diff options
Diffstat (limited to 'phpBB/includes/mcp/mcp_reports.php')
| -rwxr-xr-x | phpBB/includes/mcp/mcp_reports.php | 591 |
1 files changed, 591 insertions, 0 deletions
diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php new file mode 100755 index 0000000000..7a864a4618 --- /dev/null +++ b/phpBB/includes/mcp/mcp_reports.php @@ -0,0 +1,591 @@ +<?php +// ------------------------------------------------------------- +// +// $Id$ +// +// FILENAME : mcp_reports.php +// STARTED : Fri Nov 26, 2004 +// COPYRIGHT : © 2004 phpBB Group +// WWW : http://www.phpbb.com/ +// LICENCE : GPL vs2.0 [ see /docs/COPYING ] +// +// ------------------------------------------------------------- + + +// TODO: Would be nice if a moderator could 'checkout' a topic with reports so +// other moderators know that this topic is already being handled. + +/** +* @package module_install +*/ +class mcp_reports_info +{ + function module() + { + return array( + 'filename' => 'mcp_reports', + 'title' => 'MCP_REPORTS', + 'version' => '1.0.0', + 'modes' => array( + 'front' => array('title' => 'MCP_REPORTS_FRONT', 'auth' => 'acl_m_'), + 'reports_yours' => array('title' => 'MCP_REPORTS_YOURS', 'auth' => 'acl_m_'), + 'reports_new' => array('title' => 'MCP_REPORTS_NEW', 'auth' => 'acl_m_'), + 'reports_topics' => array('title' => 'MCP_REPORTS_TOPICS', 'auth' => 'acl_m_'), + 'reports_view_topic' => array('title' => 'MCP_REPORTS_VIEW_TOPIC', 'auth' => 'acl_m_'), + 'reports_view' => array('title' => 'MCP_REPORTS_VIEW', 'auth' => 'acl_m_') + ), + ); + } + + function install() + { + } + + function uninstall() + { + } +} + + +/** +* @package mcp +* mcp_report +* Handle reports about users or posts sent in by users +*/ +class mcp_reports +{ + + var $p_master; + + function mcp_main(&$p_master) + { + $this->p_master = &$p_master; + } + + function main($id, $mode) + { + global $auth, $db, $user, $template; + global $config, $phpbb_root_path, $phpEx, $SID; + + $action = request_var('action', array('' => '')); + + switch ($mode) + { + case 'reports_yours': + $this->mcp_reports_list($id, $mode); + break; + case 'reports_new': + $this->mcp_reports_list($id, $mode); + break; + case 'reports_topics': + $this->mcp_reports_list($id, $mode); + break; + case 'reports_view_topic': + // View reports for one topic + $this->mcp_reports_list($id, $mode); + //$this->tpl_name = 'mcp_report_topic'; + break; + case 'reports_view': + // View one report (not attached to a topic) + $this->mcp_report_view($id, $mode); + break; + default: + // Main page with an overview + $this->mcp_reports_list($id, $mode); + break; + } + } + + // Overview of available reports + function mcp_reports_list($id, $mode) + { + global $auth, $db, $user, $template; + global $config, $phpbb_root_path, $phpEx, $SID; + + $forum_id = request_var('f', 0); + $topic_id = request_var('t', 0); + $start = request_var('start', 0); + + // Show report details for a specific topic if a topic has been selected. + if($topic_id != 0) + { + return $this->mcp_report_view('topic', $topic_id); + } + + $forum_info = array(); + + $forum_list_report = get_forum_list('m_', false, true); + + // Show all reports that this user is allowed to view or only the + // reports in one specific forum? + if ($mode == 'overview' || !$forum_id) + { + $forum_list = array(); + foreach ($forum_list_report as $row) + { + $forum_list[] = $row['forum_id']; + } + + if (!$forum_list = implode(', ', $forum_list)) + { + trigger_error('NOT_MODERATOR'); + } + + $sql = 'SELECT SUM(forum_topics) as sum_forum_topics + FROM ' . FORUMS_TABLE . " + WHERE forum_id IN ($forum_list)"; + $result = $db->sql_query($sql); + $forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics', 0, $result); + $db->sql_freeresult($result); + } + else + { + $forum_info = get_forum_data(array($forum_id), 'm_approve'); + + if (!sizeof($forum_info)) + { + trigger_error('NOT_MODERATOR'); + } + + $forum_info = $forum_info[$forum_id]; + $forum_list = $forum_id; + } + + $forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>'; + foreach ($forum_list_report as $row) + { + $forum_options .= '<option value="' . $row['forum_id'] . '"' . (($forum_id == $row['forum_id']) ? ' selected="selected"' : '') . '>' . $row['forum_name'] . '</option>'; + } + + // Note: this query needs to be made compatible with non-MySQL DBMs + mcp_sorting('reports', $sort_days, $sort_key, $sort_dir, $sort_by_sql, $sort_order_sql, $total, $forum_id); + $forum_topics = ($total == -1) ? $forum_info['forum_topics'] : $total; + $limit_time_sql = ($sort_days) ? 'AND t.topic_last_post_time >= ' . (time() - ($sort_days * 86400)) : ''; + $sql = 'SELECT count(*) as report_count, r.*, p.post_id, p.post_subject, u.username, t.topic_id, t.topic_title, f.forum_id, f.forum_name + FROM ' . REPORTS_TABLE . ' r, ' . REASONS_TABLE . ' rr,' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u + LEFT JOIN ' . FORUMS_TABLE . ' f ON f.forum_id = p.forum_id + WHERE + r.report_status = 0 + AND r.post_id = p.post_id + AND r.reason_id = rr.reason_id + AND p.topic_id = t.topic_id + AND r.user_id = u.user_id + AND t.topic_reported = 1 + AND p.forum_id IN (' . (is_array($forum_list) ? implode(', ', $forum_list) : $forum_list) . ") + GROUP BY topic_id + ORDER BY $sort_order_sql"; + $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['poster_id'] == ANONYMOUS) + { + $poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST']; + } + else + { + $poster = $row['username']; + } + + $s_checkbox = '<input type="checkbox" name="post_id_list[]" value="' . $row['post_id'] . '" />'; + $template->assign_block_vars('report', array( + 'U_FORUM' => "mcp.$phpEx$SID&i=report&mode=&f={$row['forum_id']}", + // Q: Why accessing the topic by a post_id instead of its topic_id? + // A: To prevent the post from being hidden because of wrong encoding or different charset + 'U_REPORT_TOPIC' => "mcp.$phpEx$SID&i=report&mode=report_view_topic&t={$row['topic_id']}", + 'U_VIEW_DETAILS'=> "mcp.$phpEx$SID&i=queue&start=$start&mode=approve_details&f={$forum_id}&p={$row['post_id']}", + 'U_VIEWPROFILE' => ($row['poster_id'] != ANONYMOUS) ? "memberlist.$phpEx$SID&mode=viewprofile&u={$row['poster_id']}" : '', + + 'REPORT_COUNT' => $row['report_count'], + 'FORUM_NAME' => $row['forum_name'], + 'TOPIC_TITLE' => $row['topic_title'], + 'POSTER' => $poster, + 'REPORT_TIME' => $user->format_date($row['report_time']), + 'S_CHECKBOX' => $s_checkbox) + ); + } + $db->sql_freeresult($result); + + // Now display the page + $template->assign_vars(array( + 'L_DISPLAY_ITEMS' => ($mode == 'unapproved_posts') ? $user->lang['DISPLAY_POSTS'] : $user->lang['DISPLAY_TOPICS'], + 'S_FORUM_OPTIONS' => $forum_options) + ); + $this->tpl_name = 'mcp_reports_front'; + } + + // View the reports for one topic or view one topic. + function mcp_report_view($id, $mode) + { + global $phpbb_root_path, $config, $db, $phpEx; + global $user, $template, $auth; + + //$this->tpl_name = 'mcp_reports'; + if(!isset($_POST['feedback_submit'])) + { + // Show the reports. + $topic_id = request_var('t', 0); + if ($topic_id == 0) + { + trigger_error('NO_TOPIC_SELECTED'); + } + + $topic_info = get_topic_data($topic_id, 'm_'); + $topic_info = $topic_info[$topic_id]; + + $sql = "SELECT + r.report_id, r.report_time, r.report_text, r.report_status, + r.bbcode_uid as r_bbcode_uid, r.bbcode_bitfield as r_bbcode_bitfield, + rre.reply_id, rre.reply_text, ure_from.username as reply_from_username, + ure_to.username as reply_to_username, + p.post_id, p.topic_id, p.forum_id, p.post_time, p.post_subject, p.post_text, + p.bbcode_uid as p_bbcode_uid, p.bbcode_bitfield as p_bbcode_bitfield, + u1.user_id as reporter_user_id, u1.username as reporter_username, + u2.user_id as poster_user_id, u2.username as poster_username + FROM " . + REPORTS_TABLE . " r + LEFT JOIN " . REPORTS_REPLIES_TABLE . " rre USING (report_id) + LEFT JOIN " . USERS_TABLE . " ure_from ON (rre.from_user_id = ure_from.user_id) + LEFT JOIN " . USERS_TABLE . " ure_to ON (rre.to_user_id = ure_to.user_id), " . + POSTS_TABLE . " p, " . + USERS_TABLE . " u1, " . + USERS_TABLE . " u2 + WHERE + r.user_id = u1.user_id + AND r.post_id = p.post_id + AND p.poster_id = u2.user_id + AND p.topic_id = $topic_id + ORDER BY post_id DESC, report_id DESC, reply_id ASC"; + $result = $db->sql_query($sql); + + include_once($phpbb_root_path . 'includes/bbcode.'.$phpEx); + $old_post_id = 0; + $old_report_id = 0; + while ($row = $db->sql_fetchrow($result)) + { + if($old_report_id != $row['report_id']) + { + if($old_post_id != $row['post_id']) + { + // Process message, leave it uncensored + $message = $row['post_text']; + if ($row['p_bbcode_bitfield']) + { + $bbcode = new bbcode($row['p_bbcode_bitfield']); + $bbcode->bbcode_second_pass($message, $row['p_bbcode_uid'], $row['p_bbcode_bitfield']); + } + $message = smiley_text($message); + + $template->assign_block_vars('postrow', array( + 'POST_ID' => $row['post_id'], + 'POST_SUBJECT' => $row['post_subject'], + 'POSTER_USER_ID' => $row['poster_user_id'], + 'POSTER_NAME' => $row['poster_username'], + 'U_POSTER_PROFILE' => ($row['poster_id'] != ANONYMOUS) ? "memberlist.$phpEx$SID&mode=viewprofile&u={$row['poster_id']}" : '', + 'POST_DATE' => $user->format_date($row['post_time']), + 'POST_PREVIEW' => $message, + 'U_APPROVE_ACTION' => "{$phpbb_root_path}mcp.$phpEx$SID&i=report&mode=topic", + 'U_EDIT' => ($auth->acl_get('m_edit', $row['forum_id'])) ? "{$phpbb_root_path}posting.$phpEx$SID&mode=edit&f={$row['forum_id']}&p={$row['post_id']}" : '', + 'U_VIEW' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f={$row['forum_id']}&p={$row['post_id']}#{$row['post_id']}" + ) + ); + } // Start post row. + $old_post_id = $row['post_id']; + + // Process message, leave it uncensored + $message = $row['report_text']; + if ($row['r_bbcode_bitfield']) + { + $bbcode = new bbcode($row['r_bbcode_bitfield']); + $bbcode->bbcode_second_pass($message, $row['r_bbcode_uid'], $row['r_bbcode_bitfield']); + } + $message = smiley_text($message); + + $template->assign_block_vars('postrow.reportrow', array( + 'REPORT_ID' => $row['report_id'], + 'REPORT_TIME' => $user->format_date($row['report_time']), + 'REPORT_TEXT' => $message, + 'REPORT_STATUS' => $row['report_status'], + 'U_REPORTERPROFILE' => ($row['poster_id'] != ANONYMOUS) ? "memberlist.$phpEx$SID&mode=viewprofile&u={$row['reporter_user_id']}" : '', + 'REPORTER_USER_ID' => $row['reporter_user_id'], + 'REPORTER_USERNAME' => $row['reporter_username'], + 'POSTER_USER_ID' => $row['poster_user_id'], + 'POSTER_USERNAME' => $row['poster_username'], + ) + ); + } + $old_report_id = $row['report_id']; + + if($row['reply_text'] != '') + { + $template->assign_block_vars('postrow.reportrow.replyrow', array( + 'REPLY_ID' => $row['reply_id'], + 'REPLY_FROMUSERNAME' => $row['reply_from_username'], + 'REPLY_TOUSERNAME' => $row['reply_to_username'], + 'REPLY_TEXT' => $row['reply_text'] + )); + } + + } + $db->sql_freeresult($result); + + // Set some vars + $poster = ($post_info['user_colour']) ? '<span style="color:#' . $post_info['user_colour'] . '">' . $post_info['username'] . '</span>' : $post_info['username']; + + $template->assign_vars(array( + 'TOPIC_TITLE' => $topic_info['topic_title'], + 'U_TOPIC' => "viewtopic.$phpEx$SID&t={$topic_info['topic_id']}", + 'U_FEEDBACK_ACTION' => $_SERVER['REQUEST_URI'] + ) + ); + + $this->tpl_name = 'mcp_reports_topic'; + //$this->display($user->lang['MCP_QUEUE'], 'mcp_topicreports.html'); + } // No submit + else + { + // Send feedback and close selected reports + $selected_reports = request_var('sendfeedback', array('0'=>'0')); + $report_close = request_var('feedback_close', ''); + $report_feedback = request_var('feedback_text', ''); + + $post_ids = array(); + foreach($selected_reports as $key => $value) + { + $report_ids[] = $value; + } + + if(count($report_ids) == 0) + { + // TODO: i18n + trigger_error('No reports selected.'); + } + + $sql = "SELECT + r.report_id, r.user_id, r.reason_id, r.post_id, r.report_text, + u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type, u.user_options, + rr.reason_name, rr.reason_description, + p.post_id, p.post_subject, + t.topic_title, t.forum_id + FROM " . REPORTS_TABLE . " r, " . + REASONS_TABLE . " rr, " . + USERS_TABLE . " u, " . + POSTS_TABLE . " p, " . + TOPICS_TABLE . " t + WHERE + r.reason_id = rr.reason_id + AND r.user_id = u.user_id + AND r.post_id = p.post_id + AND p.topic_id = t.topic_id + AND report_id IN (" . implode(', ', $report_ids) . ")"; + $result = $db->sql_query($sql); + + while($row = $db->sql_fetchrow($result)) + { + $feedback_data[$row['user_id']] = array( + 'name' => $row['username'], + 'email' => $row['user_email'], + 'jabber'=> $row['user_jabber'], + 'lang' => $row['user_lang'], + 'notify_type' => $row['user_notify_type'], + 'pm' => $user->optionget('report_pm_notify', $row['user_options']), + 'report_id' => $row['report_id'], + 'reporter' => $row['username'], + 'moderator' => $user->data['username'], + 'moderator_id' => $user->data['user_id'], + 'reason' => $row['reason_desc'], + 'report_feedback' => $report_feedback, + 'text' => $row['report_text'], + 'subject' => $row['topic_title'], + 'view_post' => "viewtopic.$phpEx?f={$row['forum_id']}&t={$row['topic_id']}&p={$row['post_id']}&#{$row['post_id']}" + + ); + + $reported_posts[$row['post_id']]++; + + } + + // Only send feedback if there is feedback to send + if($report_feedback != '') + { + $this->report_feedback($feedback_data); + } + + // See if we need to close the report, update notifications in viewforum/topic + + // Start transaction + $db->sql_transaction('begin'); + + if ($report_close) + { + // Close the reports + $sql = 'UPDATE ' . REPORTS_TABLE . ' + SET report_status = ' . REPORT_CLOSED . ' + WHERE report_id IN (' . implode(', ', $report_ids) . ')'; + $db->sql_query($sql); + } + + // TODO: Should we remove the notification in viewforum/topic after feedback has been added to a report? Or should we introduce a 'report in progress' icon for viewforum/topic? + // Figure out what posts are without open reports after this update. + $sql = 'SELECT r.post_id, p.topic_id, sum(IF(report_status=1, 0, 1)) as open_reports + FROM ' . REPORTS_TABLE . ' r + LEFT JOIN ' . POSTS_TABLE . ' p USING (post_id) + WHERE r.post_id IN (' . implode(', ', array_keys($reported_posts)) . ') + GROUP BY r.post_id + HAVING open_reports = 0'; + $result = $db->sql_query($sql); + while($row = $db->sql_fetchrow($result)) + { + $resolved_posts[] = $row['post_id']; + $resolved_topics[] = $row['topic_id']; + } + + // Mark those posts as resolved + if(!empty($resolved_posts)) + { + $sql = 'UPDATE ' . POSTS_TABLE . ' SET + post_reported = 0 + WHERE post_id IN (' . implode(', ', $resolved_posts) . ')'; + $db->sql_query($sql); + + // Mark topic as resolved because a moderator has taken a look at it. + $sql = 'UPDATE ' . TOPICS_TABLE . ' SET + topic_reported = 0 + WHERE topic_id IN (' . implode(', ', $resolved_topics) . ')'; + $db->sql_query($sql); + } + + // End transaction + $db->sql_transaction('commit'); + + // Say something nice to the moderator + trigger_error('These reports have been closed. Thank you :)<br /> <a href="'.$_SERVER['REQUEST_URI'].'">return</a>'); + + + } // The form was submitted + } + + // ---------------------------------------------------------------------------- + + // Reply to reports and notify reporters of this event. + function report_feedback($data) + { + global $config, $phpbb_root_path, $phpEx; + global $user, $db; + + + foreach ($data as $user_id => $reply_row) + { + // TODO: Include a subject? + $sql_data = array( + 'report_id' => $reply_row['report_id'], + 'reply_time' => time(), + 'reply_text' => $reply_row['report_feedback'], + 'from_user_id' => $reply_row['moderator_id'], + 'to_user_id' => $user_id + ); + $db->sql_query('INSERT INTO ' . REPORTS_REPLIES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data)); + } + + // Notify the recipient of this reply + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + include_once($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + $messenger = new messenger(); + + $email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']); + $email_template = 'report_feedback'; + + foreach ($data as $user_id => $notify_row) + { + // Send notification by email + if (!$notify_row['pm']) + { + $messenger->to($notify_row['email'], $notify_row['name']); + $messenger->im($notify_row['jabber'], $notify_row['name']); + $messenger->replyto($config['board_email']); + + $messenger->template($email_template, $notify_row['lang']); + + $messenger->assign_vars(array( + 'EMAIL_SIG' => $email_sig, + 'SITENAME' => $config['sitename'], + 'USERNAME' => $notify_row['name'], + 'SUBJECT' => $notify_row['subject'], + 'REPORTER' => $notify_row['reporter'], + 'MODERATOR' => $notify_row['moderator'], + + 'REPORT_REASON' => $notify_row['reason'], + 'REPORT_TEXT' => $notify_row['text'], + 'REPORT_FEEDBACK' => $notify_row['report_feedback'], + + 'U_VIEW_POST' => generate_board_url() . '/' . $notify_row['view_post']) + ); + + $messenger->send($notify_row['notify_type']); + $messenger->reset(); + //print "mail to " . $notify_row['email'] . "({$notify_row['notify_type']})"; + + if ($messenger->queue) + { + $messenger->queue->save(); + } + } + else + { + // Use messenger for getting the correct message, we use the email template + $messenger->template($email_template, $notify_row['lang']); + + $messenger->assign_vars(array( + 'EMAIL_SIG' => $email_sig, + 'SITENAME' => $config['sitename'], + 'USERNAME' => $notify_row['name'], + 'SUBJECT' => $notify_row['subject'], + 'REPORTER' => $notify_row['reporter'], + 'MODERATOR' => $notify_row['moderator'], + + 'REPORT_REASON' => $notify_row['reason'], + 'REPORT_TEXT' => $notify_row['text'], + 'REPORT_FEEDBACK' => $notify_row['report_feedback'], + + 'U_VIEW_POST' => generate_board_url() . '/' . $notify_row['view_post']) + ); + + // Parse message, don't send it. + $messenger->send(false, true); + + // do not put in moderators outbox + $pm_data = array( + 'address_list' => array('u' => array($user_id => 'to')), + 'from_user_id' => $user->data['user_id'], + 'from_user_ip' => $user->data['user_ip'], + 'from_username' => $user->data['username'], + 'icon_id' => 0, + 'enable_bbcode' => 0, + 'enable_html' => 0, + 'enable_smilies' => 0, + 'enable_urls' => 1, + 'enable_sig' => 0, + 'message_md5' => md5($messenger->msg), + 'bbcode_bitfield' => 0, + 'bbcode_uid' => 0, + 'attachment_data' => array(), + 'filename_data' => array(), + 'message' => $messenger->msg + ); + + //function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox) + submit_pm('post', $notify_row['subject'], $pm_data, true, false); + + // Break the sending process... + $messenger->reset(); + + //print "PM to " . $notify_row['name']; + } + + // Add the feedback to the report + $message = $notify_row['report_feedback']; + } + unset($messenger); + } +} +?>
\ No newline at end of file |