Code Coverage for /data/phpBB/includes/mcp/mcp

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 309	0.00% covered (danger)	0.00%	0 / 7	CRAP	0.00% covered (danger)	0.00%	0 / 1
add_warning	0.00% covered (danger)	0.00%	0 / 60	0.00% covered (danger)	0.00%	0 / 1	20
mcp_warn	0.00% covered (danger)	0.00%	0 / 247	0.00% covered (danger)	0.00%	0 / 6	3080	0.00% covered (danger)	0.00%	0 / 1
__construct	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
main	0.00% covered (danger)	0.00%	0 / 22	0.00% covered (danger)	0.00%	0 / 1	42
mcp_warn_front_view	0.00% covered (danger)	0.00%	0 / 28	0.00% covered (danger)	0.00%	0 / 1	12
mcp_warn_list_view	0.00% covered (danger)	0.00%	0 / 35	0.00% covered (danger)	0.00%	0 / 1	30
mcp_warn_post_view	0.00% covered (danger)	0.00%	0 / 87	0.00% covered (danger)	0.00%	0 / 1	462
mcp_warn_user_view	0.00% covered (danger)	0.00%	0 / 74	0.00% covered (danger)	0.00%	0 / 1	380

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	/**
23	* mcp_warn
24	* Handling warning the users
25	*/
26	class mcp_warn
27	{
28	var $p_master;
29	var $u_action;
30
31	function __construct($p_master)
32	{
33	$this->p_master = $p_master;
34	}
35
36	function main($id, $mode)
37	{
38	global $request;
39
40	$action = $request->variable('action', array('' => ''));
41
42	if (is_array($action))
43	{
44	$action = key($action);
45	}
46
47	$this->page_title = 'MCP_WARN';
48
49	add_form_key('mcp_warn');
50
51	switch ($mode)
52	{
53	case 'front':
54	$this->mcp_warn_front_view();
55	$this->tpl_name = 'mcp_warn_front';
56	break;
57
58	case 'list':
59	$this->mcp_warn_list_view($action);
60	$this->tpl_name = 'mcp_warn_list';
61	break;
62
63	case 'warn_post':
64	$this->mcp_warn_post_view($action);
65	$this->tpl_name = 'mcp_warn_post';
66	break;
67
68	case 'warn_user':
69	$this->mcp_warn_user_view($action);
70	$this->tpl_name = 'mcp_warn_user';
71	break;
72	}
73	}
74
75	/**
76	* Generates the summary on the main page of the warning module
77	*/
78	function mcp_warn_front_view()
79	{
80	global $phpEx, $phpbb_root_path;
81	global $template, $db, $user;
82
83	$template->assign_vars(array(
84	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp&field=username&select_single=true'),
85	'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user'),
86	));
87
88	// Obtain a list of the 5 naughtiest users....
89	// These are the 5 users with the highest warning count
90	$highest = array();
91	$count = 0;
92
93	view_warned_users($highest, $count, 5);
94
95	foreach ($highest as $row)
96	{
97	$template->assign_block_vars('highest', array(
98	'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
99
100	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
101
102	'WARNING_TIME' => $user->format_date($row['user_last_warning']),
103	'WARNINGS' => $row['user_warnings'],
104	));
105	}
106
107	// And now the 5 most recent users to get in trouble
108	$sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_warnings, w.warning_time
109	FROM ' . USERS_TABLE . ' u, ' . WARNINGS_TABLE . ' w
110	WHERE u.user_id = w.user_id
111	ORDER BY w.warning_time DESC';
112	$result = $db->sql_query_limit($sql, 5);
113
114	while ($row = $db->sql_fetchrow($result))
115	{
116	$template->assign_block_vars('latest', array(
117	'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
118
119	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
120
121	'WARNING_TIME' => $user->format_date($row['warning_time']),
122	'WARNINGS' => $row['user_warnings'],
123	));
124	}
125	$db->sql_freeresult($result);
126	}
127
128	/**
129	* Lists all users with warnings
130	*/
131	function mcp_warn_list_view($action)
132	{
133	global $phpEx, $phpbb_root_path, $config, $phpbb_container;
134	global $template, $user, $auth, $request;
135
136	/* @var $pagination \phpbb\pagination */
137	$pagination = $phpbb_container->get('pagination');
138	$user->add_lang('memberlist');
139
140	$start = $request->variable('start', 0);
141	$st = $request->variable('st', 0);
142	$sk = $request->variable('sk', 'b');
143	$sd = $request->variable('sd', 'd');
144
145	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
146	$sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_WARNINGS']);
147	$sort_by_sql = array('a' => 'username_clean', 'b' => 'user_last_warning', 'c' => 'user_warnings');
148
149	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
150	gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
151
152	// Define where and sort sql for use in displaying logs
153	$sql_where = ($st) ? (time() - ($st * 86400)) : 0;
154	$sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC');
155
156	$users = array();
157	$user_count = 0;
158
159	view_warned_users($users, $user_count, $config['topics_per_page'], $start, $sql_where, $sql_sort);
160
161	foreach ($users as $row)
162	{
163	$template->assign_block_vars('user', array(
164	'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
165
166	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
167
168	'WARNING_TIME' => $user->format_date($row['user_last_warning']),
169	'WARNINGS' => $row['user_warnings'],
170	));
171	}
172
173	$base_url = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=warn&mode=list&st=$st&sk=$sk&sd=$sd");
174	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $user_count, $config['topics_per_page'], $start);
175
176	$template->assign_vars(array(
177	'U_POST_ACTION' => $this->u_action,
178	'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false,
179	'S_SELECT_SORT_DIR' => $s_sort_dir,
180	'S_SELECT_SORT_KEY' => $s_sort_key,
181	'S_SELECT_SORT_DAYS' => $s_limit_days,
182
183	'TOTAL_USERS' => $user->lang('LIST_USERS', (int) $user_count),
184	));
185	}
186
187	/**
188	* Handles warning the user when the warning is for a specific post
189	*/
190	function mcp_warn_post_view($action)
191	{
192	global $phpEx, $phpbb_root_path, $config, $request;
193	global $template, $db, $user, $phpbb_dispatcher, $phpbb_container;
194
195	$post_id = $request->variable('p', 0);
196	$forum_id = $request->variable('f', 0);
197	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
198	$warning = $request->variable('warning', '', true);
199
200	$sql = 'SELECT u., p.
201	FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
202	WHERE p.post_id = $post_id
203	AND u.user_id = p.poster_id";
204	$result = $db->sql_query($sql);
205	$user_row = $db->sql_fetchrow($result);
206	$db->sql_freeresult($result);
207
208	if (!$user_row)
209	{
210	trigger_error('NO_POST');
211	}
212
213	// There is no point issuing a warning to ignored users (ie anonymous and bots)
214	if ($user_row['user_type'] == USER_IGNORE)
215	{
216	trigger_error('CANNOT_WARN_ANONYMOUS');
217	}
218
219	// Prevent someone from warning themselves
220	if ($user_row['user_id'] == $user->data['user_id'])
221	{
222	trigger_error('CANNOT_WARN_SELF');
223	}
224
225	// Check if there is already a warning for this post to prevent multiple
226	// warnings for the same offence
227	$sql = 'SELECT post_id
228	FROM ' . WARNINGS_TABLE . "
229	WHERE post_id = $post_id";
230	$result = $db->sql_query($sql);
231	$row = $db->sql_fetchrow($result);
232	$db->sql_freeresult($result);
233
234	if ($row)
235	{
236	trigger_error('ALREADY_WARNED');
237	}
238
239	$user_id = $user_row['user_id'];
240
241	if (strpos($this->u_action, "&p=$post_id") === false)
242	{
243	$this->p_master->adjust_url("&p=$post_id");
244	$this->u_action .= "&p=$post_id";
245	}
246
247	// Check if can send a notification
248	if ($config['allow_privmsg'])
249	{
250	$auth2 = new \phpbb\auth\auth();
251	$auth2->acl($user_row);
252	$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
253	unset($auth2);
254	}
255	else
256	{
257	$s_can_notify = false;
258	}
259
260	// Prevent against clever people
261	if ($notify && !$s_can_notify)
262	{
263	$notify = false;
264	}
265
266	if ($warning && $action == 'add_warning')
267	{
268	if (check_form_key('mcp_warn'))
269	{
270	$s_mcp_warn_post = true;
271
272	/**
273	* Event for before warning a user for a post.
274	*
275	* @event core.mcp_warn_post_before
276	* @var array user_row The entire user row
277	* @var string warning The warning message
278	* @var bool notify If true, we notify the user for the warning
279	* @var int post_id The post id for which the warning is added
280	* @var bool s_mcp_warn_post If true, we add the warning else we omit it
281	* @since 3.1.0-b4
282	*/
283	$vars = array(
284	'user_row',
285	'warning',
286	'notify',
287	'post_id',
288	's_mcp_warn_post',
289	);
290	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_post_before', compact($vars)));
291
292	if ($s_mcp_warn_post)
293	{
294	add_warning($user_row, $warning, $notify, $post_id);
295	$message = $user->lang['USER_WARNING_ADDED'];
296
297	/**
298	* Event for after warning a user for a post.
299	*
300	* @event core.mcp_warn_post_after
301	* @var array user_row The entire user row
302	* @var string warning The warning message
303	* @var bool notify If true, the user was notified for the warning
304	* @var int post_id The post id for which the warning is added
305	* @var string message Message displayed to the moderator
306	* @since 3.1.0-b4
307	*/
308	$vars = array(
309	'user_row',
310	'warning',
311	'notify',
312	'post_id',
313	'message',
314	);
315	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_post_after', compact($vars)));
316	}
317	}
318	else
319	{
320	$message = $user->lang['FORM_INVALID'];
321	}
322
323	if (!empty($message))
324	{
325	$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
326	meta_refresh(2, $redirect);
327	trigger_error($message . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
328	}
329	}
330
331	// OK, they didn't submit a warning so lets build the page for them to do so
332
333	// We want to make the message available here as a reminder
334	// Parse the message and subject
335	$parse_flags = OPTION_FLAG_SMILIES \| ($user_row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0);
336	$message = generate_text_for_display($user_row['post_text'], $user_row['bbcode_uid'], $user_row['bbcode_bitfield'], $parse_flags, true);
337
338	// Generate the appropriate user information for the user we are looking at
339	if (!function_exists('phpbb_get_user_rank'))
340	{
341	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
342	}
343
344	$user_rank_data = phpbb_get_user_rank($user_row, $user_row['user_posts']);
345
346	/** @var \phpbb\avatar\helper $avatar_helper */
347	$avatar_helper = $phpbb_container->get('avatar.helper');
348
349	$avatar = $avatar_helper->get_user_avatar($user_row);
350	$template->assign_vars($avatar_helper->get_template_vars($avatar, 'USER_'));
351
352	$template->assign_vars(array(
353	'U_POST_ACTION' => $this->u_action,
354
355	'POST' => $message,
356	'USERNAME' => $user_row['username'],
357	'USER_COLOR' => (!empty($user_row['user_colour'])) ? $user_row['user_colour'] : '',
358	'RANK_TITLE' => $user_rank_data['title'],
359	'JOINED' => $user->format_date($user_row['user_regdate']),
360	'POSTS' => ($user_row['user_posts']) ? $user_row['user_posts'] : 0,
361	'WARNINGS' => ($user_row['user_warnings']) ? $user_row['user_warnings'] : 0,
362
363	'RANK_IMG' => $user_rank_data['img'],
364
365	'L_WARNING_POST_DEFAULT' => sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?p=$post_id#p$post_id"),
366
367	'S_CAN_NOTIFY' => $s_can_notify,
368	));
369	}
370
371	/**
372	* Handles warning the user
373	*/
374	function mcp_warn_user_view($action)
375	{
376	global $phpEx, $phpbb_root_path, $config, $request;
377	global $template, $db, $user, $phpbb_dispatcher, $phpbb_container;
378
379	$user_id = $request->variable('u', 0);
380	$username = $request->variable('username', '', true);
381	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
382	$warning = $request->variable('warning', '', true);
383
384	$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
385
386	$sql = 'SELECT *
387	FROM ' . USERS_TABLE . '
388	WHERE ' . $sql_where;
389	$result = $db->sql_query($sql);
390	$user_row = $db->sql_fetchrow($result);
391	$db->sql_freeresult($result);
392
393	if (!$user_row \|\| (int) $user_row['user_id'] === ANONYMOUS)
394	{
395	trigger_error('NO_USER');
396	}
397
398	// Prevent someone from warning themselves
399	if ($user_row['user_id'] == $user->data['user_id'])
400	{
401	trigger_error('CANNOT_WARN_SELF');
402	}
403
404	$user_id = $user_row['user_id'];
405
406	if (strpos($this->u_action, "&u=$user_id") === false)
407	{
408	$this->p_master->adjust_url('&u=' . $user_id);
409	$this->u_action .= "&u=$user_id";
410	}
411
412	// Check if can send a notification
413	if ($config['allow_privmsg'])
414	{
415	$auth2 = new \phpbb\auth\auth();
416	$auth2->acl($user_row);
417	$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
418	unset($auth2);
419	}
420	else
421	{
422	$s_can_notify = false;
423	}
424
425	// Prevent against clever people
426	if ($notify && !$s_can_notify)
427	{
428	$notify = false;
429	}
430
431	if ($warning && $action == 'add_warning')
432	{
433	if (check_form_key('mcp_warn'))
434	{
435	$s_mcp_warn_user = true;
436
437	/**
438	* Event for before warning a user from MCP.
439	*
440	* @event core.mcp_warn_user_before
441	* @var array user_row The entire user row
442	* @var string warning The warning message
443	* @var bool notify If true, we notify the user for the warning
444	* @var bool s_mcp_warn_user If true, we add the warning else we omit it
445	* @since 3.1.0-b4
446	*/
447	$vars = array(
448	'user_row',
449	'warning',
450	'notify',
451	's_mcp_warn_user',
452	);
453	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_user_before', compact($vars)));
454
455	if ($s_mcp_warn_user)
456	{
457	add_warning($user_row, $warning, $notify);
458	$message = $user->lang['USER_WARNING_ADDED'];
459
460	/**
461	* Event for after warning a user from MCP.
462	*
463	* @event core.mcp_warn_user_after
464	* @var array user_row The entire user row
465	* @var string warning The warning message
466	* @var bool notify If true, the user was notified for the warning
467	* @var string message Message displayed to the moderator
468	* @since 3.1.0-b4
469	*/
470	$vars = array(
471	'user_row',
472	'warning',
473	'notify',
474	'message',
475	);
476	extract($phpbb_dispatcher->trigger_event('core.mcp_warn_user_after', compact($vars)));
477	}
478	}
479	else
480	{
481	$message = $user->lang['FORM_INVALID'];
482	}
483
484	if (!empty($message))
485	{
486	$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
487	meta_refresh(2, $redirect);
488	trigger_error($message . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
489	}
490	}
491
492	// Generate the appropriate user information for the user we are looking at
493	if (!function_exists('phpbb_get_user_rank'))
494	{
495	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
496	}
497	$user_rank_data = phpbb_get_user_rank($user_row, $user_row['user_posts']);
498
499	/** @var \phpbb\avatar\helper $avatar_helper */
500	$avatar_helper = $phpbb_container->get('avatar.helper');
501
502	$avatar = $avatar_helper->get_user_avatar($user_row);
503	$template->assign_vars($avatar_helper->get_template_vars($avatar, 'USER_'));
504
505	// OK, they didn't submit a warning so lets build the page for them to do so
506	$template->assign_vars(array(
507	'U_POST_ACTION' => $this->u_action,
508
509	'RANK_TITLE' => $user_rank_data['title'],
510	'JOINED' => $user->format_date($user_row['user_regdate']),
511	'POSTS' => ($user_row['user_posts']) ? $user_row['user_posts'] : 0,
512	'WARNINGS' => ($user_row['user_warnings']) ? $user_row['user_warnings'] : 0,
513
514	'USERNAME_FULL' => get_username_string('full', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
515	'USERNAME_COLOUR' => get_username_string('colour', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
516	'USERNAME' => get_username_string('username', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
517	'U_PROFILE' => get_username_string('profile', $user_row['user_id'], $user_row['username'], $user_row['user_colour']),
518
519	'RANK_IMG' => $user_rank_data['img'],
520
521	'S_CAN_NOTIFY' => $s_can_notify,
522	));
523
524	return $user_id;
525	}
526	}
527
528	/**
529	* Insert the warning into the database
530	*/
531	function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
532	{
533	global $phpEx, $phpbb_root_path, $config, $phpbb_log;
534	global $db, $user;
535
536	if ($send_pm)
537	{
538	include_once($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
539	include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
540
541	// Attempt to translate warning to language of user being warned if user's language differs from issuer's language
542	if ($user_row['user_lang'] != $user->lang_name)
543	{
544	$lang = array();
545
546	$user_row['user_lang'] = (file_exists($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx)) ? $user_row['user_lang'] : $config['default_lang'];
547	include($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx);
548
549	$warn_pm_subject = $lang['WARNING_PM_SUBJECT'];
550	$warn_pm_body = sprintf($lang['WARNING_PM_BODY'], $warning);
551
552	unset($lang);
553	}
554	else
555	{
556	$warn_pm_subject = $user->lang('WARNING_PM_SUBJECT');
557	$warn_pm_body = $user->lang('WARNING_PM_BODY', $warning);
558	}
559
560	$message_parser = new parse_message();
561
562	$message_parser->message = $warn_pm_body;
563	$message_parser->parse(true, true, true, false, true, true);
564
565	$pm_data = array(
566	'from_user_id' => $user->data['user_id'],
567	'from_user_ip' => $user->ip,
568	'from_username' => $user->data['username'],
569	'enable_sig' => false,
570	'enable_bbcode' => true,
571	'enable_smilies' => true,
572	'enable_urls' => false,
573	'icon_id' => 0,
574	'bbcode_bitfield' => $message_parser->bbcode_bitfield,
575	'bbcode_uid' => $message_parser->bbcode_uid,
576	'message' => $message_parser->message,
577	'address_list' => array('u' => array($user_row['user_id'] => 'to')),
578	);
579
580	submit_pm('post', $warn_pm_subject, $pm_data, false);
581	}
582
583	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, [$user_row['username']]);
584
585	$log_id = $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING_BODY', false, [
586	'reportee_id' => $user_row['user_id'],
587	utf8_encode_ucr($warning)
588	]);
589
590	$sql_ary = array(
591	'user_id' => $user_row['user_id'],
592	'post_id' => $post_id,
593	'log_id' => $log_id,
594	'warning_time' => time(),
595	);
596
597	$db->sql_query('INSERT INTO ' . WARNINGS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
598
599	$sql = 'UPDATE ' . USERS_TABLE . '
600	SET user_warnings = user_warnings + 1,
601	user_last_warning = ' . time() . '
602	WHERE user_id = ' . $user_row['user_id'];
603	$db->sql_query($sql);
604
605	// We add this to the mod log too for moderators to see that a specific user got warned.
606	$sql = 'SELECT forum_id, topic_id
607	FROM ' . POSTS_TABLE . '
608	WHERE post_id = ' . $post_id;
609	$result = $db->sql_query($sql);
610	$row = $db->sql_fetchrow($result);
611	$db->sql_freeresult($result);
612
613	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, array(
614	'forum_id' => $row['forum_id'] ?? 0,
615	'topic_id' => $row['topic_id'] ?? 0,
616	'post_id' => $post_id,
617	$user_row['username']
618	));
619	}