MyBB PHP Cross Reference Discussion Forums

Source: /moderation.php - 2638 lines - 71555 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define('THIS_SCRIPT', 'moderation.php');
  14  
  15  $templatelist = 'changeuserbox,loginbox,moderation_delayedmoderation_custommodtool,moderation_delayedmodaction_notes,moderation_delayedmoderation_merge,moderation_delayedmoderation_move';
  16  $templatelist .= ',moderation_delayedmoderation,moderation_deletethread,moderation_deletepoll,moderation_deleteposts_post,moderation_deleteposts,moderation_mergeposts_post,moderation_mergeposts';
  17  $templatelist .= ',moderation_move,moderation_threadnotes_modaction,moderation_threadnotes_delayedmodaction,moderation_threadnotes,moderation_getip_modoptions,moderation_getip,moderation_merge';
  18  $templatelist .= ',moderation_split_post,moderation_split,moderation_inline_deletethreads,moderation_inline_movethreads,moderation_inline_deleteposts,moderation_inline_mergeposts';
  19  $templatelist .= ',moderation_inline_splitposts,forumjump_bit,forumjump_special,forumjump_advanced,forumdisplay_password_wrongpass,forumdisplay_password';
  20  
  21  require_once  "./global.php";
  22  require_once  MYBB_ROOT."inc/functions_post.php";
  23  require_once  MYBB_ROOT."inc/functions_upload.php";
  24  require_once  MYBB_ROOT."inc/class_parser.php";
  25  $parser = new postParser;
  26  require_once  MYBB_ROOT."inc/class_moderation.php";
  27  $moderation = new Moderation;
  28  
  29  // Load global language phrases
  30  $lang->load("moderation");
  31  
  32  $plugins->run_hooks("moderation_start");
  33  
  34  // Get some navigation if we need it
  35  switch($mybb->input['action'])
  36  {
  37      case "reports":
  38          add_breadcrumb($lang->reported_posts);
  39          break;
  40      case "allreports":
  41          add_breadcrumb($lang->all_reported_posts);
  42          break;
  43  
  44  }
  45  $tid = intval($mybb->input['tid']);
  46  $pid = intval($mybb->input['pid']);
  47  $fid = intval($mybb->input['fid']);
  48  
  49  if($pid)
  50  {
  51      $post = get_post($pid);
  52      $tid = $post['tid'];
  53      if(!$post['pid'])
  54      {
  55          error($lang->error_invalidpost);
  56      }
  57  }
  58  
  59  if($tid)
  60  {
  61      $thread = get_thread($tid);
  62      $fid = $thread['fid'];
  63      if(!$thread['tid'])
  64      {
  65          error($lang->error_invalidthread);
  66      }
  67  }
  68  
  69  if($fid)
  70  {
  71      $modlogdata['fid'] = $fid;
  72      $forum = get_forum($fid);
  73  
  74      // Make navigation
  75      build_forum_breadcrumb($fid);
  76  }
  77  
  78  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  79  
  80  if($tid)
  81  {
  82      add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  83      $modlogdata['tid'] = $tid;
  84  }
  85  
  86  // Get our permissions all nice and setup
  87  $permissions = forum_permissions($fid);
  88  
  89  if($fid)
  90  {
  91      // Check if this forum is password protected and we have a valid password
  92      check_forum_password($forum['fid']);
  93  }
  94  
  95  if($mybb->user['uid'] != 0)
  96  {
  97      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
  98  }
  99  else
 100  {
 101      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 102  }
 103  
 104  $allowable_moderation_actions = array("getip", "cancel_delayedmoderation", "delayedmoderation");
 105  
 106  if($mybb->request_method != "post" && !in_array($mybb->input['action'], $allowable_moderation_actions))
 107  {
 108      error_no_permission();
 109  }
 110  
 111  // Begin!
 112  switch($mybb->input['action'])
 113  {
 114      // Delayed Moderation
 115      case "cancel_delayedmoderation":
 116          // Verify incoming POST request
 117          verify_post_check($mybb->input['my_post_key']);
 118  
 119          add_breadcrumb($lang->delayed_moderation);
 120          if(!is_moderator($fid, "canmanagethreads"))
 121          {
 122              error_no_permission();
 123          }
 124  
 125          $db->delete_query("delayedmoderation", "did='".intval($mybb->input['did'])."'");
 126  
 127          if($tid == 0)
 128          {
 129              moderation_redirect(get_forum_link($fid), $lang->redirect_delayed_moderation_cancelled);
 130          }
 131          else
 132          {
 133              moderation_redirect("moderation.php?action=delayedmoderation&amp;tid={$tid}&amp;my_post_key={$mybb->post_code}", $lang->redirect_delayed_moderation_cancelled);
 134          }
 135          break;
 136      case "do_delayedmoderation":
 137      case "delayedmoderation":
 138          // Verify incoming POST request
 139          verify_post_check($mybb->input['my_post_key']);
 140  
 141          add_breadcrumb($lang->delayed_moderation);
 142  
 143          if(!is_moderator($fid, "canmanagethreads"))
 144          {
 145              error_no_permission();
 146          }
 147  
 148          $errors = array();
 149          $customthreadtools = "";
 150  
 151          $allowed_types = array('openclosethread', 'deletethread', 'move', 'stick', 'merge', 'removeredirects', 'removesubscriptions', 'approveunapprovethread');
 152  
 153          switch($db->type)
 154          {
 155              case "pgsql":
 156              case "sqlite":
 157                  $query = $db->simple_select("modtools", 'tid, name', "(','||forums||',' LIKE '%,$fid,%' OR ','||forums||',' LIKE '%,-1,%' OR forums='') AND type = 't'");
 158                  break;
 159              default:
 160                  $query = $db->simple_select("modtools", 'tid, name', "(CONCAT(',',forums,',') LIKE '%,$fid,%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='') AND type = 't'");
 161          }
 162          while($tool = $db->fetch_array($query))
 163          {
 164              $allowed_types[] = "modtool_".$tool['tid'];
 165  
 166              $tool['name'] = htmlspecialchars_uni($tool['name']);
 167  
 168              $checked = "";
 169              if($mybb->input['type'] == "modtool_".$tool['tid'])
 170              {
 171                  $checked = "checked=\"checked\"";
 172              }
 173  
 174              eval("\$customthreadtools .= \"".$templates->get("moderation_delayedmoderation_custommodtool")."\";");
 175          }
 176  
 177          if($mybb->input['tid'])
 178          {
 179              $mybb->input['tids'] = $mybb->input['tid'];
 180          }
 181          else
 182          {
 183              if($mybb->input['inlinetype'] == 'search')
 184              {
 185                  $tids = getids($mybb->input['searchid'], 'search');
 186              }
 187              else
 188              {
 189                  $fid = $mybb->input['fid'];
 190                  $tids = getids($fid, "forum");
 191              }
 192              if(count($tids) < 1)
 193              {
 194                  error($lang->error_inline_nothreadsselected);
 195              }
 196  
 197              $mybb->input['tids'] = $tids;
 198          }
 199  
 200          if($mybb->input['action'] == "do_delayedmoderation" && $mybb->request_method == "post")
 201          {
 202              if(!in_array($mybb->input['type'], $allowed_types))
 203              {
 204                  $mybb->input['type'] = '';
 205                  $errors[] = $lang->error_delayedmoderation_unsupported_type;
 206              }
 207  
 208              if($mybb->input['type'] == 'move' && !in_array($mybb->input['delayedmoderation']['method'], array('move', 'redirect', 'copy')))
 209              {
 210                  $mybb->input['delayedmoderation']['method'] = '';
 211                  $errors[] = $lang->error_delayedmoderation_unsupported_method;
 212              }
 213  
 214              if($mybb->input['type'] == 'move')
 215              {
 216                  $newforum = get_forum($fid);
 217                  if(!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '')
 218                  {
 219                      $errors[] = $lang->error_invalidforum;
 220                  }
 221              }
 222  
 223              if($mybb->input['delay'] < 1)
 224              {
 225                  $mybb->input['delay'] = 1;
 226                  $errors[] = $lang->error_delayedmoderation_invalid_delay;
 227              }
 228  
 229              if(!$errors)
 230              {
 231                  if(is_array($mybb->input['tids']))
 232                  {
 233                      $mybb->input['tids'] = implode(',' , $mybb->input['tids']);
 234                  }
 235                  $db->insert_query("delayedmoderation", array(
 236                      'type' => $db->escape_string($mybb->input['type']),
 237                      'delaydateline' => TIME_NOW+(intval($mybb->input['delay'])*24*60*60),
 238                      'uid' => $mybb->user['uid'],
 239                      'tids' => $db->escape_string($mybb->input['tids']),
 240                      'fid' => $fid,
 241                      'dateline' => TIME_NOW,
 242                      'inputs' => $db->escape_string(serialize($mybb->input['delayedmoderation']))
 243                  ));
 244  
 245                  $lang->redirect_delayed_moderation_thread = $lang->sprintf($lang->redirect_delayed_moderation_thread, intval($mybb->input['delay']));
 246  
 247                  if($mybb->input['tid'])
 248                  {
 249                      moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_delayed_moderation_thread);
 250                  }
 251                  else
 252                  {
 253                      if($mybb->input['inlinetype'] == 'search')
 254                      {
 255                          moderation_redirect(get_forum_link($fid), $lang->sprintf($lang->redirect_delayed_moderation_search, $mybb->input['delay']));
 256                      }
 257                      else
 258                      {
 259                          moderation_redirect(get_forum_link($fid), $lang->sprintf($lang->redirect_delayed_moderation_forum, $mybb->input['delay']));
 260                      }
 261                  }
 262              }
 263              else
 264              {
 265                  $type_selected = array($mybb->input['type'] => "checked=\"checked\"");
 266                  $method_selected = array($mybb->input['delayedmoderation']['method'] => "checked=\"checked\"");
 267  
 268                  $mybb->input['delay'] = intval($mybb->input['delay']);
 269                  $mybb->input['delayedmoderation']['redirect_expire'] = intval($mybb->input['delayedmoderation']['redirect_expire']);
 270                  $mybb->input['delayedmoderation']['new_forum'] = intval($mybb->input['delayedmoderation']['new_forum']);
 271                  $mybb->input['delayedmoderation']['subject'] = htmlspecialchars_uni($mybb->input['delayedmoderation']['subject']);
 272                  $mybb->input['delayedmoderation']['threadurl'] = htmlspecialchars_uni($mybb->input['delayedmoderation']['threadurl']);
 273  
 274                  $forumselect = build_forum_jump("", $mybb->input['delayedmoderation']['new_forum'], 1, '', 0, true, '', "delayedmoderation[new_forum]");
 275              }
 276          }
 277          else
 278          {
 279              $type_selected = array('openclosethread' => "checked=\"checked\"");
 280              $method_selected = array('move' => "checked=\"checked\"");
 281  
 282              $mybb->input['delay'] = 1;
 283              $mybb->input['delayedmoderation']['redirect_expire'] = '';
 284              $mybb->input['delayedmoderation']['subject'] = $thread['subject'];
 285              $mybb->input['delayedmoderation']['threadurl'] = '';
 286  
 287              $forumselect = build_forum_jump("", $fid, 1, '', 0, true, '', "delayedmoderation[new_forum]");
 288          }
 289  
 290          if(count($errors) > 0)
 291          {
 292              $display_errors = inline_error($errors);
 293          }
 294  
 295          $forum_cache = $cache->read("forums");
 296  
 297          $actions = array(
 298              'openclosethread' => $lang->open_close_thread,
 299              'deletethread' => $lang->delete_thread,
 300              'move' => $lang->move_copy_thread,
 301              'stick' => $lang->stick_unstick_thread,
 302              'merge' => $lang->merge_threads,
 303              'removeredirects' => $lang->remove_redirects,
 304              'removesubscriptions' => $lang->remove_subscriptions,
 305              'approveunapprovethread' => $lang->approve_unapprove_thread
 306          );
 307  
 308          switch($db->type)
 309          {
 310              case "pgsql":
 311              case "sqlite":
 312                  $query = $db->simple_select("modtools", 'tid, name', "(','||forums||',' LIKE '%,$fid,%' OR ','||forums||',' LIKE '%,-1,%' OR forums='') AND type = 't'");
 313                  break;
 314              default:
 315                  $query = $db->simple_select("modtools", 'tid, name', "(CONCAT(',',forums,',') LIKE '%,$fid,%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='') AND type = 't'");
 316          }
 317          while($tool = $db->fetch_array($query))
 318          {
 319              $actions['modtool_'.$tool['tid']] = htmlspecialchars_uni($tool['name']);
 320          }
 321  
 322          $delayedmods = '';
 323          $trow = alt_trow(1);
 324          if($tid == 0)
 325          {
 326              // Inline thread moderation is used
 327              if($mybb->input['inlinetype'] == 'search')
 328              {
 329                  $tids = getids($mybb->input['searchid'], 'search');
 330              }
 331              else
 332              {
 333                  $tids = getids($fid, "forum");
 334              }
 335              $where_array = array();
 336              switch($db->type)
 337              {
 338                  case "pgsql":
 339                  case "sqlite":
 340                      foreach($tids as $like)
 341                      {
 342                          $where_array[] = "','||d.tids||',' LIKE '%,".$db->escape_string($like).",%'";
 343                      }
 344                      $where_statement = implode(" OR ", $where_array);
 345                      break;
 346                  default:
 347                      foreach($tids as $like)
 348                      {
 349                          $where_array[] = "CONCAT(',',d.tids,',') LIKE  '%,".$db->escape_string($like).",%'";
 350                      }
 351                      $where_statement = implode(" OR ", $where_array);
 352              }
 353              $query = $db->query("
 354                  SELECT d.*, u.username, f.name AS fname
 355                  FROM ".TABLE_PREFIX."delayedmoderation d
 356                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=d.uid)
 357                  LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=d.fid)
 358                  WHERE ".$where_statement."
 359                  ORDER BY d.dateline DESC
 360                  LIMIT  0, 20
 361              ");
 362          }
 363          else
 364          {
 365              switch($db->type)
 366              {
 367                  case "pgsql":
 368                  case "sqlite":
 369                      $query = $db->query("
 370                          SELECT d.*, u.username, f.name AS fname
 371                          FROM ".TABLE_PREFIX."delayedmoderation d
 372                          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=d.uid)
 373                          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=d.fid)
 374                          WHERE ','||d.tids||',' LIKE '%,{$tid},%'
 375                          ORDER BY d.dateline DESC
 376                          LIMIT  0, 20
 377                      ");
 378                      break;
 379                  default:
 380                      $query = $db->query("
 381                          SELECT d.*, u.username, f.name AS fname
 382                          FROM ".TABLE_PREFIX."delayedmoderation d
 383                          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=d.uid)
 384                          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=d.fid)
 385                          WHERE CONCAT(',',d.tids,',') LIKE '%,{$tid},%'
 386                          ORDER BY d.dateline DESC
 387                          LIMIT  0, 20
 388                      ");
 389              }
 390          }
 391          while($delayedmod = $db->fetch_array($query))
 392          {
 393              $delayedmod['dateline'] = my_date("jS M Y, G:i", $delayedmod['delaydateline']);
 394              $delayedmod['profilelink'] = build_profile_link($delayedmod['username'], $delayedmod['uid']);
 395              $delayedmod['action'] = $actions[$delayedmod['type']];
 396              $info = '';
 397              if(strpos($delayedmod['tids'], ',') === false)
 398              {
 399                  $delayed_thread = get_thread($delayedmod['tids']);
 400                  $info .= "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($delayedmod['tids'])."\">".htmlspecialchars_uni($delayed_thread['subject'])."</a><br />";
 401              }
 402              else
 403              {
 404                  $info .= "<strong>{$lang->thread}</strong> {$lang->multiple_threads}<br />";
 405              }
 406  
 407              if($delayedmod['fname'])
 408              {
 409                  $info .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($delayedmod['fid'])."\">".htmlspecialchars_uni($delayedmod['fname'])."</a><br />";
 410              }
 411              $delayedmod['inputs'] = unserialize($delayedmod['inputs']);
 412  
 413              if($delayedmod['type'] == 'move')
 414              {
 415                  $info .= "<strong>{$lang->new_forum}</strong>  <a href=\"".get_forum_link($delayedmod['inputs']['new_forum'])."\">".htmlspecialchars_uni($forum_cache[$delayedmod['inputs']['new_forum']]['name'])."</a><br />";
 416                  if($delayedmod['inputs']['method'] == "redirect")
 417                  {
 418                      if(intval($delayedmod['inputs']['redirect_expire']) == 0)
 419                      {
 420                          $redirect_expire_bit = $lang->redirect_forever;
 421                      }
 422                      else
 423                      {
 424                          $redirect_expire_bit = intval($delayedmod['inputs']['redirect_expire'])." {$lang->days}";
 425                      }
 426                      $info .= "<strong>{$lang->leave_redirect_for}</strong> {$redirect_expire_bit}<br />";
 427                  }
 428              }
 429              else if($delayedmod['type'] == 'merge')
 430              {
 431                  $info .= "<strong>{$lang->new_subject}</strong> ".htmlspecialchars_uni($delayedmod['inputs']['subject'])."<br />";
 432                  $info .= "<strong>{$lang->thread_to_merge_with}</strong> <a href=\"".htmlspecialchars_uni($delayedmod['inputs']['threadurl'])."\">".htmlspecialchars_uni($delayedmod['inputs']['threadurl'])."</a><br />";
 433              }
 434  
 435              eval("\$delayedmods .= \"".$templates->get("moderation_delayedmodaction_notes")."\";");
 436              $trow = alt_trow();
 437          }
 438          if(!$delayedmods)
 439          {
 440              $delayedmods = "<tr><td class=\"trow1\" colspan=\"5\">{$lang->no_delayed_mods}</td></tr>";
 441          }
 442  
 443          $url = '';
 444          if($mybb->input['tid'])
 445          {
 446              $lang->threads = $lang->thread;
 447              $threads = "<a href=\"".get_thread_link($tid)."\">{$thread['subject']}</a>";
 448              eval("\$moderation_delayedmoderation_merge = \"".$templates->get("moderation_delayedmoderation_merge")."\";");
 449          }
 450          else
 451          {
 452              if($mybb->input['inlinetype'] == 'search')
 453              {
 454                  $tids = getids($mybb->input['searchid'], 'search');
 455                  $url = htmlspecialchars_uni($mybb->input['url']);
 456              }
 457              else
 458              {
 459                  $tids = getids($fid, "forum");
 460              }
 461              if(count($tids) < 1)
 462              {
 463                  error($lang->error_inline_nothreadsselected);
 464              }
 465  
 466              $threads = $lang->sprintf($lang->threads_selected, count($tids));
 467          }
 468          eval("\$moderation_delayedmoderation_move = \"".$templates->get("moderation_delayedmoderation_move")."\";");
 469  
 470          $plugins->run_hooks("moderation_delayedmoderation");
 471  
 472          eval("\$delayedmoderation = \"".$templates->get("moderation_delayedmoderation")."\";");
 473          output_page($delayedmoderation);
 474          break;
 475      // Open or close a thread
 476      case "openclosethread":
 477          // Verify incoming POST request
 478          verify_post_check($mybb->input['my_post_key']);
 479  
 480          if(!is_moderator($fid, "canopenclosethreads"))
 481          {
 482              error_no_permission();
 483          }
 484  
 485          if($thread['closed'] == 1)
 486          {
 487              $openclose = $lang->opened;
 488              $redirect = $lang->redirect_openthread;
 489              $moderation->open_threads($tid);
 490          }
 491          else
 492          {
 493              $openclose = $lang->closed;
 494              $redirect = $lang->redirect_closethread;
 495              $moderation->close_threads($tid);
 496          }
 497  
 498          $lang->mod_process = $lang->sprintf($lang->mod_process, $openclose);
 499  
 500          log_moderator_action($modlogdata, $lang->mod_process);
 501  
 502          moderation_redirect(get_thread_link($thread['tid']), $redirect);
 503          break;
 504  
 505      // Stick or unstick that post to the top bab!
 506      case "stick";
 507          // Verify incoming POST request
 508          verify_post_check($mybb->input['my_post_key']);
 509  
 510          if(!is_moderator($fid, "canmanagethreads"))
 511          {
 512              error_no_permission();
 513          }
 514  
 515          $plugins->run_hooks("moderation_stick");
 516  
 517          if($thread['sticky'] == 1)
 518          {
 519              $stuckunstuck = $lang->unstuck;
 520              $redirect = $lang->redirect_unstickthread;
 521              $moderation->unstick_threads($tid);
 522          }
 523          else
 524          {
 525              $stuckunstuck = $lang->stuck;
 526              $redirect = $lang->redirect_stickthread;
 527              $moderation->stick_threads($tid);
 528          }
 529  
 530          $lang->mod_process = $lang->sprintf($lang->mod_process, $stuckunstuck);
 531  
 532          log_moderator_action($modlogdata, $lang->mod_process);
 533  
 534          moderation_redirect(get_thread_link($thread['tid']), $redirect);
 535          break;
 536  
 537      // Remove redirects to a specific thread
 538      case "removeredirects":
 539  
 540          // Verify incoming POST request
 541          verify_post_check($mybb->input['my_post_key']);
 542  
 543          if(!is_moderator($fid, "canmanagethreads"))
 544          {
 545              error_no_permission();
 546          }
 547  
 548          $plugins->run_hooks("moderation_removeredirects");
 549  
 550          $moderation->remove_redirects($tid);
 551  
 552          log_moderator_action($modlogdata, $lang->redirects_removed);
 553          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_redirectsremoved);
 554          break;
 555  
 556      // Delete thread confirmation page
 557      case "deletethread":
 558  
 559          add_breadcrumb($lang->nav_deletethread);
 560  
 561          if(!is_moderator($fid, "candeleteposts"))
 562          {
 563              if($permissions['candeletethreads'] != 1 || $mybb->user['uid'] != $thread['uid'])
 564              {
 565                  error_no_permission();
 566              }
 567          }
 568  
 569          $plugins->run_hooks("moderation_deletethread");
 570  
 571          eval("\$deletethread = \"".$templates->get("moderation_deletethread")."\";");
 572          output_page($deletethread);
 573          break;
 574  
 575      // Delete the actual thread here
 576      case "do_deletethread":
 577  
 578          // Verify incoming POST request
 579          verify_post_check($mybb->input['my_post_key']);
 580  
 581          if(!is_moderator($fid, "candeleteposts"))
 582          {
 583              if($permissions['candeletethreads'] != 1 || $mybb->user['uid'] != $thread['uid'])
 584              {
 585                  error_no_permission();
 586              }
 587          }
 588  
 589          $plugins->run_hooks("moderation_do_deletethread");
 590  
 591          // Log the subject of the deleted thread
 592          $modlogdata['thread_subject'] = $thread['subject'];
 593  
 594          $thread['subject'] = $db->escape_string($thread['subject']);
 595          $lang->thread_deleted = $lang->sprintf($lang->thread_deleted, $thread['subject']);
 596          log_moderator_action($modlogdata, $lang->thread_deleted);
 597  
 598          $moderation->delete_thread($tid);
 599  
 600          mark_reports($tid, "thread");
 601          moderation_redirect(get_forum_link($fid), $lang->redirect_threaddeleted);
 602          break;
 603  
 604      // Delete the poll from a thread confirmation page
 605      case "deletepoll":
 606          add_breadcrumb($lang->nav_deletepoll);
 607  
 608          if(!is_moderator($fid, "candeleteposts"))
 609          {
 610              if($permissions['candeletethreads'] != 1 || $mybb->user['uid'] != $thread['uid'])
 611              {
 612                  error_no_permission();
 613              }
 614          }
 615  
 616          $plugins->run_hooks("moderation_deletepoll");
 617  
 618          $query = $db->simple_select("polls", "*", "tid='$tid'");
 619          $poll = $db->fetch_array($query);
 620          if(!$poll['pid'])
 621          {
 622              error($lang->error_invalidpoll);
 623          }
 624  
 625          eval("\$deletepoll = \"".$templates->get("moderation_deletepoll")."\";");
 626          output_page($deletepoll);
 627          break;
 628  
 629      // Delete the actual poll here!
 630      case "do_deletepoll":
 631  
 632          // Verify incoming POST request
 633          verify_post_check($mybb->input['my_post_key']);
 634  
 635          if(!$mybb->input['delete'])
 636          {
 637              error($lang->redirect_pollnotdeleted);
 638          }
 639          if(!is_moderator($fid, "candeleteposts"))
 640          {
 641              if($permissions['candeletethreads'] != 1 || $mybb->user['uid'] != $thread['uid'])
 642              {
 643                  error_no_permission();
 644              }
 645          }
 646          $query = $db->simple_select("polls", "*", "tid='$tid'");
 647          $poll = $db->fetch_array($query);
 648          if(!$poll['pid'])
 649          {
 650              error($lang->error_invalidpoll);
 651          }
 652  
 653          $plugins->run_hooks("moderation_do_deletepoll");
 654  
 655          $lang->poll_deleted = $lang->sprintf($lang->poll_deleted, $thread['subject']);
 656          log_moderator_action($modlogdata, $lang->poll_deleted);
 657  
 658          $moderation->delete_poll($poll['pid']);
 659  
 660          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_polldeleted);
 661          break;
 662  
 663      // Approve a thread
 664      case "approvethread":
 665  
 666          // Verify incoming POST request
 667          verify_post_check($mybb->input['my_post_key']);
 668  
 669          if(!is_moderator($fid, "canopenclosethreads"))
 670          {
 671              error_no_permission();
 672          }
 673          $query = $db->simple_select("threads", "*", "tid='$tid'");
 674          $thread = $db->fetch_array($query);
 675  
 676          $plugins->run_hooks("moderation_approvethread");
 677  
 678          $lang->thread_approved = $lang->sprintf($lang->thread_approved, $thread['subject']);
 679          log_moderator_action($modlogdata, $lang->thread_approved);
 680  
 681          $moderation->approve_threads($tid, $fid);
 682  
 683          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_threadapproved);
 684          break;
 685  
 686      // Unapprove a thread
 687      case "unapprovethread":
 688  
 689          // Verify incoming POST request
 690          verify_post_check($mybb->input['my_post_key']);
 691  
 692          if(!is_moderator($fid, "canopenclosethreads"))
 693          {
 694              error_no_permission();
 695          }
 696          $query = $db->simple_select("threads", "*", "tid='$tid'");
 697          $thread = $db->fetch_array($query);
 698  
 699          $plugins->run_hooks("moderation_unapprovethread");
 700  
 701          $lang->thread_unapproved = $lang->sprintf($lang->thread_unapproved, $thread['subject']);
 702          log_moderator_action($modlogdata, $lang->thread_unapproved);
 703  
 704          $moderation->unapprove_threads($tid, $fid);
 705  
 706          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_threadunapproved);
 707          break;
 708  
 709      // Delete selective posts in a thread
 710      case "deleteposts":
 711          add_breadcrumb($lang->nav_deleteposts);
 712          if(!is_moderator($fid, "candeleteposts"))
 713          {
 714              error_no_permission();
 715          }
 716          $posts = "";
 717          $query = $db->query("
 718              SELECT p.*, u.*
 719              FROM ".TABLE_PREFIX."posts p
 720              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
 721              WHERE tid='$tid'
 722              ORDER BY dateline ASC
 723          ");
 724          $altbg = "trow1";
 725          while($post = $db->fetch_array($query))
 726          {
 727              $postdate = my_date($mybb->settings['dateformat'], $post['dateline']);
 728              $posttime = my_date($mybb->settings['timeformat'], $post['dateline']);
 729  
 730              $parser_options = array(
 731                  "allow_html" => $forum['allowhtml'],
 732                  "allow_mycode" => $forum['allowmycode'],
 733                  "allow_smilies" => $forum['allowsmilies'],
 734                  "allow_imgcode" => $forum['allowimgcode'],
 735                  "allow_videocode" => $forum['allowvideocode'],
 736                  "filter_badwords" => 1
 737              );
 738              if($post['smilieoff'] == 1)
 739              {
 740                  $parser_options['allow_smilies'] = 0;
 741              }
 742  
 743              $message = $parser->parse_message($post['message'], $parser_options);
 744              eval("\$posts .= \"".$templates->get("moderation_deleteposts_post")."\";");
 745              $altbg = alt_trow();
 746          }
 747  
 748          $plugins->run_hooks("moderation_deleteposts");
 749  
 750          eval("\$deleteposts = \"".$templates->get("moderation_deleteposts")."\";");
 751          output_page($deleteposts);
 752          break;
 753  
 754      // Lets delete those selected posts!
 755      case "do_deleteposts":
 756  
 757          // Verify incoming POST request
 758          verify_post_check($mybb->input['my_post_key']);
 759  
 760          if(!is_moderator($fid, "candeleteposts"))
 761          {
 762              error_no_permission();
 763          }
 764  
 765          $plugins->run_hooks("moderation_do_deleteposts");
 766  
 767          $deletethread = "1";
 768          $deletepost = $mybb->input['deletepost'];
 769          $query = $db->simple_select("posts", "*", "tid='$tid'");
 770          while($post = $db->fetch_array($query))
 771          {
 772              if($deletepost[$post['pid']] == 1)
 773              {
 774                  $moderation->delete_post($post['pid']);
 775                  $deletecount++;
 776                  $plist[] = $post['pid'];
 777              }
 778              else
 779              {
 780                  $deletethread = "0";
 781              }
 782          }
 783          if($deletethread)
 784          {
 785              $moderation->delete_thread($tid);
 786              $url = get_forum_link($fid);
 787              mark_reports($plist, "posts");
 788          }
 789          else
 790          {
 791              $url = get_thread_link($thread['tid']);
 792              mark_reports($tid, "thread");
 793          }
 794          $lang->deleted_selective_posts = $lang->sprintf($lang->deleted_selective_posts, $deletecount);
 795          log_moderator_action($modlogdata, $lang->deleted_selective_posts);
 796          moderation_redirect($url, $lang->redirect_postsdeleted);
 797          break;
 798  
 799      // Merge selected posts selection screen
 800      case "mergeposts":
 801          add_breadcrumb($lang->nav_mergeposts);
 802  
 803          if(!is_moderator($fid, "canmanagethreads"))
 804          {
 805              error_no_permission();
 806          }
 807          $posts = "";
 808          $query = $db->query("
 809              SELECT p.*, u.*
 810              FROM ".TABLE_PREFIX."posts p
 811              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
 812              WHERE tid='$tid'
 813              ORDER BY dateline ASC
 814          ");
 815          $altbg = "trow1";
 816          while($post = $db->fetch_array($query))
 817          {
 818              $postdate = my_date($mybb->settings['dateformat'], $post['dateline']);
 819              $posttime = my_date($mybb->settings['timeformat'], $post['dateline']);
 820              $parser_options = array(
 821                  "allow_html" => $forum['allowhtml'],
 822                  "allow_mycode" => $forum['allowmycode'],
 823                  "allow_smilies" => $forum['allowsmilies'],
 824                  "allow_imgcode" => $forum['allowimgcode'],
 825                  "allow_videocode" => $forum['allowvideocode'],
 826                  "filter_badwords" => 1
 827              );
 828              if($post['smilieoff'] == 1)
 829              {
 830                  $parser_options['allow_smilies'] = 0;
 831              }
 832  
 833              $message = $parser->parse_message($post['message'], $parser_options);
 834              eval("\$posts .= \"".$templates->get("moderation_mergeposts_post")."\";");
 835              $altbg = alt_trow();
 836          }
 837  
 838          $plugins->run_hooks("moderation_mergeposts");
 839  
 840          eval("\$mergeposts = \"".$templates->get("moderation_mergeposts")."\";");
 841          output_page($mergeposts);
 842          break;
 843  
 844      // Lets merge those selected posts!
 845      case "do_mergeposts":
 846  
 847          // Verify incoming POST request
 848          verify_post_check($mybb->input['my_post_key']);
 849  
 850          if(!is_moderator($fid, "canmanagethreads"))
 851          {
 852              error_no_permission();
 853          }
 854  
 855          $plugins->run_hooks("moderation_do_mergeposts");
 856  
 857          $mergepost = $mybb->input['mergepost'];
 858          if(count($mergepost) <= 1)
 859          {
 860              error($lang->error_nomergeposts);
 861          }
 862  
 863          foreach($mergepost as $pid => $yes)
 864          {
 865              $plist[] = intval($pid);
 866          }
 867          $masterpid = $moderation->merge_posts($plist, $tid, $mybb->input['sep']);
 868  
 869          mark_reports($plist, "posts");
 870          log_moderator_action($modlogdata, $lang->merged_selective_posts);
 871          moderation_redirect(get_post_link($masterpid)."#pid$masterpid", $lang->redirect_mergeposts);
 872          break;
 873  
 874      // Move a thread
 875      case "move":
 876          add_breadcrumb($lang->nav_move);
 877          if(!is_moderator($fid, "canmanagethreads"))
 878          {
 879              error_no_permission();
 880          }
 881  
 882          $plugins->run_hooks("moderation_move");
 883  
 884          $forumselect = build_forum_jump("", '', 1, '', 0, true, '', "moveto");
 885          eval("\$movethread = \"".$templates->get("moderation_move")."\";");
 886          output_page($movethread);
 887          break;
 888  
 889      // Lets get this thing moving!
 890      case "do_move":
 891  
 892          // Verify incoming POST request
 893          verify_post_check($mybb->input['my_post_key']);
 894  
 895          $moveto = intval($mybb->input['moveto']);
 896          $method = $mybb->input['method'];
 897  
 898          if(!is_moderator($fid, "canmanagethreads"))
 899          {
 900              error_no_permission();
 901          }
 902          // Check if user has moderator permission to move to destination
 903          if(!is_moderator($moveto, "canmanagethreads") && !is_moderator($fid, "canmovetononmodforum"))
 904          {
 905              error_no_permission();
 906          }
 907          $newperms = forum_permissions($moveto);
 908          if($newperms['canview'] == 0 && !is_moderator($fid, "canmovetononmodforum"))
 909          {
 910              error_no_permission();
 911          }
 912  
 913          $newforum = get_forum($moveto);
 914          if(!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '')
 915          {
 916              error($lang->error_invalidforum);
 917          }
 918          if($method != "copy" && $thread['fid'] == $moveto)
 919          {
 920              error($lang->error_movetosameforum);
 921          }
 922  
 923          $expire = 0;
 924          if(intval($mybb->input['redirect_expire']) > 0)
 925          {
 926              $expire = TIME_NOW + (intval($mybb->input['redirect_expire']) * 86400);
 927          }
 928  
 929          $the_thread = $tid;
 930  
 931          $newtid = $moderation->move_thread($tid, $moveto, $method, $expire);
 932  
 933          switch($method)
 934          {
 935              case "copy":
 936                  log_moderator_action($modlogdata, $lang->thread_copied);
 937                  break;
 938              default:
 939              case "move":
 940              case "redirect":
 941                  log_moderator_action($modlogdata, $lang->thread_moved);
 942                  break;
 943          }
 944  
 945          moderation_redirect(get_thread_link($newtid), $lang->redirect_threadmoved);
 946          break;
 947  
 948      // Thread notes editor
 949      case "threadnotes":
 950          add_breadcrumb($lang->nav_threadnotes);
 951          if(!is_moderator($fid, "canmanagethreads"))
 952          {
 953              error_no_permission();
 954          }
 955          $thread['notes'] = htmlspecialchars_uni($parser->parse_badwords($thread['notes']));
 956          $trow = alt_trow(1);
 957          $query = $db->query("
 958              SELECT l.*, u.username, t.subject AS tsubject, f.name AS fname, p.subject AS psubject
 959              FROM ".TABLE_PREFIX."moderatorlog l
 960              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=l.uid)
 961              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=l.tid)
 962              LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=l.fid)
 963              LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=l.pid)
 964              WHERE t.tid='$tid'
 965              ORDER BY l.dateline DESC
 966              LIMIT  0, 20
 967          ");
 968          while($modaction = $db->fetch_array($query))
 969          {
 970              $modaction['dateline'] = my_date("jS M Y, G:i", $modaction['dateline']);
 971              $modaction['profilelink'] = build_profile_link($modaction['username'], $modaction['uid']);
 972              $modaction['action'] = htmlspecialchars_uni($modaction['action']);
 973              $info = '';
 974              if($modaction['tsubject'])
 975              {
 976                  $info .= "<strong>$lang->thread</strong> <a href=\"".get_thread_link($modaction['tid'])."\">".htmlspecialchars_uni($modaction['tsubject'])."</a><br />";
 977              }
 978              if($modaction['fname'])
 979              {
 980                  $info .= "<strong>$lang->forum</strong> <a href=\"".get_forum_link($modaction['fid'])."\">".htmlspecialchars_uni($modaction['fname'])."</a><br />";
 981              }
 982              if($modaction['psubject'])
 983              {
 984                  $info .= "<strong>$lang->post</strong> <a href=\"".get_post_link($modaction['pid'])."#pid".$modaction['pid']."\">".htmlspecialchars_uni($modaction['psubject'])."</a>";
 985              }
 986  
 987              eval("\$modactions .= \"".$templates->get("moderation_threadnotes_modaction")."\";");
 988              $trow = alt_trow();
 989          }
 990          if(!$modactions)
 991          {
 992              $modactions = "<tr><td class=\"trow1\" colspan=\"4\">$lang->no_mod_options</td></tr>";
 993          }
 994  
 995          $actions = array(
 996              'openclosethread' => $lang->open_close_thread,
 997              'deletethread' => $lang->delete_thread,
 998              'move' => $lang->move_copy_thread,
 999              'stick' => $lang->stick_unstick_thread,
1000              'merge' => $lang->merge_threads,
1001              'removeredirects' => $lang->remove_redirects,
1002              'removesubscriptions' => $lang->remove_subscriptions,
1003              'approveunapprovethread' => $lang->approve_unapprove_thread
1004          );
1005  
1006          switch($db->type)
1007          {
1008              case "pgsql":
1009              case "sqlite":
1010                  $query = $db->simple_select("modtools", 'tid, name', "(','||forums||',' LIKE '%,$fid,%' OR ','||forums||',' LIKE '%,-1,%' OR forums='') AND type = 't'");
1011                  break;
1012              default:
1013                  $query = $db->simple_select("modtools", 'tid, name', "(CONCAT(',',forums,',') LIKE '%,$fid,%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='') AND type = 't'");
1014          }
1015          while($tool = $db->fetch_array($query))
1016          {
1017              $actions['modtool_'.$tool['tid']] = htmlspecialchars_uni($tool['name']);
1018          }
1019  
1020          $forum_cache = $cache->read("forums");
1021  
1022          $trow = alt_trow(1);
1023          switch($db->type)
1024          {
1025              case "pgsql":
1026              case "sqlite":
1027                  $query = $db->query("
1028                      SELECT d.*, u.username, f.name AS fname
1029                      FROM ".TABLE_PREFIX."delayedmoderation d
1030                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=d.uid)
1031                      LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=d.fid)
1032                      WHERE ','||d.tids||',' LIKE '%,{$tid},%'
1033                      ORDER BY d.dateline DESC
1034                      LIMIT  0, 20
1035                  ");
1036                  break;
1037              default:
1038                  $query = $db->query("
1039                      SELECT d.*, u.username, f.name AS fname
1040                      FROM ".TABLE_PREFIX."delayedmoderation d
1041                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=d.uid)
1042                      LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=d.fid)
1043                      WHERE CONCAT(',',d.tids,',') LIKE '%,{$tid},%'
1044                      ORDER BY d.dateline DESC
1045                      LIMIT  0, 20
1046                  ");
1047          }
1048          while($delayedmod = $db->fetch_array($query))
1049          {
1050              $delayedmod['dateline'] = my_date("jS M Y, G:i", $delayedmod['delaydateline']);
1051              $delayedmod['profilelink'] = build_profile_link($delayedmod['username'], $delayedmod['uid']);
1052              $delayedmod['action'] = $actions[$delayedmod['type']];
1053              $info = '';
1054              if(strpos($delayedmod['tids'], ',') === false)
1055              {
1056                  $info .= "<strong>{$lang->thread}</strong> <a href=\"".get_thread_link($delayedmod['tids'])."\">{$thread['subject']}</a><br />";
1057              }
1058              else
1059              {
1060                  $info .= "<strong>{$lang->thread}</strong> {$lang->multiple_threads}<br />";
1061              }
1062  
1063              if($delayedmod['fname'])
1064              {
1065                  $info .= "<strong>{$lang->forum}</strong> <a href=\"".get_forum_link($delayedmod['fid'])."\">".htmlspecialchars_uni($delayedmod['fname'])."</a><br />";
1066              }
1067              $delayedmod['inputs'] = unserialize($delayedmod['inputs']);
1068  
1069              if($delayedmod['type'] == 'move')
1070              {
1071                  $info .= "<strong>{$lang->new_forum}</strong>  <a href=\"".get_forum_link($delayedmod['inputs']['new_forum'])."\">".htmlspecialchars_uni($forum_cache[$delayedmod['inputs']['new_forum']]['name'])."</a><br />";
1072                  if($delayedmod['inputs']['method'] == "redirect")
1073                  {
1074                      $info .= "<strong>{$lang->leave_redirect_for}</strong> ".intval($delayedmod['inputs']['redirect_expire'])." {$lang->days}<br />";
1075                  }
1076              }
1077              else if($delayedmod['type'] == 'merge')
1078              {
1079                  $info .= "<strong>{$lang->new_subject}</strong> ".htmlspecialchars_uni($delayedmod['inputs']['subject'])."<br />";
1080                  $info .= "<strong>{$lang->thread_to_merge_with}</strong> <a href=\"".htmlspecialchars_uni($delayedmod['inputs']['threadurl'])."\">".htmlspecialchars_uni($delayedmod['inputs']['threadurl'])."</a><br />";
1081              }
1082  
1083              eval("\$delayedmods .= \"".$templates->get("moderation_threadnotes_delayedmodaction")."\";");
1084              $trow = alt_trow();
1085          }
1086          if(!$delayedmods)
1087          {
1088              $delayedmods = "<tr><td class=\"trow1\" colspan=\"4\">{$lang->no_delayed_mods}</td></tr>";
1089          }
1090  
1091          $plugins->run_hooks("moderation_threadnotes");
1092  
1093          eval("\$threadnotes = \"".$templates->get("moderation_threadnotes")."\";");
1094          output_page($threadnotes);
1095          break;
1096  
1097      // Update the thread notes!
1098      case "do_threadnotes":
1099  
1100          // Verify incoming POST request
1101          verify_post_check($mybb->input['my_post_key']);
1102  
1103          if(!is_moderator($fid, "canmanagethreads"))
1104          {
1105              error_no_permission();
1106          }
1107  
1108          $plugins->run_hooks("moderation_do_threadnotes");
1109  
1110          log_moderator_action($modlogdata, $lang->thread_notes_edited);
1111          $sqlarray = array(
1112              "notes" => $db->escape_string($mybb->input['threadnotes']),
1113          );
1114          $db->update_query("threads", $sqlarray, "tid='$tid'");
1115          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_threadnotesupdated);
1116          break;
1117  
1118      // Lets look up the ip address of a post
1119      case "getip":
1120          add_breadcrumb($lang->nav_getip);
1121          if(!is_moderator($fid, "canviewips"))
1122          {
1123              error_no_permission();
1124          }
1125  
1126          $hostname = @gethostbyaddr($post['ipaddress']);
1127          if(!$hostname || $hostname == $post['ipaddress'])
1128          {
1129              $hostname = $lang->resolve_fail;
1130          }
1131  
1132          $username = build_profile_link($post['username'], $post['uid']);
1133  
1134          // Moderator options
1135          $modoptions = "";
1136          if($mybb->usergroup['canmodcp'] == 1)
1137          {
1138              eval("\$modoptions = \"".$templates->get("moderation_getip_modoptions")."\";");
1139          }
1140  
1141          eval("\$getip = \"".$templates->get("moderation_getip")."\";");
1142          output_page($getip);
1143          break;
1144  
1145      // Merge threads
1146      case "merge":
1147          add_breadcrumb($lang->nav_merge);
1148          if(!is_moderator($fid, "canmanagethreads"))
1149          {
1150              error_no_permission();
1151          }
1152  
1153          $plugins->run_hooks("moderation_merge");
1154  
1155          eval("\$merge = \"".$templates->get("moderation_merge")."\";");
1156          output_page($merge);
1157          break;
1158  
1159      // Lets get those threads together baby! (Merge threads)
1160      case "do_merge":
1161  
1162          // Verify incoming POST request
1163          verify_post_check($mybb->input['my_post_key']);
1164  
1165          if(!is_moderator($fid, "canmanagethreads"))
1166          {
1167              error_no_permission();
1168          }
1169  
1170          $plugins->run_hooks("moderation_do_merge");
1171  
1172          // explode at # sign in a url (indicates a name reference) and reassign to the url
1173          $realurl = explode("#", $mybb->input['threadurl']);
1174          $mybb->input['threadurl'] = $realurl[0];
1175  
1176          // Are we using an SEO URL?
1177          if(substr($mybb->input['threadurl'], -4) == "html")
1178          {
1179              // Get thread to merge's tid the SEO way
1180              preg_match("#thread-([0-9]+)?#i", $mybb->input['threadurl'], $threadmatch);
1181              preg_match("#post-([0-9]+)?#i", $mybb->input['threadurl'], $postmatch);
1182  
1183              if($threadmatch[1])
1184              {
1185                  $parameters['tid'] = $threadmatch[1];
1186              }
1187  
1188              if($postmatch[1])
1189              {
1190                  $parameters['pid'] = $postmatch[1];
1191              }
1192          }
1193          else
1194          {
1195              // Get thread to merge's tid the normal way
1196              $splitloc = explode(".php", $mybb->input['threadurl']);
1197              $temp = explode("&", my_substr($splitloc[1], 1));
1198  
1199              if(!empty($temp))
1200              {
1201                  for($i = 0; $i < count($temp); $i++)
1202                  {
1203                      $temp2 = explode("=", $temp[$i], 2);
1204                      $parameters[$temp2[0]] = $temp2[1];
1205                  }
1206              }
1207              else
1208              {
1209                  $temp2 = explode("=", $splitloc[1], 2);
1210                  $parameters[$temp2[0]] = $temp2[1];
1211              }
1212          }
1213  
1214          if($parameters['pid'] && !$parameters['tid'])
1215          {
1216              $query = $db->simple_select("posts", "*", "pid='".intval($parameters['pid'])."'");
1217              $post = $db->fetch_array($query);
1218              $mergetid = $post['tid'];
1219          }
1220          elseif($parameters['tid'])
1221          {
1222              $mergetid = $parameters['tid'];
1223          }
1224          $mergetid = intval($mergetid);
1225          $query = $db->simple_select("threads", "*", "tid='".intval($mergetid)."'");
1226          $mergethread = $db->fetch_array($query);
1227          if(!$mergethread['tid'])
1228          {
1229              error($lang->error_badmergeurl);
1230          }
1231          if($mergetid == $tid)
1232          { // sanity check
1233              error($lang->error_mergewithself);
1234          }
1235          if(!is_moderator($mergethread['fid'], "canmanagethreads"))
1236          {
1237              error_no_permission();
1238          }
1239          if($mybb->input['subject'])
1240          {
1241              $subject = $mybb->input['subject'];
1242          }
1243          else
1244          {
1245              $subject = $thread['subject'];
1246          }
1247  
1248          $moderation->merge_threads($mergetid, $tid, $subject);
1249  
1250          log_moderator_action($modlogdata, $lang->thread_merged);
1251  
1252          moderation_redirect(get_thread_link($tid), $lang->redirect_threadsmerged);
1253          break;
1254  
1255      // Divorce the posts in this thread (Split!)
1256      case "split":
1257          add_breadcrumb($lang->nav_split);
1258          if(!is_moderator($fid, "canmanagethreads"))
1259          {
1260              error_no_permission();
1261          }
1262          $query = $db->query("
1263              SELECT p.*, u.*
1264              FROM ".TABLE_PREFIX."posts p
1265              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1266              WHERE tid='$tid'
1267              ORDER BY dateline ASC
1268          ");
1269          $numposts = $db->num_rows($query);
1270          if($numposts <= "1")
1271          {
1272              error($lang->error_cantsplitonepost);
1273          }
1274  
1275          $altbg = "trow1";
1276          $posts = '';
1277          while($post = $db->fetch_array($query))
1278          {
1279              $postdate = my_date($mybb->settings['dateformat'], $post['dateline']);
1280              $posttime = my_date($mybb->settings['timeformat'], $post['dateline']);
1281              $parser_options = array(
1282                  "allow_html" => $forum['allowhtml'],
1283                  "allow_mycode" => $forum['allowmycode'],
1284                  "allow_smilies" => $forum['allowsmilies'],
1285                  "allow_imgcode" => $forum['allowimgcode'],
1286                  "allow_videocode" => $forum['allowvideocode'],
1287                  "filter_badwords" => 1
1288              );
1289              if($post['smilieoff'] == 1)
1290              {
1291                  $parser_options['allow_smilies'] = 0;
1292              }
1293  
1294              $message = $parser->parse_message($post['message'], $parser_options);
1295              eval("\$posts .= \"".$templates->get("moderation_split_post")."\";");
1296              $altbg = alt_trow();
1297          }
1298          $forumselect = build_forum_jump("", $fid, 1, '', 0, true, '', "moveto");
1299  
1300          $plugins->run_hooks("moderation_split");
1301  
1302          eval("\$split = \"".$templates->get("moderation_split")."\";");
1303          output_page($split);
1304          break;
1305  
1306      // Lets break them up buddy! (Do the split)
1307      case "do_split":
1308  
1309          // Verify incoming POST request
1310          verify_post_check($mybb->input['my_post_key']);
1311  
1312          if(!is_moderator($fid, "canmanagethreads"))
1313          {
1314              error_no_permission();
1315          }
1316  
1317          $plugins->run_hooks("moderation_do_split");
1318  
1319          if(!is_array($mybb->input['splitpost']))
1320          {
1321              error($lang->error_nosplitposts);
1322          }
1323          $query = $db->simple_select("posts", "COUNT(*) AS totalposts", "tid='{$tid}'");
1324          $count = $db->fetch_array($query);
1325  
1326          if($count['totalposts'] == 1)
1327          {
1328              error($lang->error_cantsplitonepost);
1329          }
1330  
1331          if($count['totalposts'] == count($mybb->input['splitpost']))
1332          {
1333              error($lang->error_cantsplitall);
1334          }
1335  
1336          if($mybb->input['moveto'])
1337          {
1338              $moveto = intval($mybb->input['moveto']);
1339          }
1340          else
1341          {
1342              $moveto = $fid;
1343          }
1344  
1345          $newforum = get_forum($moveto);
1346          if(!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '')
1347          {
1348              error($lang->error_invalidforum);
1349          }
1350  
1351          // move the selected posts over
1352          $query = $db->simple_select("posts", "pid", "tid='$tid'");
1353          while($post = $db->fetch_array($query))
1354          {
1355              if($mybb->input['splitpost'][$post['pid']] == 1)
1356              {
1357                  $pids[] = $post['pid'];
1358              }
1359              mark_reports($post['pid'], "post");
1360          }
1361  
1362          $newtid = $moderation->split_posts($pids, $tid, $moveto, $mybb->input['newsubject']);
1363  
1364          log_moderator_action($modlogdata, $lang->thread_split);
1365  
1366          moderation_redirect(get_thread_link($newtid), $lang->redirect_threadsplit);
1367          break;
1368  
1369      // Delete Thread Subscriptions
1370      case "removesubscriptions":
1371          if(!is_moderator($fid, "canmanagethreads"))
1372          {
1373              error_no_permission();
1374          }
1375  
1376          $plugins->run_hooks("moderation_removesubscriptions");
1377  
1378          $moderation->remove_thread_subscriptions($tid, true);
1379  
1380          log_moderator_action($modlogdata, $lang->removed_subscriptions);
1381  
1382          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_removed_subscriptions);
1383          break;
1384  
1385      // Delete Threads - Inline moderation
1386      case "multideletethreads":
1387          add_breadcrumb($lang->nav_multi_deletethreads);
1388  
1389          if(!empty($mybb->input['searchid']))
1390          {
1391              // From search page
1392              $threads = getids($mybb->input['searchid'], 'search');
1393              if(!is_moderator_by_tids($threads, 'candeleteposts'))
1394              {
1395                  error_no_permission();
1396              }
1397          }
1398          else
1399          {
1400              $threads = getids($fid, 'forum');
1401              if(!is_moderator($fid, 'candeleteposts'))
1402              {
1403                  error_no_permission();
1404              }
1405          }
1406          if(count($threads) < 1)
1407          {
1408              error($lang->error_inline_nothreadsselected);
1409          }
1410  
1411          $inlineids = implode("|", $threads);
1412          if($mybb->input['inlinetype'] == 'search')
1413          {
1414              clearinline($mybb->input['searchid'], 'search');
1415          }
1416          else
1417          {
1418              clearinline($fid, 'forum');
1419          }
1420          $return_url = htmlspecialchars_uni($mybb->input['url']);
1421          eval("\$multidelete = \"".$templates->get("moderation_inline_deletethreads")."\";");
1422          output_page($multidelete);
1423          break;
1424  
1425      // Actually delete the threads - Inline moderation
1426      case "do_multideletethreads":
1427  
1428          // Verify incoming POST request
1429          verify_post_check($mybb->input['my_post_key']);
1430  
1431          $threadlist = explode("|", $mybb->input['threads']);
1432          if(!is_moderator_by_tids($threadlist, "candeleteposts"))
1433          {
1434              error_no_permission();
1435          }
1436          foreach($threadlist as $tid)
1437          {
1438              $tid = intval($tid);
1439              $moderation->delete_thread($tid);
1440              $tlist[] = $tid;
1441          }
1442          log_moderator_action($modlogdata, $lang->multi_deleted_threads);
1443          if($mybb->input['inlinetype'] == 'search')
1444          {
1445              clearinline($mybb->input['searchid'], 'search');
1446          }
1447          else
1448          {
1449              clearinline($fid, 'forum');
1450          }
1451          mark_reports($tlist, "threads");
1452          moderation_redirect(get_forum_link($fid), $lang->redirect_inline_threadsdeleted);
1453          break;
1454  
1455      // Open threads - Inline moderation
1456      case "multiopenthreads":
1457  
1458          // Verify incoming POST request
1459          verify_post_check($mybb->input['my_post_key']);
1460  
1461          if(!empty($mybb->input['searchid']))
1462          {
1463              // From search page
1464              $threads = getids($mybb->input['searchid'], 'search');
1465              if(!is_moderator_by_tids($threads, 'canopenclosethreads'))
1466              {
1467                  error_no_permission();
1468              }
1469          }
1470          else
1471          {
1472              $threads = getids($fid, 'forum');
1473              if(!is_moderator($fid, 'canopenclosethreads'))
1474              {
1475                  error_no_permission();
1476              }
1477          }
1478  
1479          if(count($threads) < 1)
1480          {
1481              error($lang->error_inline_nothreadsselected);
1482          }
1483  
1484          $moderation->open_threads($threads);
1485  
1486          log_moderator_action($modlogdata, $lang->multi_opened_threads);
1487          if($mybb->input['inlinetype'] == 'search')
1488          {
1489              clearinline($mybb->input['searchid'], 'search');
1490          }
1491          else
1492          {
1493              clearinline($fid, 'forum');
1494          }
1495          moderation_redirect(get_forum_link($fid), $lang->redirect_inline_threadsopened);
1496          break;
1497  
1498      // Close threads - Inline moderation
1499      case "multiclosethreads":
1500  
1501          // Verify incoming POST request
1502          verify_post_check($mybb->input['my_post_key']);
1503  
1504          if(!empty($mybb->input['searchid']))
1505          {
1506              // From search page
1507              $threads = getids($mybb->input['searchid'], 'search');
1508              if(!is_moderator_by_tids($threads, 'canmanagethreads'))
1509              {
1510                  error_no_permission();
1511              }
1512          }
1513          else
1514          {
1515              $threads = getids($fid, 'forum');
1516              if(!is_moderator($fid, 'canmanagethreads'))
1517              {
1518                  error_no_permission();
1519              }
1520          }
1521          if(count($threads) < 1)
1522          {
1523              error($lang->error_inline_nothreadsselected);
1524          }
1525  
1526          $moderation->close_threads($threads);
1527  
1528          log_moderator_action($modlogdata, $lang->multi_closed_threads);
1529          if($mybb->input['inlinetype'] == 'search')
1530          {
1531              clearinline($mybb->input['searchid'], 'search');
1532          }
1533          else
1534          {
1535              clearinline($fid, 'forum');
1536          }
1537          moderation_redirect(get_forum_link($fid), $lang->redirect_inline_threadsclosed);
1538          break;
1539  
1540      // Approve threads - Inline moderation
1541      case "multiapprovethreads":
1542  
1543          // Verify incoming POST request
1544          verify_post_check($mybb->input['my_post_key']);
1545  
1546          if(!empty($mybb->input['searchid']))
1547          {
1548              // From search page
1549              $threads = getids($mybb->input['searchid'], 'search');
1550              if(!is_moderator_by_tids($threads, 'canmanagethreads'))
1551              {
1552                  error_no_permission();
1553              }
1554          }
1555          else
1556          {
1557              $threads = getids($fid, 'forum');
1558              if(!is_moderator($fid, 'canmanagethreads'))
1559              {
1560                  error_no_permission();
1561              }
1562          }
1563          if(count($threads) < 1)
1564          {
1565              error($lang->error_inline_nothreadsselected);
1566          }
1567  
1568          $moderation->approve_threads($threads, $fid);
1569  
1570          log_moderator_action($modlogdata, $lang->multi_approved_threads);
1571          if($mybb->input['inlinetype'] == 'search')
1572          {
1573              clearinline($mybb->input['searchid'], 'search');
1574          }
1575          else
1576          {
1577              clearinline($fid, 'forum');
1578          }
1579          $cache->update_stats();
1580          moderation_redirect(get_forum_link($fid), $lang->redirect_inline_threadsapproved);
1581          break;
1582  
1583      // Unapprove threads - Inline moderation
1584      case "multiunapprovethreads":
1585  
1586          // Verify incoming POST request
1587          verify_post_check($mybb->input['my_post_key']);
1588  
1589          if(!empty($mybb->input['searchid']))
1590          {
1591              // From search page
1592              $threads = getids($mybb->input['searchid'], 'search');
1593              if(!is_moderator_by_tids($threads, 'canmanagethreads'))
1594              {
1595                  error_no_permission();
1596              }
1597          }
1598          else
1599          {
1600              $threads = getids($fid, 'forum');
1601              if(!is_moderator($fid, 'canmanagethreads'))
1602              {
1603                  error_no_permission();
1604              }
1605          }
1606          if(count($threads) < 1)
1607          {
1608              error($lang->error_inline_nothreadsselected);
1609          }
1610  
1611          $moderation->unapprove_threads($threads, $fid);
1612  
1613          log_moderator_action($modlogdata, $lang->multi_unapproved_threads);
1614          if($mybb->input['inlinetype'] == 'search')
1615          {
1616              clearinline($mybb->input['searchid'], 'search');
1617          }
1618          else
1619          {
1620              clearinline($fid, 'forum');
1621          }
1622          $cache->update_stats();
1623          moderation_redirect(get_forum_link($fid), $lang->redirect_inline_threadsunapproved);
1624          break;
1625  
1626      // Stick threads - Inline moderation
1627      case "multistickthreads":
1628  
1629          // Verify incoming POST request
1630          verify_post_check($mybb->input['my_post_key']);
1631  
1632          if(!empty($mybb->input['searchid']))
1633          {
1634              // From search page
1635              $threads = getids($mybb->input['searchid'], 'search');
1636              if(!is_moderator_by_tids($threads, 'canopenclosethreads'))
1637              {
1638                  error_no_permission();
1639              }
1640          }
1641          else
1642          {
1643              $threads = getids($fid, 'forum');
1644              if(!is_moderator($fid, 'canopenclosethreads'))
1645              {
1646                  error_no_permission();
1647              }
1648          }
1649          if(count($threads) < 1)
1650          {
1651              error($lang->error_inline_nothreadsselected);
1652          }
1653  
1654          $moderation->stick_threads($threads);
1655  
1656          log_moderator_action($modlogdata, $lang->multi_stuck_threads);
1657          if($mybb->input['inlinetype'] == 'search')
1658          {
1659              clearinline($mybb->input['searchid'], 'search');
1660          }
1661          else
1662          {
1663              clearinline($fid, 'forum');
1664          }
1665          moderation_redirect(get_forum_link($fid), $lang->redirect_inline_threadsstuck);
1666          break;
1667  
1668      // Unstick threads - Inline moderaton
1669      case "multiunstickthreads":
1670  
1671          // Verify incoming POST request
1672          verify_post_check($mybb->input['my_post_key']);
1673  
1674          if(!empty($mybb->input['searchid']))
1675          {
1676              // From search page
1677              $threads = getids($mybb->input['searchid'], 'search');
1678              if(!is_moderator_by_tids($threads, 'canopenclosethreads'))
1679              {
1680                  error_no_permission();
1681              }
1682          }
1683          else
1684          {
1685              $threads = getids($fid, 'forum');
1686              if(!is_moderator($fid, 'canopenclosethreads'))
1687              {
1688                  error_no_permission();
1689              }
1690          }
1691          if(count($threads) < 1)
1692          {
1693              error($lang->error_inline_nothreadsselected);
1694          }
1695  
1696          $moderation->unstick_threads($threads);
1697  
1698          log_moderator_action($modlogdata, $lang->multi_unstuck_threads);
1699          if($mybb->input['inlinetype'] == 'search')
1700          {
1701              clearinline($mybb->input['searchid'], 'search');
1702          }
1703          else
1704          {
1705              clearinline($fid, 'forum');
1706          }
1707          moderation_redirect(get_forum_link($fid), $lang->redirect_inline_threadsunstuck);
1708          break;
1709  
1710      // Move threads - Inline moderation
1711      case "multimovethreads":
1712          add_breadcrumb($lang->nav_multi_movethreads);
1713  
1714          if(!empty($mybb->input['searchid']))
1715          {
1716              // From search page
1717              $threads = getids($mybb->input['searchid'], 'search');
1718              if(!is_moderator_by_tids($threads, 'canmanagethreads'))
1719              {
1720                  error_no_permission();
1721              }
1722          }
1723          else
1724          {
1725              $threads = getids($fid, 'forum');
1726              if(!is_moderator($fid, 'canmanagethreads'))
1727              {
1728                  error_no_permission();
1729              }
1730          }
1731  
1732          if(count($threads) < 1)
1733          {
1734              error($lang->error_inline_nothreadsselected);
1735          }
1736          $inlineids = implode("|", $threads);
1737          if($mybb->input['inlinetype'] == 'search')
1738          {
1739              clearinline($mybb->input['searchid'], 'search');
1740          }
1741          else
1742          {
1743              clearinline($fid, 'forum');
1744          }
1745          $forumselect = build_forum_jump("", '', 1, '', 0, true, '', "moveto");
1746          $return_url = htmlspecialchars_uni($mybb->input['url']);
1747          eval("\$movethread = \"".$templates->get("moderation_inline_movethreads")."\";");
1748          output_page($movethread);
1749          break;
1750  
1751      // Actually move the threads in Inline moderation
1752      case "do_multimovethreads":
1753  
1754          // Verify incoming POST request
1755          verify_post_check($mybb->input['my_post_key']);
1756  
1757          $moveto = intval($mybb->input['moveto']);
1758          $threadlist = explode("|", $mybb->input['threads']);
1759          if(!is_moderator_by_tids($threadlist, 'canmanagethreads'))
1760          {
1761              error_no_permission();
1762          }
1763          foreach($threadlist as $tid)
1764          {
1765              $tids[] = intval($tid);
1766          }
1767          // Make sure moderator has permission to move to the new forum
1768          $newperms = forum_permissions($moveto);
1769          if(($newperms['canview'] == 0 || !is_moderator($moveto, 'canmanagethreads')) && !is_moderator_by_tids($tids, 'canmovetononmodforum'))
1770          {
1771              error_no_permission();
1772          }
1773  
1774          $newforum = get_forum($moveto);
1775          if(!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '')
1776          {
1777              error($lang->error_invalidforum);
1778          }
1779  
1780          $moderation->move_threads($tids, $moveto);
1781  
1782          log_moderator_action($modlogdata, $lang->multi_moved_threads);
1783  
1784          moderation_redirect(get_forum_link($moveto), $lang->redirect_inline_threadsmoved);
1785          break;
1786  
1787      // Delete posts - Inline moderation
1788      case "multideleteposts":
1789          add_breadcrumb($lang->nav_multi_deleteposts);
1790  
1791          if($mybb->input['inlinetype'] == 'search')
1792          {
1793              $posts = getids($mybb->input['searchid'], 'search');
1794          }
1795          else
1796          {
1797              $posts = getids($tid, 'thread');
1798          }
1799  
1800          if(count($posts) < 1)
1801          {
1802              error($lang->error_inline_nopostsselected);
1803          }
1804          if(!is_moderator_by_pids($posts, "candeleteposts"))
1805          {
1806              error_no_permission();
1807          }
1808          $inlineids = implode("|", $posts);
1809          if($mybb->input['inlinetype'] == 'search')
1810          {
1811              clearinline($mybb->input['searchid'], 'search');
1812          }
1813          else
1814          {
1815              clearinline($tid, 'thread');
1816          }
1817  
1818          $return_url = htmlspecialchars_uni($mybb->input['url']);
1819  
1820          eval("\$multidelete = \"".$templates->get("moderation_inline_deleteposts")."\";");
1821          output_page($multidelete);
1822          break;
1823  
1824      // Actually delete the posts in inline moderation
1825      case "do_multideleteposts":
1826  
1827          // Verify incoming POST request
1828          verify_post_check($mybb->input['my_post_key']);
1829  
1830          $postlist = explode("|", $mybb->input['posts']);
1831          if(!is_moderator_by_pids($postlist, "candeleteposts"))
1832          {
1833              error_no_permission();
1834          }
1835          $postlist = array_map('intval', $postlist);
1836          $pids = implode(',', $postlist);
1837  
1838          $tids = array();
1839          if($pids)
1840          {
1841              $query = $db->simple_select("threads", "tid", "firstpost IN({$pids})");
1842              while($threadid = $db->fetch_field($query, "tid"))
1843              {
1844                  $tids[] = $threadid;
1845              }
1846          }
1847  
1848          $deletecount = 0;
1849          foreach($postlist as $pid)
1850          {
1851              $pid = intval($pid);
1852              $moderation->delete_post($pid);
1853              $plist[] = $pid;
1854              $deletecount++;
1855          }
1856  
1857          // If we have multiple threads, we must be coming from the search
1858          if(!empty($tids))
1859          {
1860              foreach($tids as $tid)
1861              {
1862                  $moderation->delete_thread($tid);
1863                  mark_reports($tid, "thread");
1864                  $url = get_forum_link($fid);
1865              }
1866          }
1867          // Otherwise we're just deleting from showthread.php
1868          else
1869          {
1870              $query = $db->simple_select("posts", "*", "tid='$tid'");
1871              $numposts = $db->num_rows($query);
1872              if(!$numposts)
1873              {
1874                  $moderation->delete_thread($tid);
1875                  mark_reports($tid, "thread");
1876                  $url = get_forum_link($fid);
1877              }
1878              else
1879              {
1880                  mark_reports($plist, "posts");
1881                  $url = get_thread_link($thread['tid']);
1882              }
1883          }
1884  
1885          $lang->deleted_selective_posts = $lang->sprintf($lang->deleted_selective_posts, $deletecount);
1886          log_moderator_action($modlogdata, $lang->deleted_selective_posts);
1887          moderation_redirect($url, $lang->redirect_postsdeleted);
1888          break;
1889  
1890      // Merge posts - Inline moderation
1891      case "multimergeposts":
1892          add_breadcrumb($lang->nav_multi_mergeposts);
1893  
1894          if($mybb->input['inlinetype'] == 'search')
1895          {
1896              $posts = getids($mybb->input['searchid'], 'search');
1897          }
1898          else
1899          {
1900              $posts = getids($tid, 'thread');
1901          }
1902  
1903          // Add the selected posts from other threads
1904          foreach($mybb->cookies as $key => $value)
1905          {
1906              if(strpos($key, "inlinemod_thread") !== false && $key != "inlinemod_thread$tid")
1907              {
1908                  $inlinepostlist = explode("|", $mybb->cookies[$key]);
1909                  foreach($inlinepostlist as $p)
1910                  {
1911                      $p = intval($p);
1912  
1913                      if(!empty($p))
1914                      {
1915                          $posts[] = intval($p);
1916                      }
1917                  }
1918                  // Remove the cookie once its data is retrieved
1919                  my_unsetcookie($key);
1920              }
1921          }
1922  
1923          if(empty($posts))
1924          {
1925              error($lang->error_inline_nopostsselected);
1926          }
1927  
1928          if(!is_moderator_by_pids($posts, "canmanagethreads"))
1929          {
1930              error_no_permission();
1931          }
1932  
1933          $postlist = "";
1934          $query = $db->query("
1935              SELECT p.*, u.*
1936              FROM ".TABLE_PREFIX."posts p
1937              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1938              WHERE pid IN (".implode($posts, ",").")
1939              ORDER BY dateline ASC
1940          ");
1941          $altbg = "trow1";
1942          while($post = $db->fetch_array($query))
1943          {
1944              $postdate = my_date($mybb->settings['dateformat'], $post['dateline']);
1945              $posttime = my_date($mybb->settings['timeformat'], $post['dateline']);
1946              $parser_options = array(
1947                  "allow_html" => $forum['allowhtml'],
1948                  "allow_mycode" => $forum['allowmycode'],
1949                  "allow_smilies" => $forum['allowsmilies'],
1950                  "allow_imgcode" => $forum['allowimgcode'],
1951                  "allow_videocode" => $forum['allowvideocode'],
1952                  "filter_badwords" => 1
1953              );
1954              if($post['smilieoff'] == 1)
1955              {
1956                  $parser_options['allow_smilies'] = 0;
1957              }
1958  
1959              $message = $parser->parse_message($post['message'], $parser_options);
1960              eval("\$postlist .= \"".$templates->get("moderation_mergeposts_post")."\";");
1961              $altbg = alt_trow();
1962          }
1963  
1964          $inlineids = implode("|", $posts);
1965          if($mybb->input['inlinetype'] == 'search')
1966          {
1967              clearinline($mybb->input['searchid'], 'search');
1968          }
1969          else
1970          {
1971              clearinline($tid, 'thread');
1972          }
1973  
1974          $return_url = htmlspecialchars_uni($mybb->input['url']);
1975  
1976          eval("\$multimerge = \"".$templates->get("moderation_inline_mergeposts")."\";");
1977          output_page($multimerge);
1978          break;
1979  
1980      // Actually merge the posts - Inline moderation
1981      case "do_multimergeposts":
1982  
1983          // Verify incoming POST request
1984          verify_post_check($mybb->input['my_post_key']);
1985  
1986          $mergepost = $mybb->input['mergepost'];
1987          if(count($mergepost) <= 1)
1988          {
1989              error($lang->error_nomergeposts);
1990          }
1991  
1992          foreach($mergepost as $pid => $yes)
1993          {
1994              $postlist[] = intval($pid);
1995          }
1996  
1997          if(!is_moderator_by_pids($postlist, "canmanagethreads"))
1998          {
1999              error_no_permission();
2000          }
2001  
2002          foreach($postlist as $pid)
2003          {
2004              $pid = intval($pid);
2005              $plist[] = $pid;
2006          }
2007  
2008          $masterpid = $moderation->merge_posts($plist, $tid, $mybb->input['sep']);
2009  
2010          mark_reports($plist, "posts");
2011          log_moderator_action($modlogdata, $lang->merged_selective_posts);
2012          moderation_redirect(get_post_link($masterpid)."#pid$masterpid", $lang->redirect_inline_postsmerged);
2013          break;
2014  
2015      // Split posts - Inline moderation
2016      case "multisplitposts":
2017          add_breadcrumb($lang->nav_multi_splitposts);
2018  
2019          if($mybb->input['inlinetype'] == 'search')
2020          {
2021              $posts = getids($mybb->input['searchid'], 'search');
2022          }
2023          else
2024          {
2025              $posts = getids($tid, 'thread');
2026          }
2027  
2028          if(count($posts) < 1)
2029          {
2030              error($lang->error_inline_nopostsselected);
2031          }
2032  
2033          if(!is_moderator_by_pids($posts, "canmanagethreads"))
2034          {
2035              error_no_permission();
2036          }
2037          $posts = array_map('intval', $posts);
2038          $pidin = implode(',', $posts);
2039  
2040          // Make sure that we are not splitting a thread with one post
2041          // Select number of posts in each thread that the splitted post is in
2042          $query = $db->query("
2043              SELECT DISTINCT p.tid, COUNT(q.pid) as count
2044              FROM ".TABLE_PREFIX."posts p
2045              LEFT JOIN ".TABLE_PREFIX."posts q ON (p.tid=q.tid)
2046              WHERE p.pid IN ($pidin)
2047              GROUP BY p.tid, p.pid
2048          ");
2049          $threads = $pcheck = array();
2050          while($tcheck = $db->fetch_array($query))
2051          {
2052              if(intval($tcheck['count']) <= 1)
2053              {
2054                  error($lang->error_cantsplitonepost);
2055              }
2056              $threads[] = $pcheck[] = $tcheck['tid']; // Save tids for below
2057          }
2058  
2059          // Make sure that we are not splitting all posts in the thread
2060          // The query does not return a row when the count is 0, so find if some threads are missing (i.e. 0 posts after removal)
2061          $query = $db->query("
2062              SELECT DISTINCT p.tid, COUNT(q.pid) as count
2063              FROM ".TABLE_PREFIX."posts p
2064              LEFT JOIN ".TABLE_PREFIX."posts q ON (p.tid=q.tid)
2065              WHERE p.pid IN ($pidin) AND q.pid NOT IN ($pidin)
2066              GROUP BY p.tid, p.pid
2067          ");
2068          $pcheck2 = array();
2069          while($tcheck = $db->fetch_array($query))
2070          {
2071              if($tcheck['count'] > 0)
2072              {
2073                  $pcheck2[] = $tcheck['tid'];
2074              }
2075          }
2076          if(count($pcheck2) != count($pcheck))
2077          {
2078              // One or more threads do not have posts after splitting
2079              error($lang->error_cantsplitall);
2080          }
2081  
2082          $inlineids = implode("|", $posts);
2083          if($mybb->input['inlinetype'] == 'search')
2084          {
2085              clearinline($mybb->input['searchid'], 'search');
2086          }
2087          else
2088          {
2089              clearinline($tid, 'thread');
2090          }
2091          $forumselect = build_forum_jump("", $fid, 1, '', 0, true, '', "moveto");
2092          eval("\$splitposts = \"".$templates->get("moderation_inline_splitposts")."\";");
2093          output_page($splitposts);
2094          break;
2095  
2096      // Actually split the posts - Inline moderation
2097      case "do_multisplitposts":
2098  
2099          // Verify incoming POST request
2100          verify_post_check($mybb->input['my_post_key']);
2101  
2102          $plist = array();
2103          $postlist = explode("|", $mybb->input['posts']);
2104          foreach($postlist as $pid)
2105          {
2106              $pid = intval($pid);
2107              $plist[] = $pid;
2108          }
2109  
2110          if(!is_moderator_by_pids($plist, "canmanagethreads"))
2111          {
2112              error_no_permission();
2113          }
2114  
2115          // Ensure all posts exist
2116          $posts = array();
2117          if(!empty($plist))
2118          {
2119              $query = $db->simple_select('posts', 'pid', 'pid IN ('.implode(',', $plist).')');
2120              while($pid = $db->fetch_field($query, 'pid'))
2121              {
2122                  $posts[] = $pid;
2123              }
2124          }
2125  
2126          if(empty($posts))
2127          {
2128              error($lang->error_inline_nopostsselected);
2129          }
2130  
2131          $pidin = implode(',', $posts);
2132  
2133          // Make sure that we are not splitting a thread with one post
2134          // Select number of posts in each thread that the splitted post is in
2135          $query = $db->query("
2136              SELECT DISTINCT p.tid, COUNT(q.pid) as count
2137              FROM ".TABLE_PREFIX."posts p
2138              LEFT JOIN ".TABLE_PREFIX."posts q ON (p.tid=q.tid)
2139              WHERE p.pid IN ($pidin)
2140              GROUP BY p.tid, p.pid
2141          ");
2142          $pcheck = array();
2143          while($tcheck = $db->fetch_array($query))
2144          {
2145              if(intval($tcheck['count']) <= 1)
2146              {
2147                  error($lang->error_cantsplitonepost);
2148              }
2149              $pcheck[] = $tcheck['tid']; // Save tids for below
2150          }
2151  
2152          // Make sure that we are not splitting all posts in the thread
2153          // The query does not return a row when the count is 0, so find if some threads are missing (i.e. 0 posts after removal)
2154          $query = $db->query("
2155              SELECT DISTINCT p.tid, COUNT(q.pid) as count
2156              FROM ".TABLE_PREFIX."posts p
2157              LEFT JOIN ".TABLE_PREFIX."posts q ON (p.tid=q.tid)
2158              WHERE p.pid IN ($pidin) AND q.pid NOT IN ($pidin)
2159              GROUP BY p.tid, p.pid
2160          ");
2161          $pcheck2 = array();
2162          while($tcheck = $db->fetch_array($query))
2163          {
2164              if($tcheck['count'] > 0)
2165              {
2166                  $pcheck2[] = $tcheck['tid'];
2167              }
2168          }
2169          if(count($pcheck2) != count($pcheck))
2170          {
2171              // One or more threads do not have posts after splitting
2172              error($lang->error_cantsplitall);
2173          }
2174  
2175          if($mybb->input['moveto'])
2176          {
2177              $moveto = intval($mybb->input['moveto']);
2178          }
2179          else
2180          {
2181              $moveto = $fid;
2182          }
2183  
2184          $newforum = get_forum($moveto);
2185          if(!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '')
2186          {
2187              error($lang->error_invalidforum);
2188          }
2189  
2190          $newsubject = $mybb->input['newsubject'];
2191          $newtid = $moderation->split_posts($posts, $tid, $moveto, $newsubject);
2192  
2193          $pid_list = implode(', ', $posts);
2194          $lang->split_selective_posts = $lang->sprintf($lang->split_selective_posts, $pid_list, $newtid);
2195          log_moderator_action($modlogdata, $lang->split_selective_posts);
2196  
2197          moderation_redirect(get_thread_link($newtid), $lang->redirect_threadsplit);
2198          break;
2199  
2200      // Approve posts - Inline moderation
2201      case "multiapproveposts":
2202  
2203          // Verify incoming POST request
2204          verify_post_check($mybb->input['my_post_key']);
2205  
2206          if($mybb->input['inlinetype'] == 'search')
2207          {
2208              $posts = getids($mybb->input['searchid'], 'search');
2209          }
2210          else
2211          {
2212              $posts = getids($tid, 'thread');
2213          }
2214          if(count($posts) < 1)
2215          {
2216              error($lang->error_inline_nopostsselected);
2217          }
2218  
2219          if(!is_moderator_by_pids($posts, "canmanagethreads"))
2220          {
2221              error_no_permission();
2222          }
2223  
2224          $pids = array();
2225          foreach($posts as $pid)
2226          {
2227              $pids[] = intval($pid);
2228          }
2229  
2230          $moderation->approve_posts($pids);
2231  
2232          log_moderator_action($modlogdata, $lang->multi_approve_posts);
2233          if($mybb->input['inlinetype'] == 'search')
2234          {
2235              clearinline($mybb->input['searchid'], 'search');
2236          }
2237          else
2238          {
2239              clearinline($tid, 'thread');
2240          }
2241          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_inline_postsapproved);
2242          break;
2243  
2244      // Unapprove posts - Inline moderation
2245      case "multiunapproveposts":
2246  
2247          // Verify incoming POST request
2248          verify_post_check($mybb->input['my_post_key']);
2249  
2250          if($mybb->input['inlinetype'] == 'search')
2251          {
2252              $posts = getids($mybb->input['searchid'], 'search');
2253          }
2254          else
2255          {
2256              $posts = getids($tid, 'thread');
2257          }
2258  
2259          if(count($posts) < 1)
2260          {
2261              error($lang->error_inline_nopostsselected);
2262          }
2263          $pids = array();
2264  
2265          if(!is_moderator_by_pids($posts, "canmanagethreads"))
2266          {
2267              error_no_permission();
2268          }
2269          foreach($posts as $pid)
2270          {
2271              $pids[] = intval($pid);
2272          }
2273  
2274          $moderation->unapprove_posts($pids);
2275  
2276          log_moderator_action($modlogdata, $lang->multi_unapprove_posts);
2277          if($mybb->input['inlinetype'] == 'search')
2278          {
2279              clearinline($mybb->input['searchid'], 'search');
2280          }
2281          else
2282          {
2283              clearinline($tid, 'thread');
2284          }
2285          moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_inline_postsunapproved);
2286          break;
2287      default:
2288          require_once  MYBB_ROOT."inc/class_custommoderation.php";
2289          $custommod = new CustomModeration;
2290          $tool = $custommod->tool_info(intval($mybb->input['action']));
2291          if($tool !== false)
2292          {
2293              // Verify incoming POST request
2294              verify_post_check($mybb->input['my_post_key']);
2295  
2296              if($tool['type'] == 't' && $mybb->input['modtype'] == 'inlinethread')
2297              {
2298                  if($mybb->input['inlinetype'] == 'search')
2299                  {
2300                      $tids = getids($mybb->input['searchid'], 'search');
2301                  }
2302                  else
2303                  {
2304                      $tids = getids($fid, "forum");
2305                  }
2306                  if(count($tids) < 1)
2307                  {
2308                      error($lang->error_inline_nopostsselected);
2309                  }
2310                  if(!is_moderator_by_tids($tids))
2311                  {
2312                      error_no_permission();
2313                  }
2314  
2315                  $thread_options = unserialize($tool['threadoptions']);
2316                  if($thread_options['movethread'] && $forum_cache[$thread_options['movethread']]['type'] != "f")
2317                  {
2318                      error($lang->error_movetocategory);
2319                  }
2320  
2321                  $custommod->execute(intval($mybb->input['action']), $tids);
2322                   $lang->custom_tool = $lang->sprintf($lang->custom_tool, $tool['name']);
2323                  log_moderator_action($modlogdata, $lang->custom_tool);
2324                  if($mybb->input['inlinetype'] == 'search')
2325                  {
2326                      clearinline($mybb->input['searchid'], 'search');
2327                      $lang->redirect_customtool_search = $lang->sprintf($lang->redirect_customtool_search, $tool['name']);
2328                      $return_url = htmlspecialchars_uni($mybb->input['url']);
2329                      redirect($return_url, $lang->redirect_customtool_search);
2330                  }
2331                  else
2332                  {
2333                      clearinline($fid, "forum");
2334                      $lang->redirect_customtool_forum = $lang->sprintf($lang->redirect_customtool_forum, $tool['name']);
2335                      redirect(get_forum_link($fid), $lang->redirect_customtool_forum);
2336                  }
2337                  break;
2338              }
2339              elseif($tool['type'] == 't' && $mybb->input['modtype'] == 'thread')
2340              {
2341                  if(!is_moderator_by_tids($tid))
2342                  {
2343                      error_no_permission();
2344                  }
2345  
2346                  $thread_options = unserialize($tool['threadoptions']);
2347                  if($thread_options['movethread'] && $forum_cache[$thread_options['movethread']]['type'] != "f")
2348                  {
2349                      error($lang->error_movetocategory);
2350                  }
2351  
2352                  $ret = $custommod->execute(intval($mybb->input['action']), $tid);
2353                   $lang->custom_tool = $lang->sprintf($lang->custom_tool, $tool['name']);
2354                  log_moderator_action($modlogdata, $lang->custom_tool);
2355                  if($ret == 'forum')
2356                  {
2357                      $lang->redirect_customtool_forum = $lang->sprintf($lang->redirect_customtool_forum, $tool['name']);
2358                      moderation_redirect(get_forum_link($fid), $lang->redirect_customtool_forum);
2359                  }
2360                  else
2361                  {
2362                      $lang->redirect_customtool_thread = $lang->sprintf($lang->redirect_customtool_thread, $tool['name']);
2363                      moderation_redirect(get_thread_link($thread['tid']), $lang->redirect_customtool_thread);
2364                  }
2365                  break;
2366              }
2367              elseif($tool['type'] == 'p' && $mybb->input['modtype'] == 'inlinepost')
2368              {
2369                  if($mybb->input['inlinetype'] == 'search')
2370                  {
2371                      $pids = getids($mybb->input['searchid'], 'search');
2372                  }
2373                  else
2374                  {
2375                      $pids = getids($tid, 'thread');
2376                  }
2377  
2378                  if(count($pids) < 1)
2379                  {
2380                      error($lang->error_inline_nopostsselected);
2381                  }
2382                  if(!is_moderator_by_pids($pids))
2383                  {
2384                      error_no_permission();
2385                  }
2386  
2387                  // Get threads which are associated with the posts
2388                  $tids = array();
2389                  $options = array(
2390                      'order_by' => 'dateline',
2391                      'order_dir' => 'asc'
2392                  );
2393                  $query = $db->simple_select("posts", "DISTINCT tid", "pid IN (".implode(',',$pids).")", $options);
2394                  while($row = $db->fetch_array($query))
2395                  {
2396                      $tids[] = $row['tid'];
2397                  }
2398  
2399                  $ret = $custommod->execute(intval($mybb->input['action']), $tids, $pids);
2400                   $lang->custom_tool = $lang->sprintf($lang->custom_tool, $tool['name']);
2401                  log_moderator_action($modlogdata, $lang->custom_tool);
2402                  if($mybb->input['inlinetype'] == 'search')
2403                  {
2404                      clearinline($mybb->input['searchid'], 'search');
2405                      $lang->redirect_customtool_search = $lang->sprintf($lang->redirect_customtool_search, $tool['name']);
2406                      $return_url = htmlspecialchars_uni($mybb->input['url']);
2407                      redirect($return_url, $lang->redirect_customtool_search);
2408                  }
2409                  else
2410                  {
2411                      clearinline($tid, 'thread');
2412                      if($ret == 'forum')
2413                      {
2414                          $lang->redirect_customtool_forum = $lang->sprintf($lang->redirect_customtool_forum, $tool['name']);
2415                          moderation_redirect(get_forum_link($fid), $lang->redirect_customtool_forum);
2416                      }
2417                      else
2418                      {
2419                          $lang->redirect_customtool_thread = $lang->sprintf($lang->redirect_customtool_thread, $tool['name']);
2420                          moderation_redirect(get_thread_link($tid), $lang->redirect_customtool_thread);
2421                      }
2422                  }
2423  
2424                  break;
2425              }
2426          }
2427          error_no_permission();
2428          break;
2429  }
2430  
2431  // Some little handy functions for our inline moderation
2432  function getids($id, $type)
2433  {
2434      global $mybb;
2435  
2436      $newids = array();
2437      $cookie = "inlinemod_".$type.$id;
2438      $cookie_ids = explode("|", $mybb->cookies[$cookie]);
2439  
2440      foreach($cookie_ids as $cookie_id)
2441      {
2442          if(empty($cookie_id))
2443          {
2444              continue;
2445          }
2446  
2447          if($cookie_id == 'ALL')
2448          {
2449              $newids += getallids($id, $type);
2450          }
2451          else
2452          {
2453              $newids[] = intval($cookie_id);
2454          }
2455      }
2456  
2457      return $newids;
2458  }
2459  
2460  function getallids($id, $type)
2461  {
2462      global $db, $mybb;
2463  
2464      $ids = array();
2465  
2466      // Get any removed threads (after our user hit 'all')
2467      $removed_ids = array();
2468      $cookie = "inlinemod_".$type.$id."_removed";
2469      if($mybb->cookies[$cookie])
2470      {
2471          $removed_ids = explode("|", $mybb->cookies[$cookie]);
2472  
2473          if(!is_array($removed_ids))
2474          {
2475              $removed_ids = array();
2476          }
2477      }
2478  
2479      // "Select all Threads in this forum" only supported by forumdisplay and search
2480      if($type == 'forum')
2481      {
2482          $query = $db->simple_select("threads", "tid", "fid='".intval($id)."'");
2483          while($tid = $db->fetch_field($query, "tid"))
2484          {
2485              if(in_array($tid, $removed_ids))
2486              {
2487                  continue;
2488              }
2489  
2490              $ids[] = $tid;
2491          }
2492      }
2493      else if($type == 'search')
2494      {
2495          $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($id)."' AND uid='{$mybb->user['uid']}'", 1);
2496          $searchlog = $db->fetch_array($query);
2497          if($searchlog['resulttype'] == 'posts')
2498          {
2499              $ids = explode(',', $searchlog['posts']);
2500          }
2501          else
2502          {
2503              $ids = explode(',', $searchlog['threads']);
2504          }
2505  
2506          if(is_array($ids))
2507          {
2508              foreach($ids as $key => $tid)
2509              {
2510                  if(in_array($tid, $removed_ids))
2511                  {
2512                      unset($ids[$key]);
2513                  }
2514              }
2515          }
2516      }
2517  
2518      return $ids;
2519  }
2520  
2521  function clearinline($id, $type)
2522  {
2523      my_unsetcookie("inlinemod_".$type.$id);
2524      my_unsetcookie("inlinemod_".$type.$id."_removed");
2525  }
2526  
2527  function extendinline($id, $type)
2528  {
2529      global $mybb;
2530  
2531      my_setcookie("inlinemod_$type$id", '', TIME_NOW+3600);
2532      my_setcookie("inlinemod_$type$id_removed", '', TIME_NOW+3600);
2533  }
2534  
2535  /**
2536   * Checks if the current user is a moderator of all the posts specified
2537   *

2538   * Note: If no posts are specified, this function will return true.  It is the
2539   * responsibility of the calling script to error-check this case if necessary.
2540   *

2541   * @param array Array of post IDs
2542   * @param string Permission to check
2543   * @returns bool True if moderator of all; false otherwise
2544   */
2545  function is_moderator_by_pids($posts, $permission='')
2546  {
2547      global $db, $mybb;
2548  
2549      // Speedy determination for supermods/admins and guests
2550      if($mybb->usergroup['issupermod'])
2551      {
2552          return true;
2553      }
2554      elseif(!$mybb->user['uid'])
2555      {
2556          return false;
2557      }
2558      // Make an array of threads if not an array
2559      if(!is_array($posts))
2560      {
2561          $posts = array($posts);
2562      }
2563      // Validate input
2564      $posts = array_map('intval', $posts);
2565      $posts[] = 0;
2566      // Get forums
2567      $posts_string = implode(',', $posts);
2568      $query = $db->simple_select("posts", "DISTINCT fid", "pid IN ($posts_string)");
2569      while($forum = $db->fetch_array($query))
2570      {
2571          if(!is_moderator($forum['fid'], $permission))
2572          {
2573              return false;
2574          }
2575      }
2576      return true;
2577  }
2578  
2579  /**
2580   * Checks if the current user is a moderator of all the threads specified
2581   *

2582   * Note: If no threads are specified, this function will return true.  It is the
2583   * responsibility of the calling script to error-check this case if necessary.
2584   *

2585   * @param array Array of thread IDs
2586   * @param string Permission to check
2587   * @returns bool True if moderator of all; false otherwise
2588   */
2589  function is_moderator_by_tids($threads, $permission='')
2590  {
2591      global $db, $mybb;
2592  
2593      // Speedy determination for supermods/admins and guests
2594      if($mybb->usergroup['issupermod'])
2595      {
2596          return true;
2597      }
2598      elseif(!$mybb->user['uid'])
2599      {
2600          return false;
2601      }
2602      // Make an array of threads if not an array
2603      if(!is_array($threads))
2604      {
2605          $threads = array($threads);
2606      }
2607      // Validate input
2608      $threads = array_map('intval', $threads);
2609      $threads[] = 0;
2610      // Get forums
2611      $threads_string = implode(',', $threads);
2612      $query = $db->simple_select("threads", "DISTINCT fid", "tid IN ($threads_string)");
2613      while($forum = $db->fetch_array($query))
2614      {
2615          if(!is_moderator($forum['fid'], $permission))
2616          {
2617              return false;
2618          }
2619      }
2620      return true;
2621  }
2622  
2623  /**
2624   * Special redirect that takes a return URL into account
2625   * @param string URL
2626   * @param string Message
2627   * @param string Title
2628   */
2629  function moderation_redirect($url, $message="", $title="")
2630  {
2631      global $mybb;
2632      if(!empty($mybb->input['url']))
2633      {
2634          redirect(htmlentities($mybb->input['url']), $message, $title);
2635      }
2636      redirect($url, $message, $title);
2637  }
2638  ?>

title

Description

title

Description

title

Description

title

title

Body