible for changing!
  315. $request = $smcFunc['db_query']('', '
  316. SELECT a.id_attach
  317. FROM {db_prefix}attachments AS a
  318. INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg)
  319. LEFT JOIN {db_prefix}boards AS b ON (m.id_board = b.id_board)
  320. WHERE a.id_attach IN ({array_int:attachments})
  321. AND a.approved = {int:not_approved}
  322. AND a.attachment_type = {int:attachment_type}
  323. AND {query_see_board}
  324. ' . $approve_query,
  325. array(
  326. 'attachments' => $attachments,
  327. 'not_approved' => 0,
  328. 'attachment_type' => 0,
  329. )
  330. );
  331. $attachments = array();
  332. while ($row = $smcFunc['db_fetch_assoc']($request))
  333. $attachments[] = $row['id_attach'];
  334. $smcFunc['db_free_result']($request);
  335. // Assuming it wasn't all like, proper illegal, we can do the approving.
  336. if (!empty($attachments))
  337. {
  338. if ($curAction == 'approve')
  339. ApproveAttachments($attachments);
  340. else
  341. removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
  342. }
  343. }
  344. require_once($sourcedir . '/Subs-List.php');
  345. $listOptions = array(
  346. 'id' => 'mc_unapproved_attach',
  347. 'width' => '100%',
  348. 'items_per_page' => $modSettings['defaultMaxMessages'],
  349. 'no_items_label' => $txt['mc_unapproved_attachments_none_found'],
  350. 'base_href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments',
  351. 'default_sort_col' => 'attach_name',
  352. 'get_items' => array(
  353. 'function' => 'list_getUnapprovedAttachments',
  354. 'params' => array(
  355. $approve_query,
  356. ),
  357. ),
  358. 'get_count' => array(
  359. 'function' => 'list_getNumUnapprovedAttachments',
  360. 'params' => array(
  361. $approve_query,
  362. ),
  363. ),
  364. 'columns' => array(
  365. 'attach_name' => array(
  366. 'header' => array(
  367. 'value' => $txt['mc_unapproved_attach_name'],
  368. ),
  369. 'data' => array(
  370. 'db' => 'filename',
  371. ),
  372. 'sort' => array(
  373. 'default' => 'a.filename',
  374. 'reverse' => 'a.filename DESC',
  375. ),
  376. ),
  377. 'attach_size' => array(
  378. 'header' => array(
  379. 'value' => $txt['mc_unapproved_attach_size'],
  380. ),
  381. 'data' => array(
  382. 'db' => 'size',
  383. ),
  384. 'sort' => array(
  385. 'default' => 'a.size',
  386. 'reverse' => 'a.size DESC',
  387. ),
  388. ),
  389. 'attach_poster' => array(
  390. 'header' => array(
  391. 'value' => $txt['mc_unapproved_attach_poster'],
  392. ),
  393. 'data' => array(
  394. 'function' => create_function('$data', '
  395. return $data[\'poster\'][\'link\'];'
  396. )
  397. ),
  398. 'sort' => array(
  399. 'default' => 'm.id_member',
  400. 'reverse' => 'm.id_member DESC',
  401. ),
  402. ),
  403. 'date' => array(
  404. 'header' => array(
  405. 'value' => $txt['date'],
  406. 'style' => 'width: 18%;',
  407. ),
  408. 'data' => array(
  409. 'db' => 'time',
  410. 'class' => 'smalltext',
  411. 'style' => 'white-space:nowrap;',
  412. ),
  413. 'sort' => array(
  414. 'default' => 'm.poster_time',
  415. 'reverse' => 'm.poster_time DESC',
  416. ),
  417. ),
  418. 'message' => array(
  419. 'header' => array(
  420. 'value' => $txt['post'],
  421. ),
  422. 'data' => array(
  423. 'function' => create_function('$data', '
  424. return \'<a href="\' . $data[\'message\'][\'href\'] . \'">\' . shorten_subject($data[\'message\'][\'subject\'], 20) . \'</a>\';'
  425. ),
  426. 'class' => 'smalltext',
  427. 'style' => 'width:15em;',
  428. ),
  429. 'sort' => array(
  430. 'default' => 'm.subject',
  431. 'reverse' => 'm.subject DESC',
  432. ),
  433. ),
  434. 'action' => array(
  435. 'header' => array(
  436. 'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" checked />',
  437. 'style' => 'width: 4%;',
  438. 'class' => 'centercol',
  439. ),
  440. 'data' => array(
  441. 'sprintf' => array(
  442. 'format' => '<input type="checkbox" name="item[]" value="%1$d" checked class="input_check" />',
  443. 'params' => array(
  444. 'id' => false,
  445. ),
  446. ),
  447. 'class' => 'centercol',
  448. ),
  449. ),
  450. ),
  451. 'form' => array(
  452. 'href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments',
  453. 'include_sort' => true,
  454. 'include_start' => true,
  455. 'hidden_fields' => array(
  456. $context['session_var'] => $context['session_id'],
  457. ),
  458. 'token' => 'mod-ap',
  459. ),
  460. 'additional_rows' => array(
  461. array(
  462. 'position' => 'bottom_of_list',
  463. 'value' => '
  464. <select name="do" onchange="if (this.value != 0 &amp;&amp; confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
  465. <option value="0">' . $txt['with_selected'] . ':</option>
  466. <option value="0">-------------------</option>
  467. <option value="approve">&nbsp;--&nbsp;' . $txt['approve'] . '</option>
  468. <option value="delete">&nbsp;--&nbsp;' . $txt['delete'] . '</option>
  469. </select>
  470. <noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="button_submit" /></noscript>',
  471. 'align' => 'right',
  472. ),
  473. ),
  474. );
  475. // Create the request list.
  476. createToken('mod-ap');
  477. createList($listOptions);
  478. $context['sub_template'] = 'show_list';
  479. $context['default_list'] = 'mc_unapproved_attach';
  480. $context[$context['moderation_menu_name']]['tab_data'] = array(
  481. 'title' => $txt['mc_unapproved_attachments'],
  482. 'help' => '',
  483. 'description' => $txt['mc_unapproved_attachments_desc']
  484. );
  485. }
  486. /**
  487. * Callback function for UnapprovedAttachments
  488. * retrieve all the attachments waiting for approval the approver can approve
  489. *
  490. * @param int $start
  491. * @param int $items_per_page
  492. * @param string $sort
  493. * @param string $approve_query additional restrictions based on the boards the approver can see
  494. * @return array, an array of unapproved attachments
  495. */
  496. function list_getUnapprovedAttachments($start, $items_per_page, $sort, $approve_query)
  497. {
  498. global $smcFunc, $scripturl;
  499. // Get all unapproved attachments.
  500. $request = $smcFunc['db_query']('', '
  501. SELECT a.id_attach, a.filename, a.size, m.id_msg, m.id_topic, m.id_board, m.subject, m.body, m.id_member,
  502. IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time,
  503. t.id_member_started, t.id_first_msg, b.name AS board_name, c.id_cat, c.name AS cat_name
  504. FROM {db_prefix}attachments AS a
  505. INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg)
  506. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
  507. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
  508. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  509. LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
  510. WHERE a.approved = {int:not_approved}
  511. AND a.attachment_type = {int:attachment_type}
  512. AND {query_see_board}
  513. {raw:approve_query}
  514. ORDER BY {raw:sort}
  515. LIMIT {int:start}, {int:items_per_page}',
  516. array(
  517. 'not_approved' => 0,
  518. 'attachment_type' => 0,
  519. 'start' => $start,
  520. 'sort' => $sort,
  521. 'items_per_page' => $items_per_page,
  522. 'approve_query' => $approve_query,
  523. )
  524. );
  525. $unapproved_items = array();
  526. while ($row = $smcFunc['db_fetch_assoc']($request))
  527. {
  528. $unapproved_items[] = array(
  529. 'id' => $row['id_attach'],
  530. 'filename' => $row['filename'],
  531. 'size' => round($row['size'] / 1024, 2),
  532. 'time' => timeformat($row['poster_time']),
  533. 'poster' => array(
  534. 'id' => $row['id_member'],
  535. 'name' => $row['poster_name'],
  536. 'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['poster_name'] . '</a>' : $row['poster_name'],
  537. 'href' => $scripturl . '?action=profile;u=' . $row['id_member'],
  538. ),
  539. 'message' => array(
  540. 'id' => $row['id_msg'],
  541. 'subject' => $row['subject'],
  542. 'body' => parse_bbc($row['body']),
  543. 'time' => timeformat($row['poster_time']),
  544. 'href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'],
  545. ),
  546. 'topic' => array(
  547. 'id' => $row['id_topic'],
  548. ),
  549. 'board' => array(
  550. 'id' => $row['id_board'],
  551. 'name' => $row['board_name'],
  552. ),
  553. 'category' => array(
  554. 'id' => $row['id_cat'],
  555. 'name' => $row['cat_name'],
  556. ),
  557. );
  558. }
  559. $smcFunc['db_free_result']($request);
  560. return $unapproved_items;
  561. }
  562. /**
  563. * Callback function for UnapprovedAttachments
  564. * count all the attachments waiting for approval that this approver can approve
  565. *
  566. * @param string $approve_query additional restrictions based on the boards the approver can see
  567. * @return int the number of unapproved attachments
  568. */
  569. function list_getNumUnapprovedAttachments($approve_query)
  570. {
  571. global $smcFunc;
  572. // How many unapproved attachments in total?
  573. $request = $smcFunc['db_query']('', '
  574. SELECT COUNT(*)
  575. FROM {db_prefix}attachments AS a
  576. INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg)
  577. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
  578. WHERE a.approved = {int:not_approved}
  579. AND a.attachment_type = {int:attachment_type}
  580. AND {query_see_board}
  581. ' . $approve_query,
  582. array(
  583. 'not_approved' => 0,
  584. 'attachment_type' => 0,
  585. )
  586. );
  587. list ($total_unapproved_attachments) = $smcFunc['db_fetch_row']($request);
  588. $smcFunc['db_free_result']($request);
  589. return $total_unapproved_attachments;
  590. }
  591. /**
  592. * Approve a post, just the one.
  593. */
  594. function ApproveMessage()
  595. {
  596. global $user_info, $topic, $board, $sourcedir, $smcFunc;
  597. checkSession('get');
  598. $_REQUEST['msg'] = (int) $_REQUEST['msg'];
  599. require_once($sourcedir . '/Subs-Post.php');
  600. isAllowedTo('approve_posts');
  601. $request = $smcFunc['db_query']('', '
  602. SELECT t.id_member_started, t.id_first_msg, m.id_member, m.subject, m.approved
  603. FROM {db_prefix}messages AS m
  604. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
  605. WHERE m.id_msg = {int:id_msg}
  606. AND m.id_topic = {int:current_topic}
  607. LIMIT 1',
  608. array(
  609. 'current_topic' => $topic,
  610. 'id_msg' => $_REQUEST['msg'],
  611. )
  612. );
  613. list ($starter, $first_msg, $poster, $subject, $approved) = $smcFunc['db_fetch_row']($request);
  614. $smcFunc['db_free_result']($request);
  615. // If it's the first in a topic then the whole topic gets approved!
  616. if ($first_msg == $_REQUEST['msg'])
  617. {
  618. approveTopics($topic, !$approved);
  619. if ($starter != $user_info['id'])
  620. logAction(($approved ? 'un' : '') . 'approve_topic', array('topic' => $topic, 'subject' => $subject, 'member' => $starter, 'board' => $board));
  621. }
  622. else
  623. {
  624. approvePosts($_REQUEST['msg'], !$approved);
  625. if ($poster != $user_info['id'])
  626. logAction(($approved ? 'un' : '') . 'approve', array('topic' => $topic, 'subject' => $subject, 'member' => $poster, 'board' => $board));
  627. }
  628. redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg']. '#msg' . $_REQUEST['msg']);
  629. }
  630. /**
  631. * Approve a batch of posts (or topics in their own right)
  632. *
  633. * @param array $messages
  634. * @param array $messageDetails
  635. * @param (string) $current_view = replies
  636. */
  637. function approveMessages($messages, $messageDetails, $current_view = 'replies')
  638. {
  639. global $sourcedir;
  640. require_once($sourcedir . '/Subs-Post.php');
  641. if ($current_view == 'topics')
  642. {
  643. approveTopics($messages);
  644. // and tell the world about it
  645. foreach ($messages as $topic)
  646. {
  647. logAction('approve_topic', array('topic' => $topic, 'subject' => $messageDetails[$topic]['subject'], 'member' => $messageDetails[$topic]['member'], 'board' => $messageDetails[$topic]['board']));
  648. }
  649. }
  650. else
  651. {
  652. approvePosts($messages);
  653. // and tell the world about it again
  654. foreach ($messages as $post)
  655. {
  656. logAction('approve', array('topic' => $messageDetails[$post]['topic'], 'subject' => $messageDetails[$post]['subject'], 'member' => $messageDetails[$post]['member'], 'board' => $messageDetails[$post]['board']));
  657. }
  658. }
  659. }
  660. /**
  661. * This is a helper function - basically approve everything!
  662. */
  663. function approveAllData()
  664. {
  665. global $smcFunc, $sourcedir;
  666. // Start with messages and topics.
  667. $request = $smcFunc['db_query']('', '
  668. SELECT id_msg
  669. FROM {db_prefix}messages
  670. WHERE approved = {int:not_approved}',
  671. array(
  672. 'not_approved' => 0,
  673. )
  674. );
  675. $msgs = array();
  676. while ($row = $smcFunc['db_fetch_row']($request))
  677. $msgs[] = $row[0];
  678. $smcFunc['db_free_result']($request);
  679. if (!empty($msgs))
  680. {
  681. require_once($sourcedir . '/Subs-Post.php');
  682. approvePosts($msgs);
  683. }
  684. // Now do attachments
  685. $request = $smcFunc['db_query']('', '
  686. SELECT id_attach
  687. FROM {db_prefix}attachments
  688. WHERE approved = {int:not_approved}',
  689. array(
  690. 'not_approved' => 0,
  691. )
  692. );
  693. $attaches = array();
  694. while ($row = $smcFunc['db_fetch_row']($request))
  695. $attaches[] = $row[0];
  696. $smcFunc['db_free_result']($request);
  697. if (!empty($attaches))
  698. {
  699. require_once($sourcedir . '/ManageAttachments.php');
  700. ApproveAttachments($attaches);
  701. }
  702. }
  703. /**
  704. * Remove a batch of messages (or topics)
  705. *
  706. * @param array $messages
  707. * @param array $messageDetails
  708. * @param string $current_view = replies
  709. */
  710. function removeMessages($messages, $messageDetails, $current_view = 'replies')
  711. {
  712. global $sourcedir, $modSettings;
  713. // @todo something's not right, removeMessage() does check permissions,
  714. // removeTopics() doesn't
  715. require_once($sourcedir . '/RemoveTopic.php');
  716. if ($current_view == 'topics')
  717. {
  718. removeTopics($messages);
  719. // and tell the world about it
  720. foreach ($messages as $topic)
  721. // Note, only log topic ID in native form if it's not gone forever.
  722. logAction('remove', array(
  723. (empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$topic]['board'] ? 'topic' : 'old_topic_id') => $topic, 'subject' => $messageDetails[$topic]['subject'], 'member' => $messageDetails[$topic]['member'], 'board' => $messageDetails[$topic]['board']));
  724. }
  725. else
  726. {
  727. foreach ($messages as $post)
  728. {
  729. removeMessage($post);
  730. logAction('delete', array(
  731. (empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$post]['board'] ? 'topic' : 'old_topic_id') => $messageDetails[$post]['topic'], 'subject' => $messageDetails[$post]['subject'], 'member' => $messageDetails[$post]['member'], 'board' => $messageDetails[$post]['board']));
  732. }
  733. }
  734. }
  735. ?>