Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 173 |
n/a |
0 / 0 |
CRAP | n/a |
0 / 0 |
||
| 1 | <?php |
| 2 | /** |
| 3 | * |
| 4 | * This file is part of the phpBB Forum Software package. |
| 5 | * |
| 6 | * @copyright (c) phpBB Limited <https://www.phpbb.com> |
| 7 | * @license GNU General Public License, version 2 (GPL-2.0) |
| 8 | * |
| 9 | * For full copyright and license information, please see |
| 10 | * the docs/CREDITS.txt file. |
| 11 | * |
| 12 | */ |
| 13 | |
| 14 | /** |
| 15 | * @ignore |
| 16 | */ |
| 17 | define('IN_PHPBB', true); |
| 18 | $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './'; |
| 19 | $phpEx = substr(strrchr(__FILE__, '.'), 1); |
| 20 | include($phpbb_root_path . 'common.' . $phpEx); |
| 21 | include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); |
| 22 | include($phpbb_root_path . 'includes/functions_mcp.' . $phpEx); |
| 23 | require($phpbb_root_path . 'includes/functions_module.' . $phpEx); |
| 24 | |
| 25 | // Start session management |
| 26 | $user->session_begin(); |
| 27 | $auth->acl($user->data); |
| 28 | $user->setup('mcp'); |
| 29 | |
| 30 | $module = new p_master(); |
| 31 | |
| 32 | // Setting a variable to let the style designer know where he is... |
| 33 | $template->assign_var('S_IN_MCP', true); |
| 34 | |
| 35 | // Basic parameter data |
| 36 | $id = $request->variable('i', ''); |
| 37 | |
| 38 | $mode = $request->variable('mode', array('')); |
| 39 | $mode = count($mode) ? array_shift($mode) : $request->variable('mode', ''); |
| 40 | |
| 41 | // Only Moderators can go beyond this point |
| 42 | if (!$user->data['is_registered']) |
| 43 | { |
| 44 | if ($user->data['is_bot']) |
| 45 | { |
| 46 | /** @var \phpbb\controller\helper $controller_helper */ |
| 47 | $controller_helper = $phpbb_container->get('controller.helper'); |
| 48 | redirect($controller_helper->route('phpbb_index_controller')); |
| 49 | } |
| 50 | |
| 51 | login_box('', $user->lang['LOGIN_EXPLAIN_MCP']); |
| 52 | } |
| 53 | |
| 54 | $quickmod = (isset($_REQUEST['quickmod'])) ? true : false; |
| 55 | $action = $request->variable('action', ''); |
| 56 | $action_ary = $request->variable('action', array('' => 0)); |
| 57 | |
| 58 | $forum_action = $request->variable('forum_action', ''); |
| 59 | if ($forum_action !== '' && $request->variable('sort', false, false, \phpbb\request\request_interface::POST)) |
| 60 | { |
| 61 | $action = $forum_action; |
| 62 | } |
| 63 | |
| 64 | if (count($action_ary)) |
| 65 | { |
| 66 | $action = key($action_ary); |
| 67 | } |
| 68 | unset($action_ary); |
| 69 | |
| 70 | if ($mode == 'topic_logs') |
| 71 | { |
| 72 | $id = 'logs'; |
| 73 | $quickmod = false; |
| 74 | } |
| 75 | |
| 76 | $post_id = $request->variable('p', 0); |
| 77 | $topic_id = $request->variable('t', 0); |
| 78 | $forum_id = $request->variable('f', 0); |
| 79 | $report_id = $request->variable('r', 0); |
| 80 | $user_id = $request->variable('u', 0); |
| 81 | $username = $request->variable('username', '', true); |
| 82 | |
| 83 | if ($post_id) |
| 84 | { |
| 85 | // We determine the topic and forum id here, to make sure the moderator really has moderative rights on this post |
| 86 | $sql = 'SELECT topic_id, forum_id |
| 87 | FROM ' . POSTS_TABLE . ' |
| 88 | WHERE post_id = ' . (int) $post_id; |
| 89 | $result = $db->sql_query($sql); |
| 90 | $row = $db->sql_fetchrow($result); |
| 91 | $db->sql_freeresult($result); |
| 92 | |
| 93 | $topic_id = $row['topic_id'] ?? false; |
| 94 | $forum_id = $row['forum_id'] ?? false; |
| 95 | } |
| 96 | else if ($topic_id) |
| 97 | { |
| 98 | $sql = 'SELECT forum_id |
| 99 | FROM ' . TOPICS_TABLE . ' |
| 100 | WHERE topic_id = ' . (int) $topic_id; |
| 101 | $result = $db->sql_query($sql); |
| 102 | $row = $db->sql_fetchrow($result); |
| 103 | $db->sql_freeresult($result); |
| 104 | |
| 105 | $forum_id = $row['forum_id'] ?? false; |
| 106 | } |
| 107 | |
| 108 | // If the user doesn't have any moderator powers (globally or locally) he can't access the mcp |
| 109 | if (!$auth->acl_getf_global('m_')) |
| 110 | { |
| 111 | // Except he is using one of the quickmod tools for users |
| 112 | $user_quickmod_actions = array( |
| 113 | 'lock' => 'f_user_lock', |
| 114 | 'make_sticky' => 'f_sticky', |
| 115 | 'make_announce' => 'f_announce', |
| 116 | 'make_global' => 'f_announce_global', |
| 117 | 'make_normal' => array('f_announce', 'f_announce_global', 'f_sticky') |
| 118 | ); |
| 119 | |
| 120 | $allow_user = false; |
| 121 | if ($quickmod && isset($user_quickmod_actions[$action]) && $user->data['is_registered'] && $auth->acl_gets($user_quickmod_actions[$action], $forum_id)) |
| 122 | { |
| 123 | $topic_info = phpbb_get_topic_data(array($topic_id)); |
| 124 | if ($topic_info[$topic_id]['topic_poster'] == $user->data['user_id']) |
| 125 | { |
| 126 | $allow_user = true; |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | /** |
| 131 | * Allow modification of the permissions to access the mcp file |
| 132 | * |
| 133 | * @event core.mcp_modify_permissions |
| 134 | * @var array user_quickmod_actions Array holding the quickmod actions and their respectiev permissions |
| 135 | * @var bool quickmod Whether or not the action is performed via QuickMod |
| 136 | * @var bool allow_user Boolean holding if the user can access the mcp |
| 137 | * @var int forum_id The current forum ID |
| 138 | * @var int topic_id The current topic ID |
| 139 | * @since 3.3.3-RC1 |
| 140 | */ |
| 141 | $vars = array( |
| 142 | 'user_quickmod_actions', |
| 143 | 'quickmod', |
| 144 | 'allow_user', |
| 145 | 'forum_id', |
| 146 | 'topic_id', |
| 147 | ); |
| 148 | extract($phpbb_dispatcher->trigger_event('core.mcp_modify_permissions', compact($vars))); |
| 149 | |
| 150 | if (!$allow_user) |
| 151 | { |
| 152 | send_status_line(403, 'Forbidden'); |
| 153 | trigger_error('NOT_AUTHORISED'); |
| 154 | } |
| 155 | } |
| 156 | |
| 157 | // if the user cannot read the forum he tries to access then we won't allow mcp access either |
| 158 | if ($forum_id && !$auth->acl_get('f_read', $forum_id)) |
| 159 | { |
| 160 | send_status_line(403, 'Forbidden'); |
| 161 | trigger_error('NOT_AUTHORISED'); |
| 162 | } |
| 163 | |
| 164 | /** |
| 165 | * Allow applying additional permissions to MCP access besides f_read |
| 166 | * |
| 167 | * @event core.mcp_global_f_read_auth_after |
| 168 | * @var string action The action the user tried to execute |
| 169 | * @var int forum_id The forum the user tried to access |
| 170 | * @var string mode The MCP module the user is trying to access |
| 171 | * @var p_master module Module system class |
| 172 | * @var bool quickmod True if the user is accessing using quickmod tools |
| 173 | * @var int topic_id The topic the user tried to access |
| 174 | * @since 3.1.3-RC1 |
| 175 | */ |
| 176 | $vars = array( |
| 177 | 'action', |
| 178 | 'forum_id', |
| 179 | 'mode', |
| 180 | 'module', |
| 181 | 'quickmod', |
| 182 | 'topic_id', |
| 183 | ); |
| 184 | extract($phpbb_dispatcher->trigger_event('core.mcp_global_f_read_auth_after', compact($vars))); |
| 185 | |
| 186 | if ($forum_id) |
| 187 | { |
| 188 | $module->acl_forum_id = $forum_id; |
| 189 | } |
| 190 | |
| 191 | // Instantiate module system and generate list of available modules |
| 192 | $module->list_modules('mcp'); |
| 193 | |
| 194 | if ($quickmod) |
| 195 | { |
| 196 | $mode = 'quickmod'; |
| 197 | |
| 198 | switch ($action) |
| 199 | { |
| 200 | case 'lock': |
| 201 | case 'unlock': |
| 202 | case 'lock_post': |
| 203 | case 'unlock_post': |
| 204 | case 'make_sticky': |
| 205 | case 'make_announce': |
| 206 | case 'make_global': |
| 207 | case 'make_normal': |
| 208 | case 'fork': |
| 209 | case 'move': |
| 210 | case 'delete_post': |
| 211 | case 'delete_topic': |
| 212 | case 'restore_topic': |
| 213 | $module->load('mcp', 'main', 'quickmod'); |
| 214 | return; |
| 215 | break; |
| 216 | |
| 217 | case 'topic_logs': |
| 218 | // Reset start parameter if we jumped from the quickmod dropdown |
| 219 | if ($request->variable('start', 0)) |
| 220 | { |
| 221 | $request->overwrite('start', 0); |
| 222 | } |
| 223 | |
| 224 | $module->set_active('logs', 'topic_logs'); |
| 225 | break; |
| 226 | |
| 227 | case 'merge_topic': |
| 228 | $module->set_active('main', 'forum_view'); |
| 229 | break; |
| 230 | |
| 231 | case 'split': |
| 232 | case 'merge': |
| 233 | $module->set_active('main', 'topic_view'); |
| 234 | break; |
| 235 | |
| 236 | default: |
| 237 | // If needed, the flag can be set to true within event listener |
| 238 | // to indicate that the action was handled properly |
| 239 | // and to pass by the trigger_error() call below |
| 240 | $is_valid_action = false; |
| 241 | |
| 242 | /** |
| 243 | * This event allows you to add custom quickmod options |
| 244 | * |
| 245 | * @event core.modify_quickmod_options |
| 246 | * @var object module Instance of module system class |
| 247 | * @var string action Quickmod option |
| 248 | * @var bool is_valid_action Flag indicating if the action was handled properly |
| 249 | * @since 3.1.0-a4 |
| 250 | */ |
| 251 | $vars = array('module', 'action', 'is_valid_action'); |
| 252 | extract($phpbb_dispatcher->trigger_event('core.modify_quickmod_options', compact($vars))); |
| 253 | |
| 254 | if (!$is_valid_action) |
| 255 | { |
| 256 | trigger_error($user->lang('QUICKMOD_ACTION_NOT_ALLOWED', $action), E_USER_ERROR); |
| 257 | } |
| 258 | break; |
| 259 | } |
| 260 | } |
| 261 | else |
| 262 | { |
| 263 | // Select the active module |
| 264 | $module->set_active($id, $mode); |
| 265 | } |
| 266 | |
| 267 | // Hide some of the options if we don't have the relevant information to use them |
| 268 | if (!$post_id) |
| 269 | { |
| 270 | $module->set_display('main', 'post_details', false); |
| 271 | $module->set_display('warn', 'warn_post', false); |
| 272 | } |
| 273 | |
| 274 | if ($mode == '' || $mode == 'unapproved_topics' || $mode == 'unapproved_posts' || $mode == 'deleted_topics' || $mode == 'deleted_posts') |
| 275 | { |
| 276 | $module->set_display('queue', 'approve_details', false); |
| 277 | } |
| 278 | |
| 279 | if ($mode == '' || $mode == 'reports' || $mode == 'reports_closed' || $mode == 'pm_reports' || $mode == 'pm_reports_closed' || $mode == 'pm_report_details') |
| 280 | { |
| 281 | $module->set_display('reports', 'report_details', false); |
| 282 | } |
| 283 | |
| 284 | if ($mode == '' || $mode == 'reports' || $mode == 'reports_closed' || $mode == 'pm_reports' || $mode == 'pm_reports_closed' || $mode == 'report_details') |
| 285 | { |
| 286 | $module->set_display('pm_reports', 'pm_report_details', false); |
| 287 | } |
| 288 | |
| 289 | if (!$topic_id) |
| 290 | { |
| 291 | $module->set_display('main', 'topic_view', false); |
| 292 | $module->set_display('logs', 'topic_logs', false); |
| 293 | } |
| 294 | |
| 295 | if (!$forum_id) |
| 296 | { |
| 297 | $module->set_display('main', 'forum_view', false); |
| 298 | $module->set_display('logs', 'forum_logs', false); |
| 299 | } |
| 300 | |
| 301 | if (!$user_id && $username == '') |
| 302 | { |
| 303 | $module->set_display('notes', 'user_notes', false); |
| 304 | $module->set_display('warn', 'warn_user', false); |
| 305 | } |
| 306 | |
| 307 | /** |
| 308 | * This event allows you to set display option for custom MCP modules |
| 309 | * |
| 310 | * @event core.modify_mcp_modules_display_option |
| 311 | * @var p_master module Module system class |
| 312 | * @var string mode MCP mode |
| 313 | * @var int user_id User id |
| 314 | * @var int forum_id Forum id |
| 315 | * @var int topic_id Topic id |
| 316 | * @var int post_id Post id |
| 317 | * @var string username User name |
| 318 | * @var int id Parent module id |
| 319 | * @since 3.1.0-b2 |
| 320 | */ |
| 321 | $vars = array( |
| 322 | 'module', |
| 323 | 'mode', |
| 324 | 'user_id', |
| 325 | 'forum_id', |
| 326 | 'topic_id', |
| 327 | 'post_id', |
| 328 | 'username', |
| 329 | 'id', |
| 330 | ); |
| 331 | extract($phpbb_dispatcher->trigger_event('core.modify_mcp_modules_display_option', compact($vars))); |
| 332 | |
| 333 | $template->assign_block_vars('navlinks', array( |
| 334 | 'BREADCRUMB_NAME' => $user->lang('MCP'), |
| 335 | 'U_BREADCRUMB' => append_sid("{$phpbb_root_path}mcp.$phpEx"), |
| 336 | )); |
| 337 | |
| 338 | // Generate urls for letting the moderation control panel being accessed in different modes |
| 339 | $template->assign_vars(array( |
| 340 | 'U_MCP' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main'), |
| 341 | 'U_MCP_FORUM' => ($forum_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=forum_view&f=$forum_id") : '', |
| 342 | 'U_MCP_TOPIC' => ($forum_id && $topic_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=topic_view&t=$topic_id") : '', |
| 343 | 'U_MCP_POST' => ($forum_id && $topic_id && $post_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=post_details&t=$topic_id&p=$post_id") : '', |
| 344 | )); |
| 345 | |
| 346 | // Load and execute the relevant module |
| 347 | $module->load_active(); |
| 348 | |
| 349 | // Assign data to the template engine for the list of modules |
| 350 | $module->assign_tpl_vars(append_sid("{$phpbb_root_path}mcp.$phpEx")); |
| 351 | |
| 352 | // Generate the page, do not display/query online list |
| 353 | $module->display($module->get_page_title()); |