aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/report.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/report.php')
-rw-r--r--phpBB/report.php172
1 files changed, 115 insertions, 57 deletions
diff --git a/phpBB/report.php b/phpBB/report.php
index ab1680968d..47813fd07e 100644
--- a/phpBB/report.php
+++ b/phpBB/report.php
@@ -22,50 +22,79 @@ $auth->acl($user->data);
$user->setup('mcp');
// var definitions
-$post_id = (!empty($_REQUEST['p'])) ? intval($_REQUEST['p']) : 0;
-$reason_id = (!empty($_REQUEST['reason_id'])) ? intval($_REQUEST['reason_id']) : 0;
-$user_notify = (!empty($_REQUEST['notify']) && $user->data['user_id'] != ANONYMOUS) ? TRUE : FALSE;
-$report_text = (!empty($_REQUEST['report_text'])) ? htmlspecialchars(stripslashes($_REQUEST['report_text'])) : '';
+$post_id = request_var('p', 0);
+$msg_id = request_var('pm', 0);
+$reason_id = request_var('reason_id', 0);
+$user_notify= (!empty($_REQUEST['notify']) && $user->data['user_id'] != ANONYMOUS) ? true : false;
+$report_text= request_var('report_text', '');
+
+if (!$post_id && !$msg_id)
+{
+ trigger_error('NO_MODE');
+}
+
+$redirect_url = ($post_id) ? "{$phpbb_root_path}viewtopic.$phpEx$SID&p=$post_id#$post_id" : "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=view_messages&action=view_message&p=$msg_id";
// Has the report been cancelled?
if (isset($_POST['cancel']))
{
- redirect("viewtopic.$phpEx$SID&p=$post_id#$post_id");
+ redirect($redirect_url);
}
// Grab all relevant data
-$sql = 'SELECT f.*, t.*, p.*
- FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
- WHERE p.post_id = $post_id
- AND p.topic_id = t.topic_id
- AND p.forum_id = f.forum_id";
+if ($post_id)
+{
+ $sql = 'SELECT f.*, t.*, p.*
+ FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
+ WHERE p.post_id = $post_id
+ AND p.topic_id = t.topic_id
+ AND p.forum_id = f.forum_id";
+}
+else
+{
+ // Only the user itself is able to report his Private Messages
+ $sql = 'SELECT p.*, t.*
+ FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . " t
+ WHERE t.msg_id = $msg_id
+ AND t.user_id = " . $user->data['user_id'] . '
+ AND t.msg_id = p.msg_id';
+}
$result = $db->sql_query($sql);
-if (!($forum_data = $db->sql_fetchrow($result)))
+if (!($report_data = $db->sql_fetchrow($result)))
{
trigger_error($user->lang['POST_NOT_EXIST']);
}
-$forum_id = $forum_data['forum_id'];
-$topic_id = $forum_data['topic_id'];
-
+if ($post_id)
+{
+ $forum_id = $report_data['forum_id'];
+ $topic_id = $report_data['topic_id'];
-// Check required permissions
-$acl_check_ary = array('f_list' => 'POST_NOT_EXIST', 'f_read' => 'USER_CANNOT_READ', 'f_report' => 'USER_CANNOT_REPORT');
-foreach ($acl_check_ary as $acl => $error)
+ // Check required permissions
+ $acl_check_ary = array('f_list' => 'POST_NOT_EXIST', 'f_read' => 'USER_CANNOT_READ', 'f_report' => 'USER_CANNOT_REPORT');
+ foreach ($acl_check_ary as $acl => $error)
+ {
+ if (!$auth->acl_get($acl, $forum_id))
+ {
+ trigger_error($error);
+ }
+ }
+ unset($acl_check_ary);
+}
+else
{
- if (!$auth->acl_get($acl, $forum_id))
+ if (!$config['auth_report_pm'] || !$auth->acl_get('u_pm_report'))
{
- trigger_error($error);
+ trigger_error('USER_CANNOT_REPORT');
}
}
-unset($acl_check_ary);
// Check if the post has already been reported by this user
$sql = 'SELECT *
- FROM ' . REPORTS_TABLE . "
- WHERE post_id = $post_id
- AND user_id = " . $user->data['user_id'];
+ FROM ' . REPORTS_TABLE . '
+ WHERE ' . (($post_id) ? "post_id = $post_id" : "msg_id = $msg_id") . '
+ AND user_id = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
@@ -86,9 +115,7 @@ if ($row = $db->sql_fetchrow($result))
}
else
{
- $return_topic = '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], "<a href=\"viewtopic.$phpEx$SID&amp;p=$post_id#$post_id\">", '</a>');
-
- trigger_error($user->lang['ALREADY_REPORTED'] . $return_topic);
+ trigger_error($user->lang['ALREADY_REPORTED'] . '<br /><br />' . sprintf($user->lang[(($post_id) ? 'RETURN_TOPIC' : 'RETURN_MESSAGE')], '<a href="' . $redirect_url . '">', '</a>'));
}
}
else
@@ -99,24 +126,25 @@ else
// Has the report been confirmed?
if (!empty($_POST['reason_id']))
{
- $sql = 'SELECT reason_title
+ $sql = 'SELECT reason_name
FROM ' . REASONS_TABLE . "
WHERE reason_id = $reason_id";
$result = $db->sql_query($sql);
- if (!($row = $db->sql_fetchrow($result)) || (!$report_text && $row['reason_title'] == 'other'))
+ if (!($row = $db->sql_fetchrow($result)) || (!$report_text && $row['reason_name'] == 'other'))
{
trigger_error('EMPTY_REPORT');
}
$db->sql_freeresult($result);
$sql_ary = array(
- 'reason_id' => (int) $reason_id,
- 'post_id' => (int) $post_id,
- 'user_id' => (int) $user->data['user_id'],
- 'user_notify' => (int) $user_notify,
- 'report_time' => (int) time(),
- 'report_text' => (string) $report_text
+ 'reason_id' => (int) $reason_id,
+ 'post_id' => (int) $post_id,
+ 'msg_id' => (int) $msg_id,
+ 'user_id' => (int) $user->data['user_id'],
+ 'user_notify' => (int) $user_notify,
+ 'report_time' => (int) time(),
+ 'report_text' => (string) $report_text
);
if ($report_id)
@@ -133,27 +161,54 @@ if (!empty($_POST['reason_id']))
$db->sql_query($sql);
}
- if (!$row['post_reported'])
+ if ($post_id)
{
- $sql = 'UPDATE ' . POSTS_TABLE . '
- SET post_reported = 1
- WHERE post_id = ' . $post_id;
- $db->sql_query($sql);
- }
+ if (!$row['post_reported'])
+ {
+ $sql = 'UPDATE ' . POSTS_TABLE . '
+ SET post_reported = 1
+ WHERE post_id = ' . $post_id;
+ $db->sql_query($sql);
+ }
- if (!$row['topic_reported'])
+ if (!$row['topic_reported'])
+ {
+ $sql = 'UPDATE ' . TOPICS_TABLE . '
+ SET topic_reported = 1
+ WHERE topic_id = ' . $topic_id;
+ $db->sql_query($sql);
+ }
+ }
+ else
{
- $sql = 'UPDATE ' . TOPICS_TABLE . '
- SET topic_reported = 1
- WHERE topic_id = ' . $topic_id;
- $db->sql_query($sql);
+ if (!$row['message_reported'])
+ {
+ $sql = 'UPDATE ' . PRIVMSGS_TABLE . "
+ SET message_reported = 1
+ WHERE msg_id = $msg_id";
+ $db->sql_query($sql);
+ }
}
- meta_refresh(3, "viewtopic.$phpEx$SID&amp;p=$post_id#$post_id");
+ meta_refresh(3, $redirect_url);
- $message = $user->lang['POST_REPORTED_SUCCESS'] . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], "<a href=\"viewtopic.$phpEx$SID&amp;p=$post_id#$post_id\">", '</a>');
+ $message = $user->lang[(($post_id) ? 'POST' : 'MESSAGE') . '_REPORTED_SUCCESS'] . '<br /><br />' . sprintf($user->lang[(($post_id) ? 'RETURN_TOPIC' : 'RETURN_MESSAGE')], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
+ // Which moderators are responsible for private messages? ;)
+ /*
+ $db->sql_query('INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+ 'msg_id' => (int) $msg_id,
+ 'user_id' => (int) $moderator_id,
+ 'author_id' => (int) $row['author_id'],
+ 'folder_id' => PRIVMSGS_NO_BOX,
+ 'new' => 1,
+ 'unread' => 1,
+ 'forwarded' => 0,
+ 'reported' => 1)
+ );
+ */
+
// TODO: warn moderators or something ;)
}
@@ -166,11 +221,11 @@ $result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
- $row['reason_title'] = strtoupper($row['reason_title']);
+ $row['reason_name'] = strtoupper($row['reason_name']);
- $reason_title = (!empty($user->lang['report_reasons']['TITLE'][$row['reason_title']])) ? $user->lang['report_reasons']['TITLE'][$row['reason_title']] : ucwords(str_replace('_', ' ', $row['reason_title']));
+ $reason_title = (!empty($user->lang['report_reasons']['TITLE'][$row['reason_name']])) ? $user->lang['report_reasons']['TITLE'][$row['reason_name']] : ucwords(str_replace('_', ' ', $row['reason_name']));
- $reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_title']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_title']] : $row['reason_desc'];
+ $reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']] : $row['reason_desc'];
$template->assign_block_vars('reason', array(
'ID' => $row['reason_id'],
@@ -180,17 +235,20 @@ while ($row = $db->sql_fetchrow($result))
));
}
+$u_report = ($post_id) ? "p=$post_id" : "pm=$msg_id";
+
$template->assign_vars(array(
'REPORT_TEXT' => $report_text,
- 'S_REPORT_ACTION' => "report.$phpEx$SID&amp;p=$post_id" . (($report_id) ? "&amp;report_id=$report_id" : ''),
-
- 'S_NOTIFY' => (!empty($user_notify)) ? TRUE : FALSE,
- 'S_CAN_NOTIFY' => ($user->data['user_id'] == ANONYMOUS) ? FALSE : TRUE
-));
+ 'S_REPORT_ACTION' => "report.$phpEx$SID&amp;$u_report" . (($report_id) ? "&amp;report_id=$report_id" : ''),
+ 'S_NOTIFY' => (!empty($user_notify)) ? TRUE : FALSE,
+ 'S_CAN_NOTIFY' => ($user->data['user_id'] == ANONYMOUS) ? FALSE : TRUE)
+);
-generate_forum_nav($forum_data);
-
+if ($post_id)
+{
+ generate_forum_nav($report_data);
+}
// Start output of page
page_header($user->lang['REPORT_TO_ADMIN']);
generated by cgit v1.2.1 (git 2.21.0) at 2025-05-12 06:59:14 +0000