Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of [email protected]:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: c8e62fe029
Branches Tags
SMF2.1
/
Sources
/
PostModeration.php

PostModeration.php 26 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * This file's job is to handle things related to post moderation.
    5. 

  5.  *
    6. 

  6.  * Simple Machines Forum (SMF)
    7. 

  7.  *
    8. 

  8.  * @package SMF
    9. 

  9.  * @author Simple Machines http://www.simplemachines.org
    10. 

  10.  * @copyright 2012 Simple Machines
    11. 

  11.  * @license http://www.simplemachines.org/about/smf/license.php BSD
    12. 

  12.  *
    13. 

  13.  * @version 2.1 Alpha 1
    14. 

  14.  */
    15. 

  15. 

  16. if (!defined('SMF'))
    17. 

  17. 	die('Hacking attempt...');
    18. 

  18. 

  19. /**
    20. 

  20.  * This is a handling function for all things post moderation.
    21. 

  21.  */
    22. 

  22. function PostModerationMain()
    23. 

  23. {
    24. 

  24. 	global $sourcedir;
    25. 

  25. 

  26. 	 // @todo We'll shift these later bud.
    27. 

  27. 	loadLanguage('ModerationCenter');
    28. 

  28. 	loadTemplate('ModerationCenter');
    29. 

  29. 

  30. 	// Probably need this...
    31. 

  31. 	require_once($sourcedir . '/ModerationCenter.php');
    32. 

  32. 

  33. 	// Allowed sub-actions, you know the drill by now!
    34. 

  34. 	$subactions = array(
    35. 

  35. 		'approve' => 'ApproveMessage',
    36. 

  36. 		'attachments' => 'UnapprovedAttachments',
    37. 

  37. 		'replies' => 'UnapprovedPosts',
    38. 

  38. 		'topics' => 'UnapprovedPosts',
    39. 

  39. 	);
    40. 

  40. 

  41. 	// Pick something valid...
    42. 

  42. 	if (!isset($_REQUEST['sa']) || !isset($subactions[$_REQUEST['sa']]))
    43. 

  43. 		$_REQUEST['sa'] = 'replies';
    44. 

  44. 

  45. 	$subactions[$_REQUEST['sa']]();
    46. 

  46. }
    47. 

  47. 

  48. /**
    49. 

  49.  * View all unapproved posts.
    50. 

  50.  */
    51. 

  51. function UnapprovedPosts()
    52. 

  52. {
    53. 

  53. 	global $txt, $scripturl, $context, $user_info, $smcFunc;
    54. 

  54. 

  55. 	$context['current_view'] = isset($_GET['sa']) && $_GET['sa'] == 'topics' ? 'topics' : 'replies';
    56. 

  56. 	$context['page_title'] = $txt['mc_unapproved_posts'];
    57. 

  57. 

  58. 	// Work out what boards we can work in!
    59. 

  59. 	$approve_boards = boardsAllowedTo('approve_posts');
    60. 

  60. 

  61. 	// If we filtered by board remove ones outside of this board.
    62. 

  62. 	// @todo Put a message saying we're filtered?
    63. 

  63. 	if (isset($_REQUEST['brd']))
    64. 

  64. 	{
    65. 

  65. 		$filter_board = array((int) $_REQUEST['brd']);
    66. 

  66. 		$approve_boards = $approve_boards == array(0) ? $filter_board : array_intersect($approve_boards, $filter_board);
    67. 

  67. 	}
    68. 

  68. 

  69. 	if ($approve_boards == array(0))
    70. 

  70. 		$approve_query = '';
    71. 

  71. 	elseif (!empty($approve_boards))
    72. 

  72. 		$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
    73. 

  73. 	// Nada, zip, etc...
    74. 

  74. 	else
    75. 

  75. 		$approve_query = ' AND 0';
    76. 

  76. 

  77. 	// We also need to know where we can delete topics and/or replies to.
    78. 

  78. 	if ($context['current_view'] == 'topics')
    79. 

  79. 	{
    80. 

  80. 		$delete_own_boards = boardsAllowedTo('remove_own');
    81. 

  81. 		$delete_any_boards = boardsAllowedTo('remove_any');
    82. 

  82. 		$delete_own_replies = array();
    83. 

  83. 	}
    84. 

  84. 	else
    85. 

  85. 	{
    86. 

  86. 		$delete_own_boards = boardsAllowedTo('delete_own');
    87. 

  87. 		$delete_any_boards = boardsAllowedTo('delete_any');
    88. 

  88. 		$delete_own_replies = boardsAllowedTo('delete_own_replies');
    89. 

  89. 	}
    90. 

  90. 

  91. 	$toAction = array();
    92. 

  92. 	// Check if we have something to do?
    93. 

  93. 	if (isset($_GET['approve']))
    94. 

  94. 		$toAction[] = (int) $_GET['approve'];
    95. 

  95. 	// Just a deletion?
    96. 

  96. 	elseif (isset($_GET['delete']))
    97. 

  97. 		$toAction[] = (int) $_GET['delete'];
    98. 

  98. 	// Lots of approvals?
    99. 

  99. 	elseif (isset($_POST['item']))
    100. 

  100. 		foreach ($_POST['item'] as $item)
    101. 

  101. 			$toAction[] = (int) $item;
    102. 

  102. 

  103. 	// What are we actually doing.
    104. 

  104. 	if (isset($_GET['approve']) || (isset($_POST['do']) && $_POST['do'] == 'approve'))
    105. 

  105. 		$curAction = 'approve';
    106. 

  106. 	elseif (isset($_GET['delete']) || (isset($_POST['do']) && $_POST['do'] == 'delete'))
    107. 

  107. 		$curAction = 'delete';
    108. 

  108. 

  109. 	// Right, so we have something to do?
    110. 

  110. 	if (!empty($toAction) && isset($curAction))
    111. 

  111. 	{
    112. 

  112. 		checkSession('request');
    113. 

  113. 

  114. 		// Handy shortcut.
    115. 

  115. 		$any_array = $curAction == 'approve' ? $approve_boards : $delete_any_boards;
    116. 

  116. 

  117. 		// Now for each message work out whether it's actually a topic, and what board it's on.
    118. 

  118. 		$request = $smcFunc['db_query']('', '
    119. 

  119. 			SELECT m.id_msg, m.id_member, m.id_board, m.subject, t.id_topic, t.id_first_msg, t.id_member_started
    120. 

  120. 			FROM {db_prefix}messages AS m
    121. 

  121. 				INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
    122. 

  122. 			LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board)
    123. 

  123. 			WHERE m.id_msg IN ({array_int:message_list})
    124. 

  124. 				AND m.approved = {int:not_approved}
    125. 

  125. 				AND {query_see_board}',
    126. 

  126. 			array(
    127. 

  127. 				'message_list' => $toAction,
    128. 

  128. 				'not_approved' => 0,
    129. 

  129. 			)
    130. 

  130. 		);
    131. 

  131. 		$toAction = array();
    132. 

  132. 		$details = array();
    133. 

  133. 		while ($row = $smcFunc['db_fetch_assoc']($request))
    134. 

  134. 		{
    135. 

  135. 			// If it's not within what our view is ignore it...
    136. 

  136. 			if (($row['id_msg'] == $row['id_first_msg'] && $context['current_view'] != 'topics') || ($row['id_msg'] != $row['id_first_msg'] && $context['current_view'] != 'replies'))
    137. 

  137. 				continue;
    138. 

  138. 

  139. 			$can_add = false;
    140. 

  140. 			// If we're approving this is simple.
    141. 

  141. 			if ($curAction == 'approve' && ($any_array == array(0) || in_array($row['id_board'], $any_array)))
    142. 

  142. 			{
    143. 

  143. 				$can_add = true;
    144. 

  144. 			}
    145. 

  145. 			// Delete requires more permission checks...
    146. 

  146. 			elseif ($curAction == 'delete')
    147. 

  147. 			{
    148. 

  148. 				// Own post is easy!
    149. 

  149. 				if ($row['id_member'] == $user_info['id'] && ($delete_own_boards == array(0) || in_array($row['id_board'], $delete_own_boards)))
    150. 

  150. 					$can_add = true;
    151. 

  151. 				// Is it a reply to their own topic?
    152. 

  152. 				elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) || in_array($row['id_board'], $delete_own_replies)))
    153. 

  153. 					$can_add = true;
    154. 

  154. 				// Someone elses?
    155. 

  155. 				elseif ($row['id_member'] != $user_info['id'] && ($delete_any_boards == array(0) || in_array($row['id_board'], $delete_any_boards)))
    156. 

  156. 					$can_add = true;
    157. 

  157. 			}
    158. 

  158. 

  159. 			if ($can_add)
    160. 

  160. 				$anItem = $context['current_view'] == 'topics' ? $row['id_topic'] : $row['id_msg'];
    161. 

  161. 			$toAction[] = $anItem;
    162. 

  162. 

  163. 			// All clear. What have we got now, what, what?
    164. 

  164. 			$details[$anItem] = array();
    165. 

  165. 			$details[$anItem]["subject"] = $row['subject'];
    166. 

  166. 			$details[$anItem]["topic"] = $row['id_topic'];
    167. 

  167. 			$details[$anItem]["member"] = ($context['current_view'] == 'topics') ? $row['id_member_started'] : $row['id_member'];
    168. 

  168. 			$details[$anItem]["board"] = $row['id_board'];
    169. 

  169. 		}
    170. 

  170. 		$smcFunc['db_free_result']($request);
    171. 

  171. 

  172. 		// If we have anything left we can actually do the approving (etc).
    173. 

  173. 		if (!empty($toAction))
    174. 

  174. 		{
    175. 

  175. 			if ($curAction == 'approve')
    176. 

  176. 			{
    177. 

  177. 				approveMessages ($toAction, $details, $context['current_view']);
    178. 

  178. 			}
    179. 

  179. 			else
    180. 

  180. 			{
    181. 

  181. 				removeMessages ($toAction, $details, $context['current_view']);
    182. 

  182. 			}
    183. 

  183. 		}
    184. 

  184. 	}
    185. 

  185. 

  186. 	// How many unapproved posts are there?
    187. 

  187. 	$request = $smcFunc['db_query']('', '
    188. 

  188. 		SELECT COUNT(*)
    189. 

  189. 		FROM {db_prefix}messages AS m
    190. 

  190. 			INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic AND t.id_first_msg != m.id_msg)
    191. 

  191. 			INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)
    192. 

  192. 		WHERE m.approved = {int:not_approved}
    193. 

  193. 			AND {query_see_board}
    194. 

  194. 			' . $approve_query,
    195. 

  195. 		array(
    196. 

  196. 			'not_approved' => 0,
    197. 

  197. 		)
    198. 

  198. 	);
    199. 

  199. 	list ($context['total_unapproved_posts']) = $smcFunc['db_fetch_row']($request);
    200. 

  200. 	$smcFunc['db_free_result']($request);
    201. 

  201. 

  202. 	// What about topics?  Normally we'd use the table alias t for topics but lets use m so we don't have to redo our approve query.
    203. 

  203. 	$request = $smcFunc['db_query']('', '
    204. 

  204. 		SELECT COUNT(m.id_topic)
    205. 

  205. 		FROM {db_prefix}topics AS m
    206. 

  206. 			INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
    207. 

  207. 		WHERE m.approved = {int:not_approved}
    208. 

  208. 			AND {query_see_board}
    209. 

  209. 			' . $approve_query,
    210. 

  210. 		array(
    211. 

  211. 			'not_approved' => 0,
    212. 

  212. 		)
    213. 

  213. 	);
    214. 

  214. 	list ($context['total_unapproved_topics']) = $smcFunc['db_fetch_row']($request);
    215. 

  215. 	$smcFunc['db_free_result']($request);
    216. 

  216. 

  217. 	$context['page_index'] = constructPageIndex($scripturl . '?action=moderate;area=postmod;sa=' . $context['current_view'] . (isset($_REQUEST['brd']) ? ';brd=' . (int) $_REQUEST['brd'] : ''), $_GET['start'], $context['current_view'] == 'topics' ? $context['total_unapproved_topics'] : $context['total_unapproved_posts'], 10);
    218. 

  218. 	$context['start'] = $_GET['start'];
    219. 

  219. 

  220. 	// We have enough to make some pretty tabs!
    221. 

  221. 	$context[$context['moderation_menu_name']]['tab_data'] = array(
    222. 

  222. 		'title' => $txt['mc_unapproved_posts'],
    223. 

  223. 		'help' => 'postmod',
    224. 

  224. 		'description' => $txt['mc_unapproved_posts_desc'],
    225. 

  225. 	);
    226. 

  226. 

  227. 	// Update the tabs with the correct number of posts.
    228. 

  228. 	$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] .= ' (' . $context['total_unapproved_posts'] . ')';
    229. 

  229. 	$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] .= ' (' . $context['total_unapproved_topics'] . ')';
    230. 

  230. 

  231. 	// If we are filtering some boards out then make sure to send that along with the links.
    232. 

  232. 	if (isset($_REQUEST['brd']))
    233. 

  233. 	{
    234. 

  234. 		$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['add_params'] = ';brd=' . (int) $_REQUEST['brd'];
    235. 

  235. 		$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['add_params'] = ';brd=' . (int) $_REQUEST['brd'];
    236. 

  236. 	}
    237. 

  237. 

  238. 	// Get all unapproved posts.
    239. 

  239. 	$request = $smcFunc['db_query']('', '
    240. 

  240. 		SELECT m.id_msg, m.id_topic, m.id_board, m.subject, m.body, m.id_member,
    241. 

  241. 			IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.smileys_enabled,
    242. 

  242. 			t.id_member_started, t.id_first_msg, b.name AS board_name, c.id_cat, c.name AS cat_name
    243. 

  243. 		FROM {db_prefix}messages AS m
    244. 

  244. 			INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
    245. 

  245. 			INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
    246. 

  246. 			LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
    247. 

  247. 			LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
    248. 

  248. 		WHERE m.approved = {int:not_approved}
    249. 

  249. 			AND t.id_first_msg ' . ($context['current_view'] == 'topics' ? '=' : '!=') . ' m.id_msg
    250. 

  250. 			AND {query_see_board}
    251. 

  251. 			' . $approve_query . '
    252. 

  252. 		LIMIT ' . $context['start'] . ', 10',
    253. 

  253. 		array(
    254. 

  254. 			'not_approved' => 0,
    255. 

  255. 		)
    256. 

  256. 	);
    257. 

  257. 	$context['unapproved_items'] = array();
    258. 

  258. 	for ($i = 1; $row = $smcFunc['db_fetch_assoc']($request); $i++)
    259. 

  259. 	{
    260. 

  260. 		// Can delete is complicated, let's solve it first... is it their own post?
    261. 

  261. 		if ($row['id_member'] == $user_info['id'] && ($delete_own_boards == array(0) || in_array($row['id_board'], $delete_own_boards)))
    262. 

  262. 			$can_delete = true;
    263. 

  263. 		// Is it a reply to their own topic?
    264. 

  264. 		elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) || in_array($row['id_board'], $delete_own_replies)))
    265. 

  265. 			$can_delete = true;
    266. 

  266. 		// Someone elses?
    267. 

  267. 		elseif ($row['id_member'] != $user_info['id'] && ($delete_any_boards == array(0) || in_array($row['id_board'], $delete_any_boards)))
    268. 

  268. 			$can_delete = true;
    269. 

  269. 		else
    270. 

  270. 			$can_delete = false;
    271. 

  271. 

  272. 		$context['unapproved_items'][] = array(
    273. 

  273. 			'id' => $row['id_msg'],
    274. 

  274. 			'alternate' => $i % 2,
    275. 

  275. 			'counter' => $context['start'] + $i,
    276. 

  276. 			'href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'],
    277. 

  277. 			'link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'] . '">' . $row['subject'] . '</a>',
    278. 

  278. 			'subject' => $row['subject'],
    279. 

  279. 			'body' => parse_bbc($row['body'], $row['smileys_enabled'], $row['id_msg']),
    280. 

  280. 			'time' => timeformat($row['poster_time']),
    281. 

  281. 			'poster' => array(
    282. 

  282. 				'id' => $row['id_member'],
    283. 

  283. 				'name' => $row['poster_name'],
    284. 

  284. 				'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['poster_name'] . '</a>' : $row['poster_name'],
    285. 

  285. 				'href' => $scripturl . '?action=profile;u=' . $row['id_member'],
    286. 

  286. 			),
    287. 

  287. 			'topic' => array(
    288. 

  288. 				'id' => $row['id_topic'],
    289. 

  289. 			),
    290. 

  290. 			'board' => array(
    291. 

  291. 				'id' => $row['id_board'],
    292. 

  292. 				'name' => $row['board_name'],
    293. 

  293. 				'link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['board_name'] . '</a>',
    294. 

  294. 			),
    295. 

  295. 			'category' => array(
    296. 

  296. 				'id' => $row['id_cat'],
    297. 

  297. 				'name' => $row['cat_name'],
    298. 

  298. 				'link' => '<a href="', $scripturl, '#c', $row['id_cat'], '">', $row['cat_name'], '</a>',
    299. 

  299. 			),
    300. 

  300. 			'can_delete' => $can_delete,
    301. 

  301. 		);
    302. 

  302. 	}
    303. 

  303. 	$smcFunc['db_free_result']($request);
    304. 

  304. 

  305. 	$context['sub_template'] = 'unapproved_posts';
    306. 

  306. }
    307. 

  307. 

  308. /**
    309. 

  309.  * View all unapproved attachments.
    310. 

  310.  */
    311. 

  311. function UnapprovedAttachments()
    312. 

  312. {
    313. 

  313. 	global $txt, $scripturl, $context, $user_info, $sourcedir, $smcFunc, $modSettings;
    314. 

  314. 

  315. 	$context['page_title'] = $txt['mc_unapproved_attachments'];
    316. 

  316. 

  317. 	// Once again, permissions are king!
    318. 

  318. 	$approve_boards = boardsAllowedTo('approve_posts');
    319. 

  319. 

  320. 	if ($approve_boards == array(0))
    321. 

  321. 		$approve_query = '';
    322. 

  322. 	elseif (!empty($approve_boards))
    323. 

  323. 		$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
    324. 

  324. 	else
    325. 

  325. 		$approve_query = ' AND 0';
    326. 

  326. 

  327. 	// Get together the array of things to act on, if any.
    328. 

  328. 	$attachments = array();
    329. 

  329. 	if (isset($_GET['approve']))
    330. 

  330. 		$attachments[] = (int) $_GET['approve'];
    331. 

  331. 	elseif (isset($_GET['delete']))
    332. 

  332. 		$attachments[] = (int) $_GET['delete'];
    333. 

  333. 	elseif (isset($_POST['item']))
    334. 

  334. 		foreach ($_POST['item'] as $item)
    335. 

  335. 			$attachments[] = (int) $item;
    336. 

  336. 

  337. 	// Are we approving or deleting?
    338. 

  338. 	if (isset($_GET['approve']) || (isset($_POST['do']) && $_POST['do'] == 'approve'))
    339. 

  339. 		$curAction = 'approve';
    340. 

  340. 	elseif (isset($_GET['delete']) || (isset($_POST['do']) && $_POST['do'] == 'delete'))
    341. 

  341. 		$curAction = 'delete';
    342. 

  342. 

  343. 	// Something to do, let's do it!
    344. 

  344. 	if (!empty($attachments) && isset($curAction))
    345. 

  345. 	{
    346. 

  346. 		checkSession('request');
    347. 

  347. 

  348. 		// This will be handy.
    349. 

  349. 		require_once($sourcedir . '/ManageAttachments.php');
    350. 

  350. 

  351. 		// Confirm the attachments are eligible for changing!
    352. 

  352. 		$request = $smcFunc['db_query']('', '
    353. 

  353. 			SELECT a.id_attach
    354. 

  354. 			FROM {db_prefix}attachments AS a
    355. 

  355. 				INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg)
    356. 

  356. 				LEFT JOIN {db_prefix}boards AS b ON (m.id_board = b.id_board)
    357. 

  357. 			WHERE a.id_attach IN ({array_int:attachments})
    358. 

  358. 				AND a.approved = {int:not_approved}
    359. 

  359. 				AND a.attachment_type = {int:attachment_type}
    360. 

  360. 				AND {query_see_board}
    361. 

  361. 				' . $approve_query,
    362. 

  362. 			array(
    363. 

  363. 				'attachments' => $attachments,
    364. 

  364. 				'not_approved' => 0,
    365. 

  365. 				'attachment_type' => 0,
    366. 

  366. 			)
    367. 

  367. 		);
    368. 

  368. 		$attachments = array();
    369. 

  369. 		while ($row = $smcFunc['db_fetch_assoc']($request))
    370. 

  370. 			$attachments[] = $row['id_attach'];
    371. 

  371. 		$smcFunc['db_free_result']($request);
    372. 

  372. 

  373. 		// Assuming it wasn't all like, proper illegal, we can do the approving.
    374. 

  374. 		if (!empty($attachments))
    375. 

  375. 		{
    376. 

  376. 			if ($curAction == 'approve')
    377. 

  377. 				ApproveAttachments($attachments);
    378. 

  378. 			else
    379. 

  379. 				removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
    380. 

  380. 		}
    381. 

  381. 	}
    382. 

  382. 

  383. 	require_once($sourcedir . '/Subs-List.php');
    384. 

  384. 

  385. 	$listOptions = array(
    386. 

  386. 		'id' => 'mc_unapproved_attach',
    387. 

  387. 		'width' => '100%',
    388. 

  388. 		'items_per_page' => $modSettings['defaultMaxMessages'],
    389. 

  389. 		'no_items_label' => $txt['mc_unapproved_attachments_none_found'],
    390. 

  390. 		'base_href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments',
    391. 

  391. 		'default_sort_col' => 'attach_name',
    392. 

  392. 		'get_items' => array(
    393. 

  393. 			'function' => 'list_getUnapprovedAttachments',
    394. 

  394. 			'params' => array(
    395. 

  395. 				$approve_query,
    396. 

  396. 			),
    397. 

  397. 		),
    398. 

  398. 		'get_count' => array(
    399. 

  399. 			'function' => 'list_getNumUnapprovedAttachments',
    400. 

  400. 			'params' => array(
    401. 

  401. 				$approve_query,
    402. 

  402. 			),
    403. 

  403. 		),
    404. 

  404. 		'columns' => array(
    405. 

  405. 			'attach_name' => array(
    406. 

  406. 				'header' => array(
    407. 

  407. 					'value' => $txt['mc_unapproved_attach_name'],
    408. 

  408. 				),
    409. 

  409. 				'data' => array(
    410. 

  410. 					'db' => 'filename',
    411. 

  411. 				),
    412. 

  412. 				'sort' => array(
    413. 

  413. 					'default' => 'a.filename',
    414. 

  414. 					'reverse' => 'a.filename DESC',
    415. 

  415. 				),
    416. 

  416. 			),
    417. 

  417. 			'attach_size' => array(
    418. 

  418. 				'header' => array(
    419. 

  419. 					'value' => $txt['mc_unapproved_attach_size'],
    420. 

  420. 				),
    421. 

  421. 				'data' => array(
    422. 

  422. 					'db' => 'size',
    423. 

  423. 				),
    424. 

  424. 				'sort' => array(
    425. 

  425. 					'default' => 'a.size',
    426. 

  426. 					'reverse' => 'a.size DESC',
    427. 

  427. 				),
    428. 

  428. 			),
    429. 

  429. 			'attach_poster' => array(
    430. 

  430. 				'header' => array(
    431. 

  431. 					'value' => $txt['mc_unapproved_attach_poster'],
    432. 

  432. 				),
    433. 

  433. 				'data' => array(
    434. 

  434. 					'function' => create_function('$data', '
    435. 

  435. 						return $data[\'poster\'][\'link\'];'
    436. 

  436. 					)
    437. 

  437. 				),
    438. 

  438. 				'sort' => array(
    439. 

  439. 					'default' => 'm.id_member',
    440. 

  440. 					'reverse' => 'm.id_member DESC',
    441. 

  441. 				),
    442. 

  442. 			),
    443. 

  443. 			'date' => array(
    444. 

  444. 				'header' => array(
    445. 

  445. 					'value' => $txt['date'],
    446. 

  446. 					'style' => 'width: 18%;',
    447. 

  447. 				),
    448. 

  448. 				'data' => array(
    449. 

  449. 					'db' => 'time',
    450. 

  450. 					'class' => 'smalltext',
    451. 

  451. 					'style' => 'white-space:nowrap;',
    452. 

  452. 				),
    453. 

  453. 				'sort' => array(
    454. 

  454. 					'default' => 'm.poster_time',
    455. 

  455. 					'reverse' => 'm.poster_time DESC',
    456. 

  456. 				),
    457. 

  457. 			),
    458. 

  458. 			'message' => array(
    459. 

  459. 				'header' => array(
    460. 

  460. 					'value' => $txt['post'],
    461. 

  461. 				),
    462. 

  462. 				'data' => array(
    463. 

  463. 					'function' => create_function('$data', '
    464. 

  464. 						return \'<a href="\' . $data[\'message\'][\'href\'] . \'">\' . shorten_subject($data[\'message\'][\'subject\'], 20) . \'</a>\';'
    465. 

  465. 					),
    466. 

  466. 					'class' => 'smalltext',
    467. 

  467. 					'style' => 'width:15em;',
    468. 

  468. 				),
    469. 

  469. 				'sort' => array(
    470. 

  470. 					'default' => 'm.subject',
    471. 

  471. 					'reverse' => 'm.subject DESC',
    472. 

  472. 				),
    473. 

  473. 			),
    474. 

  474. 			'action' => array(
    475. 

  475. 				'header' => array(
    476. 

  476. 					'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" checked="checked" />',
    477. 

  477. 					'style' => 'width: 4%;',
    478. 

  478. 					'class' => 'centercol',
    479. 

  479. 				),
    480. 

  480. 				'data' => array(
    481. 

  481. 					'sprintf' => array(
    482. 

  482. 						'format' => '<input type="checkbox" name="item[]" value="%1$d" checked="checked" class="input_check" />',
    483. 

  483. 						'params' => array(
    484. 

  484. 							'id' => false,
    485. 

  485. 						),
    486. 

  486. 					),
    487. 

  487. 					'class' => 'centercol',
    488. 

  488. 				),
    489. 

  489. 			),
    490. 

  490. 		),
    491. 

  491. 		'form' => array(
    492. 

  492. 			'href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments',
    493. 

  493. 			'include_sort' => true,
    494. 

  494. 			'include_start' => true,
    495. 

  495. 			'hidden_fields' => array(
    496. 

  496. 				$context['session_var'] => $context['session_id'],
    497. 

  497. 			),
    498. 

  498. 			'token' => 'mod-ap',
    499. 

  499. 		),
    500. 

  500. 		'additional_rows' => array(
    501. 

  501. 			array(
    502. 

  502. 				'position' => 'bottom_of_list',
    503. 

  503. 				'value' => '
    504. 

  504. 					<select name="do" onchange="if (this.value != 0 &amp;&amp; confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
    505. 

  505. 						<option value="0">' . $txt['with_selected'] . ':</option>
    506. 

  506. 						<option value="0">-------------------</option>
    507. 

  507. 						<option value="approve">&nbsp;--&nbsp;' . $txt['approve'] . '</option>
    508. 

  508. 						<option value="delete">&nbsp;--&nbsp;' . $txt['delete'] . '</option>
    509. 

  509. 					</select>
    510. 

  510. 					<noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="button_submit" /></noscript>',
    511. 

  511. 				'align' => 'right',
    512. 

  512. 			),
    513. 

  513. 		),
    514. 

  514. 	);
    515. 

  515. 

  516. 	// Create the request list.
    517. 

  517. 	createToken('mod-ap');
    518. 

  518. 	createList($listOptions);
    519. 

  519. 

  520. 	$context['sub_template'] = 'unapproved_attachments';
    521. 

  521. }
    522. 

  522. 

  523. /**
    524. 

  524.  * Callback function for UnapprovedAttachments
    525. 

  525.  * retrieve all the attachments waiting for approval the approver can approve
    526. 

  526.  *
    527. 

  527.  * @param int $start
    528. 

  528.  * @param int $items_per_page
    529. 

  529.  * @param string $sort
    530. 

  530.  * @param string $approve_query additional restrictions based on the boards the approver can see
    531. 

  531.  * @return array, an array of unapproved attachments
    532. 

  532.  */
    533. 

  533. function list_getUnapprovedAttachments($start, $items_per_page, $sort, $approve_query)
    534. 

  534. {
    535. 

  535. 	global $smcFunc, $scripturl;
    536. 

  536. 

  537. 	// Get all unapproved attachments.
    538. 

  538. 	$request = $smcFunc['db_query']('', '
    539. 

  539. 		SELECT a.id_attach, a.filename, a.size, m.id_msg, m.id_topic, m.id_board, m.subject, m.body, m.id_member,
    540. 

  540. 			IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time,
    541. 

  541. 			t.id_member_started, t.id_first_msg, b.name AS board_name, c.id_cat, c.name AS cat_name
    542. 

  542. 		FROM {db_prefix}attachments AS a
    543. 

  543. 			INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg)
    544. 

  544. 			INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
    545. 

  545. 			INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
    546. 

  546. 			LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
    547. 

  547. 			LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
    548. 

  548. 		WHERE a.approved = {int:not_approved}
    549. 

  549. 			AND a.attachment_type = {int:attachment_type}
    550. 

  550. 			AND {query_see_board}
    551. 

  551. 			{raw:approve_query}
    552. 

  552. 		ORDER BY {raw:sort}
    553. 

  553. 		LIMIT {int:start}, {int:items_per_page}',
    554. 

  554. 		array(
    555. 

  555. 			'not_approved' => 0,
    556. 

  556. 			'attachment_type' => 0,
    557. 

  557. 			'start' => $start,
    558. 

  558. 			'sort' => $sort,
    559. 

  559. 			'items_per_page' => $items_per_page,
    560. 

  560. 			'approve_query' => $approve_query,
    561. 

  561. 		)
    562. 

  562. 	);
    563. 

  563. 

  564. 	$unapproved_items = array();
    565. 

  565. 	while ($row = $smcFunc['db_fetch_assoc']($request))
    566. 

  566. 	{
    567. 

  567. 		$unapproved_items[] = array(
    568. 

  568. 			'id' => $row['id_attach'],
    569. 

  569. 			'filename' => $row['filename'],
    570. 

  570. 			'size' => round($row['size'] / 1024, 2),
    571. 

  571. 			'time' => timeformat($row['poster_time']),
    572. 

  572. 			'poster' => array(
    573. 

  573. 				'id' => $row['id_member'],
    574. 

  574. 				'name' => $row['poster_name'],
    575. 

  575. 				'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['poster_name'] . '</a>' : $row['poster_name'],
    576. 

  576. 				'href' => $scripturl . '?action=profile;u=' . $row['id_member'],
    577. 

  577. 			),
    578. 

  578. 			'message' => array(
    579. 

  579. 				'id' => $row['id_msg'],
    580. 

  580. 				'subject' => $row['subject'],
    581. 

  581. 				'body' => parse_bbc($row['body']),
    582. 

  582. 				'time' => timeformat($row['poster_time']),
    583. 

  583. 				'href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['id_msg'] . '#msg' . $row['id_msg'],
    584. 

  584. 			),
    585. 

  585. 			'topic' => array(
    586. 

  586. 				'id' => $row['id_topic'],
    587. 

  587. 			),
    588. 

  588. 			'board' => array(
    589. 

  589. 				'id' => $row['id_board'],
    590. 

  590. 				'name' => $row['board_name'],
    591. 

  591. 			),
    592. 

  592. 			'category' => array(
    593. 

  593. 				'id' => $row['id_cat'],
    594. 

  594. 				'name' => $row['cat_name'],
    595. 

  595. 			),
    596. 

  596. 		);
    597. 

  597. 	}
    598. 

  598. 	$smcFunc['db_free_result']($request);
    599. 

  599. 

  600. 	return $unapproved_items;
    601. 

  601. }
    602. 

  602. 

  603. /**
    604. 

  604.  * Callback function for UnapprovedAttachments
    605. 

  605.  * count all the attachments waiting for approval that this approver can approve
    606. 

  606.  *
    607. 

  607.  * @param string $approve_query additional restrictions based on the boards the approver can see
    608. 

  608.  * @return int the number of unapproved attachments
    609. 

  609.  */
    610. 

  610. function list_getNumUnapprovedAttachments($approve_query)
    611. 

  611. {
    612. 

  612. 	global $smcFunc;
    613. 

  613. 

  614. 	// How many unapproved attachments in total?
    615. 

  615. 	$request = $smcFunc['db_query']('', '
    616. 

  616. 		SELECT COUNT(*)
    617. 

  617. 		FROM {db_prefix}attachments AS a
    618. 

  618. 			INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg)
    619. 

  619. 			INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
    620. 

  620. 		WHERE a.approved = {int:not_approved}
    621. 

  621. 			AND a.attachment_type = {int:attachment_type}
    622. 

  622. 			AND {query_see_board}
    623. 

  623. 			' . $approve_query,
    624. 

  624. 		array(
    625. 

  625. 			'not_approved' => 0,
    626. 

  626. 			'attachment_type' => 0,
    627. 

  627. 		)
    628. 

  628. 	);
    629. 

  629. 	list ($total_unapproved_attachments) = $smcFunc['db_fetch_row']($request);
    630. 

  630. 	$smcFunc['db_free_result']($request);
    631. 

  631. 

  632. 	return $total_unapproved_attachments;
    633. 

  633. }
    634. 

  634. 

  635. /**
    636. 

  636.  * Approve a post, just the one.
    637. 

  637.  */
    638. 

  638. function ApproveMessage()
    639. 

  639. {
    640. 

  640. 	global $user_info, $topic, $board, $sourcedir, $smcFunc;
    641. 

  641. 

  642. 	checkSession('get');
    643. 

  643. 

  644. 	$_REQUEST['msg'] = (int) $_REQUEST['msg'];
    645. 

  645. 

  646. 	require_once($sourcedir . '/Subs-Post.php');
    647. 

  647. 

  648. 	isAllowedTo('approve_posts');
    649. 

  649. 

  650. 	$request = $smcFunc['db_query']('', '
    651. 

  651. 		SELECT t.id_member_started, t.id_first_msg, m.id_member, m.subject, m.approved
    652. 

  652. 		FROM {db_prefix}messages AS m
    653. 

  653. 			INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
    654. 

  654. 		WHERE m.id_msg = {int:id_msg}
    655. 

  655. 			AND m.id_topic = {int:current_topic}
    656. 

  656. 		LIMIT 1',
    657. 

  657. 		array(
    658. 

  658. 			'current_topic' => $topic,
    659. 

  659. 			'id_msg' => $_REQUEST['msg'],
    660. 

  660. 		)
    661. 

  661. 	);
    662. 

  662. 	list ($starter, $first_msg, $poster, $subject, $approved) = $smcFunc['db_fetch_row']($request);
    663. 

  663. 	$smcFunc['db_free_result']($request);
    664. 

  664. 

  665. 	// If it's the first in a topic then the whole topic gets approved!
    666. 

  666. 	if ($first_msg == $_REQUEST['msg'])
    667. 

  667. 	{
    668. 

  668. 		approveTopics($topic, !$approved);
    669. 

  669. 

  670. 		if ($starter != $user_info['id'])
    671. 

  671. 			logAction(($approved ? 'un' : '') . 'approve_topic', array('topic' => $topic, 'subject' => $subject, 'member' => $starter, 'board' => $board));
    672. 

  672. 	}
    673. 

  673. 	else
    674. 

  674. 	{
    675. 

  675. 		approvePosts($_REQUEST['msg'], !$approved);
    676. 

  676. 

  677. 		if ($poster != $user_info['id'])
    678. 

  678. 			logAction(($approved ? 'un' : '') . 'approve', array('topic' => $topic, 'subject' => $subject, 'member' => $poster, 'board' => $board));
    679. 

  679. 	}
    680. 

  680. 

  681. 	redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg']. '#msg' . $_REQUEST['msg']);
    682. 

  682. }
    683. 

  683. 

  684. /**
    685. 

  685.  * Approve a batch of posts (or topics in their own right)
    686. 

  686.  *
    687. 

  687.  * @param array $messages
    688. 

  688.  * @param array $messageDetails
    689. 

  689.  * @param (string) $current_view = replies
    690. 

  690.  */
    691. 

  691. function approveMessages($messages, $messageDetails, $current_view = 'replies')
    692. 

  692. {
    693. 

  693. 	global $sourcedir;
    694. 

  694. 

  695. 	require_once($sourcedir . '/Subs-Post.php');
    696. 

  696. 	if ($current_view == 'topics')
    697. 

  697. 	{
    698. 

  698. 		approveTopics($messages);
    699. 

  699. 		// and tell the world about it
    700. 

  700. 		foreach ($messages as $topic)
    701. 

  701. 		{
    702. 

  702. 			logAction('approve_topic', array('topic' => $topic, 'subject' => $messageDetails[$topic]['subject'], 'member' => $messageDetails[$topic]['member'], 'board' => $messageDetails[$topic]['board']));
    703. 

  703. 		}
    704. 

  704. 	}
    705. 

  705. 	else
    706. 

  706. 	{
    707. 

  707. 		approvePosts($messages);
    708. 

  708. 		// and tell the world about it again
    709. 

  709. 		foreach ($messages as $post)
    710. 

  710. 		{
    711. 

  711. 			logAction('approve', array('topic' => $messageDetails[$post]['topic'], 'subject' => $messageDetails[$post]['subject'], 'member' => $messageDetails[$post]['member'], 'board' => $messageDetails[$post]['board']));
    712. 

  712. 		}
    713. 

  713. 	}
    714. 

  714. }
    715. 

  715. 

  716. /**
    717. 

  717.  * This is a helper function - basically approve everything!
    718. 

  718.  */
    719. 

  719. function approveAllData()
    720. 

  720. {
    721. 

  721. 	global $smcFunc, $sourcedir;
    722. 

  722. 

  723. 	// Start with messages and topics.
    724. 

  724. 	$request = $smcFunc['db_query']('', '
    725. 

  725. 		SELECT id_msg
    726. 

  726. 		FROM {db_prefix}messages
    727. 

  727. 		WHERE approved = {int:not_approved}',
    728. 

  728. 		array(
    729. 

  729. 			'not_approved' => 0,
    730. 

  730. 		)
    731. 

  731. 	);
    732. 

  732. 	$msgs = array();
    733. 

  733. 	while ($row = $smcFunc['db_fetch_row']($request))
    734. 

  734. 		$msgs[] = $row[0];
    735. 

  735. 	$smcFunc['db_free_result']($request);
    736. 

  736. 

  737. 	if (!empty($msgs))
    738. 

  738. 	{
    739. 

  739. 		require_once($sourcedir . '/Subs-Post.php');
    740. 

  740. 		approvePosts($msgs);
    741. 

  741. 	}
    742. 

  742. 

  743. 	// Now do attachments
    744. 

  744. 	$request = $smcFunc['db_query']('', '
    745. 

  745. 		SELECT id_attach
    746. 

  746. 		FROM {db_prefix}attachments
    747. 

  747. 		WHERE approved = {int:not_approved}',
    748. 

  748. 		array(
    749. 

  749. 			'not_approved' => 0,
    750. 

  750. 		)
    751. 

  751. 	);
    752. 

  752. 	$attaches = array();
    753. 

  753. 	while ($row = $smcFunc['db_fetch_row']($request))
    754. 

  754. 		$attaches[] = $row[0];
    755. 

  755. 	$smcFunc['db_free_result']($request);
    756. 

  756. 

  757. 	if (!empty($attaches))
    758. 

  758. 	{
    759. 

  759. 		require_once($sourcedir . '/ManageAttachments.php');
    760. 

  760. 		ApproveAttachments($attaches);
    761. 

  761. 	}
    762. 

  762. }
    763. 

  763. 

  764. /**
    765. 

  765.  * Remove a batch of messages (or topics)
    766. 

  766.  *
    767. 

  767.  * @param array $messages
    768. 

  768.  * @param array $messageDetails
    769. 

  769.  * @param string $current_view = replies
    770. 

  770.  */
    771. 

  771. function removeMessages($messages, $messageDetails, $current_view = 'replies')
    772. 

  772. {
    773. 

  773. 	global $sourcedir, $modSettings;
    774. 

  774. 

  775. 	// @todo something's not right, removeMessage() does check permissions,
    776. 

  776. 	// removeTopics() doesn't
    777. 

  777. 	require_once($sourcedir . '/RemoveTopic.php');
    778. 

  778. 	if ($current_view == 'topics')
    779. 

  779. 	{
    780. 

  780. 		removeTopics($messages);
    781. 

  781. 		// and tell the world about it
    782. 

  782. 		foreach ($messages as $topic)
    783. 

  783. 			// Note, only log topic ID in native form if it's not gone forever.
    784. 

  784. 			logAction('remove', array(
    785. 

  785. 				(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$topic]['board'] ? 'topic' : 'old_topic_id') => $topic, 'subject' => $messageDetails[$topic]['subject'], 'member' => $messageDetails[$topic]['member'], 'board' => $messageDetails[$topic]['board']));
    786. 

  786. 	}
    787. 

  787. 	else
    788. 

  788. 	{
    789. 

  789. 		foreach ($messages as $post)
    790. 

  790. 		{
    791. 

  791. 			removeMessage($post);
    792. 

  792. 			logAction('delete', array(
    793. 

  793. 				(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $messageDetails[$post]['board'] ? 'topic' : 'old_topic_id') => $messageDetails[$post]['topic'], 'subject' => $messageDetails[$post]['subject'], 'member' => $messageDetails[$post]['member'], 'board' => $messageDetails[$post]['board']));
    794. 

  794. 		}
    795. 

  795. 	}
    796. 

  796. }
    797. 

  797. ?>
    798.