[ Index ]

PHP Cross Reference of phpBB-3.2.0-deutsch

title

Body

[close]

/ -> mcp.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  define('IN_PHPBB', true);
  18  $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  19  $phpEx = substr(strrchr(__FILE__, '.'), 1);
  20  include($phpbb_root_path . 'common.' . $phpEx);
  21  include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
  22  include($phpbb_root_path . 'includes/functions_mcp.' . $phpEx);
  23  require($phpbb_root_path . 'includes/functions_module.' . $phpEx);
  24  
  25  // Start session management
  26  $user->session_begin();
  27  $auth->acl($user->data);
  28  $user->setup('mcp');
  29  
  30  $module = new p_master();
  31  
  32  // Setting a variable to let the style designer know where he is...
  33  $template->assign_var('S_IN_MCP', true);
  34  
  35  // Basic parameter data
  36  $id = $request->variable('i', '');
  37  
  38  $mode = $request->variable('mode', array(''));
  39  $mode = sizeof($mode) ? array_shift($mode) : $request->variable('mode', '');
  40  
  41  // Only Moderators can go beyond this point
  42  if (!$user->data['is_registered'])
  43  {
  44      if ($user->data['is_bot'])
  45      {
  46          redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  47      }
  48  
  49      login_box('', $user->lang['LOGIN_EXPLAIN_MCP']);
  50  }
  51  
  52  $quickmod = (isset($_REQUEST['quickmod'])) ? true : false;
  53  $action = $request->variable('action', '');
  54  $action_ary = $request->variable('action', array('' => 0));
  55  
  56  $forum_action = $request->variable('forum_action', '');
  57  if ($forum_action !== '' && $request->variable('sort', false, false, \phpbb\request\request_interface::POST))
  58  {
  59      $action = $forum_action;
  60  }
  61  
  62  if (sizeof($action_ary))
  63  {
  64      list($action, ) = each($action_ary);
  65  }
  66  unset($action_ary);
  67  
  68  if ($mode == 'topic_logs')
  69  {
  70      $id = 'logs';
  71      $quickmod = false;
  72  }
  73  
  74  $post_id = $request->variable('p', 0);
  75  $topic_id = $request->variable('t', 0);
  76  $forum_id = $request->variable('f', 0);
  77  $report_id = $request->variable('r', 0);
  78  $user_id = $request->variable('u', 0);
  79  $username = $request->variable('username', '', true);
  80  
  81  if ($post_id)
  82  {
  83      // We determine the topic and forum id here, to make sure the moderator really has moderative rights on this post
  84      $sql = 'SELECT topic_id, forum_id
  85          FROM ' . POSTS_TABLE . "
  86          WHERE post_id = $post_id";
  87      $result = $db->sql_query($sql);
  88      $row = $db->sql_fetchrow($result);
  89      $db->sql_freeresult($result);
  90  
  91      $topic_id = (int) $row['topic_id'];
  92      $forum_id = (int) $row['forum_id'];
  93  }
  94  else if ($topic_id)
  95  {
  96      $sql = 'SELECT forum_id
  97          FROM ' . TOPICS_TABLE . "
  98          WHERE topic_id = $topic_id";
  99      $result = $db->sql_query($sql);
 100      $row = $db->sql_fetchrow($result);
 101      $db->sql_freeresult($result);
 102  
 103      $forum_id = (int) $row['forum_id'];
 104  }
 105  
 106  // If the user doesn't have any moderator powers (globally or locally) he can't access the mcp
 107  if (!$auth->acl_getf_global('m_'))
 108  {
 109      // Except he is using one of the quickmod tools for users
 110      $user_quickmod_actions = array(
 111          'lock'            => 'f_user_lock',
 112          'make_sticky'    => 'f_sticky',
 113          'make_announce'    => 'f_announce',
 114          'make_global'    => 'f_announce_global',
 115          'make_normal'    => array('f_announce', 'f_announce_global', 'f_sticky')
 116      );
 117  
 118      $allow_user = false;
 119      if ($quickmod && isset($user_quickmod_actions[$action]) && $user->data['is_registered'] && $auth->acl_gets($user_quickmod_actions[$action], $forum_id))
 120      {
 121          $topic_info = phpbb_get_topic_data(array($topic_id));
 122          if ($topic_info[$topic_id]['topic_poster'] == $user->data['user_id'])
 123          {
 124              $allow_user = true;
 125          }
 126      }
 127  
 128      if (!$allow_user)
 129      {
 130          send_status_line(403, 'Forbidden');
 131          trigger_error('NOT_AUTHORISED');
 132      }
 133  }
 134  
 135  // if the user cannot read the forum he tries to access then we won't allow mcp access either
 136  if ($forum_id && !$auth->acl_get('f_read', $forum_id))
 137  {
 138      send_status_line(403, 'Forbidden');
 139      trigger_error('NOT_AUTHORISED');
 140  }
 141  
 142  /**
 143  * Allow applying additional permissions to MCP access besides f_read
 144  *
 145  * @event core.mcp_global_f_read_auth_after
 146  * @var    string        action            The action the user tried to execute
 147  * @var    int            forum_id        The forum the user tried to access
 148  * @var    string        mode            The MCP module the user is trying to access
 149  * @var    p_master    module            Module system class
 150  * @var    bool        quickmod        True if the user is accessing using quickmod tools
 151  * @var    int            topic_id        The topic the user tried to access
 152  * @since 3.1.3-RC1
 153  */
 154  $vars = array(
 155      'action',
 156      'forum_id',
 157      'mode',
 158      'module',
 159      'quickmod',
 160      'topic_id',
 161  );
 162  extract($phpbb_dispatcher->trigger_event('core.mcp_global_f_read_auth_after', compact($vars)));
 163  
 164  if ($forum_id)
 165  {
 166      $module->acl_forum_id = $forum_id;
 167  }
 168  
 169  // Instantiate module system and generate list of available modules
 170  $module->list_modules('mcp');
 171  
 172  if ($quickmod)
 173  {
 174      $mode = 'quickmod';
 175  
 176      switch ($action)
 177      {
 178          case 'lock':
 179          case 'unlock':
 180          case 'lock_post':
 181          case 'unlock_post':
 182          case 'make_sticky':
 183          case 'make_announce':
 184          case 'make_global':
 185          case 'make_normal':
 186          case 'fork':
 187          case 'move':
 188          case 'delete_post':
 189          case 'delete_topic':
 190          case 'restore_topic':
 191              $module->load('mcp', 'main', 'quickmod');
 192              return;
 193          break;
 194  
 195          case 'topic_logs':
 196              // Reset start parameter if we jumped from the quickmod dropdown
 197              if ($request->variable('start', 0))
 198              {
 199                  $request->overwrite('start', 0);
 200              }
 201  
 202              $module->set_active('logs', 'topic_logs');
 203          break;
 204  
 205          case 'merge_topic':
 206              $module->set_active('main', 'forum_view');
 207          break;
 208  
 209          case 'split':
 210          case 'merge':
 211              $module->set_active('main', 'topic_view');
 212          break;
 213  
 214          default:
 215              // If needed, the flag can be set to true within event listener
 216              // to indicate that the action was handled properly
 217              // and to pass by the trigger_error() call below
 218              $is_valid_action = false;
 219  
 220              /**
 221              * This event allows you to add custom quickmod options
 222              *
 223              * @event core.modify_quickmod_options
 224              * @var    object    module            Instance of module system class
 225              * @var    string    action            Quickmod option
 226              * @var    bool    is_valid_action    Flag indicating if the action was handled properly
 227              * @since 3.1.0-a4
 228              */
 229              $vars = array('module', 'action', 'is_valid_action');
 230              extract($phpbb_dispatcher->trigger_event('core.modify_quickmod_options', compact($vars)));
 231  
 232              if (!$is_valid_action)
 233              {
 234                  trigger_error($user->lang('QUICKMOD_ACTION_NOT_ALLOWED', $action), E_USER_ERROR);
 235              }
 236          break;
 237      }
 238  }
 239  else
 240  {
 241      // Select the active module
 242      $module->set_active($id, $mode);
 243  }
 244  
 245  // Hide some of the options if we don't have the relevant information to use them
 246  if (!$post_id)
 247  {
 248      $module->set_display('main', 'post_details', false);
 249      $module->set_display('warn', 'warn_post', false);
 250  }
 251  
 252  if ($mode == '' || $mode == 'unapproved_topics' || $mode == 'unapproved_posts' || $mode == 'deleted_topics' || $mode == 'deleted_posts')
 253  {
 254      $module->set_display('queue', 'approve_details', false);
 255  }
 256  
 257  if ($mode == '' || $mode == 'reports' || $mode == 'reports_closed' || $mode == 'pm_reports' || $mode == 'pm_reports_closed' || $mode == 'pm_report_details')
 258  {
 259      $module->set_display('reports', 'report_details', false);
 260  }
 261  
 262  if ($mode == '' || $mode == 'reports' || $mode == 'reports_closed' || $mode == 'pm_reports' || $mode == 'pm_reports_closed' || $mode == 'report_details')
 263  {
 264      $module->set_display('pm_reports', 'pm_report_details', false);
 265  }
 266  
 267  if (!$topic_id)
 268  {
 269      $module->set_display('main', 'topic_view', false);
 270      $module->set_display('logs', 'topic_logs', false);
 271  }
 272  
 273  if (!$forum_id)
 274  {
 275      $module->set_display('main', 'forum_view', false);
 276      $module->set_display('logs', 'forum_logs', false);
 277  }
 278  
 279  if (!$user_id && $username == '')
 280  {
 281      $module->set_display('notes', 'user_notes', false);
 282      $module->set_display('warn', 'warn_user', false);
 283  }
 284  
 285  /**
 286  * This event allows you to set display option for custom MCP modules
 287  *
 288  * @event core.modify_mcp_modules_display_option
 289  * @var    p_master    module            Module system class
 290  * @var    string        mode            MCP mode
 291  * @var    int            user_id            User id
 292  * @var    int            forum_id        Forum id
 293  * @var    int            topic_id        Topic id
 294  * @var    int            post_id            Post id
 295  * @var    string        username        User name
 296  * @var    int            id                Parent module id
 297  * @since 3.1.0-b2
 298  */
 299  $vars = array(
 300      'module',
 301      'mode',
 302      'user_id',
 303      'forum_id',
 304      'topic_id',
 305      'post_id',
 306      'username',
 307      'id',
 308  );
 309  extract($phpbb_dispatcher->trigger_event('core.modify_mcp_modules_display_option', compact($vars)));
 310  
 311  // Load and execute the relevant module
 312  $module->load_active();
 313  
 314  // Assign data to the template engine for the list of modules
 315  $module->assign_tpl_vars(append_sid("{$phpbb_root_path}mcp.$phpEx"));
 316  
 317  // Generate urls for letting the moderation control panel being accessed in different modes
 318  $template->assign_vars(array(
 319      'U_MCP'            => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main'),
 320      'U_MCP_FORUM'    => ($forum_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&amp;mode=forum_view&amp;f=$forum_id") : '',
 321      'U_MCP_TOPIC'    => ($forum_id && $topic_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&amp;mode=topic_view&amp;t=$topic_id") : '',
 322      'U_MCP_POST'    => ($forum_id && $topic_id && $post_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&amp;mode=post_details&amp;t=$topic_id&amp;p=$post_id") : '',
 323  ));
 324  
 325  // Generate the page, do not display/query online list
 326  $module->display($module->get_page_title());


Generated: Sun Feb 19 19:47:08 2017 Cross-referenced by PHPXref 0.7.1