2
0

ReportedContent.php 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592
  1. <?php
  2. /**
  3. * Handles reported members and posts, as well as moderation comments.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2014 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * Sets and call a function based on the given subaction. Acts as a dispatcher function.
  18. * It requires the moderate_forum permission.
  19. *
  20. * @uses ModerationCenter template.
  21. * @uses ModerationCenter language file.
  22. *
  23. */
  24. function ReportedContent()
  25. {
  26. global $txt, $context, $scripturl, $user_info, $smcFunc;
  27. global $sourcedir;
  28. // First order of business - what are these reports about?
  29. // area=reported{type}
  30. $context['report_type'] = substr($_GET['area'], 8);
  31. loadLanguage('ModerationCenter');
  32. loadTemplate('ReportedContent');
  33. // We need this little rough gem.
  34. require_once($sourcedir . '/Subs-ReportedContent.php');
  35. // Do we need to show a confirmation message?
  36. $context['report_post_action'] = !empty($_SESSION['rc_confirmation']) ? $_SESSION['rc_confirmation'] : array();
  37. unset($_SESSION['rc_confirmation']);
  38. // Set up the comforting bits...
  39. $context['page_title'] = $txt['mc_reported_' . $context['report_type']];
  40. // Put the open and closed options into tabs, because we can...
  41. $context[$context['moderation_menu_name']]['tab_data'] = array(
  42. 'title' => $txt['mc_reported_' . $context['report_type']],
  43. 'help' => '',
  44. 'description' => $txt['mc_reported_' . $context['report_type'] . '_desc'],
  45. );
  46. // This comes under the umbrella of moderating posts.
  47. if ($context['report_type'] == 'members' || $user_info['mod_cache']['bq'] == '0=1')
  48. isAllowedTo('moderate_forum');
  49. $sub_actions = array(
  50. 'show' => 'ShowReports',
  51. 'closed' => 'ShowClosedReports',
  52. 'handle' => 'HandleReport', // Deals with closing/opening reports.
  53. 'details' => 'ReportDetails', // Shows a single report and its comments.
  54. 'handlecomment' => 'HandleComment', // CRUD actions for moderator comments.
  55. 'editcomment' => 'EditComment',
  56. );
  57. // Go ahead and add your own sub-actions.
  58. call_integration_hook('integrate_reported_' . $context['report_type'], array(&$sub_actions));
  59. // By default we call the open sub-action.
  60. if (isset($_REQUEST['sa']) && isset($sub_actions[$_REQUEST['sa']]))
  61. $context['sub_action'] = $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_REQUEST['sa']), ENT_QUOTES);
  62. else
  63. $context['sub_action'] = 'show';
  64. // Hi Ho Silver Away!
  65. $sub_actions[$context['sub_action']]();
  66. }
  67. /**
  68. * Shows all currently open reported posts.
  69. * Handles closing multiple reports
  70. *
  71. */
  72. function ShowReports()
  73. {
  74. global $context, $txt, $scripturl;
  75. // Showing closed or open ones? regardless, turn this to an integer for better handling.
  76. $context['view_closed'] = 0;
  77. // Call the right template.
  78. $context['sub_template'] = 'reported_' . $context['report_type'];
  79. $context['start'] = (int) isset($_GET['start']) ? $_GET['start'] : 0;
  80. // Before anything, we need to know just how many reports do we have.
  81. $context['total_reports'] = countReports($context['view_closed']);
  82. // Just how many items are we showing per page?
  83. $context['reports_how_many'] = 10;
  84. // So, that means we can have pagination, yes?
  85. $context['page_index'] = constructPageIndex($scripturl . '?action=moderate;area=reported' . $context['report_type'] . ';sa=show', $context['start'], $context['total_reports'], $context['reports_how_many']);
  86. // Get the reports at once!
  87. $context['reports'] = getReports($context['view_closed']);
  88. // Are we closing multiple reports?
  89. if (isset($_POST['close']) && isset($_POST['close_selected']))
  90. {
  91. checkSession('post');
  92. validateToken('mod-report-close-all');
  93. // All the ones to update...
  94. $toClose = array();
  95. foreach ($_POST['close'] as $rid)
  96. $toClose[] = (int) $rid;
  97. if (!empty($toClose))
  98. updateReport('closed', 1, $toClose);
  99. // Set the confirmation message.
  100. $_SESSION['rc_confirmation'] = 'close_all';
  101. // Force a page refresh.
  102. redirectexit($scripturl . '?action=moderate;area=reported' . $context['report_type']);
  103. }
  104. // Show a confirmation if the user wants to disregard a report.
  105. if (!$context['view_closed'])
  106. addInlineJavascript('
  107. $(\'.delete_message\').on(\'click\', function(){
  108. return confirm('. JavaScriptEscape($txt['mc_reportedp_delete_confirm']) .');
  109. });
  110. $(\'.report_ignore\').on(\'click\', function(){
  111. // Need to make sure to only show this when ignoring.
  112. if ($(this).data(\'ignore\') == \'1\'){
  113. return confirm('. JavaScriptEscape($txt['mc_reportedp_ignore_confirm']) .');
  114. }
  115. });', true);
  116. createToken('mod-report-close-all');
  117. createToken('mod-report-ignore', 'get');
  118. createToken('mod-report-closed', 'get');
  119. }
  120. /**
  121. * Shows all currently closed reported posts.
  122. *
  123. */
  124. function ShowClosedReports()
  125. {
  126. global $context, $txt, $scripturl;
  127. // Showing closed ones.
  128. $context['view_closed'] = 1;
  129. // Call the right template.
  130. $context['sub_template'] = 'reported_' . $context['report_type'];
  131. $context['start'] = (int) isset($_GET['start']) ? $_GET['start'] : 0;
  132. // Before anything, we need to know just how many reports do we have.
  133. $context['total_reports'] = countReports($context['view_closed']);
  134. // Just how many items are we showing per page?
  135. $context['reports_how_many'] = 10;
  136. // So, that means we can have pagination, yes?
  137. $context['page_index'] = constructPageIndex($scripturl . '?action=moderate;area=reported' . $context['report_type'] . ';sa=closed', $context['start'], $context['total_reports'], $context['reports_how_many']);
  138. // Get the reports at once!
  139. $context['reports'] = getReports($context['view_closed']);
  140. // Show a confirmation if the user wants to disregard a report.
  141. addInlineJavascript('
  142. $(\'.delete_message\').on(\'click\', function(){
  143. return confirm('. JavaScriptEscape($txt['mc_reportedp_delete_confirm']) .');
  144. });
  145. $(\'.report_ignore\').on(\'click\', function(){
  146. // Need to make sure to only show this when ignoring.
  147. if ($(this).data(\'ignore\') == \'1\'){
  148. return confirm('. JavaScriptEscape($txt['mc_reportedp_ignore_confirm']) .');
  149. }
  150. });', true);
  151. createToken('mod-report-ignore', 'get');
  152. createToken('mod-report-closed', 'get');
  153. }
  154. /**
  155. * Shows detailed information about a report. such as report comments and moderator comments.
  156. * Shows a list of moderation actions for the specific report.
  157. *
  158. */
  159. function ReportDetails()
  160. {
  161. global $user_info, $context, $sourcedir, $scripturl, $txt;
  162. global $smcFunc;
  163. $report = array();
  164. $reportComments = array();
  165. // Have to at least give us something to work with.
  166. if (empty($_REQUEST['rid']))
  167. fatal_lang_error('mc_reportedp_none_found');
  168. // Integers only please
  169. $report_id = (int) $_REQUEST['rid'];
  170. // Get the report details.
  171. $report = getReportDetails($report_id);
  172. if(!$report)
  173. fatal_lang_error('mc_no_modreport_found');
  174. // Build the report data - basic details first, then extra stuff based on the type
  175. $context['report'] = array(
  176. 'id' => $report['id_report'],
  177. 'report_href' => $scripturl . '?action=moderate;area=reported' . $context['report_type'] . ';rid=' . $report['id_report'],
  178. 'comments' => array(),
  179. 'mod_comments' => array(),
  180. 'time_started' => timeformat($report['time_started']),
  181. 'last_updated' => timeformat($report['time_updated']),
  182. 'num_reports' => $report['num_reports'],
  183. 'closed' => $report['closed'],
  184. 'ignore' => $report['ignore_all']
  185. );
  186. // Different reports have different "extra" data attached to them
  187. if ($context['report_type'] == 'members')
  188. {
  189. $extraDetails = array(
  190. 'user' => array(
  191. 'id' => $report['id_user'],
  192. 'name' => $report['user_name'],
  193. 'link' => $report['id_user'] ? '<a href="' . $scripturl . '?action=profile;u=' . $report['id_user'] . '">' . $report['user_name'] . '</a>' : $report['user_name'],
  194. 'href' => $scripturl . '?action=profile;u=' . $report['id_user'],
  195. ),
  196. );
  197. }
  198. else
  199. {
  200. $extraDetails = array(
  201. 'topic_id' => $report['id_topic'],
  202. 'board_id' => $report['id_board'],
  203. 'message_id' => $report['id_msg'],
  204. 'message_href' => $scripturl . '?msg=' . $report['id_msg'],
  205. 'message_link' => '<a href="' . $scripturl . '?msg=' . $report['id_msg'] . '">' . $report['subject'] . '</a>',
  206. 'author' => array(
  207. 'id' => $report['id_author'],
  208. 'name' => $report['author_name'],
  209. 'link' => $report['id_author'] ? '<a href="' . $scripturl . '?action=profile;u=' . $report['id_author'] . '">' . $report['author_name'] . '</a>' : $report['author_name'],
  210. 'href' => $scripturl . '?action=profile;u=' . $report['id_author'],
  211. ),
  212. 'subject' => $report['subject'],
  213. 'body' => parse_bbc($report['body']),
  214. );
  215. }
  216. $context['report'] = array_merge($context['report'], $extraDetails);
  217. $reportComments = getReportComments($report_id);
  218. if (!empty($reportComments))
  219. $context['report'] = array_merge($context['report'], $reportComments);
  220. // What have the other moderators done to this message?
  221. require_once($sourcedir . '/Modlog.php');
  222. require_once($sourcedir . '/Subs-List.php');
  223. loadLanguage('Modlog');
  224. // Parameters are slightly different depending on what we're doing here...
  225. if ($context['report_type'] == 'members')
  226. {
  227. // Find their ID in the serialized action string...
  228. $user_id_length = strlen((string)$context['report']['user']['id']);
  229. $member = 's:6:"member";s:' . $user_id_length . ':"' . $context['report']['user']['id'] . '";}';
  230. $params = array(
  231. 'lm.extra LIKE {raw:member}
  232. AND lm.action LIKE {raw:report}',
  233. array('member' => '\'%' . $member . '\'', 'report' => '\'%_user_report\''),
  234. 1,
  235. true,
  236. );
  237. }
  238. else
  239. {
  240. $params = array(
  241. 'lm.id_topic = {int:id_topic}
  242. AND lm.id_board != {int:not_a_reported_post}',
  243. array('id_topic' => $context['report']['topic_id'], 'not_a_reported_post' => 0),
  244. 1,
  245. );
  246. }
  247. // This is all the information from the moderation log.
  248. $listOptions = array(
  249. 'id' => 'moderation_actions_list',
  250. 'title' => $txt['mc_modreport_modactions'],
  251. 'items_per_page' => 15,
  252. 'no_items_label' => $txt['modlog_no_entries_found'],
  253. 'base_href' => $scripturl . '?action=moderate;area=reported' . $context['report_type'] . ';sa=details;rid=' . $context['report']['id'],
  254. 'default_sort_col' => 'time',
  255. 'get_items' => array(
  256. 'function' => 'list_getModLogEntries',
  257. 'params' => $params,
  258. ),
  259. 'get_count' => array(
  260. 'function' => 'list_getModLogEntryCount',
  261. 'params' => $params,
  262. ),
  263. // This assumes we are viewing by user.
  264. 'columns' => array(
  265. 'action' => array(
  266. 'header' => array(
  267. 'value' => $txt['modlog_action'],
  268. ),
  269. 'data' => array(
  270. 'db' => 'action_text',
  271. 'class' => 'smalltext',
  272. ),
  273. 'sort' => array(
  274. 'default' => 'lm.action',
  275. 'reverse' => 'lm.action DESC',
  276. ),
  277. ),
  278. 'time' => array(
  279. 'header' => array(
  280. 'value' => $txt['modlog_date'],
  281. ),
  282. 'data' => array(
  283. 'db' => 'time',
  284. 'class' => 'smalltext',
  285. ),
  286. 'sort' => array(
  287. 'default' => 'lm.log_time',
  288. 'reverse' => 'lm.log_time DESC',
  289. ),
  290. ),
  291. 'moderator' => array(
  292. 'header' => array(
  293. 'value' => $txt['modlog_member'],
  294. ),
  295. 'data' => array(
  296. 'db' => 'moderator_link',
  297. 'class' => 'smalltext',
  298. ),
  299. 'sort' => array(
  300. 'default' => 'mem.real_name',
  301. 'reverse' => 'mem.real_name DESC',
  302. ),
  303. ),
  304. 'position' => array(
  305. 'header' => array(
  306. 'value' => $txt['modlog_position'],
  307. ),
  308. 'data' => array(
  309. 'db' => 'position',
  310. 'class' => 'smalltext',
  311. ),
  312. 'sort' => array(
  313. 'default' => 'mg.group_name',
  314. 'reverse' => 'mg.group_name DESC',
  315. ),
  316. ),
  317. 'ip' => array(
  318. 'header' => array(
  319. 'value' => $txt['modlog_ip'],
  320. ),
  321. 'data' => array(
  322. 'db' => 'ip',
  323. 'class' => 'smalltext',
  324. ),
  325. 'sort' => array(
  326. 'default' => 'lm.ip',
  327. 'reverse' => 'lm.ip DESC',
  328. ),
  329. ),
  330. ),
  331. );
  332. // Create the watched user list.
  333. createList($listOptions);
  334. // Make sure to get the correct tab selected.
  335. if ($context['report']['closed'])
  336. $context[$context['moderation_menu_name']]['current_subsection'] = 'closed';
  337. addInlineJavascript('
  338. $(\'.deleteModComment\').on(\'click\', function() {
  339. return confirm('. (JavaScriptEscape($txt['mc_reportedp_delete_confirm'])) .');
  340. });', true);
  341. // Finally we are done :P
  342. if ($context['report_type'] == 'members')
  343. {
  344. $context['page_title'] = sprintf($txt['mc_viewmemberreport'], $context['report']['user']['name']);
  345. $context['sub_template'] = 'viewmemberreport';
  346. }
  347. else
  348. {
  349. $context['page_title'] = sprintf($txt['mc_viewmodreport'], $context['report']['subject'], $context['report']['author']['name']);
  350. $context['sub_template'] = 'viewmodreport';
  351. }
  352. // We can ignore a report from this page too so show the confirmation on here as well.
  353. addInlineJavascript('
  354. $(\'.report_ignore\').on(\'click\', function(){
  355. // Need to make sure to only show this when ignoring.
  356. if ($(this).data(\'ignore\') == \'1\'){
  357. return confirm('. JavaScriptEscape($txt['mc_reportedp_ignore_confirm']) .');
  358. }
  359. });', true);
  360. createToken('mod-reportC-add');
  361. createToken('mod-reportC-delete', 'get');
  362. // We can "un-disregard" and close a report from here so add their respective tokens.
  363. createToken('mod-report-ignore', 'get');
  364. createToken('mod-report-closed', 'get');
  365. }
  366. /**
  367. * Creates/Deletes moderator comments.
  368. *
  369. */
  370. function HandleComment()
  371. {
  372. global $smcFunc, $scripturl, $user_info;
  373. $comment = array();
  374. // The report ID is a must.
  375. if (empty($_REQUEST['rid']))
  376. fatal_lang_error('mc_reportedp_none_found');
  377. // Integers only please.
  378. $report_id = (int) $_REQUEST['rid'];
  379. // If they are adding a comment then... add a comment.
  380. if (isset($_POST['add_comment']) && !empty($_POST['mod_comment']))
  381. {
  382. checkSession();
  383. validateToken('mod-reportC-add');
  384. $new_comment = trim($smcFunc['htmlspecialchars']($_POST['mod_comment']));
  385. saveModComment($report_id, array($report_id, $new_comment, time()));
  386. // Everything went better than expected!
  387. $_SESSION['rc_confirmation'] = 'message_saved';
  388. }
  389. // Deleting a comment?
  390. if (isset($_REQUEST['delete']) && isset($_REQUEST['mid']))
  391. {
  392. checkSession('get');
  393. validateToken('mod-reportC-delete', 'get');
  394. if (empty($_REQUEST['mid']))
  395. fatal_lang_error('mc_reportedp_comment_none_found');
  396. $comment_id = (int) $_REQUEST['mid'];
  397. // We need to verify some data, so lets load the comment details once more!
  398. $comment = getCommentModDetails($comment_id);
  399. // Perhaps somebody else already deleted this fine gem...
  400. if (empty($comment))
  401. fatal_lang_error('report_action_message_delete_issue');
  402. // Can you actually do this?
  403. $comment_owner = $user_info['id'] == $context['comment']['id_member'];
  404. // Nope! sorry.
  405. if (!allowedTo('admin_forum') || !$comment_owner)
  406. fatal_lang_error('report_action_message_delete_cannot');
  407. // All good!
  408. deleteModComment($comment_id);
  409. // Tell them the message was deleted.
  410. $_SESSION['rc_confirmation'] = 'message_deleted';
  411. }
  412. //Redirect to prevent double submission.
  413. redirectexit($scripturl . '?action=moderate;area=reported' . $context['report_type'] . ';sa=details;rid=' . $report_id);
  414. }
  415. /**
  416. * Shows a textarea for editing a moderator comment.
  417. * Handles the edited comment and stores it on the DB.
  418. *
  419. */
  420. function EditComment()
  421. {
  422. global $smcFunc, $context, $txt, $scripturl, $user_info;
  423. $comment = array();
  424. checkSession(isset($_REQUEST['save']) ? 'post' : 'get');
  425. // The report ID is a must.
  426. if (empty($_REQUEST['rid']))
  427. fatal_lang_error('mc_reportedp_none_found');
  428. if (empty($_REQUEST['mid']))
  429. fatal_lang_error('mc_reportedp_comment_none_found');
  430. // Integers only please.
  431. $context['report_id'] = (int) $_REQUEST['rid'];
  432. $context['comment_id'] = (int) $_REQUEST['mid'];
  433. $context['comment'] = getCommentModDetails($context['comment_id']);
  434. if (empty($context['comment']))
  435. fatal_lang_error('mc_reportedp_comment_none_found');
  436. // Set up the comforting bits...
  437. $context['page_title'] = $txt['mc_reported_posts'];
  438. $context['sub_template'] = 'edit_comment';
  439. if (isset($_REQUEST['save']) && isset($_POST['edit_comment']) && !empty($_POST['mod_comment']))
  440. {
  441. validateToken('mod-reportC-edit');
  442. // Make sure there is some data to edit on the DB.
  443. if (empty($context['comment']))
  444. fatal_lang_error('report_action_message_edit_issue');
  445. // Still there, good, now lets see if you can actually edit it...
  446. $comment_owner = $user_info['id'] == $context['comment']['id_member'];
  447. // So, you aren't neither an admin or the comment owner huh? that's too bad.
  448. if (!allowedTo('admin_forum') || !$comment_owner)
  449. fatal_lang_error('report_action_message_edit_cannot');
  450. // All good!
  451. $edited_comment = trim($smcFunc['htmlspecialchars']($_POST['mod_comment']));
  452. editModComment($context['comment_id'], $edited_comment);
  453. $_SESSION['rc_confirmation'] = 'message_edited';
  454. redirectexit($scripturl . '?action=moderate;area=reported' . $context['report_type'] . ';sa=details;rid=' . $context['report_id']);
  455. }
  456. createToken('mod-reportC-edit');
  457. }
  458. /**
  459. * Performs closing/ignoring actions for a given report.
  460. *
  461. */
  462. function HandleReport()
  463. {
  464. global $scripturl, $context;
  465. checkSession('get');
  466. // We need to do something!
  467. if (empty($_GET['rid']) && (!isset($_GET['ignore']) || !isset($_GET['closed'])))
  468. fatal_lang_error('mc_reportedp_none_found');
  469. // What are we gonna do?
  470. $action = isset($_GET['ignore']) ? 'ignore' : 'closed';
  471. validateToken('mod-report-'. $action, 'get');
  472. // Are we disregarding or "un-disregarding"? "un-disregarding" thats a funny word!
  473. $value = (int) $_GET[$action];
  474. // Figuring out.
  475. $message = $action == 'ignore' ? ($value ? 'ignore' : 'unignore') : ($value ? 'close' : 'open');
  476. // Integers only please.
  477. $report_id = (int) $_REQUEST['rid'];
  478. // Update the DB entry
  479. updateReport($action, $value, $report_id);
  480. // So, time to show a confirmation message, lets do some trickery!
  481. $_SESSION['rc_confirmation'] = $message;
  482. // Done!
  483. redirectexit($scripturl . '?action=moderate;area=reported' . $context['report_type']);
  484. }
  485. ?>