Code Coverage for /data/phpBB/includes/mcp/mcp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 7	CRAP	0.00% covered (danger)	0.00%	0 / 399
add_warning				0.00% covered (danger)	0.00%	0 / 1	20.00	0.00% covered (danger)	0.00%	0 / 70
mcp_warn	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 6	3080.00	0.00% covered (danger)	0.00%	0 / 325
__construct				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 3
main				0.00% covered (danger)	0.00%	0 / 1	42.00	0.00% covered (danger)	0.00%	0 / 29
mcp_warn_front_view				0.00% covered (danger)	0.00%	0 / 1	12.00	0.00% covered (danger)	0.00%	0 / 35
mcp_warn_list_view				0.00% covered (danger)	0.00%	0 / 1	30.00	0.00% covered (danger)	0.00%	0 / 39
mcp_warn_post_view				0.00% covered (danger)	0.00%	0 / 1	462.00	0.00% covered (danger)	0.00%	0 / 118
mcp_warn_user_view				0.00% covered (danger)	0.00%	0 / 1	380.00	0.00% covered (danger)	0.00%	0 / 101

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	/**
23	* mcp_warn
24	* Handling warning the users
25	*/
26	class mcp_warn
27	{
28	var $p_master;
29	var $u_action;
30
31	function __construct($p_master)
32	{
33	$this->p_master = $p_master;
34	}
35
36	function main($id, $mode)
37	{
38	global $request;
39
40	$action = $request->variable('action', array('' => ''));
41
42	if (is_array($action))
43	{
44	$action = key($action);
45	}
46
47	$this->page_title = 'MCP_WARN';
48
49	add_form_key('mcp_warn');
50
51	switch ($mode)
52	{
53	case 'front':
54	$this->mcp_warn_front_view();
55	$this->tpl_name = 'mcp_warn_front';
56	break;
57
58	case 'list':
59	$this->mcp_warn_list_view($action);
60	$this->tpl_name = 'mcp_warn_list';
61	break;
62
63	case 'warn_post':
64	$this->mcp_warn_post_view($action);
65	$this->tpl_name = 'mcp_warn_post';
66	break;
67
68	case 'warn_user':
69	$this->mcp_warn_user_view($action);
70	$this->tpl_name = 'mcp_warn_user';
71	break;
72	}
73	}
74
75	/**
76	* Generates the summary on the main page of the warning module
77	*/
78	function mcp_warn_front_view()
79	{
80	global $phpEx, $phpbb_root_path;
81	global $template, $db, $user;
82
83	$template->assign_vars(array(
84	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp&field=username&select_single=true'),
85	'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user'),
86	));
87
88	// Obtain a list of the 5 naughtiest users....
89	// These are the 5 users with the highest warning count
90	$highest = array();
91	$count = 0;
92
93	view_warned_users($highest, $count, 5);
94
95	foreach ($highest as $row)
96	{
97	$template->assign_block_vars('highest', array(
98	'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
99
100	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
101
102	'WARNING_TIME' => $user->format_date($row['user_last_warning']),
103	'WARNINGS' => $row['user_warnings'],
104	));
105	}
106
107	// And now the 5 most recent users to get in trouble
108	$sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_warnings, w.warning_time
109	FROM ' . USERS_TABLE . ' u, ' . WARNINGS_TABLE . ' w
110	WHERE u.user_id = w.user_id
111	ORDER BY w.warning_time DESC';
112	$result = $db->sql_query_limit($sql, 5);
113
114	while ($row = $db->sql_fetchrow($result))
115	{
116	$template->assign_block_vars('latest', array(
117	'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
118
119	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
120
121	'WARNING_TIME' => $user->format_date($row['warning_time']),
122	'WARNINGS' => $row['user_warnings'],
123	));
124	}
125	$db->sql_freeresult($result);
126	}
127
128	/**
129	* Lists all users with warnings
130	*/
131	function mcp_warn_list_view($action)
132	{
133	global $phpEx, $phpbb_root_path, $config, $phpbb_container;
134	global $template, $user, $auth, $request;
135
136	/* @var $pagination \phpbb\pagination */
137	$pagination = $phpbb_container->get('pagination');
138	$user->add_lang('memberlist');
139
140	$start = $request->variable('start', 0);
141	$st = $request->variable('st', 0);
142	$sk = $request->variable('sk', 'b');
143	$sd = $request->variable('sd', 'd');
144
145	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
146	$sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_WARNINGS']);
147	$sort_by_sql = array('a' => 'username_clean', 'b' => 'user_last_warning', 'c' => 'user_warnings');
148
149	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
150	gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
151
152	// Define where and sort sql for use in displaying logs
153	$sql_where = ($st) ? (time() - ($st * 86400)) : 0;
154	$sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC');
155
156	$users = array();
157	$user_count = 0;
158
159	view_warned_users($users, $user_count, $config['topics_per_page'], $start, $sql_where, $sql_sort);
160
161	foreach ($users as $row)
162	{
163	$template->assign_block_vars('user', array(
164	'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
165
166	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
167
168	'WARNING_TIME' => $user->format_date($row['user_last_warning']),
169	'WARNINGS' => $row['user_warnings'],
170	));
171	}
172
173	$base_url = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=warn&mode=list&st=$st&sk=$sk&sd=$sd");
174	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $user_count, $config['topics_per_page'], $start);
175
176	$template->assign_vars(array(
177	'U_POST_ACTION' => $this->u_action,
178	'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false,
179	'S_SELECT_SORT_DIR' => $s_sort_dir,
180	'S_SELECT_SORT_KEY' => $s_sort_key,
181	'S_SELECT_SORT_DAYS' => $s_limit_days,
182
183	'TOTAL_USERS' => $user->lang('LIST_USERS', (int) $user_count),
184	));
185	}
186
187	/**
188	* Handles warning the user when the warning is for a specific post
189	*/
190	function mcp_warn_post_view($action)
191	{
192	global $phpEx, $phpbb_root_path, $config, $request;
193	global $template, $db, $user, $phpbb_dispatcher;
194
195	$post_id = $request->variable('p', 0);
196	$forum_id = $request->variable('f', 0);
197	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
198	$warning = $request->variable('warning', '', true);
199
200	$sql = 'SELECT u., p.
201	FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
202	WHERE p.post_id = $post_id
203	AND u.user_id = p.poster_id";
204	$result = $db->sql_query($sql);
205	$user_row = $db->sql_fetchrow($result);
206	$db->sql_freeresult($result);
207
208	if (!$user_row)
209	{
210	trigger_error('NO_POST');
211	}
212
213	// There is no point issuing a warning to ignored users (ie anonymous and bots)
214	if ($user_row['user_type'] == USER_IGNORE)
215	{
216	trigger_error('CANNOT_WARN_ANONYMOUS');
217	}
218
219	// Prevent someone from warning themselves
220	if ($user_row['user_id'] == $user->data['user_id'])
221	{
222	trigger_error('CANNOT_WARN_SELF');
223	}
224
225	// Check if there is already a warning for this post to prevent multiple
226	// warnings for the same offence
227	$sql = 'SELECT post_id
228	FROM ' . WARNINGS_TABLE . "
229	WHERE post_id = $post_id";
230	$result = $db->sql_query($sql);
231	$row = $db->sql_fetchrow($result);
232	$db->sql_freeresult($result);
233
234	if ($row)
235	{
236	trigger_error('ALREADY_WARNED');
237	}
238
239	$user_id = $user_row['user_id'];
240
241	if (strpos($this->u_action, "&p=$post_id") === false)
242	{
243	$this->p_master->adjust_url("&p=$post_id");
244	$this->u_action .= "&p=$post_id";
245	}
246
247	// Check if can send a notification
248	if ($config['allow_privmsg'])
249	{
250	$auth2 = new \phpbb\auth\auth();
251	$auth2->acl($user_row);
252	$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
253	unset($auth2);
254	}
255	else
256	{
257	$s_can_notify = false;
258	}
259
260	// Prevent against clever people
261	if ($notify && !$s_can_notify)
262	{
263	$notify = false;
264	}
265
266	if ($warning && $action == 'add_warning')
267	{
268	if (check_form_key('mcp_warn'))
269	{
270	$s_mcp_warn_post = true;
271
272	/**
273	* Event for before warning a user for a post.
274	*
275	* @event core.mcp_warn_post_before
276	* @var array user_row The entire user row
277	* @var string warning The warning message
278	* @var bool notify If true, we notify the user for the warning
279	* @var int post_id The post id for which the warning is added
280	* @var bool s_mcp_warn_post If true, we add the warning else we omit it
281	* @since 3.1.0-b4
282	*/
283	$vars = array(
284	'user_row',
285	'warning',
286	'notify',
287	'post_id',
288	's_mcp_warn_post',
289	);
290	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_post_before', compact($vars)));
291
292	if ($s_mcp_warn_post)
293	{
294	add_warning($user_row, $warning, $notify, $post_id);
295	$message = $user->lang['USER_WARNING_ADDED'];
296
297	/**
298	* Event for after warning a user for a post.
299	*
300	* @event core.mcp_warn_post_after
301	* @var array user_row The entire user row
302	* @var string warning The warning message
303	* @var bool notify If true, the user was notified for the warning
304	* @var int post_id The post id for which the warning is added
305	* @var string message Message displayed to the moderator
306	* @since 3.1.0-b4
307	*/
308	$vars = array(
309	'user_row',
310	'warning',
311	'notify',
312	'post_id',
313	'message',
314	);
315	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_post_after', compact($vars)));
316	}
317	}
318	else
319	{
320	$message = $user->lang['FORM_INVALID'];
321	}
322
323	if (!empty($message))
324	{
325	$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
326	meta_refresh(2, $redirect);
327	trigger_error($message . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
328	}
329	}
330
331	// OK, they didn't submit a warning so lets build the page for them to do so
332
333	// We want to make the message available here as a reminder
334	// Parse the message and subject
335	$parse_flags = OPTION_FLAG_SMILIES \| ($user_row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0);
336	$message = generate_text_for_display($user_row['post_text'], $user_row['bbcode_uid'], $user_row['bbcode_bitfield'], $parse_flags, true);
337
338	// Generate the appropriate user information for the user we are looking at
339	if (!function_exists('phpbb_get_user_rank'))
340	{
341	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
342	}
343
344	$user_rank_data = phpbb_get_user_rank($user_row, $user_row['user_posts']);
345	$avatar_img = phpbb_get_user_avatar($user_row);
346
347	$template->assign_vars(array(
348	'U_POST_ACTION' => $this->u_action,
349
350	'POST' => $message,
351	'USERNAME' => $user_row['username'],
352	'USER_COLOR' => (!empty($user_row['user_colour'])) ? $user_row['user_colour'] : '',
353	'RANK_TITLE' => $user_rank_data['title'],
354	'JOINED' => $user->format_date($user_row['user_regdate']),
355	'POSTS' => ($user_row['user_posts']) ? $user_row['user_posts'] : 0,
356	'WARNINGS' => ($user_row['user_warnings']) ? $user_row['user_warnings'] : 0,
357
358	'AVATAR_IMG' => $avatar_img,
359	'RANK_IMG' => $user_rank_data['img'],
360
361	'L_WARNING_POST_DEFAULT' => sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?p=$post_id#p$post_id"),
362
363	'S_CAN_NOTIFY' => $s_can_notify,
364	));
365	}
366
367	/**
368	* Handles warning the user
369	*/
370	function mcp_warn_user_view($action)
371	{
372	global $phpEx, $phpbb_root_path, $config, $request;
373	global $template, $db, $user, $phpbb_dispatcher;
374
375	$user_id = $request->variable('u', 0);
376	$username = $request->variable('username', '', true);
377	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
378	$warning = $request->variable('warning', '', true);
379
380	$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
381
382	$sql = 'SELECT *
383	FROM ' . USERS_TABLE . '
384	WHERE ' . $sql_where;
385	$result = $db->sql_query($sql);
386	$user_row = $db->sql_fetchrow($result);
387	$db->sql_freeresult($result);
388
389	if (!$user_row \|\| (int) $user_row['user_id'] === ANONYMOUS)
390	{
391	trigger_error('NO_USER');
392	}
393
394	// Prevent someone from warning themselves
395	if ($user_row['user_id'] == $user->data['user_id'])
396	{
397	trigger_error('CANNOT_WARN_SELF');
398	}
399
400	$user_id = $user_row['user_id'];
401
402	if (strpos($this->u_action, "&u=$user_id") === false)
403	{
404	$this->p_master->adjust_url('&u=' . $user_id);
405	$this->u_action .= "&u=$user_id";
406	}
407
408	// Check if can send a notification
409	if ($config['allow_privmsg'])
410	{
411	$auth2 = new \phpbb\auth\auth();
412	$auth2->acl($user_row);
413	$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
414	unset($auth2);
415	}
416	else
417	{
418	$s_can_notify = false;
419	}
420
421	// Prevent against clever people
422	if ($notify && !$s_can_notify)
423	{
424	$notify = false;
425	}
426
427	if ($warning && $action == 'add_warning')
428	{
429	if (check_form_key('mcp_warn'))
430	{
431	$s_mcp_warn_user = true;
432
433	/**
434	* Event for before warning a user from MCP.
435	*
436	* @event core.mcp_warn_user_before
437	* @var array user_row The entire user row
438	* @var string warning The warning message
439	* @var bool notify If true, we notify the user for the warning
440	* @var bool s_mcp_warn_user If true, we add the warning else we omit it
441	* @since 3.1.0-b4
442	*/
443	$vars = array(
444	'user_row',
445	'warning',
446	'notify',
447	's_mcp_warn_user',
448	);
449	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_user_before', compact($vars)));
450
451	if ($s_mcp_warn_user)
452	{
453	add_warning($user_row, $warning, $notify);
454	$message = $user->lang['USER_WARNING_ADDED'];
455
456	/**
457	* Event for after warning a user from MCP.
458	*
459	* @event core.mcp_warn_user_after
460	* @var array user_row The entire user row
461	* @var string warning The warning message
462	* @var bool notify If true, the user was notified for the warning
463	* @var string message Message displayed to the moderator
464	* @since 3.1.0-b4
465	*/
466	$vars = array(
467	'user_row',
468	'warning',
469	'notify',
470	'message',
471	);
472	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_user_after', compact($vars)));
473	}
474	}
475	else
476	{
477	$message = $user->lang['FORM_INVALID'];
478	}
479
480	if (!empty($message))
481	{
482	$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
483	meta_refresh(2, $redirect);
484	trigger_error($message . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
485	}
486	}
487
488	// Generate the appropriate user information for the user we are looking at
489	if (!function_exists('phpbb_get_user_rank'))
490	{
491	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
492	}
493	$user_rank_data = phpbb_get_user_rank($user_row, $user_row['user_posts']);
494	$avatar_img = phpbb_get_user_avatar($user_row);
495
496	// OK, they didn't submit a warning so lets build the page for them to do so
497	$template->assign_vars(array(
498	'U_POST_ACTION' => $this->u_action,
499
500	'RANK_TITLE' => $user_rank_data['title'],
501	'JOINED' => $user->format_date($user_row['user_regdate']),
502	'POSTS' => ($user_row['user_posts']) ? $user_row['user_posts'] : 0,
503	'WARNINGS' => ($user_row['user_warnings']) ? $user_row['user_warnings'] : 0,
504
505	'USERNAME_FULL' => get_username_string('full', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
506	'USERNAME_COLOUR' => get_username_string('colour', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
507	'USERNAME' => get_username_string('username', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
508	'U_PROFILE' => get_username_string('profile', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
509
510	'AVATAR_IMG' => $avatar_img,
511	'RANK_IMG' => $user_rank_data['img'],
512
513	'S_CAN_NOTIFY' => $s_can_notify,
514	));
515
516	return $user_id;
517	}
518	}
519
520	/**
521	* Insert the warning into the database
522	*/
523	function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
524	{
525	global $phpEx, $phpbb_root_path, $config, $phpbb_log;
526	global $db, $user;
527
528	if ($send_pm)
529	{
530	include_once($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
531	include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
532
533	// Attempt to translate warning to language of user being warned if user's language differs from issuer's language
534	if ($user_row['user_lang'] != $user->lang_name)
535	{
536	$lang = array();
537
538	$user_row['user_lang'] = (file_exists($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx)) ? $user_row['user_lang'] : $config['default_lang'];
539	include($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx);
540
541	$warn_pm_subject = $lang['WARNING_PM_SUBJECT'];
542	$warn_pm_body = sprintf($lang['WARNING_PM_BODY'], $warning);
543
544	unset($lang);
545	}
546	else
547	{
548	$warn_pm_subject = $user->lang('WARNING_PM_SUBJECT');
549	$warn_pm_body = $user->lang('WARNING_PM_BODY', $warning);
550	}
551
552	$message_parser = new parse_message();
553
554	$message_parser->message = $warn_pm_body;
555	$message_parser->parse(true, true, true, false, false, true, true);
556
557	$pm_data = array(
558	'from_user_id' => $user->data['user_id'],
559	'from_user_ip' => $user->ip,
560	'from_username' => $user->data['username'],
561	'enable_sig' => false,
562	'enable_bbcode' => true,
563	'enable_smilies' => true,
564	'enable_urls' => false,
565	'icon_id' => 0,
566	'bbcode_bitfield' => $message_parser->bbcode_bitfield,
567	'bbcode_uid' => $message_parser->bbcode_uid,
568	'message' => $message_parser->message,
569	'address_list' => array('u' => array($user_row['user_id'] => 'to')),
570	);
571
572	submit_pm('post', $warn_pm_subject, $pm_data, false);
573	}
574
575	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, [$user_row['username']]);
576
577	$log_id = $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING_BODY', false, [
578	'reportee_id' => $user_row['user_id'],
579	utf8_encode_ucr($warning)
580	]);
581
582	$sql_ary = array(
583	'user_id' => $user_row['user_id'],
584	'post_id' => $post_id,
585	'log_id' => $log_id,
586	'warning_time' => time(),
587	);
588
589	$db->sql_query('INSERT INTO ' . WARNINGS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
590
591	$sql = 'UPDATE ' . USERS_TABLE . '
592	SET user_warnings = user_warnings + 1,
593	user_last_warning = ' . time() . '
594	WHERE user_id = ' . $user_row['user_id'];
595	$db->sql_query($sql);
596
597	// We add this to the mod log too for moderators to see that a specific user got warned.
598	$sql = 'SELECT forum_id, topic_id
599	FROM ' . POSTS_TABLE . '
600	WHERE post_id = ' . $post_id;
601	$result = $db->sql_query($sql);
602	$row = $db->sql_fetchrow($result);
603	$db->sql_freeresult($result);
604
605	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, array(
606	'forum_id' => $row['forum_id'] ?? 0,
607	'topic_id' => $row['topic_id'] ?? 0,
608	'post_id' => $post_id,
609	$user_row['username']
610	));
611	}