Files
auth-site/html/forums/inc/functions_modcp.php
T
2018-04-29 02:36:24 -07:00

333 lines
9.3 KiB
PHP

<?php
/**
* MyBB 1.8
* Copyright 2014 MyBB Group, All Rights Reserved
*
* Website: http://www.mybb.com
* License: http://www.mybb.com/about/license
*
*/
/**
* Check if the current user has permission to perform a ModCP action on another user
*
* @param int $uid The user ID to perform the action on.
* @return boolean True if the user has necessary permissions
*/
function modcp_can_manage_user($uid)
{
global $mybb;
$user_permissions = user_permissions($uid);
// Current user is only a local moderator or use with ModCP permissions, cannot manage super mods or admins
if($mybb->usergroup['issupermod'] == 0 && ($user_permissions['issupermod'] == 1 || $user_permissions['cancp'] == 1))
{
return false;
}
// Current user is a super mod or is an administrator
else if($user_permissions['cancp'] == 1 && ($mybb->usergroup['cancp'] != 1 || (is_super_admin($uid) && !is_super_admin($mybb->user['uid']))))
{
return false;
}
return true;
}
/**
* Fetch forums the moderator can manage announcements to
*
* @param int $pid (Optional) The parent forum ID
* @param int $depth (Optional) The depth from parent forum the moderator can manage to
*/
function fetch_forum_announcements($pid=0, $depth=1)
{
global $mybb, $db, $lang, $theme, $announcements, $templates, $announcements_forum, $moderated_forums, $unviewableforums, $parser;
static $forums_by_parent, $forum_cache, $parent_forums;
if(!is_array($forum_cache))
{
$forum_cache = cache_forums();
}
if(!is_array($parent_forums) && $mybb->usergroup['issupermod'] != 1)
{
// Get a list of parentforums to show for normal moderators
$parent_forums = array();
foreach($moderated_forums as $mfid)
{
$parent_forums = array_merge($parent_forums, explode(',', $forum_cache[$mfid]['parentlist']));
}
}
if(!is_array($forums_by_parent))
{
foreach($forum_cache as $forum)
{
$forums_by_parent[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
}
}
if(!is_array($forums_by_parent[$pid]))
{
return;
}
foreach($forums_by_parent[$pid] as $children)
{
foreach($children as $forum)
{
if($forum['linkto'] || (is_array($unviewableforums) && in_array($forum['fid'], $unviewableforums)))
{
continue;
}
if($forum['active'] == 0 || !is_moderator($forum['fid'], "canmanageannouncements"))
{
// Check if this forum is a parent of a moderated forum
if(is_array($parent_forums) && in_array($forum['fid'], $parent_forums))
{
// A child is moderated, so print out this forum's title. RECURSE!
$trow = alt_trow();
eval("\$announcements_forum .= \"".$templates->get("modcp_announcements_forum_nomod")."\";");
}
else
{
// No subforum is moderated by this mod, so safely continue
continue;
}
}
else
{
// This forum is moderated by the user, so print out the forum's title, and its announcements
$trow = alt_trow();
$padding = 40*($depth-1);
eval("\$announcements_forum .= \"".$templates->get("modcp_announcements_forum")."\";");
if(isset($announcements[$forum['fid']]))
{
foreach($announcements[$forum['fid']] as $aid => $announcement)
{
$trow = alt_trow();
if($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)
{
eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
}
else
{
eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
}
$subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
eval("\$announcements_forum .= \"".$templates->get("modcp_announcements_announcement")."\";");
}
}
}
// Build the list for any sub forums of this forum
if(isset($forums_by_parent[$forum['fid']]))
{
fetch_forum_announcements($forum['fid'], $depth+1);
}
}
}
}
/**
* Send reported content to moderators
*
* @param array $report Array of reported content
* @param string $report_type Type of content being reported
* @return bool|array PM Information or false
*/
function send_report($report, $report_type='post')
{
global $db, $lang, $forum, $mybb, $post, $thread, $reputation, $user, $plugins;
$report_reason = '';
if($report['reasonid'])
{
$query = $db->simple_select("reportreasons", "title", "rid = '".(int)$report['reasonid']."'", array('limit' => 1));
$reason = $db->fetch_array($query);
$lang->load('report');
$report_reason = $lang->parse($reason['title']);
}
if($report['reason'])
{
$report_reason = $lang->sprintf($lang->email_report_comment_extra, $report_reason, $report['reason']);
}
$modsjoin = $modswhere = '';
if(!empty($forum['parentlist']))
{
$modswhere = "m.fid IN ({$forum['parentlist']}) OR ";
if($db->type == 'pgsql' || $db->type == 'sqlite')
{
$modsjoin = "LEFT JOIN {$db->table_prefix}moderators m ON (m.id = u.uid AND m.isgroup = 0) OR ((m.id = u.usergroup OR ',' || u.additionalgroups || ',' LIKE '%,' || m.id || ',%') AND m.isgroup = 1)";
}
else
{
$modsjoin = "LEFT JOIN {$db->table_prefix}moderators m ON (m.id = u.uid AND m.isgroup = 0) OR ((m.id = u.usergroup OR CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', m.id, ',%')) AND m.isgroup = 1)";
}
}
switch($db->type)
{
case "pgsql":
case "sqlite":
$query = $db->query("
SELECT DISTINCT u.username, u.email, u.receivepms, u.uid
FROM {$db->table_prefix}users u
{$modsjoin}
LEFT JOIN {$db->table_prefix}usergroups g ON (',' || u.additionalgroups || ',' LIKE '%,' || g.gid || ',%' OR g.gid = u.usergroup)
WHERE {$modswhere}g.cancp = 1 OR g.issupermod = 1
");
break;
default:
$query = $db->query("
SELECT DISTINCT u.username, u.email, u.receivepms, u.uid
FROM {$db->table_prefix}users u
{$modsjoin}
LEFT JOIN {$db->table_prefix}usergroups g ON (CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%') OR g.gid = u.usergroup)
WHERE {$modswhere}g.cancp = 1 OR g.issupermod = 1
");
}
$lang_string_subject = "emailsubject_report{$report_type}";
$lang_string_message = "email_report{$report_type}";
if(empty($lang->$lang_string_subject) || empty($lang->$lang_string_message))
{
return false;
}
global $send_report_subject, $send_report_url;
switch($report_type)
{
case 'post':
$send_report_subject = $post['subject'];
$send_report_url = str_replace('&amp;', '&', get_post_link($post['pid'], $thread['tid'])."#pid".$post['pid']);
break;
case 'profile':
$send_report_subject = $user['username'];
$send_report_url = str_replace('&amp;', '&', get_profile_link($user['uid']));
break;
case 'reputation':
$from_user = get_user($reputation['adduid']);
$send_report_subject = $from_user['username'];
$send_report_url = "reputation.php?uid={$reputation['uid']}#rid{$reputation['rid']}";
break;
}
$plugins->run_hooks("send_report_report_type");
$emailsubject = $lang->sprintf($lang->$lang_string_subject, $mybb->settings['bbname']);
$emailmessage = $lang->sprintf($lang->$lang_string_message, $mybb->user['username'], $mybb->settings['bbname'], $send_report_subject, $mybb->settings['bburl'], $send_report_url, $report_reason);
while($mod = $db->fetch_array($query))
{
if($mybb->settings['reportmethod'] == "pms" && $mod['receivepms'] != 0 && $mybb->settings['enablepms'] != 0)
{
$pm_recipients[] = $mod['uid'];
}
else
{
my_mail($mod['email'], $emailsubject, $emailmessage);
}
}
if(count($pm_recipients) > 0)
{
require_once MYBB_ROOT."inc/datahandlers/pm.php";
$pmhandler = new PMDataHandler();
$pm = array(
"subject" => $emailsubject,
"message" => $emailmessage,
"icon" => 0,
"fromid" => $mybb->user['uid'],
"toid" => $pm_recipients,
"ipaddress" => $mybb->session->packedip
);
$pmhandler->admin_override = true;
$pmhandler->set_data($pm);
// Now let the pm handler do all the hard work.
if(!$pmhandler->validate_pm())
{
// Force it to valid to just get it out of here
$pmhandler->is_validated = true;
$pmhandler->errors = array();
}
$pminfo = $pmhandler->insert_pm();
return $pminfo;
}
return false;
}
/**
* Add a report
*
* @param array $report Array of reported content
* @param string $type Type of content being reported
* @return int Report ID
*/
function add_report($report, $type = 'post')
{
global $cache, $db, $mybb;
$insert_array = array(
'id' => (int)$report['id'],
'id2' => (int)$report['id2'],
'id3' => (int)$report['id3'],
'uid' => (int)$report['uid'],
'reportstatus' => 0,
'reasonid' => (int)$report['reasonid'],
'reason' => $db->escape_string($report['reason']),
'type' => $db->escape_string($type),
'reports' => 1,
'dateline' => TIME_NOW,
'lastreport' => TIME_NOW,
'reporters' => $db->escape_string(my_serialize(array($report['uid'])))
);
if($mybb->settings['reportmethod'] == "email" || $mybb->settings['reportmethod'] == "pms")
{
send_report($report, $type);
}
$rid = $db->insert_query("reportedcontent", $insert_array);
$cache->update_reportedcontent();
return $rid;
}
/**
* Update an existing report
*
* @param array $report Array of reported content
* @return bool true
*/
function update_report($report)
{
global $db;
$update_array = array(
'reports' => ++$report['reports'],
'lastreport' => TIME_NOW,
'reporters' => $db->escape_string(my_serialize($report['reporters']))
);
$db->update_query("reportedcontent", $update_array, "rid = '{$report['rid']}'");
return true;
}