<?php /*************************************************************************** * modcp.php * ------------------- * begin : July 4, 2001 * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * * $Id: modcp.php,v 1.71.2.24 2004/07/11 16:46:15 acydburn Exp $ * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ /** * Moderator Control Panel * * From this 'Control Panel' the moderator of a forum will be able to do * mass topic operations (locking/unlocking/moving/deleteing), and it will * provide an interface to do quick locking/unlocking/moving/deleting of * topics via the moderator operations buttons on all of the viewtopic pages. */ define('IN_PHPBB', true); $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); include($phpbb_root_path . 'includes/bbcode.'.$phpEx); include($phpbb_root_path . 'includes/functions_admin.'.$phpEx); // // Obtain initial var settings // if ( isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]) ) { $forum_id = (isset($HTTP_POST_VARS[POST_FORUM_URL])) ? intval($HTTP_POST_VARS[POST_FORUM_URL]) : intval($HTTP_GET_VARS[POST_FORUM_URL]); } else { $forum_id = ''; } if ( isset($HTTP_GET_VARS[POST_POST_URL]) || isset($HTTP_POST_VARS[POST_POST_URL]) ) { $post_id = (isset($HTTP_POST_VARS[POST_POST_URL])) ? intval($HTTP_POST_VARS[POST_POST_URL]) : intval($HTTP_GET_VARS[POST_POST_URL]); } else { $post_id = ''; } if ( isset($HTTP_GET_VARS[POST_TOPIC_URL]) || isset($HTTP_POST_VARS[POST_TOPIC_URL]) ) { $topic_id = (isset($HTTP_POST_VARS[POST_TOPIC_URL])) ? intval($HTTP_POST_VARS[POST_TOPIC_URL]) : intval($HTTP_GET_VARS[POST_TOPIC_URL]); } else { $topic_id = ''; } $confirm = ( $HTTP_POST_VARS['confirm'] ) ? TRUE : 0; // // Continue var definitions // $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; $delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : FALSE; $move = ( isset($HTTP_POST_VARS['move']) ) ? TRUE : FALSE; $lock = ( isset($HTTP_POST_VARS['lock']) ) ? TRUE : FALSE; $unlock = ( isset($HTTP_POST_VARS['unlock']) ) ? TRUE : FALSE; if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; $mode = htmlspecialchars($mode); } else { if ( $delete ) { $mode = 'delete'; } else if ( $move ) { $mode = 'move'; } else if ( $lock ) { $mode = 'lock'; } else if ( $unlock ) { $mode = 'unlock'; } else { $mode = ''; } } // session id check if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) { $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; } else { $sid = ''; } // // Obtain relevant data // if ( !empty($topic_id) ) { $sql = "SELECT f.forum_id, f.forum_name, f.forum_topics FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f WHERE t.topic_id = " . $topic_id . " AND f.forum_id = t.forum_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } $topic_row = $db->sql_fetchrow($result); $forum_topics = ( $topic_row['forum_topics'] == 0 ) ? 1 : $topic_row['forum_topics']; $forum_id = $topic_row['forum_id']; $forum_name = $topic_row['forum_name']; } else if ( !empty($forum_id) ) { $sql = "SELECT forum_name, forum_topics FROM " . FORUMS_TABLE . " WHERE forum_id = " . $forum_id; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_MESSAGE, 'Forum_not_exist'); } $topic_row = $db->sql_fetchrow($result); $forum_topics = ( $topic_row['forum_topics'] == 0 ) ? 1 : $topic_row['forum_topics']; $forum_name = $topic_row['forum_name']; } else { message_die(GENERAL_MESSAGE, 'Forum_not_exist'); } // // Start session management // $userdata = session_pagestart($user_ip, $forum_id); init_userprefs($userdata); // // End session management // // session id check if ($sid == '' || $sid != $userdata['session_id']) { message_die(GENERAL_ERROR, 'Invalid_session'); } // // Check if user did or did not confirm // If they did not, forward them to the last page they were on // if ( isset($HTTP_POST_VARS['cancel']) ) { if ( $topic_id ) { $redirect = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id"; } else if ( $forum_id ) { $redirect = "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"; } else { $redirect = "index.$phpEx"; } redirect(append_sid($redirect, true)); } // // Start auth check // $is_auth = auth(AUTH_ALL, $forum_id, $userdata); if ( !$is_auth['auth_mod'] ) { message_die(GENERAL_MESSAGE, $lang['Not_Moderator'], $lang['Not_Authorised']); } // // End Auth Check // // // Do major work ... // switch( $mode ) { case 'delete': if (!$is_auth['auth_delete']) { message_die(MESSAGE, sprintf($lang['Sorry_auth_delete'], $is_auth['auth_delete_type'])); } $page_title = $lang['Mod_CP']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); if ( $confirm ) { include($phpbb_root_path . 'includes/functions_search.'.$phpEx); $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); $topic_id_sql = ''; for($i = 0; $i < count($topics); $i++) { $topic_id_sql .= ( ( $topic_id_sql != '' ) ? ', ' : '' ) . intval($topics[$i]); } $sql = "SELECT topic_id FROM " . TOPICS_TABLE . " WHERE topic_id IN ($topic_id_sql) AND forum_id = $forum_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get topic id information', '', __LINE__, __FILE__, $sql); } $topic_id_sql = ''; while ($row = $db->sql_fetchrow($result)) { $topic_id_sql .= (($topic_id_sql != '') ? ', ' : '') . intval($row['topic_id']); } $db->sql_freeresult($result); $sql = "SELECT poster_id, COUNT(post_id) AS posts FROM " . POSTS_TABLE . " WHERE topic_id IN ($topic_id_sql) GROUP BY poster_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get poster id information', '', __LINE__, __FILE__, $sql); } $count_sql = array(); while ( $row = $db->sql_fetchrow($result) ) { $count_sql[] = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts - " . $row['posts'] . " WHERE user_id = " . $row['poster_id']; } $db->sql_freeresult($result); if ( sizeof($count_sql) ) { for($i = 0; $i < sizeof($count_sql); $i++) { if ( !$db->sql_query($count_sql[$i]) ) { message_die(GENERAL_ERROR, 'Could not update user post count information', '', __LINE__, __FILE__, $sql); } } } $sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE topic_id IN ($topic_id_sql)"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get post id information', '', __LINE__, __FILE__, $sql); } $post_id_sql = ''; while ( $row = $db->sql_fetchrow($result) ) { $post_id_sql .= ( ( $post_id_sql != '' ) ? ', ' : '' ) . intval($row['post_id']); } $db->sql_freeresult($result); $sql = "SELECT vote_id FROM " . VOTE_DESC_TABLE . " WHERE topic_id IN ($topic_id_sql)"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get vote id information', '', __LINE__, __FILE__, $sql); } $vote_id_sql = ''; while ( $row = $db->sql_fetchrow($result) ) { $vote_id_sql .= ( ( $vote_id_sql != '' ) ? ', ' : '' ) . $row['vote_id']; } $db->sql_freeresult($result); // // Got all required info so go ahead and start deleting everything // $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id IN ($topic_id_sql) OR topic_moved_id IN ($topic_id_sql)"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Could not delete topics', '', __LINE__, __FILE__, $sql); } if ( $post_id_sql != '' ) { $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id IN ($post_id_sql)"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete posts', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id IN ($post_id_sql)"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete posts text', '', __LINE__, __FILE__, $sql); } remove_search_post($post_id_sql); } if ( $vote_id_sql != '' ) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE vote_id IN ($vote_id_sql)"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete vote descriptions', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id IN ($vote_id_sql)"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete vote results', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id IN ($vote_id_sql)"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete vote users', '', __LINE__, __FILE__, $sql); } } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id IN ($topic_id_sql)"; if ( !$db->sql_query($sql, END_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Could not delete watched post list', '', __LINE__, __FILE__, $sql); } sync('forum', $forum_id); if ( !empty($topic_id) ) { $redirect_page = "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id']; $l_redirect = sprintf($lang['Click_return_forum'], '<a href="' . $redirect_page . '">', '</a>'); } else { $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id']; $l_redirect = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>'); } $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">') ); message_die(GENERAL_MESSAGE, $lang['Topics_Removed'] . '<br /><br />' . $l_redirect); } else { // Not confirmed, show confirmation message if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) { message_die(GENERAL_MESSAGE, $lang['None_selected']); } $hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />'; if ( isset($HTTP_POST_VARS['topic_id_list']) ) { $topics = $HTTP_POST_VARS['topic_id_list']; for($i = 0; $i < count($topics); $i++) { $hidden_fields .= '<input type="hidden" name="topic_id_list[]" value="' . intval($topics[$i]) . '" />'; } } else { $hidden_fields .= '<input type="hidden" name="' . POST_TOPIC_URL . '" value="' . $topic_id . '" />'; } // // Set template files // $template->set_filenames(array( 'confirm' => 'confirm_body.tpl') ); $template->assign_vars(array( 'MESSAGE_TITLE' => $lang['Confirm'], 'MESSAGE_TEXT' => $lang['Confirm_delete_topic'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("modcp.$phpEx"), 'S_HIDDEN_FIELDS' => $hidden_fields) ); $template->pparse('confirm'); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } break; case 'move': $page_title = $lang['Mod_CP']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); if ( $confirm ) { if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) { message_die(GENERAL_MESSAGE, $lang['None_selected']); } $new_forum_id = intval($HTTP_POST_VARS['new_forum']); $old_forum_id = $forum_id; if ( $new_forum_id != $old_forum_id ) { $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); $topic_list = ''; for($i = 0; $i < count($topics); $i++) { $topic_list .= ( ( $topic_list != '' ) ? ', ' : '' ) . intval($topics[$i]); } $sql = "SELECT * FROM " . TOPICS_TABLE . " WHERE topic_id IN ($topic_list) AND forum_id = $old_forum_id AND topic_status <> " . TOPIC_MOVED; if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) ) { message_die(GENERAL_ERROR, 'Could not select from topic table', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrowset($result); $db->sql_freeresult($result); for($i = 0; $i < count($row); $i++) { $topic_id = $row[$i]['topic_id']; if ( isset($HTTP_POST_VARS['move_leave_shadow']) ) { // Insert topic in the old forum that indicates that the forum has moved. $sql = "INSERT INTO " . TOPICS_TABLE . " (forum_id, topic_title, topic_poster, topic_time, topic_status, topic_type, topic_vote, topic_views, topic_replies, topic_first_post_id, topic_last_post_id, topic_moved_id) VALUES ($old_forum_id, '" . addslashes(str_replace("\'", "''", $row[$i]['topic_title'])) . "', '" . str_replace("\'", "''", $row[$i]['topic_poster']) . "', " . $row[$i]['topic_time'] . ", " . TOPIC_MOVED . ", " . POST_NORMAL . ", " . $row[$i]['topic_vote'] . ", " . $row[$i]['topic_views'] . ", " . $row[$i]['topic_replies'] . ", " . $row[$i]['topic_first_post_id'] . ", " . $row[$i]['topic_last_post_id'] . ", $topic_id)"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert shadow topic', '', __LINE__, __FILE__, $sql); } } $sql = "UPDATE " . TOPICS_TABLE . " SET forum_id = $new_forum_id WHERE topic_id = $topic_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update old topic', '', __LINE__, __FILE__, $sql); } $sql = "UPDATE " . POSTS_TABLE . " SET forum_id = $new_forum_id WHERE topic_id = $topic_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update post topic ids', '', __LINE__, __FILE__, $sql); } } // Sync the forum indexes sync('forum', $new_forum_id); sync('forum', $old_forum_id); $message = $lang['Topics_Moved'] . '<br /><br />'; } else { $message = $lang['No_Topics_Moved'] . '<br /><br />'; } if ( !empty($topic_id) ) { $redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id']; $message .= sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>'); } else { $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id']; $message .= sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>'); } $message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$old_forum_id&sid=" . $userdata['session_id'] . '">', '</a>'); $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">') ); message_die(GENERAL_MESSAGE, $message); } else { if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) { message_die(GENERAL_MESSAGE, $lang['None_selected']); } $hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />'; if ( isset($HTTP_POST_VARS['topic_id_list']) ) { $topics = $HTTP_POST_VARS['topic_id_list']; for($i = 0; $i < count($topics); $i++) { $hidden_fields .= '<input type="hidden" name="topic_id_list[]" value="' . intval($topics[$i]) . '" />'; } } else { $hidden_fields .= '<input type="hidden" name="' . POST_TOPIC_URL . '" value="' . $topic_id . '" />'; } // // Set template files // $template->set_filenames(array( 'movetopic' => 'modcp_move.tpl') ); $template->assign_vars(array( 'MESSAGE_TITLE' => $lang['Confirm'], 'MESSAGE_TEXT' => $lang['Confirm_move_topic'], 'L_MOVE_TO_FORUM' => $lang['Move_to_forum'], 'L_LEAVESHADOW' => $lang['Leave_shadow_topic'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_FORUM_SELECT' => make_forum_select('new_forum', $forum_id), 'S_MODCP_ACTION' => append_sid("modcp.$phpEx"), 'S_HIDDEN_FIELDS' => $hidden_fields) ); $template->pparse('movetopic'); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } break; case 'lock': if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) { message_die(GENERAL_MESSAGE, $lang['None_selected']); } $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); $topic_id_sql = ''; for($i = 0; $i < count($topics); $i++) { $topic_id_sql .= ( ( $topic_id_sql != '' ) ? ', ' : '' ) . intval($topics[$i]); } $sql = "UPDATE " . TOPICS_TABLE . " SET topic_status = " . TOPIC_LOCKED . " WHERE topic_id IN ($topic_id_sql) AND forum_id = $forum_id AND topic_moved_id = 0"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not update topics table', '', __LINE__, __FILE__, $sql); } if ( !empty($topic_id) ) { $redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id']; $message = sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>'); } else { $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id']; $message = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>'); } $message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'] . '">', '</a>'); $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">') ); message_die(GENERAL_MESSAGE, $lang['Topics_Locked'] . '<br /><br />' . $message); break; case 'unlock': if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) { message_die(GENERAL_MESSAGE, $lang['None_selected']); } $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); $topic_id_sql = ''; for($i = 0; $i < count($topics); $i++) { $topic_id_sql .= ( ( $topic_id_sql != "") ? ', ' : '' ) . intval($topics[$i]); } $sql = "UPDATE " . TOPICS_TABLE . " SET topic_status = " . TOPIC_UNLOCKED . " WHERE topic_id IN ($topic_id_sql) AND forum_id = $forum_id AND topic_moved_id = 0"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not update topics table', '', __LINE__, __FILE__, $sql); } if ( !empty($topic_id) ) { $redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id']; $message = sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>'); } else { $redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id']; $message = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>'); } $message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'] . '">', '</a>'); $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">') ); message_die(GENERAL_MESSAGE, $lang['Topics_Unlocked'] . '<br /><br />' . $message); break; case 'split': $page_title = $lang['Mod_CP']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $post_id_sql = ''; if (isset($HTTP_POST_VARS['split_type_all']) || isset($HTTP_POST_VARS['split_type_beyond'])) { $posts = $HTTP_POST_VARS['post_id_list']; for ($i = 0; $i < count($posts); $i++) { $post_id_sql .= (($post_id_sql != '') ? ', ' : '') . intval($posts[$i]); } } if ($post_id_sql != '') { $sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE post_id IN ($post_id_sql) AND forum_id = $forum_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get post id information', '', __LINE__, __FILE__, $sql); } $post_id_sql = ''; while ($row = $db->sql_fetchrow($result)) { $post_id_sql .= (($post_id_sql != '') ? ', ' : '') . intval($row['post_id']); } $db->sql_freeresult($result); $sql = "SELECT post_id, poster_id, topic_id, post_time FROM " . POSTS_TABLE . " WHERE post_id IN ($post_id_sql) ORDER BY post_time ASC"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not get post information', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { $first_poster = $row['poster_id']; $topic_id = $row['topic_id']; $post_time = $row['post_time']; $user_id_sql = ''; $post_id_sql = ''; do { $user_id_sql .= (($user_id_sql != '') ? ', ' : '') . intval($row['poster_id']); $post_id_sql .= (($post_id_sql != '') ? ', ' : '') . intval($row['post_id']);; } while ($row = $db->sql_fetchrow($result)); $post_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject'])); if (empty($post_subject)) { message_die(GENERAL_MESSAGE, $lang['Empty_subject']); } $new_forum_id = intval($HTTP_POST_VARS['new_forum_id']); $topic_time = time(); $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type) VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")"; if (!($db->sql_query($sql, BEGIN_TRANSACTION))) { message_die(GENERAL_ERROR, 'Could not insert new topic', '', __LINE__, __FILE__, $sql); } $new_topic_id = $db->sql_nextid(); // Update topic watch table, switch users whose posts // have moved, over to watching the new topic $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET topic_id = $new_topic_id WHERE topic_id = $topic_id AND user_id IN ($user_id_sql)"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not update topics watch table', '', __LINE__, __FILE__, $sql); } $sql_where = (!empty($HTTP_POST_VARS['split_type_beyond'])) ? " post_time >= $post_time AND topic_id = $topic_id" : "post_id IN ($post_id_sql)"; $sql = "UPDATE " . POSTS_TABLE . " SET topic_id = $new_topic_id, forum_id = $new_forum_id WHERE $sql_where"; if (!$db->sql_query($sql, END_TRANSACTION)) { message_die(GENERAL_ERROR, 'Could not update posts table', '', __LINE__, __FILE__, $sql); } sync('topic', $new_topic_id); sync('topic', $topic_id); sync('forum', $new_forum_id); sync('forum', $forum_id); $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'] . '">') ); $message = $lang['Topic_split'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'] . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } } else { // // Set template files // $template->set_filenames(array( 'split_body' => 'modcp_split.tpl') ); $sql = "SELECT u.username, p.*, pt.post_text, pt.bbcode_uid, pt.post_subject, p.post_username FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u, " . POSTS_TEXT_TABLE . " pt WHERE p.topic_id = $topic_id AND p.poster_id = u.user_id AND p.post_id = pt.post_id ORDER BY p.post_time ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get topic/post information', '', __LINE__, __FILE__, $sql); } $s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" /><input type="hidden" name="' . POST_TOPIC_URL . '" value="' . $topic_id . '" /><input type="hidden" name="mode" value="split" />'; if( ( $total_posts = $db->sql_numrows($result) ) > 0 ) { $postrow = $db->sql_fetchrowset($result); $template->assign_vars(array( 'L_SPLIT_TOPIC' => $lang['Split_Topic'], 'L_SPLIT_TOPIC_EXPLAIN' => $lang['Split_Topic_explain'], 'L_AUTHOR' => $lang['Author'], 'L_MESSAGE' => $lang['Message'], 'L_SELECT' => $lang['Select'], 'L_SPLIT_SUBJECT' => $lang['Split_title'], 'L_SPLIT_FORUM' => $lang['Split_forum'], 'L_POSTED' => $lang['Posted'], 'L_SPLIT_POSTS' => $lang['Split_posts'], 'L_SUBMIT' => $lang['Submit'], 'L_SPLIT_AFTER' => $lang['Split_after'], 'L_POST_SUBJECT' => $lang['Post_subject'], 'L_MARK_ALL' => $lang['Mark_all'], 'L_UNMARK_ALL' => $lang['Unmark_all'], 'L_POST' => $lang['Post'], 'FORUM_NAME' => $forum_name, 'U_VIEW_FORUM' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"), 'S_SPLIT_ACTION' => append_sid("modcp.$phpEx"), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id)) ); // // Define censored word matches // $orig_word = array(); $replacement_word = array(); obtain_word_list($orig_word, $replacement_word); for($i = 0; $i < $total_posts; $i++) { $post_id = $postrow[$i]['post_id']; $poster_id = $postrow[$i]['poster_id']; $poster = $postrow[$i]['username']; $post_date = create_date($board_config['default_dateformat'], $postrow[$i]['post_time'], $board_config['board_timezone']); $bbcode_uid = $postrow[$i]['bbcode_uid']; $message = $postrow[$i]['post_text']; $post_subject = ( $postrow[$i]['post_subject'] != '' ) ? $postrow[$i]['post_subject'] : $topic_title; // // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // if ( !$board_config['allow_html'] ) { if ( $postrow[$i]['enable_html'] ) { $message = preg_replace('#(<)([\/]?.*?)(>)#is', '<\\2>', $message); } } if ( $bbcode_uid != '' ) { $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message); } if ( count($orig_word) ) { $post_subject = preg_replace($orig_word, $replacement_word, $post_subject); $message = preg_replace($orig_word, $replacement_word, $message); } $message = make_clickable($message); if ( $board_config['allow_smilies'] && $postrow[$i]['enable_smilies'] ) { $message = smilies_pass($message); } $message = str_replace("\n", '<br />', $message); $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $checkbox = ( $i > 0 ) ? '<input type="checkbox" name="post_id_list[]" value="' . $post_id . '" />' : ' '; $template->assign_block_vars('postrow', array( 'ROW_COLOR' => '#' . $row_color, 'ROW_CLASS' => $row_class, 'POSTER_NAME' => $poster, 'POST_DATE' => $post_date, 'POST_SUBJECT' => $post_subject, 'MESSAGE' => $message, 'POST_ID' => $post_id, 'S_SPLIT_CHECKBOX' => $checkbox) ); } $template->pparse('split_body'); } } break; case 'ip': $page_title = $lang['Mod_CP']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $rdns_ip_num = ( isset($HTTP_GET_VARS['rdns']) ) ? $HTTP_GET_VARS['rdns'] : ""; if ( !$post_id ) { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } // // Set template files // $template->set_filenames(array( 'viewip' => 'modcp_viewip.tpl') ); // Look up relevent data for this post $sql = "SELECT poster_ip, poster_id FROM " . POSTS_TABLE . " WHERE post_id = $post_id AND forum_id = $forum_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get poster IP information', '', __LINE__, __FILE__, $sql); } if ( !($post_row = $db->sql_fetchrow($result)) ) { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } $ip_this_post = decode_ip($post_row['poster_ip']); $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post; $poster_id = $post_row['poster_id']; $template->assign_vars(array( 'L_IP_INFO' => $lang['IP_info'], 'L_THIS_POST_IP' => $lang['This_posts_IP'], 'L_OTHER_IPS' => $lang['Other_IP_this_user'], 'L_OTHER_USERS' => $lang['Users_this_IP'], 'L_LOOKUP_IP' => $lang['Lookup_IP'], 'L_SEARCH' => $lang['Search'], 'SEARCH_IMG' => $images['icon_search'], 'IP' => $ip_this_post, 'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=$ip_this_post&sid=" . $userdata['session_id']) ); // // Get other IP's this user has posted under // $sql = "SELECT poster_ip, COUNT(*) AS postings FROM " . POSTS_TABLE . " WHERE poster_id = $poster_id GROUP BY poster_ip ORDER BY " . (( SQL_LAYER == 'msaccess' ) ? 'COUNT(*)' : 'postings' ) . " DESC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get IP information for this user', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { $i = 0; do { if ( $row['poster_ip'] == $post_row['poster_ip'] ) { $template->assign_vars(array( 'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] )) ); continue; } $ip = decode_ip($row['poster_ip']); $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars('iprow', array( 'ROW_COLOR' => '#' . $row_color, 'ROW_CLASS' => $row_class, 'IP' => $ip, 'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ), 'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=" . $row['poster_ip'] . "&sid=" . $userdata['session_id']) ); $i++; } while ( $row = $db->sql_fetchrow($result) ); } // // Get other users who've posted under this IP // $sql = "SELECT u.user_id, u.username, COUNT(*) as postings FROM " . USERS_TABLE ." u, " . POSTS_TABLE . " p WHERE p.poster_id = u.user_id AND p.poster_ip = '" . $post_row['poster_ip'] . "' GROUP BY u.user_id, u.username ORDER BY " . (( SQL_LAYER == 'msaccess' ) ? 'COUNT(*)' : 'postings' ) . " DESC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get posters information based on IP', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { $i = 0; do { $id = $row['user_id']; $username = ( $id == ANONYMOUS ) ? $lang['Guest'] : $row['username']; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars('userrow', array( 'ROW_COLOR' => '#' . $row_color, 'ROW_CLASS' => $row_class, 'USERNAME' => $username, 'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ), 'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username), 'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"), 'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=topics")) ); $i++; } while ( $row = $db->sql_fetchrow($result) ); } $template->pparse('viewip'); break; default: $page_title = $lang['Mod_CP']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->assign_vars(array( 'FORUM_NAME' => $forum_name, 'L_MOD_CP' => $lang['Mod_CP'], 'L_MOD_CP_EXPLAIN' => $lang['Mod_CP_explain'], 'L_SELECT' => $lang['Select'], 'L_DELETE' => $lang['Delete'], 'L_MOVE' => $lang['Move'], 'L_LOCK' => $lang['Lock'], 'L_UNLOCK' => $lang['Unlock'], 'L_TOPICS' => $lang['Topics'], 'L_REPLIES' => $lang['Replies'], 'L_LASTPOST' => $lang['Last_Post'], 'L_SELECT' => $lang['Select'], 'U_VIEW_FORUM' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"), 'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />', 'S_MODCP_ACTION' => append_sid("modcp.$phpEx")) ); $template->set_filenames(array( 'body' => 'modcp_body.tpl') ); make_jumpbox('modcp.'.$phpEx); // // Define censored word matches // $orig_word = array(); $replacement_word = array(); obtain_word_list($orig_word, $replacement_word); $sql = "SELECT t.*, u.username, u.user_id, p.post_time FROM " . TOPICS_TABLE . " t, " . USERS_TABLE . " u, " . POSTS_TABLE . " p WHERE t.forum_id = $forum_id AND t.topic_poster = u.user_id AND p.post_id = t.topic_last_post_id ORDER BY t.topic_type DESC, p.post_time DESC LIMIT $start, " . $board_config['topics_per_page']; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain topic information', '', __LINE__, __FILE__, $sql); } while ( $row = $db->sql_fetchrow($result) ) { $topic_title = ''; if ( $row['topic_status'] == TOPIC_LOCKED ) { $folder_img = $images['folder_locked']; $folder_alt = $lang['Topic_locked']; } else { if ( $row['topic_type'] == POST_ANNOUNCE ) { $folder_img = $images['folder_announce']; $folder_alt = $lang['Topic_Announcement']; } else if ( $row['topic_type'] == POST_STICKY ) { $folder_img = $images['folder_sticky']; $folder_alt = $lang['Topic_Sticky']; } else { $folder_img = $images['folder']; $folder_alt = $lang['No_new_posts']; } } $topic_id = $row['topic_id']; $topic_type = $row['topic_type']; $topic_status = $row['topic_status']; if ( $topic_type == POST_ANNOUNCE ) { $topic_type = $lang['Topic_Announcement'] . ' '; } else if ( $topic_type == POST_STICKY ) { $topic_type = $lang['Topic_Sticky'] . ' '; } else if ( $topic_status == TOPIC_MOVED ) { $topic_type = $lang['Topic_Moved'] . ' '; } else { $topic_type = ''; } if ( $row['topic_vote'] ) { $topic_type .= $lang['Topic_Poll'] . ' '; } $topic_title = $row['topic_title']; if ( count($orig_word) ) { $topic_title = preg_replace($orig_word, $replacement_word, $topic_title); } $u_view_topic = "modcp.$phpEx?mode=split&" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id']; $topic_replies = $row['topic_replies']; $last_post_time = create_date($board_config['default_dateformat'], $row['post_time'], $board_config['board_timezone']); $template->assign_block_vars('topicrow', array( 'U_VIEW_TOPIC' => $u_view_topic, 'TOPIC_FOLDER_IMG' => $folder_img, 'TOPIC_TYPE' => $topic_type, 'TOPIC_TITLE' => $topic_title, 'REPLIES' => $topic_replies, 'LAST_POST_TIME' => $last_post_time, 'TOPIC_ID' => $topic_id, 'L_TOPIC_FOLDER_ALT' => $folder_alt) ); } $template->assign_vars(array( 'PAGINATION' => generate_pagination("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'], $forum_topics, $board_config['topics_per_page'], $start), 'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['topics_per_page'] ) + 1 ), ceil( $forum_topics / $board_config['topics_per_page'] )), 'L_GOTO_PAGE' => $lang['Goto_page']) ); $template->pparse('body'); break; } include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ?>