<?php
/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package QuickTalk
* @author Philippe Vandenberghe <hide@address.com>
* @copyright 2008-2012 The PHP Group
* @version 2.5 build:20100924
*/
session_start();
require_once('bin/qtf_init.php');
include('bin/qtf_fn_sql.php');
// INITIALISE
$bCmdok = false;
$strMails = '';
$a = ''; // mandatory action
$s = -1; // section forum
$t = -1; // topic
$p = -1; // post
$v = ''; // value
$v1 = ''; // value
$v2 = ''; // value
$v3 = ''; // value
$ok = ''; // submitted
QThttpvar('a s t p v v1 v2 v3 ok','str int int int str str str str str',true,true,false); // reject POST method
$oVIP->selfurl = 'qtf_change.php';
$oVIP->selfname = 'QuickTalk command';
// --------
// EXECUTE COMMAND
// --------
switch($a)
{
// --------------
case 'dropattach':
// --------------
if ( !$oVIP->CanView('V6') ) die(Error(11));
if ( $p>=0 )
{
$oVIP->exiturl = 'qtf_topic.php?t='.$t.'#'.$p;
$oVIP->exitname = '« '.$L['Message'];
$oPost = new cPost($p);
$bCmdok = $oPost->Dropattach();
}
if ( $bCmdok ) $oVIP->EndMessage($L['Drop_attachment'],$L['S_delete'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'pwdreset':
// --------------
if ( $oVIP->role!='A' ) die('Access is restricted to administrators only');
if ( $p<0 ) die('Wrong id in '.$oVIP->selfurl);
if ( $p==1 && $oVIP->id!=1 ) die('First Admin password can be changed by himself only...');
include('bin/qt_lib_smtp.php');
include(Translate('qtf_reg.php'));
$oVIP->selfname = $L['Reset_pwd'];
$oVIP->exiturl = 'qtf_user.php?id='.$p;
$oVIP->exitname = '« '.$L['Profile'];
$oDB->Query('SELECT name,mail,children,parentmail,picture FROM '.TABUSER.' WHERE id='.$p);
$row = $oDB->Getrow();
// ask delay
if ( !isset($_GET['ok']) )
{
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<table class="hidden" cellspacing="0" summary="reset password">
<tr class="hidden">
<td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg(QTF_DIR_PIC.$row['picture'])),'picbox','',$row['name'] ).'</td>
<td class="hidden">
<p style="text-align:right">'.$L['Reset_pwd_help'].'<br/><br/>'.$oVIP->selfname.'
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="p" value="'.$p.'"/>
<input type="submit" name="ok" value="'.$L['Send'].'"/></p>
</td>
</tr>
</table>
</form>',
'admin',
0,
'500px'
);
exit;
}
// reset user
$strNewpwd = 'QT'.rand(0,9).rand(0,9).rand(0,9).rand(0,9);
$oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($strNewpwd).'" WHERE id='.$p);
// send email
$strSubject = $_SESSION[QT]['site_name'].' - New password';
$strMessage = "Here are your login and password\nLogin: %s\nPassword: %s";
$strFile = GetLang().'mail_pwd.php';
if ( file_exists($strFile) ) include($strFile);
$strMessage = sprintf($strMessage,$row['name'],$strNewpwd);
QTmail($row['mail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTF_HTML_CHAR);
$strEndmessage = str_replace("\n",'<br/>',$strMessage);
if ( $oVIP->IsStaff() ) $strEndmessage = '<span class="small">[As staff member you can see the message]<br/>'.$strEndmessage.'</span>';
if ( $_SESSION[QT]['register_mode']!='direct' && !$oVIP->IsStaff() ) $strEndmessage='';
// send parent email (if coppa)
if ( $_SESSION[QT]['register_coppa']=='1' && $row['children']!='0' )
{
$strSubject = $_SESSION[QT]['site_name'].' - New password';
$strMessage = "Here is then new password of your children.\nLogin: %s\nPassword: %s";
$strFile = GetLang().'mail_pwd_coppa.php';
if ( file_exists($strFile) ) { include($strFile); }
$strMessage = sprintf($strMessage, $row['name'],$strNewpwd);
QTmail($row['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTF_HTML_CHAR);
}
// exit
if ( $_SESSION[QT]['register_mode']!='direct' ) $strEndmessage='';
$oVIP->EndMessage(NULL,$L['S_update'].'<br/><br/>'.$strEndmessage,$_SESSION[QT]['skin_dir'],0);
exit;
break;
// --------------
case 'topicstatus':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( !$oVIP->CanView('V6') ) die(Error(11));
$oVIP->selfname = $L['Change'].S.$L['Status'];
$oVIP->exiturl = 'qtf_topic.php?t='.$t;
$oVIP->exitname = '« '.$L['Message'];
// ASK STATUS IF MISSING: When value "*" repost with method GET
if ( $v=='*' )
{
$oVIP->selfname = $L['Change'].S.$L['Status'];
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<select name="v" size="8">'.QTasTag($oVIP->GetStatuses(),'',array('format'=>$L['Status'].': %s')).'</select><br/><br/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form>',
$_SESSION[QT]['skin_dir']
);
exit;
}
// CHANGE STATUS
$oTopic = new cTopic($t); $oTopic->SetStatus($v);
// EXIT
$oVIP->EndMessage(NULL,$L['S_update'].$strMails,$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'topictype':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
$oVIP->selfname = $L['Change'].S.$L['Type'];
$oVIP->exiturl = 'qtf_topic.php?t='.$t;
$oVIP->exitname = '« '.$L['Message'];
// ASK TYPE IF MISSING: When value '*' repost with method GET
if ( $v=='*' )
{
$oVIP->selfname = $L['Change'].S.$L['Type'];
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<select name="v" size="6">'.QTasTag($oVIP->GetTypes()).'</select><br/><br/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form>',
$_SESSION[QT]['skin_dir']
);
exit;
}
// CHANGE TYPE
cTopic::SetType($t,$v);
// EXIT
$oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'userrole':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_moderator']);
if ( $p<2 ) die('Wrong parameters: user 0 and 1 cannot be changed');
include(Translate('qtf_reg.php'));
$oVIP->selfname = $L['User_upd'];
$oVIP->exiturl = 'qtf_user.php?id='.$p;
$oVIP->exitname = $L['Memberlist'];
// ask confirmation
if ( !isset($_GET['ok']) )
{
$oDB->Query('SELECT name,picture,role FROM '.TABUSER.' WHERE id='.$p);
$row = $oDB->Getrow();
$oVIP->EndMessage
(
NULL,
'<table class="hidden" cellspacing="0">
<tr class="hidden">
<td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg($row['picture'])),'picbox','',$row['name'] ).'</td>
<td class="hidden">
<form method="get" action="'.$oVIP->selfurl.'">
<h2>'.$row['name'].' ('.$L['Userrole'][$row['role']].')</h2><br/>
'.$L['Change_role'].' <select name="v" size="1">
<option value="A"'.($row['role']=='A' ? QSEL : '').($oVIP->role!='A' ? ' disabled="disabled"' : '').'>'.$L['Userrole']['A'].'</option>
<option value="M"'.($row['role']=='M' ? QSEL : '').'>'.$L['Userrole']['M'].'</option>
<option value="U"'.($row['role']=='U' ? QSEL : '').'>'.$L['Userrole']['U'].'</option>
</select> <input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="p" value="'.$p.'"/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form></td>
</tr>
</table>',
'admin',
0,
'500px'
);
exit;
}
//update role
if ( $oVIP->role!='A' && $v=='A' ) die('Access is restricted to administrators only');
$oDB->Query('UPDATE '.TABUSER.' SET role="'.$v.'" WHERE id='.$p);
if ( $v=='U' ) $oDB->Query('UPDATE '.TABSECTION.' SET moderator=1, moderatorname="Admin" WHERE moderator='.$p);
// exit
$oVIP->EndMessage(NULL,$L['S_update'],'admin',2);
exit;
break;
// --------------
case 'user_del':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_moderator']);
if ( $p<2 ) die("Wrong parameters: user 0 and 1 cannot be deleted");
include(Translate('qtf_reg.php'));
$oVIP->selfname = $L['User_del'];
$oVIP->exiturl = 'qtf_members.php'; if ( $v=='adm' ) $oVIP->exiturl = 'qtf_adm_users.php';
$oVIP->exitname = '« '.$L['Memberlist'];
$oDB->Query('SELECT name,picture FROM '.TABUSER.' WHERE id='.$p);
$row = $oDB->Getrow();
// ask confirmation
if ( !isset($_GET['ok']) )
{
$str = '<table class="hidden" cellspacing="0">';
$str .= '<tr class="hidden">'.N;
$str .= '<td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg($row['picture'])),'picbox','',$row['name'] ).'</td>';
$str .= '<td class="hidden">';
$str .= '<form method="get" action="'.$oVIP->selfurl.'">';
$str .= '<p style="text-align:right">'.$L['User_del'].S.$row['name'].S;
$str .= '<input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="v" value="'.$v.'"/><input type="hidden" name="p" value="'.$p.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></p>';
$str .= '</form></td>'.N;
$str .= '</tr></table></form>'.N;
$oVIP->EndMessage(NULL,$str,'admin',0,'500px');
exit;
}
// delete avatar first
if ( file_exists(QTF_DIR_PIC.$row['picture']) ) unlink(QTF_DIR_PIC.$row['picture']);
// update post.userid, post.username, topic.firstpostuser, topic.lastpostuser, topic.firstpostname, topic.lastpostname
$oDB->Query('UPDATE '.TABPOST.' SET userid=0, username="Visitor" WHERE userid='.$p);
$oDB->Query('UPDATE '.TABTOPIC.' SET firstpostuser=0, firstpostname="Visitor" WHERE firstpostuser='.$p);
$oDB->Query('UPDATE '.TABTOPIC.' SET lastpostuser=0, lastpostname="Visitor" WHERE lastpostuser='.$p);
$oDB->Query('UPDATE '.TABSECTION.' SET moderator=1,moderatorname="Admin" WHERE moderator='.$p);
// delete user
$oDB->Query('DELETE FROM '.TABUSER.' WHERE id='.$p);
// exit
$oVIP->EndMessage(NULL,$L['S_delete'],'admin',2);
exit;
break;
// --------------
case 'user_ban':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_moderator']);
if ( $p<2 ) die('Wrong parameters: user 0 and 1 cannot be banned');
include(Translate('qtf_reg.php'));
$oVIP->selfname = $L['Ban_user'];
$oVIP->exiturl = 'qtf_user.php?id='.$p;
$oVIP->exitname = '« '.$L['Profile'];
if ( $v=='adm' )
{
$oVIP->exiturl = 'qtf_adm_users.php';
$oVIP->exitname = '« '.$L['Users'];
}
// ask delay
if ( !isset($_GET['ok']) || $t<0 )
{
$oDB->Query('SELECT closed,name,picture FROM '.TABUSER.' WHERE id='.$p);
$row = $oDB->Getrow();
$oVIP->EndMessage
(
NULL,
'<table class="hidden" cellspacing="0"><tr class="hidden">
<td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg($row['picture'])),'picbox','',$row['name'] ).'</td>
<td class="hidden">
<form method="get" action="'.$oVIP->selfurl.'">
<p style="text-align:right">'.$L['H_ban'].' <select name="t" size="1"/>
<option value="0"'.($row['closed']=='0' ? QSEL : '').'>'.$L['N'].'</option>
<option value="1"'.($row['closed']=='1' ? QSEL : '').'>1 '.$L['Day'].'</option>
<option value="2"'.($row['closed']=='2' ? QSEL : '').'>10 '.$L['Days'].'</option>
<option value="3"'.($row['closed']=='3' ? QSEL : '').'>20 '.$L['Days'].'</option>
<option value="4"'.($row['closed']=='4' ? QSEL : '').'>30 '.$L['Days'].'</option>
</select>
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="p" value="'.$p.'"/>
<input type="hidden" name="v" value="'.$v.'"/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/></p>
</form>
</td>
</tr>
</table>',
'admin',
0,
'500px'
);
exit;
}
// ban user
if ( $t==-1 ) die('Wrong parameters: delay');
$oDB->Query('UPDATE '.TABUSER.' SET closed="'.$t.'" WHERE id='.$p);
// exit
$oVIP->EndMessage(NULL,$L['S_update'],'admin',2);
exit;
break;
// --------------
case 'topicdelete':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( $t<0 ) die('Wrong parameters: missing topic id');
$oTopic = new cTopic($t);
$oVIP->selfname = $L['Delete'].S.$L['Topic'];
$oVIP->exiturl = 'qtf_topics.php?s='.$oTopic->section;
$oVIP->exitname = $L['Section'];
// ask confirmation
if ( !isset($_GET['ok']) )
{
if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate,'$','$',true).')</span>'; }
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<table cellspacing="0" class="data_o">
<tr>
<td class="colhd" style="width:150px;">'.$L['Title'].'</td>
<td class="colct">'.$oTopic->GetTopicTitle().'</td>
</tr>
<tr>
<td class="colhd">'.$L['Topic_starter'].'</td>
<td class="colct">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate,'$','$',true).')</span></td>
</tr>
<tr>
<td class="colhd">'.$L['Replys'].'</td>
<td class="colct">'.$str.'</td>
</tr>
<tr>
<td class="colhd"> </td>
<td class="colct"><input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="t" value="'.$t.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></td>
</tr>
</table>
</form>',
$_SESSION[QT]['skin_dir'],
0,
'600px'
);
exit;
}
// delete topic
if ( $t<0 ) die('Wrong parameters: missing topic id');
$oDB->Query('DELETE FROM '.TABPOST.' WHERE topic='.$t);
$oDB->Query('DELETE FROM '.TABTOPIC.' WHERE id='.$t);
// update section stats
$voidSEC = new cSection(); $voidSEC->id=$oTopic->section;
$voidSEC->UpdateLastPostDate();
$voidSEC->UpdateReplies();
// exit
$oVIP->EndMessage(NULL,$L['S_delete'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'topicmove':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( $t<0 ) die('Wrong parameters: missing topic id');
$oTopic = new cTopic($t);
$s = $oTopic->section;
$oVIP->selfname = $L['Move'].S.$L['Topic'];
$oVIP->exiturl = 'qtf_topics.php?s='.$s;
$oVIP->exitname = '« '.$L['Section'];
// ask confirmation
if ( !isset($_GET['ok']) || $p<0 )
{
if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate,'$','$',true).')</span>'; }
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<table cellspacing="0" class="data_o">
<tr>
<td class="colhd" style="width:150px;">'.$L['Title'].'</td>
<td class="colct">'.$oTopic->GetTopicTitle().'</td>
</tr>
<tr>
<td class="colhd">'.$L['Topic_starter'].'</td>
<td class="colct">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate,'$','$',true).')</span></td>
</tr>
<tr>
<td class="colhd">'.$L['Replys'].'</td>
<td class="colct">'.$str.'</td>
</tr>
<tr>
<td class="colhd">'.$L['Move_to'].'</td>
<td class="colct"><select name="p" size="1">'.Gotolist(-1,$s).'</select></td>
</tr>
<tr class="tr">
<td class="colhd">'.$L['Ref'].'</td>
<td class="colct"><select name="v" size="1">
<option value="1">'.$L['Move_keep'].'</option>
<option value="0">'.$L['Move_reset'].'</option>
<option value="2">'.$L['Move_follow'].'</option>
</select></td>
</tr>
<tr>
<td class="colhd"> </td>
<td class="colct"><input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/></td>
</tr>
</table>
</form>',
$_SESSION[QT]['skin_dir'],
0,
'600px'
);
exit;
}
// move topic
if ( $s<0 ) die('Wrong parameters section id');
if ( $t<0 ) die('Wrong parameters topic id');
if ( $p<0 ) die('Wrong parameters dest');
if ( $v<0 ) die('Wrong parameters ref');
$oSEC = new cSection($s);
$oSEC->MoveTopics($p,$v,$t);
// exit
$oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
default:
// --------------
echo 'Unknown action';
break;
// --------------
}
$oVIP->EndMessage('!',"Command [$a] failled...",$_SESSION[QT]['skin_dir'],2);
?>