<?php
/*
+--------------------------------------------------------------------------
| NovaBoard
| ========================================
| By The NovaBoard team
| Released under the Artistic License 2.0
| http://www.novaboard.net
| ========================================
|+--------------------------------------------------------------------------
| moderators.php - add/edit/delete forum moderators
*/
if (!defined('NOVA_RUN')){
echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";
exit();
}
template_hook("pages/admin/moderators.template.php", "start");
if ($can_change_site_settings=='0'){
nova_redirect("index.php?page=error&error=11","error/11");
}
elseif ($_GET['func']=='delete')
{
if ($_POST['agree'] != 1)
{
list($token_id, $token, $token_name) = tokenCreate('moderators_delete', array($_GET['forum'], $_GET['id']));
template_hook("pages/admin/moderators.template.php", "warn");
}
else
{
$id = (int) $_POST['id'];
$forum = (int) $_POST['forum'];
if (tokenCheck('moderators_delete', array($forum, $id)))
{
mysql_query("DELETE FROM {$db_prefix}moderators WHERE member_id ='$id' AND forum_id='$forum'");
# Delete cache
$Cache->delete('moderators');
template_hook("pages/admin/moderators.template.php", "form_1");
nova_redirect("index.php?page=admin&act=moderators","admin/moderators");
}
else
{
nova_redirect('index.php?page=error&error=28', 'error/28');
}
}
}
elseif ($_POST['new_moderator_form'] == 1)
{
$forum_id = (int) $_POST['forum'];
$member_id = (int) $_POST['id'];
if (tokenCheck('moderators_add_2', array($forum_id, $member_id)))
{
$mod_can_warn_members = (int) $_POST['mod_can_warn_members'];
$mod_can_ban_members = (int) $_POST['mod_can_ban_members'];
$mod_can_edit_own_posts = (int) $_POST['mod_can_edit_own_posts'];
$mod_can_edit_others_posts = (int) $_POST['mod_can_edit_others_posts'];
$mod_can_delete_own_posts = (int) $_POST['mod_can_delete_own_posts'];
$mod_can_delete_others_posts = (int) $_POST['mod_can_delete_others_posts'];
$mod_can_sticky_topics = (int) $_POST['mod_can_sticky_topics'];
$mod_can_move_topics = (int) $_POST['mod_can_move_topics'];
$mod_can_lock_topics = (int) $_POST['mod_can_lock_topics'];
$mod_can_split_topics = (int) $_POST['mod_can_split_topics'];
$mod_can_merge_topics = (int) $_POST['mod_can_merge_topics'];
$mod_can_add_polls = (int) $_POST['mod_can_add_polls'];
$mod_can_see_reported_posts = (int) $_POST['mod_can_see_reported_posts'];
$mod_can_use_html = (int) $_POST['mod_can_use_html'];
$mod_can_moderate_members = (int) $_POST['mod_can_moderate_members'];
mysql_query("INSERT INTO {$db_prefix}moderators (member_id, forum_id, can_warn_members, can_edit_members, can_ban_members, can_edit_own_posts, can_edit_others_posts, can_delete_own_posts, can_delete_others_posts, can_sticky_topics, can_move_topics, can_lock_topics, can_split_topics, can_merge_topics, can_add_polls, can_see_reported_posts, can_use_html, can_moderate_members) VALUES ('$member_id', '$forum_id', '$mod_can_warn_members', '$mod_can_edit_members', '$mod_can_ban_members', '$mod_can_edit_own_posts', '$mod_can_edit_others_posts', '$mod_can_delete_own_posts', '$mod_can_delete_others_posts', '$mod_can_sticky_topics', '$mod_can_move_topics', '$mod_can_lock_topics', '$mod_can_split_topics', '$mod_can_merge_topics', '$mod_can_add_polls', '$mod_can_see_reported_posts', '$mod_can_use_html', '$mod_can_moderate_members')");
# Delete cache
$Cache->delete('moderators');
template_hook("pages/admin/moderators.template.php", "form_2");
nova_redirect("index.php?page=admin&act=moderators","admin/moderators");
}
else
{
nova_redirect('index.php?page=error&error=28', 'error/28');
}
}
elseif($_POST['post_edit_form']!='')
{
$id = escape_string($_POST['id']);
$token_id = $_POST['token_id'];
$token_id = escape_string($token_id);
$token_name = "token_moderators_edit_$token_id";
if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name])
{
$forum_id = (int) $_POST['forum'];
$member_id = (int)$_POST['id'];
$mod_can_warn_members = (int) $_POST['mod_can_warn_members'];
$mod_can_ban_members = (int) $_POST['mod_can_ban_members'];
$mod_can_edit_members = (int) $_POST['mod_can_edit_members'];
$mod_can_edit_own_posts = (int) $_POST['mod_can_edit_own_posts'];
$mod_can_edit_others_posts = (int) $_POST['mod_can_edit_others_posts'];
$mod_can_delete_own_posts = (int) $_POST['mod_can_delete_own_posts'];
$mod_can_delete_others_posts = (int) $_POST['mod_can_delete_others_posts'];
$mod_can_sticky_topics = (int) $_POST['mod_can_sticky_topics'];
$mod_can_move_topics = (int) $_POST['mod_can_move_topics'];
$mod_can_lock_topics = (int) $_POST['mod_can_lock_topics'];
$mod_can_split_topics = (int) $_POST['mod_can_split_topics'];
$mod_can_merge_topics = (int) $_POST['mod_can_merge_topics'];
$mod_can_add_polls = (int) $_POST['mod_can_add_polls'];
$mod_can_see_reported_posts = (int) $_POST['mod_can_see_reported_posts'];
$mod_can_use_html = (int) $_POST['mod_can_use_html'];
$mod_can_moderate_members = (int) $_POST['mod_can_moderate_members'];
mysql_query("DELETE FROM {$db_prefix}moderators WHERE member_id ='$member_id' AND forum_id='$forum_id'");
mysql_query("INSERT INTO {$db_prefix}moderators (member_id, forum_id, can_warn_members, can_edit_members, can_ban_members, can_edit_own_posts, can_edit_others_posts, can_delete_own_posts, can_delete_others_posts, can_sticky_topics, can_move_topics, can_lock_topics, can_split_topics, can_merge_topics, can_add_polls, can_see_reported_posts, can_use_html, can_moderate_members) VALUES ('$member_id', '$forum_id', '$mod_can_warn_members', '$mod_can_edit_members', '$mod_can_ban_members', '$mod_can_edit_own_posts', '$mod_can_edit_others_posts', '$mod_can_delete_own_posts', '$mod_can_delete_others_posts', '$mod_can_sticky_topics', '$mod_can_move_topics', '$mod_can_lock_topics', '$mod_can_split_topics', '$mod_can_merge_topics', '$mod_can_add_polls', '$mod_can_see_reported_posts', '$mod_can_use_html', '$mod_can_moderate_members')");
# Delete cache
$Cache->delete('moderators');
template_hook("pages/admin/moderators.template.php", "form_3");
nova_redirect("index.php?page=admin&act=moderators","admin/moderators");
}
else
{
nova_redirect("index.php?page=error&error=28","error/28");
}
}
elseif($_GET['func']=='edit')
{
$token_id = md5(microtime());
$token = md5(uniqid(rand(),true));
$member_id = escape_string($_GET['id']);
$forum_id = escape_string($_GET['forum']);
$token_name = "token_moderators_edit_$token_id";
$_SESSION[$token_name] = $token;
$query_moderators = "select can_warn_members, can_edit_members, can_ban_members, can_edit_own_posts, can_edit_others_posts, can_delete_own_posts, can_delete_others_posts, can_sticky_topics, can_move_topics, can_lock_topics, can_split_topics, can_merge_topics, can_add_polls, can_see_reported_posts, can_use_html, can_moderate_members from {$db_prefix}moderators WHERE member_id ='$member_id' AND forum_id='$forum_id'" ;
$result_moderators = mysql_query($query_moderators) or die("moderators.php - Error in query: $query_moderators") ;
while ($results_moderators = mysql_fetch_array($result_moderators))
{
$mod_can_warn_members = $results_moderators['can_warn_members'];
$mod_can_edit_members = $results_moderators['can_edit_members'];
$mod_can_delete_members = $results_moderators['can_delete_members'];
$mod_can_ban_members = $results_moderators['can_ban_members'];
$mod_can_edit_own_posts = $results_moderators['can_edit_own_posts'];
$mod_can_edit_others_posts = $results_moderators['can_edit_others_posts'];
$mod_can_delete_own_posts = $results_moderators['can_delete_own_posts'];
$mod_can_delete_others_posts = $results_moderators['can_delete_others_posts'];
$mod_can_sticky_topics = $results_moderators['can_sticky_topics'];
$mod_can_move_topics = $results_moderators['can_move_topics'];
$mod_can_lock_topics = $results_moderators['can_lock_topics'];
$mod_can_split_topics = $results_moderators['can_split_topics'];
$mod_can_merge_topics = $results_moderators['can_merge_topics'];
$mod_can_add_polls = $results_moderators['can_add_polls'];
$mod_can_see_reported_posts = $results_moderators['can_see_reported_posts'];
$mod_can_use_html = $results_moderators['can_use_html'];
$mod_can_moderate_members = $results_moderators['can_moderate_members'];
}
$forum = escape_string($_GET['forum']);
$query3 = "select NAME from {$db_prefix}categories WHERE ID='$forum'";
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
$forum_name = strip_slashes(mysql_result($result3, 0));
$query42 = "select NAME from {$db_prefix}members WHERE ID='$member_id'" ;
$result42 = mysql_query($query42) or die("categories.php - Error in query: $query42") ;
$member_name = strip_slashes(mysql_result($result42, 0));
template_hook("pages/admin/moderators.template.php", "1");
}
elseif ($_GET['func']=='forum')
{
if ($_POST['id'] == '')
{
$forum = (int) $_GET['forum'];
if ($forum == 0)
{
nova_redirect('index.php?page=admin&act=moderators', 'admin/moderators');
}
list($token_id, $token, $token_name) = tokenCreate('moderators_add', $forum);
template_hook("pages/admin/moderators.template.php", "2");
}
else
{
$forum = (int) $_POST['forum'];
if (tokenCheck('moderators_add', $forum))
{
$member_id = (int) $_POST['id'];
$query3 = "select NAME from {$db_prefix}categories WHERE ID='$forum'";
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
$forum_name = strip_slashes(mysql_result($result3, 0));
$query42 = "select NAME from {$db_prefix}members WHERE ID='$member_id'" ;
$result42 = mysql_query($query42) or die("categories.php - Error in query: $query42") ;
$member_name = strip_slashes(mysql_result($result42, 0));
list($token_id, $token, $token_name) = tokenCreate('moderators_add_2', array($forum, $member_id));
template_hook("pages/admin/moderators.template.php", "3");
}
else
{
nova_redirect('index.php?page=error&error=28', 'error/28');
}
}
}
else
{
template_hook("pages/admin/moderators.template.php", "14");
$query3 = "select ID, NAME from {$db_prefix}categories WHERE PARENT='0' ORDER BY FORUM_ORDER, ID asc" ;
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
$number_of_forums=mysql_num_rows($result3);
while ($results3 = mysql_fetch_array($result3))
{
$id = $results3['ID'];
$parent_id = $results3['ID'];
$name = $results3['NAME'];
$name = strip_slashes($name);
template_hook("pages/admin/moderators.template.php", "15");
$query4 = "select ID, NAME from {$db_prefix}categories WHERE PARENT='$id' ORDER BY FORUM_ORDER, ID asc" ;
$result4 = mysql_query($query4) or die("categories.php - Error in query: $query4") ;
while ($results4 = mysql_fetch_array($result4))
{
$id = $results4['ID'];
$name = $results4['NAME'];
$name = strip_slashes($name);
template_hook("pages/admin/moderators.template.php", "18");
$query41 = "select MEMBER_ID from {$db_prefix}moderators WHERE FORUM_ID='$id' ORDER BY ROW desc" ;
$result41 = mysql_query($query41) or die("categories.php - Error in query: $query41") ;
while ($results41 = mysql_fetch_array($result41))
{
$member_id = $results41['MEMBER_ID'];
$query42 = "select NAME from {$db_prefix}members WHERE ID='$member_id'" ;
$result42 = mysql_query($query42) or die("categories.php - Error in query: $query42") ;
$member_name = strip_slashes(mysql_result($result42, 0));
template_hook("pages/admin/moderators.template.php", "4");
}
template_hook("pages/admin/moderators.template.php", "19");
// sub-forums...
$query_sub = "select ID, NAME from {$db_prefix}categories WHERE PARENT='$id' ORDER BY FORUM_ORDER, ID asc" ;
$result_sub = mysql_query($query_sub) or die("categories.php - Error in query: $query_sub") ;
while ($results_sub = mysql_fetch_array($result_sub))
{
$id = $results_sub['ID'];
$name = $results_sub['NAME'];
$name = strip_slashes($name);
template_hook("pages/admin/moderators.template.php", "21");
$query43 = "select MEMBER_ID from {$db_prefix}moderators WHERE FORUM_ID='$id' ORDER BY ROW desc" ;
$result43 = mysql_query($query43) or die("categories.php - Error in query: $query43") ;
while ($results43 = mysql_fetch_array($result43))
{
$member_id = $results43['MEMBER_ID'];
$query44 = "select NAME from {$db_prefix}members WHERE ID='$member_id'" ;
$result44 = mysql_query($query44) or die("categories.php - Error in query: $query44") ;
$member_name = strip_slashes(mysql_result($result44, 0));
template_hook("pages/admin/moderators.template.php", "4");
}
}
}
}
template_hook("pages/admin/moderators.template.php", "25");
}
template_hook("pages/admin/moderators.template.php", "end");
?>