> This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ include_once('db.php'); include_once('nonce.php'); if(!isset($_SESSION['id'])){die(_('Insufficient privileges'));} if(!($privileges&PRIV_MODERATE)){die(_('Insufficient privileges'));} // Report management if(isset($_POST['report']) && isset($_POST['action']) && checknonce()) { $report=(int)$_POST['report']; $res=mysqli_query($db, 'select target, reason from reports where id='.$report); $row=mysqli_fetch_assoc($res); if(!$row){die('

Report not found

');} $target=$row['target']; $splittarget=explode('/', $target); $reason=$row['reason']; $action=''; switch($_POST['action']) { case 'deletething': if(substr($target,0,6)!='thing/' || !is_numeric(substr($target,6))){die('

Not a thing

');} $id=(int)substr($target,6); // Non-destructive removal mysqli_query($db, 'update things set removed=true where thingid='.$id); $action='deleted thing'; break; case 'deletecomment': if($splittarget[0]!='comment' || !is_numeric($splittarget[1]) || !is_numeric($splittarget[2])){die('

Not a comment

');} $id=(int)$splittarget[2]; // Non-destructive removal mysqli_query($db, 'update comments set removed=true where id='.$id); $action='deleted comment'; break; case 'ban': // Track down user if(substr($target,0,6)!='thing/' || !is_numeric(substr($target,6))){die('

Not a thing

');} // TODO: Handle comments // The problem with comments is commenters can be from other nodes and we can't ban on other nodes. maybe we need a remotebans table? In the meantime user-level blocking might be enough $id=(int)substr($target,6); $res=mysqli_query($db, 'select user from things where id='.$id); $user=(int)mysqli_fetch_row($res)[0]; mysqli_query($db, 'update users set status='.ACCOUNT_BANNED.' where id='.$user); $action='banned user '.db_getuser($user).''; break; case 'deletereport': // TODO: Modlog report deletion too? seems excessive but could be useful mysqli_query($db, 'delete from reports where id='.$report); break; } if($action!='') // Log action { $action=mysqli_real_escape_string($db, $action.' for report "'.$reason.'"'); $timestamp=mysqli_real_escape_string($db, date('Y-m-d H:i:s')); $target=mysqli_real_escape_string($db, $target); mysqli_query($db, 'insert into moderationlog(user, timestamp, action, target) values('.(int)$_SESSION['id'].', "'.$timestamp.'", "'.$action.'", "'.$target.'")'); } } if(isset($_POST['unban']) && checknonce()) { $user=mysqli_real_escape_string($db, $_POST['unban']); $timestamp=mysqli_real_escape_string($db, date('Y-m-d H:i:s')); mysqli_query($db, 'update users set status='.ACCOUNT_ACTIVE.' where name="'.$user.'"'); mysqli_query($db, 'insert into moderationlog(user, timestamp, action, target) values('.(int)$_SESSION['id'].', "'.$timestamp.'", "unbanned user", "user/'.$user.'")'); } // Gather moderation log entries $modlog=''; $res=mysqli_query($db, 'select user, timestamp, action, target from moderationlog order by timestamp desc limit 20'); // TODO: Paging? while($row=mysqli_fetch_assoc($res)) { // TODO: Figure out timezones $linksplit=explode('/', $row['target']); if($linksplit[0]=='comment') { $link=htmlentities('thing/'.$linksplit[1].'@'.DOMAIN.'#comment'.$linksplit[2]); }else{ $link=htmlentities(implode('/', $linksplit).'@'.DOMAIN); } $modlog.=$row['timestamp'].' '.db_getuser($row['user']).' '.$row['action'].' on '.$row['target'].'
'; } if(mysqli_num_rows($res)==20){$modlog.='TODO: Paging?
';} // Gather reports $reports=''; $res=mysqli_query($db, 'select id, user, target, reason, timestamp from reports order by timestamp'); while($row=mysqli_fetch_assoc($res)) { $id=$row['id']; $user=htmlentities($row['user']); $subject=htmlentities($row['target']); $linksplit=explode('/', $row['target']); if($linksplit[0]=='comment') { $link=htmlentities('thing/'.$linksplit[1].'@'.DOMAIN.'#comment'.$linksplit[2]); }else{ $link=htmlentities(implode('/', $linksplit).'@'.DOMAIN); } $reason=htmlentities($row['reason']); $timestamp=htmlentities($row['timestamp']); $reports.=''.$user.''; $reports.=''.$subject.''; $reports.=''.$reason.''; $reports.=''.$timestamp.''; $reports.='

'.nonce(); $reports.=''; if($linksplit[0]=='comment') { $reports.=''._('Delete comment').''; }else{ $reports.=''._('Delete thing').''; $reports.=''._('Ban user').''; } $reports.='X'; $reports.='

'; } ?>