mirror of
https://github.com/Bandit42/auth-site.git
synced 2026-07-13 21:01:01 -04:00
333 lines
9.3 KiB
PHP
333 lines
9.3 KiB
PHP
<?php
|
|
/**
|
|
* MyBB 1.8
|
|
* Copyright 2014 MyBB Group, All Rights Reserved
|
|
*
|
|
* Website: http://www.mybb.com
|
|
* License: http://www.mybb.com/about/license
|
|
*
|
|
*/
|
|
|
|
/**
|
|
* Check if the current user has permission to perform a ModCP action on another user
|
|
*
|
|
* @param int $uid The user ID to perform the action on.
|
|
* @return boolean True if the user has necessary permissions
|
|
*/
|
|
function modcp_can_manage_user($uid)
|
|
{
|
|
global $mybb;
|
|
|
|
$user_permissions = user_permissions($uid);
|
|
|
|
// Current user is only a local moderator or use with ModCP permissions, cannot manage super mods or admins
|
|
if($mybb->usergroup['issupermod'] == 0 && ($user_permissions['issupermod'] == 1 || $user_permissions['cancp'] == 1))
|
|
{
|
|
return false;
|
|
}
|
|
// Current user is a super mod or is an administrator
|
|
else if($user_permissions['cancp'] == 1 && ($mybb->usergroup['cancp'] != 1 || (is_super_admin($uid) && !is_super_admin($mybb->user['uid']))))
|
|
{
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Fetch forums the moderator can manage announcements to
|
|
*
|
|
* @param int $pid (Optional) The parent forum ID
|
|
* @param int $depth (Optional) The depth from parent forum the moderator can manage to
|
|
*/
|
|
function fetch_forum_announcements($pid=0, $depth=1)
|
|
{
|
|
global $mybb, $db, $lang, $theme, $announcements, $templates, $announcements_forum, $moderated_forums, $unviewableforums, $parser;
|
|
static $forums_by_parent, $forum_cache, $parent_forums;
|
|
|
|
if(!is_array($forum_cache))
|
|
{
|
|
$forum_cache = cache_forums();
|
|
}
|
|
if(!is_array($parent_forums) && $mybb->usergroup['issupermod'] != 1)
|
|
{
|
|
// Get a list of parentforums to show for normal moderators
|
|
$parent_forums = array();
|
|
foreach($moderated_forums as $mfid)
|
|
{
|
|
$parent_forums = array_merge($parent_forums, explode(',', $forum_cache[$mfid]['parentlist']));
|
|
}
|
|
}
|
|
if(!is_array($forums_by_parent))
|
|
{
|
|
foreach($forum_cache as $forum)
|
|
{
|
|
$forums_by_parent[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
|
|
}
|
|
}
|
|
|
|
if(!is_array($forums_by_parent[$pid]))
|
|
{
|
|
return;
|
|
}
|
|
|
|
foreach($forums_by_parent[$pid] as $children)
|
|
{
|
|
foreach($children as $forum)
|
|
{
|
|
if($forum['linkto'] || (is_array($unviewableforums) && in_array($forum['fid'], $unviewableforums)))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if($forum['active'] == 0 || !is_moderator($forum['fid'], "canmanageannouncements"))
|
|
{
|
|
// Check if this forum is a parent of a moderated forum
|
|
if(is_array($parent_forums) && in_array($forum['fid'], $parent_forums))
|
|
{
|
|
// A child is moderated, so print out this forum's title. RECURSE!
|
|
$trow = alt_trow();
|
|
eval("\$announcements_forum .= \"".$templates->get("modcp_announcements_forum_nomod")."\";");
|
|
}
|
|
else
|
|
{
|
|
// No subforum is moderated by this mod, so safely continue
|
|
continue;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// This forum is moderated by the user, so print out the forum's title, and its announcements
|
|
$trow = alt_trow();
|
|
|
|
$padding = 40*($depth-1);
|
|
|
|
eval("\$announcements_forum .= \"".$templates->get("modcp_announcements_forum")."\";");
|
|
|
|
if(isset($announcements[$forum['fid']]))
|
|
{
|
|
foreach($announcements[$forum['fid']] as $aid => $announcement)
|
|
{
|
|
$trow = alt_trow();
|
|
|
|
if($announcement['enddate'] < TIME_NOW && $announcement['enddate'] != 0)
|
|
{
|
|
eval("\$icon = \"".$templates->get("modcp_announcements_announcement_expired")."\";");
|
|
}
|
|
else
|
|
{
|
|
eval("\$icon = \"".$templates->get("modcp_announcements_announcement_active")."\";");
|
|
}
|
|
|
|
$subject = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
|
|
|
|
eval("\$announcements_forum .= \"".$templates->get("modcp_announcements_announcement")."\";");
|
|
}
|
|
}
|
|
}
|
|
|
|
// Build the list for any sub forums of this forum
|
|
if(isset($forums_by_parent[$forum['fid']]))
|
|
{
|
|
fetch_forum_announcements($forum['fid'], $depth+1);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Send reported content to moderators
|
|
*
|
|
* @param array $report Array of reported content
|
|
* @param string $report_type Type of content being reported
|
|
* @return bool|array PM Information or false
|
|
*/
|
|
function send_report($report, $report_type='post')
|
|
{
|
|
global $db, $lang, $forum, $mybb, $post, $thread, $reputation, $user, $plugins;
|
|
|
|
$report_reason = '';
|
|
if($report['reasonid'])
|
|
{
|
|
$query = $db->simple_select("reportreasons", "title", "rid = '".(int)$report['reasonid']."'", array('limit' => 1));
|
|
$reason = $db->fetch_array($query);
|
|
|
|
$lang->load('report');
|
|
|
|
$report_reason = $lang->parse($reason['title']);
|
|
}
|
|
|
|
if($report['reason'])
|
|
{
|
|
$report_reason = $lang->sprintf($lang->email_report_comment_extra, $report_reason, $report['reason']);
|
|
}
|
|
|
|
$modsjoin = $modswhere = '';
|
|
if(!empty($forum['parentlist']))
|
|
{
|
|
$modswhere = "m.fid IN ({$forum['parentlist']}) OR ";
|
|
|
|
if($db->type == 'pgsql' || $db->type == 'sqlite')
|
|
{
|
|
$modsjoin = "LEFT JOIN {$db->table_prefix}moderators m ON (m.id = u.uid AND m.isgroup = 0) OR ((m.id = u.usergroup OR ',' || u.additionalgroups || ',' LIKE '%,' || m.id || ',%') AND m.isgroup = 1)";
|
|
}
|
|
else
|
|
{
|
|
$modsjoin = "LEFT JOIN {$db->table_prefix}moderators m ON (m.id = u.uid AND m.isgroup = 0) OR ((m.id = u.usergroup OR CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', m.id, ',%')) AND m.isgroup = 1)";
|
|
}
|
|
}
|
|
|
|
switch($db->type)
|
|
{
|
|
case "pgsql":
|
|
case "sqlite":
|
|
$query = $db->query("
|
|
SELECT DISTINCT u.username, u.email, u.receivepms, u.uid
|
|
FROM {$db->table_prefix}users u
|
|
{$modsjoin}
|
|
LEFT JOIN {$db->table_prefix}usergroups g ON (',' || u.additionalgroups || ',' LIKE '%,' || g.gid || ',%' OR g.gid = u.usergroup)
|
|
WHERE {$modswhere}g.cancp = 1 OR g.issupermod = 1
|
|
");
|
|
break;
|
|
default:
|
|
$query = $db->query("
|
|
SELECT DISTINCT u.username, u.email, u.receivepms, u.uid
|
|
FROM {$db->table_prefix}users u
|
|
{$modsjoin}
|
|
LEFT JOIN {$db->table_prefix}usergroups g ON (CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%') OR g.gid = u.usergroup)
|
|
WHERE {$modswhere}g.cancp = 1 OR g.issupermod = 1
|
|
");
|
|
}
|
|
|
|
$lang_string_subject = "emailsubject_report{$report_type}";
|
|
$lang_string_message = "email_report{$report_type}";
|
|
|
|
if(empty($lang->$lang_string_subject) || empty($lang->$lang_string_message))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
global $send_report_subject, $send_report_url;
|
|
|
|
switch($report_type)
|
|
{
|
|
case 'post':
|
|
$send_report_subject = $post['subject'];
|
|
$send_report_url = str_replace('&', '&', get_post_link($post['pid'], $thread['tid'])."#pid".$post['pid']);
|
|
break;
|
|
case 'profile':
|
|
$send_report_subject = $user['username'];
|
|
$send_report_url = str_replace('&', '&', get_profile_link($user['uid']));
|
|
break;
|
|
case 'reputation':
|
|
$from_user = get_user($reputation['adduid']);
|
|
$send_report_subject = $from_user['username'];
|
|
$send_report_url = "reputation.php?uid={$reputation['uid']}#rid{$reputation['rid']}";
|
|
break;
|
|
}
|
|
|
|
$plugins->run_hooks("send_report_report_type");
|
|
|
|
$emailsubject = $lang->sprintf($lang->$lang_string_subject, $mybb->settings['bbname']);
|
|
$emailmessage = $lang->sprintf($lang->$lang_string_message, $mybb->user['username'], $mybb->settings['bbname'], $send_report_subject, $mybb->settings['bburl'], $send_report_url, $report_reason);
|
|
|
|
while($mod = $db->fetch_array($query))
|
|
{
|
|
if($mybb->settings['reportmethod'] == "pms" && $mod['receivepms'] != 0 && $mybb->settings['enablepms'] != 0)
|
|
{
|
|
$pm_recipients[] = $mod['uid'];
|
|
}
|
|
else
|
|
{
|
|
my_mail($mod['email'], $emailsubject, $emailmessage);
|
|
}
|
|
}
|
|
|
|
if(count($pm_recipients) > 0)
|
|
{
|
|
require_once MYBB_ROOT."inc/datahandlers/pm.php";
|
|
$pmhandler = new PMDataHandler();
|
|
|
|
$pm = array(
|
|
"subject" => $emailsubject,
|
|
"message" => $emailmessage,
|
|
"icon" => 0,
|
|
"fromid" => $mybb->user['uid'],
|
|
"toid" => $pm_recipients,
|
|
"ipaddress" => $mybb->session->packedip
|
|
);
|
|
|
|
$pmhandler->admin_override = true;
|
|
$pmhandler->set_data($pm);
|
|
|
|
// Now let the pm handler do all the hard work.
|
|
if(!$pmhandler->validate_pm())
|
|
{
|
|
// Force it to valid to just get it out of here
|
|
$pmhandler->is_validated = true;
|
|
$pmhandler->errors = array();
|
|
}
|
|
|
|
$pminfo = $pmhandler->insert_pm();
|
|
return $pminfo;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Add a report
|
|
*
|
|
* @param array $report Array of reported content
|
|
* @param string $type Type of content being reported
|
|
* @return int Report ID
|
|
*/
|
|
function add_report($report, $type = 'post')
|
|
{
|
|
global $cache, $db, $mybb;
|
|
|
|
$insert_array = array(
|
|
'id' => (int)$report['id'],
|
|
'id2' => (int)$report['id2'],
|
|
'id3' => (int)$report['id3'],
|
|
'uid' => (int)$report['uid'],
|
|
'reportstatus' => 0,
|
|
'reasonid' => (int)$report['reasonid'],
|
|
'reason' => $db->escape_string($report['reason']),
|
|
'type' => $db->escape_string($type),
|
|
'reports' => 1,
|
|
'dateline' => TIME_NOW,
|
|
'lastreport' => TIME_NOW,
|
|
'reporters' => $db->escape_string(my_serialize(array($report['uid'])))
|
|
);
|
|
|
|
if($mybb->settings['reportmethod'] == "email" || $mybb->settings['reportmethod'] == "pms")
|
|
{
|
|
send_report($report, $type);
|
|
}
|
|
|
|
$rid = $db->insert_query("reportedcontent", $insert_array);
|
|
$cache->update_reportedcontent();
|
|
|
|
return $rid;
|
|
}
|
|
|
|
/**
|
|
* Update an existing report
|
|
*
|
|
* @param array $report Array of reported content
|
|
* @return bool true
|
|
*/
|
|
function update_report($report)
|
|
{
|
|
global $db;
|
|
|
|
$update_array = array(
|
|
'reports' => ++$report['reports'],
|
|
'lastreport' => TIME_NOW,
|
|
'reporters' => $db->escape_string(my_serialize($report['reporters']))
|
|
);
|
|
|
|
$db->update_query("reportedcontent", $update_array, "rid = '{$report['rid']}'");
|
|
return true;
|
|
}
|