phpBB - phpBB Code Forge

root / trunk / phpBB / mcp.php

-psotfx
+<?php
-acydburn
+/**
 acydburn
-acydburn
+* @package mcp
-acydburn
+* @version $Id$
-acydburn
+* @copyright (c) 2005 phpBB Group
-acydburn
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
 acydburn
-acydburn
+*/
 psotfx
-acydburn
+/**
-acydburn
+* @ignore
-acydburn
+*/
-psotfx
+define('IN_PHPBB', true);
-acydburn
+if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './');
-acydburn
+if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
-acydburn
+include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
-acydburn
+include(PHPBB_ROOT_PATH . 'includes/functions_admin.' . PHP_EXT);
-acydburn
+require(PHPBB_ROOT_PATH . 'includes/functions_module.' . PHP_EXT);
 psotfx
-ludovic_arnaud
+// Start session management
-acydburn
+$user->session_begin();
-ludovic_arnaud
+$auth->acl($user->data);
-acydburn
+$user->setup('mcp');
 ludovic_arnaud
-grahamje
+$module = new p_master();
 ludovic_arnaud
-acydburn
+// Setting a variable to let the style designer know where he is...
-acydburn
+$template->assign_var('S_IN_MCP', true);
 acydburn
-ludovic_arnaud
+// Basic parameter data
-grahamje
+$id = request_var('i', '');
 acydburn
-naderman
+if (isset($_REQUEST['mode']) && is_array($_REQUEST['mode']))
 acydburn
-acydburn
+	$mode = request_var('mode', array(''));
-acydburn
+	list($mode, ) = each($mode);
 acydburn
-acydburn
+else
 acydburn
-acydburn
+	$mode = request_var('mode', '');
 acydburn
 acydburn
-acydburn
+// Only Moderators can go beyond this point
-acydburn
+if (!$user->data['is_registered'])
 ludovic_arnaud
-acydburn
+	if ($user->data['is_bot'])
 acydburn
-acydburn
+		redirect(append_sid(PHPBB_ROOT_PATH . 'index.' . PHP_EXT));
 acydburn
 acydburn
-acydburn
+	login_box('', $user->lang['LOGIN_EXPLAIN_MCP']);
 ludovic_arnaud
 acydburn
-acydburn
+$quickmod = (isset($_REQUEST['quickmod'])) ? true : false;
-acydburn
+$action = request_var('action', '');
-acydburn
+$action_ary = request_var('action', array('' => 0));
 acydburn
-davidmj
+$forum_action = request_var('forum_action', '');
-davidmj
+if ($forum_action !== '' && !empty($_POST['sort']))
 davidmj
-davidmj
+	$action = $forum_action;
 davidmj
 davidmj
-acydburn
+if (sizeof($action_ary))
 ludovic_arnaud
-naderman
+	list($action, ) = each($action_ary);
 ludovic_arnaud
-acydburn
+unset($action_ary);
 ludovic_arnaud
-grahamje
+if ($mode == 'topic_logs')
 grahamje
-grahamje
+	$id = 'logs';
-grahamje
+	$quickmod = false;
 grahamje
 grahamje
-naderman
+$post_id = request_var('p', 0);
-naderman
+$topic_id = request_var('t', 0);
-naderman
+$forum_id = request_var('f', 0);
-naderman
+$user_id = request_var('u', 0);
-acydburn
+$username = utf8_normalize_nfc(request_var('username', '', true));
 naderman
-naderman
+if ($post_id)
 acydburn
-naderman
+	// We determine the topic and forum id here, to make sure the moderator really has moderative rights on this post
-naderman
+	$sql = 'SELECT topic_id, forum_id
-naderman
+		FROM ' . POSTS_TABLE . "
-naderman
+		WHERE post_id = $post_id";
-naderman
+	$result = $db->sql_query($sql);
-naderman
+	$row = $db->sql_fetchrow($result);
-naderman
+	$db->sql_freeresult($result);
 naderman
-naderman
+	$topic_id = (int) $row['topic_id'];
-grahamje
+	$forum_id = (int) ($row['forum_id']) ? $row['forum_id'] : $forum_id;
 acydburn
-vic_delfant
+else if ($topic_id)
 acydburn
-naderman
+	$sql = 'SELECT forum_id
-naderman
+		FROM ' . TOPICS_TABLE . "
-naderman
+		WHERE topic_id = $topic_id";
-naderman
+	$result = $db->sql_query($sql);
-naderman
+	$row = $db->sql_fetchrow($result);
-naderman
+	$db->sql_freeresult($result);
 naderman
-naderman
+	$forum_id = (int) $row['forum_id'];
 acydburn
 acydburn
-naderman
+// If the user doesn't have any moderator powers (globally or locally) he can't access the mcp
-naderman
+if (!$auth->acl_getf_global('m_'))
 acydburn
-naderman
+	// Except he is using one of the quickmod tools for users
-naderman
+	$user_quickmod_actions = array(
-naderman
+		'lock'			=> 'f_user_lock',
-naderman
+		'make_sticky'	=> 'f_sticky',
-naderman
+		'make_announce'	=> 'f_announce',
-naderman
+		'make_global'	=> 'f_announce',
-acydburn
+		'make_normal'	=> array('f_announce', 'f_sticky')
-acydburn
+	);
 naderman
-naderman
+	$allow_user = false;
-naderman
+	if ($quickmod && isset($user_quickmod_actions[$action]) && $user->data['is_registered'] && $auth->acl_gets($user_quickmod_actions[$action], $forum_id))
 naderman
-naderman
+		$topic_info = get_topic_data(array($topic_id));
-naderman
+		if ($topic_info[$topic_id]['topic_poster'] == $user->data['user_id'])
 naderman
-naderman
+			$allow_user = true;
 naderman
 naderman
 naderman
-naderman
+	if (!$allow_user)
 naderman
-kellanved
+		trigger_error('NOT_AUTHORISED');
 naderman
 naderman
 acydburn
-naderman
+// if the user cannot read the forum he tries to access then we won't allow mcp access either
-naderman
+if ($forum_id && !$auth->acl_get('f_read', $forum_id))
 naderman
-kellanved
+	trigger_error('NOT_AUTHORISED');
 naderman
 naderman
-acydburn
+if ($forum_id)
 naderman
-acydburn
+	$module->acl_forum_id = $forum_id;
 naderman
 acydburn
-naderman
+// Instantiate module system and generate list of available modules
-naderman
+$module->list_modules('mcp');
 acydburn
-naderman
+if ($quickmod)
 naderman
-naderman
+	$mode = 'quickmod';
 acydburn
-naderman
+	switch ($action)
 grahamje
-naderman
+		case 'lock':
-naderman
+		case 'unlock':
-naderman
+		case 'lock_post':
-naderman
+		case 'unlock_post':
-naderman
+		case 'make_sticky':
-naderman
+		case 'make_announce':
-naderman
+		case 'make_global':
-naderman
+		case 'make_normal':
-naderman
+		case 'fork':
-naderman
+		case 'move':
-naderman
+		case 'delete_post':
-naderman
+		case 'delete_topic':
-naderman
+			$module->load('mcp', 'main', 'quickmod');
-acydburn
+			return;
-acydburn
+		break;
 grahamje
-naderman
+		case 'topic_logs':
-naderman
+			$module->set_active('logs', 'topic_logs');
-naderman
+		break;
 acydburn
-naderman
+		case 'merge_topic':
-naderman
+			$module->set_active('main', 'forum_view');
-naderman
+		break;
 naderman
-naderman
+		case 'split':
-naderman
+		case 'merge':
-naderman
+			$module->set_active('main', 'topic_view');
-naderman
+		break;
 naderman
-naderman
+		default:
-acydburn
+			trigger_error("$action not allowed as quickmod", E_USER_ERROR);
-acydburn
+		break;
 naderman
 naderman
-naderman
+else
 naderman
-grahamje
+	// Select the active module
-grahamje
+	$module->set_active($id, $mode);
 naderman
 grahamje
-naderman
+// Hide some of the options if we don't have the relevant information to use them
-naderman
+if (!$post_id)
 naderman
-naderman
+	$module->set_display('main', 'post_details', false);
-naderman
+	$module->set_display('warn', 'warn_post', false);
 vic_delfant
 naderman
-vic_delfant
+if ($mode == '' || $mode == 'unapproved_topics' || $mode == 'unapproved_posts')
 vic_delfant
-vic_delfant
+	$module->set_display('queue', 'approve_details', false);
 naderman
 acydburn
-vic_delfant
+if ($mode == '' || $mode == 'reports' || $mode == 'reports_closed')
 vic_delfant
-vic_delfant
+	$module->set_display('reports', 'report_details', false);
 vic_delfant
 vic_delfant
-naderman
+if (!$topic_id)
 naderman
-naderman
+	$module->set_display('main', 'topic_view', false);
-naderman
+	$module->set_display('logs', 'topic_logs', false);
 naderman
 acydburn
-naderman
+if (!$forum_id)
 naderman
-naderman
+	$module->set_display('main', 'forum_view', false);
-naderman
+	$module->set_display('logs', 'forum_logs', false);
 naderman
 acydburn
-naderman
+if (!$user_id && $username == '')
 naderman
-naderman
+	$module->set_display('notes', 'user_notes', false);
-naderman
+	$module->set_display('warn', 'warn_user', false);
 naderman
 grahamje
-naderman
+// Load and execute the relevant module
-naderman
+$module->load_active();
 grahamje
-naderman
+// Assign data to the template engine for the list of modules
-acydburn
+$module->assign_tpl_vars(append_sid(PHPBB_ROOT_PATH . 'mcp.' . PHP_EXT));
 grahamje
-acydburn
+// Generate urls for letting the moderation control panel being accessed in different modes
-acydburn
+$template->assign_vars(array(
-acydburn
+	'U_MCP'			=> append_sid('mcp', 'i=main'),
-acydburn
+	'U_MCP_FORUM'	=> ($forum_id) ? append_sid('mcp', "i=main&amp;mode=forum_view&amp;f=$forum_id") : '',
-acydburn
+	'U_MCP_TOPIC'	=> ($forum_id && $topic_id) ? append_sid('mcp', "i=main&amp;mode=topic_view&amp;t=$topic_id") : '',
-acydburn
+	'U_MCP_POST'	=> ($forum_id && $topic_id && $post_id) ? append_sid('mcp', "i=main&amp;mode=post_details&amp;t=$topic_id&amp;p=$post_id") : '',
-acydburn
+));
 acydburn
-acydburn
+// Generate the page, do not display/query online list
-acydburn
+$module->display($module->get_page_title(), false);
 grahamje
-grahamje
+/**
-grahamje
+* Functions used to generate additional URL paramters
-grahamje
+*/
-acydburn
+function _module__url($mode, &$module_row)
 grahamje
-grahamje
+	return extra_url();
 grahamje
 grahamje
-acydburn
+function _module_notes_url($mode, &$module_row)
 acydburn
-acydburn
+	if ($mode == 'front')
 acydburn
-acydburn
+		return '';
 acydburn
 acydburn
-acydburn
+	global $user_id;
-acydburn
+	return ($user_id) ? "&amp;u=$user_id" : '';
 acydburn
 acydburn
-acydburn
+function _module_warn_url($mode, &$module_row)
 acydburn
-acydburn
+	if ($mode == 'front' || $mode == 'list')
 acydburn
-davidmj
+		global $forum_id;
 davidmj
-davidmj
+		return ($forum_id) ? "&amp;f=$forum_id" : '';
 acydburn
 acydburn
-acydburn
+	if ($mode == 'warn_post')
 acydburn
-acydburn
+		global $forum_id, $post_id;
 acydburn
-acydburn
+		$url_extra = ($forum_id) ? "&amp;f=$forum_id" : '';
-acydburn
+		$url_extra .= ($post_id) ? "&amp;p=$post_id" : '';
 acydburn
-acydburn
+		return $url_extra;
 acydburn
-acydburn
+	else
 acydburn
-acydburn
+		global $user_id;
 acydburn
-acydburn
+		return ($user_id) ? "&amp;u=$user_id" : '';
 acydburn
 acydburn
 acydburn
-acydburn
+function _module_main_url($mode, &$module_row)
 grahamje
-grahamje
+	return extra_url();
 grahamje
 acydburn
-acydburn
+function _module_logs_url($mode, &$module_row)
 acydburn
-acydburn
+	return extra_url();
 acydburn
 acydburn
-acydburn
+function _module_ban_url($mode, &$module_row)
 acydburn
-acydburn
+	return extra_url();
 acydburn
 acydburn
-acydburn
+function _module_queue_url($mode, &$module_row)
 acydburn
-acydburn
+	return extra_url();
 acydburn
 acydburn
-davidmj
+function _module_reports_url($mode, &$module_row)
 davidmj
-davidmj
+	return extra_url();
 davidmj
 davidmj
-grahamje
+function extra_url()
 grahamje
-acydburn
+	global $forum_id, $topic_id, $post_id, $user_id;
 acydburn
-grahamje
+	$url_extra = '';
-grahamje
+	$url_extra .= ($forum_id) ? "&amp;f=$forum_id" : '';
-grahamje
+	$url_extra .= ($topic_id) ? "&amp;t=$topic_id" : '';
-grahamje
+	$url_extra .= ($post_id) ? "&amp;p=$post_id" : '';
-acydburn
+	$url_extra .= ($user_id) ? "&amp;u=$user_id" : '';
 acydburn
-grahamje
+	return $url_extra;
 grahamje
 acydburn
-acydburn
+/**
-acydburn
+* Get simple topic data
-acydburn
+*/
-naderman
+function get_topic_data($topic_ids, $acl_list = false, $read_tracking = false)
 acydburn
-naderman
+	global $auth, $db, $config, $user;
-naderman
+	static $rowset = array();
 acydburn
-naderman
+	$topics = array();
 acydburn
-naderman
+	if (!sizeof($topic_ids))
 acydburn
-acydburn
+		return array();
 acydburn
 acydburn
-naderman
+	// cache might not contain read tracking info, so we can't use it if read
-naderman
+	// tracking information is requested
-naderman
+	if (!$read_tracking)
 naderman
-naderman
+		$cache_topic_ids = array_intersect($topic_ids, array_keys($rowset));
-naderman
+		$topic_ids = array_diff($topic_ids, array_keys($rowset));
 naderman
-naderman
+	else
 naderman
-naderman
+		$cache_topic_ids = array();
 naderman
 psotfx
-naderman
+	if (sizeof($topic_ids))
 acydburn
-naderman
+		$sql_array = array(
-naderman
+			'SELECT'	=> 't.*, f.*',
 naderman
-naderman
+			'FROM'		=> array(
-naderman
+				TOPICS_TABLE	=> 't',
-naderman
+			),
 naderman
-naderman
+			'LEFT_JOIN'	=> array(
-naderman
+				array(
-naderman
+					'FROM'	=> array(FORUMS_TABLE => 'f'),
-naderman
+					'ON'	=> 'f.forum_id = t.forum_id'
 naderman
-naderman
+			),
 naderman
-naderman
+			'WHERE'		=> $db->sql_in_set('t.topic_id', $topic_ids)
-naderman
+		);
 naderman
-naderman
+		if ($read_tracking && $config['load_db_lastread'])
 naderman
-naderman
+			$sql_array['SELECT'] .= ', tt.mark_time, ft.mark_time as forum_mark_time';
 naderman
-naderman
+			$sql_array['LEFT_JOIN'][] = array(
-naderman
+				'FROM'	=> array(TOPICS_TRACK_TABLE => 'tt'),
-naderman
+				'ON'	=> 'tt.user_id = ' . $user->data['user_id'] . ' AND t.topic_id = tt.topic_id'
-naderman
+			);
 naderman
-naderman
+			$sql_array['LEFT_JOIN'][] = array(
-naderman
+				'FROM'	=> array(FORUMS_TRACK_TABLE => 'ft'),
-naderman
+				'ON'	=> 'ft.user_id = ' . $user->data['user_id'] . ' AND t.forum_id = ft.forum_id'
-naderman
+			);
 naderman
 naderman
-naderman
+		$sql = $db->sql_build_query('SELECT', $sql_array);
-naderman
+		$result = $db->sql_query($sql);
 acydburn
-naderman
+		while ($row = $db->sql_fetchrow($result))
 acydburn
-grahamje
+			if (!$row['forum_id'])
 grahamje
-grahamje
+				// Global Announcement?
-grahamje
+				$row['forum_id'] = request_var('f', 0);
 grahamje
 grahamje
-naderman
+			$rowset[$row['topic_id']] = $row;
 naderman
-naderman
+			if ($acl_list && !$auth->acl_gets($acl_list, $row['forum_id']))
 naderman
-naderman
+				continue;
 naderman
 naderman
-naderman
+			$topics[$row['topic_id']] = $row;
 acydburn
-acydburn
+		$db->sql_freeresult($result);
 naderman
 acydburn
-naderman
+	foreach ($cache_topic_ids as $id)
 naderman
-naderman
+		if (!$acl_list || $auth->acl_gets($acl_list, $rowset[$id]['forum_id']))
 naderman
-naderman
+			$topics[$id] = $rowset[$id];
 naderman
 acydburn
 acydburn
-naderman
+	return $topics;
 acydburn
 acydburn
-acydburn
+/**
-acydburn
+* Get simple post data
-acydburn
+*/
-naderman
+function get_post_data($post_ids, $acl_list = false, $read_tracking = false)
 acydburn
-naderman
+	global $db, $auth, $config, $user;
 acydburn
-acydburn
+	$rowset = array();
 acydburn
-naderman
+	if (!sizeof($post_ids))
 naderman
-naderman
+		return array();
 naderman
 naderman
-naderman
+	$sql_array = array(
-davidmj
+		'SELECT'	=> 'p.*, u.*, t.*, f.*',
 davidmj
-davidmj
+		'FROM'		=> array(
-davidmj
+			USERS_TABLE		=> 'u',
-acydburn
+			POSTS_TABLE		=> 'p',
-davidmj
+			TOPICS_TABLE	=> 't',
-davidmj
+		),
 davidmj