| [Top level directory] [Classes] [Functions] [Constants] [Variables] |
XMB Open Source Forum Software - PHP Cross Reference |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * eXtreme Message Board 4 * XMB 1.9.11 5 * 6 * Developed And Maintained By The XMB Group 7 * Copyright (c) 2001-2010, The XMB Group 8 * http://www.xmbforum.com 9 * 10 * Sponsored By iEntry, Inc. 11 * http://www.ientry.com 12 * 13 * This program is free software; you can redistribute it and/or 14 * modify it under the terms of the GNU General Public License 15 * as published by the Free Software Foundation; either version 2 16 * of the License, or (at your option) any later version. 17 * 18 * This program is distributed in the hope that it will be useful, 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 * GNU General Public License for more details. 22 * 23 * You should have received a copy of the GNU General Public License 24 * along with this program. If not, see <http://www.gnu.org/licenses/>. 25 * 26 **/ 27 28 define('X_SCRIPT', 'vtmisc.php'); 29 30 require 'header.php'; 31 32 loadtemplates( 33 'vtmisc_report', 34 'misc_feature_notavailable' 35 ); 36 37 eval('$css = "'.template('css').'";'); 38 39 if (X_GUEST) { 40 redirect("{$full_url}misc.php?action=login", 0); 41 exit; 42 } 43 44 //Validate $action, $pid, $tid, and $fid 45 $fid = -1; 46 $tid = -1; 47 $pid = -1; 48 $action = postedVar('action', '', FALSE, FALSE, FALSE, 'g'); //Forms did not include the action 49 if ($action == 'report') { 50 $pid = getRequestInt('pid'); 51 $query = $db->query("SELECT f.*, t.tid, t.subject FROM ".X_PREFIX."posts AS p LEFT JOIN ".X_PREFIX."threads AS t USING (tid) LEFT JOIN ".X_PREFIX."forums AS f ON f.fid=t.fid WHERE p.pid=$pid"); 52 if ($db->num_rows($query) != 1) { 53 header('HTTP/1.0 404 Not Found'); 54 error($lang['textnothread']); 55 } 56 $forum = $db->fetch_array($query); 57 $db->free_result($query); 58 $fid = $forum['fid']; 59 $tid = $forum['tid']; 60 } else if ($action == 'votepoll') { 61 $tid = getRequestInt('tid'); 62 $query = $db->query("SELECT f.*, t.subject FROM ".X_PREFIX."threads AS t LEFT JOIN ".X_PREFIX."forums AS f USING (fid) WHERE t.tid=$tid"); 63 if ($db->num_rows($query) != 1) { 64 header('HTTP/1.0 404 Not Found'); 65 error($lang['textnothread']); 66 } 67 $forum = $db->fetch_array($query); 68 $db->free_result($query); 69 $fid = $forum['fid']; 70 } else { 71 header('HTTP/1.0 404 Not Found'); 72 error($lang['textnoaction']); 73 } 74 75 if (($forum['type'] != 'forum' && $forum['type'] != 'sub') || $forum['status'] != 'on') { 76 header('HTTP/1.0 404 Not Found'); 77 error($lang['textnoforum']); 78 } 79 80 smcwcache(); 81 82 // check permissions on this forum 83 $perms = checkForumPermissions($forum); 84 if (!($perms[X_PERMS_VIEW] || $perms[X_PERMS_USERLIST])) { 85 error($lang['privforummsg']); 86 } else if (!$perms[X_PERMS_PASSWORD]) { 87 handlePasswordDialog($fid); 88 } 89 90 $fup = array(); 91 if ($forum['type'] == 'sub') { 92 $fup = getForum($forum['fup']); 93 // prevent access to subforum when upper forum can't be viewed. 94 $fupPerms = checkForumPermissions($fup); 95 if (!$fupPerms[X_PERMS_VIEW]) { 96 error($lang['privforummsg']); 97 } else if (!$fupPerms[X_PERMS_PASSWORD]) { 98 handlePasswordDialog($fup['fid']); 99 } else if ($fup['fup'] > 0) { 100 $fupup = getForum($fup['fup']); 101 nav('<a href="index.php?gid='.$fup['fup'].'">'.fnameOut($fupup['name']).'</a>'); 102 unset($fupup); 103 } 104 nav('<a href="forumdisplay.php?fid='.$fup['fid'].'">'.fnameOut($fup['name']).'</a>'); 105 unset($fup); 106 } else if ($forum['fup'] > 0) { // 'forum' in a 'group' 107 $fup = getForum($forum['fup']); 108 nav('<a href="index.php?gid='.$fup['fid'].'">'.fnameOut($fup['name']).'</a>'); 109 unset($fup); 110 } 111 nav('<a href="forumdisplay.php?fid='.$fid.'">'.fnameOut($forum['name']).'</a>'); 112 if ($tid > 0) { 113 $subject = shortenString(rawHTMLsubject(stripslashes($forum['subject'])), 125, X_SHORTEN_SOFT|X_SHORTEN_HARD, '...'); 114 nav('<a href="viewthread.php?tid='.$tid.'">'.$subject.'</a>'); 115 unset($subject); 116 } 117 118 if ($SETTINGS['subject_in_title'] == 'on') { 119 $threadSubject = '- '.rawHTMLsubject(stripslashes($forum['subject'])); 120 } 121 122 // Search-link 123 $searchlink = makeSearchLink($forum['fid']); 124 125 if ($action == 'report') { 126 nav($lang['textreportpost']); 127 eval('echo "'.template('header').'";'); 128 129 if ($SETTINGS['reportpost'] == 'off') { 130 header('HTTP/1.0 403 Forbidden'); 131 eval('echo "'.template('misc_feature_notavailable').'";'); 132 end_time(); 133 eval('echo "'.template('footer').'";'); 134 exit; 135 } 136 137 if (noSubmit('reportsubmit')) { 138 eval('echo "'.template('vtmisc_report').'";'); 139 } else { 140 require ('include/u2u.inc.php'); 141 $modquery = $db->query("SELECT username, ppp FROM ".X_PREFIX."members WHERE status='Super Administrator' OR status='Administrator' OR status='Super Moderator'"); 142 while($modusr = $db->fetch_array($modquery)) { 143 $mod = $db->escape_var($modusr['username']); 144 145 $posturl = $full_url."viewthread.php?tid=$tid&goto=search&pid=$pid"; 146 $reason = postedVar('reason', '', TRUE, FALSE); 147 $message = $lang['reportmessage'].' '.$posturl."\n\n".$lang['reason'].' '.$reason; 148 $message = $db->escape(addslashes($message)); //Messages are historically double-slashed. 149 $subject = $db->escape(addslashes($lang['reportsubject'])); 150 151 u2u_send_recp($mod, $subject, $message); 152 } 153 $db->free_result($modquery); 154 155 message($lang['reportmsg'], false, '', '', $full_url.'viewthread.php?tid='.$tid.'&goto=search&pid='.$pid, true, false, true); 156 } 157 158 } else if ($action == 'votepoll') { 159 nav($lang['textvote']); 160 eval('echo "'.template('header').'";'); 161 162 // User voted in poll related to thread $tid. The vote option is contained in $postopnum 163 $postopnum = formInt('postopnum'); 164 if ($postopnum === 0) { 165 error($lang['pollvotenotselected'], false); 166 } 167 168 // Does a poll exist for this thread? 169 $tid = intval($tid); 170 $query = $db->query("SELECT vote_id FROM ".X_PREFIX."vote_desc WHERE topic_id=$tid"); 171 if ($query === false) { 172 error($lang['pollvotenotselected'], false); 173 } 174 175 $vote_id = $db->fetch_array($query); 176 $vote_id = $vote_id['vote_id']; 177 $db->free_result($query); 178 179 // does the poll option exist? 180 $query = $db->query("SELECT COUNT(vote_option_id) FROM ".X_PREFIX."vote_results WHERE vote_id=$vote_id AND vote_option_id=$postopnum"); 181 $vote_result = intval($db->result($query, 0)); //Aggregate functions with no grouping always return 1 row. 182 $db->free_result($query); 183 if ($vote_result != 1) { 184 error($lang['pollvotenotselected'], false); 185 } 186 187 // Has the user voted on this poll before? 188 $query = $db->query("SELECT COUNT(vote_id) FROM ".X_PREFIX."vote_voters WHERE vote_id=$vote_id AND vote_user_id={$self['uid']}"); 189 $voted = intval($db->result($query, 0)); 190 $db->free_result($query); 191 if ($voted >= 1) { 192 error($lang['alreadyvoted'], false); 193 } 194 195 // Okay, the user is about to vote 196 $db->query("INSERT INTO ".X_PREFIX."vote_voters (vote_id, vote_user_id, vote_user_ip) VALUES ($vote_id, {$self['uid']}, '".encode_ip($onlineip)."')"); 197 $db->query("UPDATE ".X_PREFIX."vote_results SET vote_result=vote_result+1 WHERE vote_id=$vote_id AND vote_option_id=$postopnum"); 198 199 if ($tid > 0) { 200 message($lang['votemsg'], false, '', '', $full_url.'viewthread.php?tid='.$tid, true, false, true); 201 } else { 202 message($lang['votemsg'], false, '', '', $full_url, true, false, true); 203 } 204 } 205 206 end_time(); 207 eval('echo "'.template('footer').'";'); 208 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Jan 26 20:11:23 2010 | Home | Forum | Download | SVN | Bug Tracker | Documentation | Cross-referenced by PHPXref 0.7 |