Location: PHPKode > projects > QuickTalk Forum > quicktalk/qtf_change.php
<?php



/**

* PHP versions 4 and 5

*

* LICENSE: This source file is subject to version 3.0 of the PHP license

* that is available through the world-wide-web at the following URI:

* http://www.php.net/license.  If you did not receive a copy of

* the PHP License and are unable to obtain it through the web, please

* send a note to hide@address.com so we can mail you a copy immediately.

*

* @package    QuickTalk

* @author     Philippe Vandenberghe <hide@address.com>

* @copyright  2008-2012 The PHP Group

* @version    2.5 build:20100924

*/



session_start();

require_once('bin/qtf_init.php');

include('bin/qtf_fn_sql.php');



// INITIALISE



$bCmdok = false;

$strMails = '';

$a = ''; // mandatory action

$s = -1; // section forum

$t = -1; // topic

$p = -1; // post

$v = ''; // value

$v1 = ''; // value

$v2 = ''; // value

$v3 = ''; // value

$ok = ''; // submitted

QThttpvar('a s t p v v1 v2 v3 ok','str int int int str str str str str',true,true,false); // reject POST method



$oVIP->selfurl  = 'qtf_change.php';

$oVIP->selfname = 'QuickTalk command';



// --------

// EXECUTE COMMAND

// --------



switch($a)

{



// --------------

case 'dropattach':

// --------------



  if ( !$oVIP->CanView('V6') ) die(Error(11));



  if ( $p>=0 )

  {

    $oVIP->exiturl = 'qtf_topic.php?t='.$t.'#'.$p;

    $oVIP->exitname = '&laquo; '.$L['Message'];

    $oPost = new cPost($p);

    $bCmdok = $oPost->Dropattach();

  }

  if ( $bCmdok ) $oVIP->EndMessage($L['Drop_attachment'],$L['S_delete'],$_SESSION[QT]['skin_dir'],2);

  exit;

  break;



// --------------

case 'pwdreset':

// --------------



  if ( $oVIP->role!='A' ) die('Access is restricted to administrators only');



  if ( $p<0 ) die('Wrong id in '.$oVIP->selfurl);

  if ( $p==1 && $oVIP->id!=1 ) die('First Admin password can be changed by himself only...');

  include('bin/qt_lib_smtp.php');

  include(Translate('qtf_reg.php'));



  $oVIP->selfname = $L['Reset_pwd'];

  $oVIP->exiturl = 'qtf_user.php?id='.$p;

  $oVIP->exitname = '&laquo; '.$L['Profile'];



  $oDB->Query('SELECT name,mail,children,parentmail,picture FROM '.TABUSER.' WHERE id='.$p);

  $row = $oDB->Getrow();



  // ask delay

  if ( !isset($_GET['ok']) )

  {

    $oVIP->EndMessage

    (

    NULL,

    '<form method="get" action="'.$oVIP->selfurl.'">

    <table class="hidden" cellspacing="0" summary="reset password">

    <tr class="hidden">

    <td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg(QTF_DIR_PIC.$row['picture'])),'picbox','',$row['name'] ).'</td>

    <td class="hidden">

    <p style="text-align:right">'.$L['Reset_pwd_help'].'<br/><br/>'.$oVIP->selfname.'&nbsp;

    <input type="hidden" name="a" value="'.$a.'"/>

    <input type="hidden" name="p" value="'.$p.'"/>

    <input type="submit" name="ok" value="'.$L['Send'].'"/></p>

    </td>

    </tr>

    </table>

    </form>',

    'admin',

    0,

    '500px'

    );

    exit;

  }



  // reset user

  $strNewpwd = 'QT'.rand(0,9).rand(0,9).rand(0,9).rand(0,9);

  $oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($strNewpwd).'" WHERE id='.$p);



  // send email

  $strSubject = $_SESSION[QT]['site_name'].' - New password';

  $strMessage = "Here are your login and password\nLogin: %s\nPassword: %s";

  $strFile = GetLang().'mail_pwd.php';

  if ( file_exists($strFile) ) include($strFile);

  $strMessage = sprintf($strMessage,$row['name'],$strNewpwd);

  QTmail($row['mail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTF_HTML_CHAR);

  

  $strEndmessage = str_replace("\n",'<br/>',$strMessage);

  if ( $oVIP->IsStaff() ) $strEndmessage = '<span class="small">[As staff member you can see the message]<br/>'.$strEndmessage.'</span>';

  if ( $_SESSION[QT]['register_mode']!='direct' && !$oVIP->IsStaff() ) $strEndmessage='';



  // send parent email (if coppa)

  if ( $_SESSION[QT]['register_coppa']=='1' && $row['children']!='0' )

  {

    $strSubject = $_SESSION[QT]['site_name'].' - New password';

    $strMessage = "Here is then new password of your children.\nLogin: %s\nPassword: %s";

    $strFile = GetLang().'mail_pwd_coppa.php';

    if ( file_exists($strFile) ) { include($strFile); }

    $strMessage = sprintf($strMessage, $row['name'],$strNewpwd);

    QTmail($row['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTF_HTML_CHAR);

  }



  // exit

  if ( $_SESSION[QT]['register_mode']!='direct' ) $strEndmessage='';

  $oVIP->EndMessage(NULL,$L['S_update'].'<br/><br/>'.$strEndmessage,$_SESSION[QT]['skin_dir'],0);

  exit;

  break;



// --------------

case 'topicstatus':

// --------------



  if ( !$oVIP->IsStaff() ) die($L['R_staff']);



  if ( !$oVIP->CanView('V6') ) die(Error(11));



  $oVIP->selfname = $L['Change'].S.$L['Status'];

  $oVIP->exiturl = 'qtf_topic.php?t='.$t;

  $oVIP->exitname = '&laquo; '.$L['Message'];



  // ASK STATUS IF MISSING: When value "*" repost with method GET



  if ( $v=='*' )

  {

    $oVIP->selfname = $L['Change'].S.$L['Status'];

    $oVIP->EndMessage

    (

      NULL,

      '<form method="get" action="'.$oVIP->selfurl.'">

      <input type="hidden" name="a" value="'.$a.'"/>

      <input type="hidden" name="s" value="'.$s.'"/>

      <input type="hidden" name="t" value="'.$t.'"/>

      <select name="v" size="8">'.QTasTag($oVIP->GetStatuses(),'',array('format'=>$L['Status'].': %s')).'</select><br/><br/>

      <input type="submit" name="ok" value="'.$L['Ok'].'"/>

      </form>',

      $_SESSION[QT]['skin_dir']

    );

    exit;

  }



  // CHANGE STATUS  



  $oTopic = new cTopic($t); $oTopic->SetStatus($v);



  // EXIT



  $oVIP->EndMessage(NULL,$L['S_update'].$strMails,$_SESSION[QT]['skin_dir'],2);

  exit;

  break;



// --------------

case 'topictype':

// --------------



  if ( !$oVIP->IsStaff() ) die($L['R_staff']);



  $oVIP->selfname = $L['Change'].S.$L['Type'];

  $oVIP->exiturl = 'qtf_topic.php?t='.$t;

  $oVIP->exitname = '&laquo; '.$L['Message'];



  // ASK TYPE IF MISSING: When value '*' repost with method GET

  if ( $v=='*' )

  {

    $oVIP->selfname = $L['Change'].S.$L['Type'];

    $oVIP->EndMessage

    (

      NULL,

      '<form method="get" action="'.$oVIP->selfurl.'">

      <input type="hidden" name="a" value="'.$a.'"/>

      <input type="hidden" name="t" value="'.$t.'"/>

      <select name="v" size="6">'.QTasTag($oVIP->GetTypes()).'</select><br/><br/>

      <input type="submit" name="ok" value="'.$L['Ok'].'"/>

      </form>',

      $_SESSION[QT]['skin_dir']

    );

    exit;

  }



  // CHANGE TYPE



  cTopic::SetType($t,$v);



  // EXIT



  $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);

  exit;

  break;



// --------------

case 'userrole':

// --------------



  if ( !$oVIP->IsStaff() ) die($L['R_moderator']);

  if ( $p<2 ) die('Wrong parameters: user 0 and 1 cannot be changed');

  include(Translate('qtf_reg.php'));



  $oVIP->selfname = $L['User_upd'];

  $oVIP->exiturl  = 'qtf_user.php?id='.$p;

  $oVIP->exitname = $L['Memberlist'];



  // ask confirmation

  if ( !isset($_GET['ok']) )

  {

    $oDB->Query('SELECT name,picture,role FROM '.TABUSER.' WHERE id='.$p);

    $row = $oDB->Getrow();

    $oVIP->EndMessage

    (

      NULL,

      '<table class="hidden" cellspacing="0">

      <tr class="hidden">

      <td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg($row['picture'])),'picbox','',$row['name'] ).'</td>

      <td class="hidden">

      <form method="get" action="'.$oVIP->selfurl.'">

      <h2>'.$row['name'].' ('.$L['Userrole'][$row['role']].')</h2><br/>

      '.$L['Change_role'].' <select name="v" size="1">

      <option value="A"'.($row['role']=='A' ? QSEL : '').($oVIP->role!='A' ? ' disabled="disabled"' : '').'>'.$L['Userrole']['A'].'</option>

      <option value="M"'.($row['role']=='M' ? QSEL : '').'>'.$L['Userrole']['M'].'</option>

      <option value="U"'.($row['role']=='U' ? QSEL : '').'>'.$L['Userrole']['U'].'</option>

      </select>&nbsp;<input type="hidden" name="a" value="'.$a.'"/>

      <input type="hidden" name="p" value="'.$p.'"/>

      <input type="submit" name="ok" value="'.$L['Ok'].'"/>

      </form></td>

      </tr>

      </table>',

      'admin',

      0,

      '500px'

    );

    exit;

  }



  //update role

  if ( $oVIP->role!='A' && $v=='A' ) die('Access is restricted to administrators only');

  $oDB->Query('UPDATE '.TABUSER.' SET role="'.$v.'" WHERE id='.$p);

  if ( $v=='U' ) $oDB->Query('UPDATE '.TABSECTION.' SET moderator=1, moderatorname="Admin" WHERE moderator='.$p);



  // exit

  $oVIP->EndMessage(NULL,$L['S_update'],'admin',2);

  exit;

  break;



// --------------

case 'user_del':

// --------------



  if ( !$oVIP->IsStaff() ) die($L['R_moderator']);

  if ( $p<2 ) die("Wrong parameters: user 0 and 1 cannot be deleted");

  include(Translate('qtf_reg.php'));



  $oVIP->selfname = $L['User_del'];

  $oVIP->exiturl  = 'qtf_members.php'; if ( $v=='adm' ) $oVIP->exiturl = 'qtf_adm_users.php';

  $oVIP->exitname = '&laquo; '.$L['Memberlist'];



  $oDB->Query('SELECT name,picture FROM '.TABUSER.' WHERE id='.$p);

  $row = $oDB->Getrow();



  // ask confirmation

  if ( !isset($_GET['ok']) )

  {

    $str  = '<table class="hidden" cellspacing="0">';

    $str .= '<tr class="hidden">'.N;

    $str .= '<td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg($row['picture'])),'picbox','',$row['name'] ).'</td>';

    $str .= '<td class="hidden">';

    $str .= '<form method="get" action="'.$oVIP->selfurl.'">';

    $str .= '<p style="text-align:right">'.$L['User_del'].S.$row['name'].S;

    $str .= '<input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="v" value="'.$v.'"/><input type="hidden" name="p" value="'.$p.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></p>';

    $str .= '</form></td>'.N;

    $str .= '</tr></table></form>'.N;

    $oVIP->EndMessage(NULL,$str,'admin',0,'500px');

    exit;

  }



  // delete avatar first

  if ( file_exists(QTF_DIR_PIC.$row['picture']) ) unlink(QTF_DIR_PIC.$row['picture']);



  // update post.userid, post.username, topic.firstpostuser, topic.lastpostuser, topic.firstpostname, topic.lastpostname

  $oDB->Query('UPDATE '.TABPOST.' SET userid=0, username="Visitor" WHERE userid='.$p);

  $oDB->Query('UPDATE '.TABTOPIC.' SET firstpostuser=0, firstpostname="Visitor" WHERE firstpostuser='.$p);

  $oDB->Query('UPDATE '.TABTOPIC.' SET lastpostuser=0, lastpostname="Visitor" WHERE lastpostuser='.$p);

  $oDB->Query('UPDATE '.TABSECTION.' SET moderator=1,moderatorname="Admin" WHERE moderator='.$p);



  // delete user

  $oDB->Query('DELETE FROM '.TABUSER.' WHERE id='.$p);



  // exit

  $oVIP->EndMessage(NULL,$L['S_delete'],'admin',2);

  exit;

  break;



// --------------

case 'user_ban':

// --------------



  if ( !$oVIP->IsStaff() ) die($L['R_moderator']);

  if ( $p<2 ) die('Wrong parameters: user 0 and 1 cannot be banned');

  include(Translate('qtf_reg.php'));



  $oVIP->selfname = $L['Ban_user'];

  $oVIP->exiturl  = 'qtf_user.php?id='.$p;

  $oVIP->exitname = '&laquo; '.$L['Profile'];

  if ( $v=='adm' )

  {

    $oVIP->exiturl = 'qtf_adm_users.php';

    $oVIP->exitname = '&laquo; '.$L['Users'];

  }



  // ask delay

  if ( !isset($_GET['ok']) || $t<0 )

  {

    $oDB->Query('SELECT closed,name,picture FROM '.TABUSER.' WHERE id='.$p);

    $row = $oDB->Getrow();

    $oVIP->EndMessage

    (

    NULL,

    '<table class="hidden" cellspacing="0"><tr class="hidden">

    <td class="hidden">'.AsImgBox( (empty($row['picture']) ? '' : AsImg($row['picture'])),'picbox','',$row['name'] ).'</td>

    <td class="hidden">

    <form method="get" action="'.$oVIP->selfurl.'">

    <p style="text-align:right">'.$L['H_ban'].' <select name="t" size="1"/>

    <option value="0"'.($row['closed']=='0' ? QSEL : '').'>'.$L['N'].'</option>

    <option value="1"'.($row['closed']=='1' ? QSEL : '').'>1 '.$L['Day'].'</option>

    <option value="2"'.($row['closed']=='2' ? QSEL : '').'>10 '.$L['Days'].'</option>

    <option value="3"'.($row['closed']=='3' ? QSEL : '').'>20 '.$L['Days'].'</option>

    <option value="4"'.($row['closed']=='4' ? QSEL : '').'>30 '.$L['Days'].'</option>

    </select>&nbsp;

    <input type="hidden" name="a" value="'.$a.'"/>

    <input type="hidden" name="p" value="'.$p.'"/>

    <input type="hidden" name="v" value="'.$v.'"/>

    <input type="submit" name="ok" value="'.$L['Ok'].'"/></p>

    </form>

    </td>

    </tr>

    </table>',

    'admin',

    0,

    '500px'

    );



    exit;

  }



  // ban user

  if ( $t==-1 ) die('Wrong parameters: delay');

  $oDB->Query('UPDATE '.TABUSER.' SET closed="'.$t.'" WHERE id='.$p);



  // exit

  $oVIP->EndMessage(NULL,$L['S_update'],'admin',2);

  exit;

  break;



// --------------

case 'topicdelete':

// --------------



  if ( !$oVIP->IsStaff() ) die($L['R_staff']);

  if ( $t<0 ) die('Wrong parameters: missing topic id');



  $oTopic = new cTopic($t);



  $oVIP->selfname = $L['Delete'].S.$L['Topic'];

  $oVIP->exiturl = 'qtf_topics.php?s='.$oTopic->section;

  $oVIP->exitname = $L['Section'];



  // ask confirmation

  if ( !isset($_GET['ok']) )

  {

    if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate,'$','$',true).')</span>'; }

    

    $oVIP->EndMessage

    (

    NULL,

    '<form method="get" action="'.$oVIP->selfurl.'">

    <table cellspacing="0" class="data_o">

    <tr>

    <td class="colhd" style="width:150px;">'.$L['Title'].'</td>

    <td class="colct">'.$oTopic->GetTopicTitle().'</td>

    </tr>

    <tr>

    <td class="colhd">'.$L['Topic_starter'].'</td>

    <td class="colct">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate,'$','$',true).')</span></td>

    </tr>

    <tr>

    <td class="colhd">'.$L['Replys'].'</td>

    <td class="colct">'.$str.'</td>

    </tr>

    <tr>

    <td class="colhd">&nbsp;</td>

    <td class="colct"><input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="t" value="'.$t.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></td>

    </tr>

    </table>

    </form>',

    $_SESSION[QT]['skin_dir'],

    0,

    '600px'

    );

    exit;

  }



  // delete topic

  if ( $t<0 ) die('Wrong parameters: missing topic id');

  $oDB->Query('DELETE FROM '.TABPOST.' WHERE topic='.$t);

  $oDB->Query('DELETE FROM '.TABTOPIC.' WHERE id='.$t);



  // update section stats

  $voidSEC = new cSection(); $voidSEC->id=$oTopic->section;

  $voidSEC->UpdateLastPostDate();

  $voidSEC->UpdateReplies();



  // exit

  $oVIP->EndMessage(NULL,$L['S_delete'],$_SESSION[QT]['skin_dir'],2);

  exit;

  break;



// --------------

case 'topicmove':

// --------------



  if ( !$oVIP->IsStaff() ) die($L['R_staff']);

  if ( $t<0 ) die('Wrong parameters: missing topic id');



  $oTopic = new cTopic($t);

  $s = $oTopic->section;



  $oVIP->selfname = $L['Move'].S.$L['Topic'];

  $oVIP->exiturl = 'qtf_topics.php?s='.$s;

  $oVIP->exitname = '&laquo; '.$L['Section'];



  // ask confirmation

  if ( !isset($_GET['ok']) || $p<0 )

  {

    if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate,'$','$',true).')</span>'; }



    $oVIP->EndMessage

    (

    NULL,

    '<form method="get" action="'.$oVIP->selfurl.'">

    <table cellspacing="0" class="data_o">

    <tr>

    <td class="colhd" style="width:150px;">'.$L['Title'].'</td>

    <td class="colct">'.$oTopic->GetTopicTitle().'</td>

    </tr>

    <tr>

    <td class="colhd">'.$L['Topic_starter'].'</td>

    <td class="colct">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate,'$','$',true).')</span></td>

    </tr>

    <tr>

    <td class="colhd">'.$L['Replys'].'</td>

    <td class="colct">'.$str.'</td>

    </tr>

    <tr>

    <td class="colhd">'.$L['Move_to'].'</td>

    <td class="colct"><select name="p" size="1">'.Gotolist(-1,$s).'</select></td>

    </tr>

    <tr class="tr">

    <td class="colhd">'.$L['Ref'].'</td>

    <td class="colct"><select name="v" size="1">

    <option value="1">'.$L['Move_keep'].'</option>

    <option value="0">'.$L['Move_reset'].'</option>

    <option value="2">'.$L['Move_follow'].'</option>

    </select></td>

    </tr>

    <tr>

    <td class="colhd">&nbsp;</td>

    <td class="colct"><input type="hidden" name="a" value="'.$a.'"/>

    <input type="hidden" name="t" value="'.$t.'"/>

    <input type="submit" name="ok" value="'.$L['Ok'].'"/></td>

    </tr>

    </table>

    </form>',

    $_SESSION[QT]['skin_dir'],

    0,

    '600px'

    );

    exit;

  }



  // move topic

  if ( $s<0 ) die('Wrong parameters section id');

  if ( $t<0 ) die('Wrong parameters topic id');

  if ( $p<0 ) die('Wrong parameters dest');

  if ( $v<0 ) die('Wrong parameters ref');

  $oSEC = new cSection($s);

  $oSEC->MoveTopics($p,$v,$t);



  // exit

  $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);

  exit;

  break;



// --------------

default:

// --------------



  echo 'Unknown action';

  break;



// --------------

}



$oVIP->EndMessage('!',"Command [$a] failled...",$_SESSION[QT]['skin_dir'],2);



?>
Return current item: QuickTalk Forum