From 9988679d567a8bba9bade92dd9524bb012a1fe43 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 12 Mar 2006 23:19:55 +0000 Subject: - streamlined reports to consist of the feature set we decided upon (Nils, your turn now) - use getenv instead of $_ENV (with $_ENV the case could be wrong) - permission fixes (there was a bug arising with getting permission flags - re-added them and handled roles deletion differently) - implemented max login attempts - changed the expected return parameters for logins/sessions - added acp page for editing report/denial reasons - other fixes here and there git-svn-id: file:///svn/phpbb/trunk@5622 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/report.php | 363 +++++++++---------------------------------------------- 1 file changed, 59 insertions(+), 304 deletions(-) (limited to 'phpBB/report.php') diff --git a/phpBB/report.php b/phpBB/report.php index 850c6158e1..9906cea7eb 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -21,19 +21,17 @@ $user->session_begin(); $auth->acl($user->data); $user->setup('mcp'); -// Report PM or Post? -$id = request_var('p', request_var('pm', 0)); -$report_post = (request_var('p', 0)) ? true : false; +$post_id = request_var('p', 0); $reason_id = request_var('reason_id', 0); -$user_notify = (!empty($_REQUEST['notify']) && $user->data['is_registered']) ? true : false; $report_text = request_var('report_text', ''); +$user_notify = (isset($_POST['notify']) && $user->data['is_registered']) ? true : false; -if (!$id) +if (!$post_id) { trigger_error('INVALID_MODE'); } -$redirect_url = ($report_post) ? "{$phpbb_root_path}viewtopic.$phpEx$SID&p=$id#p$id" : "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&p=$id"; +$redirect_url = "viewtopic.$phpEx$SID&p=$post_id#p$post_id"; // Has the report been cancelled? if (isset($_POST['cancel'])) @@ -42,272 +40,116 @@ if (isset($_POST['cancel'])) } // Grab all relevant data -if ($report_post) -{ - $sql = 'SELECT f.*, t.*, p.* - FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f - WHERE p.post_id = $id - AND p.topic_id = t.topic_id - AND p.forum_id = f.forum_id"; -} -else -{ - // Only the user itself is able to report his Private Messages - $sql = 'SELECT p.*, t.* - FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . " t - WHERE t.msg_id = $id - AND t.user_id = " . $user->data['user_id'] . ' - AND t.msg_id = p.msg_id'; -} +$sql = 'SELECT f.*, t.*, p.* + FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f + WHERE p.post_id = $post_id + AND p.topic_id = t.topic_id + AND p.forum_id = f.forum_id"; $result = $db->sql_query($sql); +$report_data = $db->sql_fetchrow($result); +$db->sql_freeresult($result); -if (!($report_data = $db->sql_fetchrow($result))) +if (!$report_data) { - $message = ($report_post) ? $user->lang['POST_NOT_EXIST'] : $user->lang['PM_NOT_EXIST']; - trigger_error($message); + trigger_error('POST_NOT_EXIST'); } -if ($report_post) -{ - $forum_id = $report_data['forum_id']; - $topic_id = $report_data['topic_id']; +$forum_id = $report_data['forum_id']; +$topic_id = $report_data['topic_id']; - // Check required permissions - $acl_check_ary = array('f_list' => 'POST_NOT_EXIST', 'f_read' => 'USER_CANNOT_READ', 'f_report' => 'USER_CANNOT_REPORT'); - - foreach ($acl_check_ary as $acl => $error) - { - if (!$auth->acl_get($acl, $forum_id)) - { - trigger_error($error); - } - } - unset($acl_check_ary); -} -else +// Check required permissions +$acl_check_ary = array('f_list' => 'POST_NOT_EXIST', 'f_read' => 'USER_CANNOT_READ', 'f_report' => 'USER_CANNOT_REPORT'); + +foreach ($acl_check_ary as $acl => $error) { - if (!$config['auth_report_pm'] || !$auth->acl_get('u_pm_report')) + if (!$auth->acl_get($acl, $forum_id)) { - trigger_error('USER_CANNOT_REPORT'); + trigger_error($error); } } +unset($acl_check_ary); -// Check if the post has already been reported by this user -$sql = 'SELECT * - FROM ' . REPORTS_TABLE . ' - WHERE ' . (($report_post) ? "post_id = $id" : "msg_id = $id") . ' - AND user_id = ' . $user->data['user_id']; +// Check if the post has already been reported... +$sql = 'SELECT report_id, report_closed + FROM ' . REPORTS_TABLE . " + WHERE post_id = $post_id"; $result = $db->sql_query($sql); +$row = $db->sql_fetchrow($result); +$db->sql_freeresult($result); -if ($row = $db->sql_fetchrow($result)) +if ($row) { - if ($user->data['is_registered']) - { - // A report exists, extract $row if we're going to display the form - if ($reason_id) - { - $report_id = (int) $row['report_id']; - } - else - { - // Overwrite set variables - extract($row); - } - } - else - { - trigger_error($user->lang['ALREADY_REPORTED'] . '

' . sprintf($user->lang[(($report_post) ? 'RETURN_TOPIC' : 'RETURN_MESSAGE')], '', '')); - } -} -else -{ - $report_id = 0; + $message = ($row['report_closed']) ? $user->lang['REPORT_ALREADY_DEALT_WITH'] : $user->lang['ALREADY_REPORTED']; + $message .= '

' . sprintf($user->lang['RETURN_TOPIC'], '', ''); + trigger_error($message); } -// Has the report been confirmed? +// Submit report? if (isset($_POST['submit']) && $reason_id) { - $sql = 'SELECT reason_name + $sql = 'SELECT * FROM ' . REASONS_TABLE . " WHERE reason_id = $reason_id"; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($row = $db->sql_fetchrow($result)) || (!$report_text && $row['reason_name'] == 'other')) + if (!$row || (!$report_text && $row['reason_title'] == 'other')) { trigger_error('EMPTY_REPORT'); } - $db->sql_freeresult($result); - - $reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']] : $row['reason_name']; $sql_ary = array( 'reason_id' => (int) $reason_id, - 'post_id' => ($report_post) ? $id : 0, - 'msg_id' => ($report_post) ? 0 : $id, + 'post_id' => $post_id, 'user_id' => (int) $user->data['user_id'], 'user_notify' => (int) $user_notify, + 'report_closed' => 0, 'report_time' => (int) time(), 'report_text' => (string) $report_text ); - if ($report_id) - { - $sql = 'UPDATE ' . REPORTS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE report_id = ' . $report_id; - $db->sql_query($sql); - } - else - { - $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . - $db->sql_build_array('INSERT', $sql_ary); - $db->sql_query($sql); - $report_id = $db->sql_nextid(); - } + $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $db->sql_query($sql); + $report_id = $db->sql_nextid(); - if ($report_post) + if (!$report_data['post_reported']) { - if (!$report_data['post_reported']) - { - $sql = 'UPDATE ' . POSTS_TABLE . ' - SET post_reported = 1 - WHERE post_id = ' . $id; - $db->sql_query($sql); - } - - if (!$report_data['topic_reported']) - { - $sql = 'UPDATE ' . TOPICS_TABLE . ' - SET topic_reported = 1 - WHERE topic_id = ' . $report_data['topic_id']; - $db->sql_query($sql); - } - } - else - { - if (!$report_data['message_reported']) - { - $sql = 'UPDATE ' . PRIVMSGS_TABLE . " - SET message_reported = 1 - WHERE msg_id = $id"; - $db->sql_query($sql); - } - } - - // Send Notifications - // PM: Reported Post is put into all admin's boxes (not notifying about 'this' PM) - // All persons get notified about a new report, if notified by PM, send out email notifications too - - // Send notifications to moderators - $acl_list = ($report_post) ? $auth->acl_get_list(false, array('m_', 'a_'), array(0, $report_data['forum_id'])) : $auth->acl_get_list(false, 'a_', 0); - $notify_user = ($report_post) ? $acl_list[$report_data['forum_id']]['m_'] : array(); - $notify_user = array_unique(array_merge($notify_user, $acl_list[0]['a_'])); - unset($acl_list); - - // Send reported PM to responsible persons (admins) - if (!$report_post) - { - foreach ($notify_user as $user_id) - { - $db->sql_query('INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', array( - 'msg_id' => (int) $id, - 'user_id' => (int) $user_id, - 'author_id' => (int) $report_data['author_id'], - 'folder_id' => PRIVMSGS_NO_BOX, - 'new' => 1, - 'unread' => 1, - 'forwarded' => 0)) - ); - } - - // Update Status - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_new_privmsg = user_new_privmsg + 1, user_unread_privmsg = user_unread_privmsg + 1 - WHERE user_id IN (' . implode(', ', $notify_user) . ')'; + $sql = 'UPDATE ' . POSTS_TABLE . ' + SET post_reported = 1 + WHERE post_id = ' . $post_id; $db->sql_query($sql); } - // How to notify them? - $sql = 'SELECT user_id, username, user_options, user_lang, user_email, user_notify_type, user_jabber - FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $notify_user) . ')'; - $result = $db->sql_query($sql); - - $notify_user = array(); - while ($row = $db->sql_fetchrow($result)) + if (!$report_data['topic_reported']) { - $notify_user[$row['user_id']] = array( - 'name' => $row['username'], - 'email' => $row['user_email'], - 'jabber'=> $row['user_jabber'], - 'lang' => $row['user_lang'], - 'notify_type' => $row['user_notify_type'], - - 'pm' => $user->optionget('report_pm_notify', $row['user_options']) - ); + $sql = 'UPDATE ' . TOPICS_TABLE . ' + SET topic_reported = 1 + WHERE topic_id = ' . $report_data['topic_id']; + $db->sql_query($sql); } - $db->sql_freeresult($result); - - $report_data = array( - 'id' => $id, - 'report_id' => $report_id, - 'reporter' => $user->data['username'], - 'reason' => $reason_desc, - 'text' => $report_text, - 'subject' => ($report_post) ? $report_data['post_subject'] : $report_data['message_subject'], - 'view_post' => ($report_post) ? "viewtopic.$phpEx?f={$report_data['forum_id']}&t={$report_data['topic_id']}&p=$id&e=$id" : '' - ); - - report_notification($notify_user, $report_post, $report_data); meta_refresh(3, $redirect_url); - $message = $user->lang[(($report_post) ? 'POST' : 'MESSAGE') . '_REPORTED_SUCCESS'] . '

' . sprintf($user->lang[(($report_post) ? 'RETURN_TOPIC' : 'RETURN_MESSAGE')], '', ''); + $message = $user->lang['POST_REPORTED_SUCCESS'] . '

' . sprintf($user->lang['RETURN_TOPIC'], '', ''); trigger_error($message); } - -// Generate the form -$sql = 'SELECT * - FROM ' . REASONS_TABLE . ' - ORDER BY reason_priority ASC'; -$result = $db->sql_query($sql); - -while ($row = $db->sql_fetchrow($result)) -{ - $row['reason_name'] = strtoupper($row['reason_name']); - - $reason_title = (!empty($user->lang['report_reasons']['TITLE'][$row['reason_name']])) ? $user->lang['report_reasons']['TITLE'][$row['reason_name']] : ucwords(str_replace('_', ' ', $row['reason_name'])); - - $reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']] : $row['reason_description']; - - $template->assign_block_vars('reason', array( - 'ID' => $row['reason_id'], - 'NAME' => htmlspecialchars($reason_title), - 'DESCRIPTION' => htmlspecialchars($reason_desc), - 'S_SELECTED' => ($row['reason_id'] == $reason_id) ? true : false) - ); -} - -$u_report = ($report_post) ? "p=$id" : "pm=$id"; +// Generate the reasons +display_reasons($reason_id); $template->assign_vars(array( 'REPORT_TEXT' => $report_text, - 'S_REPORT_ACTION' => "{$phpbb_root_path}report.$phpEx$SID&$u_report" . (($report_id) ? "&report_id=$report_id" : ''), + 'S_REPORT_ACTION' => "{$phpbb_root_path}report.$phpEx$SID&p=$post_id", - 'S_NOTIFY' => (!empty($user_notify)) ? true : false, - 'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false, - 'S_REPORT_POST' => $report_post) + 'S_NOTIFY' => $user_notify, + 'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false) ); -if ($report_post) -{ - generate_forum_nav($report_data); -} +generate_forum_nav($report_data); // Start output of page -$page_title = ($report_post) ? $user->lang['REPORT_POST'] : $user->lang['REPORT_MESSAGE']; -page_header($page_title); +page_header($user->lang['REPORT_POST']); $template->set_filenames(array( 'body' => 'report_body.html') @@ -315,91 +157,4 @@ $template->set_filenames(array( page_footer(); -function report_notification($notify_user, $report_post, $report_data) -{ - global $config, $phpbb_root_path, $phpEx; - - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - include_once($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); - $messenger = new messenger(); - - $email_sig = str_replace('
', "\n", "-- \n" . $config['board_email_sig']); - $email_template = ($report_post) ? 'new_report_post' : 'new_report_pm'; - $view_report_url = ($report_post) ? "mcp.$phpEx?i=queue&r=" . $report_data['report_id'] : "ucp.$phpEx?i=pm&p=" . $report_data['id'] . "&r=" . $report_data['report_id']; - - foreach ($notify_user as $user_id => $notify_row) - { - // Send notification by email - if (!$notify_row['pm']) - { - $messenger->to($notify_row['email'], $notify_row['name']); - $messenger->im($notify_row['jabber'], $notify_row['name']); - $messenger->replyto($config['board_email']); - - $messenger->template($email_template, $notify_row['lang']); - - $messenger->assign_vars(array( - 'EMAIL_SIG' => $email_sig, - 'SITENAME' => $config['sitename'], - 'USERNAME' => $notify_row['name'], - 'SUBJECT' => $report_data['subject'], - 'REPORTER' => $report_data['reporter'], - - 'REPORT_REASON' => $report_data['reason'], - 'REPORT_TEXT' => $report_data['text'], - - 'U_VIEW_REPORT' => generate_board_url() . '/' . $view_report_url, - 'U_VIEW_POST' => generate_board_url() . '/' . $report_data['view_post']) - ); - - $messenger->send($notify_row['notify_type']); - $messenger->reset(); - - $messenger->save_queue(); - } - else - { - // Use messenger for getting the correct message, we use the email template - $messenger->template($email_template, $notify_row['lang']); - - $messenger->assign_vars(array( - 'EMAIL_SIG' => $email_sig, - 'SITENAME' => $config['sitename'], - 'USERNAME' => $notify_row['name'], - 'SUBJECT' => $report_data['subject'], - 'REPORTER' => $report_data['reporter'], - - 'REPORT_REASON' => $report_data['reason'], - 'REPORT_TEXT' => $report_data['text'], - - 'U_VIEW_REPORT' => generate_board_url() . '/' . $view_report_url) - ); - - // break the sending process... - $messenger->send(false, true); - $messenger->reset(); - - // do not put in reporters outbox - submit_pm('post', $report_data['subject'], '', array(), array(), array( - 'address_list' => array('u' => array($user_id => 'to')), - 'from_user_id' => $user->data['user_id'], - 'from_user_ip' => $user->ip, - 'from_username' => $user->data['username'], - 'icon_id' => 0, - 'enable_bbcode' => 0, - 'enable_smilies' => 0, - 'enable_magic_url' => 1, - 'enable_sig' => 0, - 'message_md5' => md5($messenger->msg), - 'bbcode_bitfield' => 0, - 'bbcode_uid' => 0, - 'attachment_data' => array(), - 'filename_data' => array(), - 'message' => $messenger->msg - ), true, false); - } - } - unset($messenger); -} - ?> \ No newline at end of file -- cgit v1.2.1