[ Index ]

PHP Cross Reference of phpBB-3.3.11-deutsch

title

Body

[close]

/ -> mcp.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  define('IN_PHPBB', true);
  18  $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  19  $phpEx = substr(strrchr(__FILE__, '.'), 1);
  20  include($phpbb_root_path . 'common.' . $phpEx);
  21  include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
  22  include($phpbb_root_path . 'includes/functions_mcp.' . $phpEx);
  23  require($phpbb_root_path . 'includes/functions_module.' . $phpEx);
  24  
  25  // Start session management
  26  $user->session_begin();
  27  $auth->acl($user->data);
  28  $user->setup('mcp');
  29  
  30  $module = new p_master();
  31  
  32  // Setting a variable to let the style designer know where he is...
  33  $template->assign_var('S_IN_MCP', true);
  34  
  35  // Basic parameter data
  36  $id = $request->variable('i', '');
  37  
  38  $mode = $request->variable('mode', array(''));
  39  $mode = count($mode) ? array_shift($mode) : $request->variable('mode', '');
  40  
  41  // Only Moderators can go beyond this point
  42  if (!$user->data['is_registered'])
  43  {
  44      if ($user->data['is_bot'])
  45      {
  46          redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  47      }
  48  
  49      login_box('', $user->lang['LOGIN_EXPLAIN_MCP']);
  50  }
  51  
  52  $quickmod = (isset($_REQUEST['quickmod'])) ? true : false;
  53  $action = $request->variable('action', '');
  54  $action_ary = $request->variable('action', array('' => 0));
  55  
  56  $forum_action = $request->variable('forum_action', '');
  57  if ($forum_action !== '' && $request->variable('sort', false, false, \phpbb\request\request_interface::POST))
  58  {
  59      $action = $forum_action;
  60  }
  61  
  62  if (count($action_ary))
  63  {
  64      $action = key($action_ary);
  65  }
  66  unset($action_ary);
  67  
  68  if ($mode == 'topic_logs')
  69  {
  70      $id = 'logs';
  71      $quickmod = false;
  72  }
  73  
  74  $post_id = $request->variable('p', 0);
  75  $topic_id = $request->variable('t', 0);
  76  $forum_id = $request->variable('f', 0);
  77  $report_id = $request->variable('r', 0);
  78  $user_id = $request->variable('u', 0);
  79  $username = $request->variable('username', '', true);
  80  
  81  if ($post_id)
  82  {
  83      // We determine the topic and forum id here, to make sure the moderator really has moderative rights on this post
  84      $sql = 'SELECT topic_id, forum_id
  85          FROM ' . POSTS_TABLE . '
  86          WHERE post_id = ' . (int) $post_id;
  87      $result = $db->sql_query($sql);
  88      $row = $db->sql_fetchrow($result);
  89      $db->sql_freeresult($result);
  90  
  91      $topic_id = $row['topic_id'] ?? false;
  92      $forum_id = $row['forum_id'] ?? false;
  93  }
  94  else if ($topic_id)
  95  {
  96      $sql = 'SELECT forum_id
  97          FROM ' . TOPICS_TABLE . '
  98          WHERE topic_id = ' . (int) $topic_id;
  99      $result = $db->sql_query($sql);
 100      $row = $db->sql_fetchrow($result);
 101      $db->sql_freeresult($result);
 102  
 103      $forum_id = $row['forum_id'] ?? false;
 104  }
 105  
 106  // If the user doesn't have any moderator powers (globally or locally) he can't access the mcp
 107  if (!$auth->acl_getf_global('m_'))
 108  {
 109      // Except he is using one of the quickmod tools for users
 110      $user_quickmod_actions = array(
 111          'lock'            => 'f_user_lock',
 112          'make_sticky'    => 'f_sticky',
 113          'make_announce'    => 'f_announce',
 114          'make_global'    => 'f_announce_global',
 115          'make_normal'    => array('f_announce', 'f_announce_global', 'f_sticky')
 116      );
 117  
 118      $allow_user = false;
 119      if ($quickmod && isset($user_quickmod_actions[$action]) && $user->data['is_registered'] && $auth->acl_gets($user_quickmod_actions[$action], $forum_id))
 120      {
 121          $topic_info = phpbb_get_topic_data(array($topic_id));
 122          if ($topic_info[$topic_id]['topic_poster'] == $user->data['user_id'])
 123          {
 124              $allow_user = true;
 125          }
 126      }
 127  
 128      /**
 129      * Allow modification of the permissions to access the mcp file
 130      *
 131      * @event core.mcp_modify_permissions
 132      * @var    array        user_quickmod_actions            Array holding the quickmod actions and their respectiev permissions
 133      * @var    bool        quickmod                        Whether or not the action is performed via QuickMod
 134      * @var    bool        allow_user                        Boolean holding if the user can access the mcp
 135      * @var    int            forum_id                        The current forum ID
 136      * @var    int            topic_id                        The current topic ID
 137      * @since 3.3.3-RC1
 138      */
 139      $vars = array(
 140          'user_quickmod_actions',
 141          'quickmod',
 142          'allow_user',
 143          'forum_id',
 144          'topic_id',
 145      );
 146      extract($phpbb_dispatcher->trigger_event('core.mcp_modify_permissions', compact($vars)));
 147  
 148      if (!$allow_user)
 149      {
 150          send_status_line(403, 'Forbidden');
 151          trigger_error('NOT_AUTHORISED');
 152      }
 153  }
 154  
 155  // if the user cannot read the forum he tries to access then we won't allow mcp access either
 156  if ($forum_id && !$auth->acl_get('f_read', $forum_id))
 157  {
 158      send_status_line(403, 'Forbidden');
 159      trigger_error('NOT_AUTHORISED');
 160  }
 161  
 162  /**
 163  * Allow applying additional permissions to MCP access besides f_read
 164  *
 165  * @event core.mcp_global_f_read_auth_after
 166  * @var    string        action            The action the user tried to execute
 167  * @var    int            forum_id        The forum the user tried to access
 168  * @var    string        mode            The MCP module the user is trying to access
 169  * @var    p_master    module            Module system class
 170  * @var    bool        quickmod        True if the user is accessing using quickmod tools
 171  * @var    int            topic_id        The topic the user tried to access
 172  * @since 3.1.3-RC1
 173  */
 174  $vars = array(
 175      'action',
 176      'forum_id',
 177      'mode',
 178      'module',
 179      'quickmod',
 180      'topic_id',
 181  );
 182  extract($phpbb_dispatcher->trigger_event('core.mcp_global_f_read_auth_after', compact($vars)));
 183  
 184  if ($forum_id)
 185  {
 186      $module->acl_forum_id = $forum_id;
 187  }
 188  
 189  // Instantiate module system and generate list of available modules
 190  $module->list_modules('mcp');
 191  
 192  if ($quickmod)
 193  {
 194      $mode = 'quickmod';
 195  
 196      switch ($action)
 197      {
 198          case 'lock':
 199          case 'unlock':
 200          case 'lock_post':
 201          case 'unlock_post':
 202          case 'make_sticky':
 203          case 'make_announce':
 204          case 'make_global':
 205          case 'make_normal':
 206          case 'fork':
 207          case 'move':
 208          case 'delete_post':
 209          case 'delete_topic':
 210          case 'restore_topic':
 211              $module->load('mcp', 'main', 'quickmod');
 212              return;
 213          break;
 214  
 215          case 'topic_logs':
 216              // Reset start parameter if we jumped from the quickmod dropdown
 217              if ($request->variable('start', 0))
 218              {
 219                  $request->overwrite('start', 0);
 220              }
 221  
 222              $module->set_active('logs', 'topic_logs');
 223          break;
 224  
 225          case 'merge_topic':
 226              $module->set_active('main', 'forum_view');
 227          break;
 228  
 229          case 'split':
 230          case 'merge':
 231              $module->set_active('main', 'topic_view');
 232          break;
 233  
 234          default:
 235              // If needed, the flag can be set to true within event listener
 236              // to indicate that the action was handled properly
 237              // and to pass by the trigger_error() call below
 238              $is_valid_action = false;
 239  
 240              /**
 241              * This event allows you to add custom quickmod options
 242              *
 243              * @event core.modify_quickmod_options
 244              * @var    object    module            Instance of module system class
 245              * @var    string    action            Quickmod option
 246              * @var    bool    is_valid_action    Flag indicating if the action was handled properly
 247              * @since 3.1.0-a4
 248              */
 249              $vars = array('module', 'action', 'is_valid_action');
 250              extract($phpbb_dispatcher->trigger_event('core.modify_quickmod_options', compact($vars)));
 251  
 252              if (!$is_valid_action)
 253              {
 254                  trigger_error($user->lang('QUICKMOD_ACTION_NOT_ALLOWED', $action), E_USER_ERROR);
 255              }
 256          break;
 257      }
 258  }
 259  else
 260  {
 261      // Select the active module
 262      $module->set_active($id, $mode);
 263  }
 264  
 265  // Hide some of the options if we don't have the relevant information to use them
 266  if (!$post_id)
 267  {
 268      $module->set_display('main', 'post_details', false);
 269      $module->set_display('warn', 'warn_post', false);
 270  }
 271  
 272  if ($mode == '' || $mode == 'unapproved_topics' || $mode == 'unapproved_posts' || $mode == 'deleted_topics' || $mode == 'deleted_posts')
 273  {
 274      $module->set_display('queue', 'approve_details', false);
 275  }
 276  
 277  if ($mode == '' || $mode == 'reports' || $mode == 'reports_closed' || $mode == 'pm_reports' || $mode == 'pm_reports_closed' || $mode == 'pm_report_details')
 278  {
 279      $module->set_display('reports', 'report_details', false);
 280  }
 281  
 282  if ($mode == '' || $mode == 'reports' || $mode == 'reports_closed' || $mode == 'pm_reports' || $mode == 'pm_reports_closed' || $mode == 'report_details')
 283  {
 284      $module->set_display('pm_reports', 'pm_report_details', false);
 285  }
 286  
 287  if (!$topic_id)
 288  {
 289      $module->set_display('main', 'topic_view', false);
 290      $module->set_display('logs', 'topic_logs', false);
 291  }
 292  
 293  if (!$forum_id)
 294  {
 295      $module->set_display('main', 'forum_view', false);
 296      $module->set_display('logs', 'forum_logs', false);
 297  }
 298  
 299  if (!$user_id && $username == '')
 300  {
 301      $module->set_display('notes', 'user_notes', false);
 302      $module->set_display('warn', 'warn_user', false);
 303  }
 304  
 305  /**
 306  * This event allows you to set display option for custom MCP modules
 307  *
 308  * @event core.modify_mcp_modules_display_option
 309  * @var    p_master    module            Module system class
 310  * @var    string        mode            MCP mode
 311  * @var    int            user_id            User id
 312  * @var    int            forum_id        Forum id
 313  * @var    int            topic_id        Topic id
 314  * @var    int            post_id            Post id
 315  * @var    string        username        User name
 316  * @var    int            id                Parent module id
 317  * @since 3.1.0-b2
 318  */
 319  $vars = array(
 320      'module',
 321      'mode',
 322      'user_id',
 323      'forum_id',
 324      'topic_id',
 325      'post_id',
 326      'username',
 327      'id',
 328  );
 329  extract($phpbb_dispatcher->trigger_event('core.modify_mcp_modules_display_option', compact($vars)));
 330  
 331  $template->assign_block_vars('navlinks', array(
 332      'BREADCRUMB_NAME'    => $user->lang('MCP'),
 333      'U_BREADCRUMB'        => append_sid("{$phpbb_root_path}mcp.$phpEx"),
 334  ));
 335  
 336  // Generate urls for letting the moderation control panel being accessed in different modes
 337  $template->assign_vars(array(
 338      'U_MCP'            => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main'),
 339      'U_MCP_FORUM'    => ($forum_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&amp;mode=forum_view&amp;f=$forum_id") : '',
 340      'U_MCP_TOPIC'    => ($forum_id && $topic_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&amp;mode=topic_view&amp;t=$topic_id") : '',
 341      'U_MCP_POST'    => ($forum_id && $topic_id && $post_id) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&amp;mode=post_details&amp;t=$topic_id&amp;p=$post_id") : '',
 342  ));
 343  
 344  // Load and execute the relevant module
 345  $module->load_active();
 346  
 347  // Assign data to the template engine for the list of modules
 348  $module->assign_tpl_vars(append_sid("{$phpbb_root_path}mcp.$phpEx"));
 349  
 350  // Generate the page, do not display/query online list
 351  $module->display($module->get_page_title());


Generated: Sat Nov 4 14:26:03 2023 Cross-referenced by PHPXref 0.7.1