<?php
/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package QuickTicket
* @author Philippe Vandenberghe <hide@address.com>
* @copyright 2008-2012 The PHP Group
* @version 2.3 build:20091102
*/
session_start();
require_once('bin/qti_init.php');
include('bin/qti_fn_sql.php');
// INITIALISE
$bCmdok = false;
$strMails = '';
$a = ''; // mandatory action
$s = -1; // section forum
$t = -1; // topic
$p = -1; // post
$v = ''; // value
QThttpvar('a s t p v','str int int int str');
$oVIP->selfurl = 'qti_cmd.php';
$oVIP->selfname = 'QuickTicket command';
// --------
// EXECUTE COMMAND
// --------
switch($a)
{
// --------------
case 'dropattach':
// --------------
if ( !$oVIP->CanView('V6') ) HtmlPage(11);
if ( $p>=0 )
{
$oVIP->exiturl = "qti_topic.php?s=$s&t=$t#$p";
$oVIP->exitname = '« '.$L['Message'];
$oPost = new cPost($p);
$oPost->Dropattach();
}
$oVIP->EndMessage($L['Drop_attachment'],$L['S_delete'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'pwdreset':
// --------------
if ( $oVIP->role!='A' ) die('Access is restricted to administrators only');
if ( $s<0 ) die('Wrong id '.$s);
if ( $s==1 && $oVIP->id!=1 ) die('First Admin password can be changed by himself only...');
include('bin/qt_lib_smtp.php');
include(Translate('qti_reg.php'));
$oVIP->selfname = $L['Reset_pwd'];
$oVIP->exiturl = 'qti_usr.php?id='.$s;
$oVIP->exitname = '« '.$L['Profile'];
$oDB->Query('SELECT name,mail,children,parentmail,photo FROM '.TABUSER.' WHERE id='.$s);
$row = $oDB->Getrow();
// ask delay
if ( !isset($_GET['ok']) )
{
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<table class="hidden" cellspacing="0">
<tr class="hidden">
<td class="hidden">'.AsImgBox(AsImg( (!empty($row['photo']) ? QTI_DIR_PIC.$row['photo'] : ''),'',$row['name'],'member'),'picbox','',$row['name']).'</td>
<td class="hidden">
<p style="text-align:right">'.$L['Reset_pwd_help'].'<br/><br/>'.$oVIP->selfname.'
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="submit" name="ok" value="'.$L['Send'].'"/></p>
</td>
</tr>
</table></form>',
'admin',
0,
'500px'
);
exit;
}
// reset user
$strNewpwd = 'qt'.rand(0,9).rand(0,9).rand(0,9).rand(0,9);
$oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($strNewpwd).'" WHERE id='.$s);
// send email
$strSubject = $_SESSION[QT]['site_name'].' - New password';
$strMessage = "Here are your login and password\nLogin: %s\nPassword: %s";
$strFile = GetLang().'mail_pwd.php';
if ( file_exists($strFile) ) include($strFile);
$strMessage = sprintf($strMessage,$row['name'],$strNewpwd);
QTmail($row['mail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
$strEndmessage = str_replace("\n",'<br/>',$strMessage);
// send parent email (if coppa)
if ( QTI_USE_COPPA && $row['children']!='0' )
{
$strSubject = $_SESSION[QT]['site_name'].' - New password';
$strMessage = "Here is then new password of your children.\nLogin: %s\nPassword: %s";
$strFile = GetLang().'mail_pwd_coppa.php';
if ( file_exists($strFile) ) { include($strFile); }
$strMessage = sprintf($strMessage, $row['name'],$strNewpwd);
QTmail($row['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
}
// exit
if ( $_SESSION[QT]['register_mode']!='direct' ) $strEndmessage='';
$oVIP->EndMessage(NULL,$L['S_update'].'<br/><br/>'.$strEndmessage,$_SESSION[QT]['skin_dir'],0);
exit;
break;
// --------------
case 'topicstatus':
// --------------
if ( !$oVIP->IsStaff() ) die(Error(12));
if ( !$oVIP->CanView('V6') ) die(Error(11));
$oVIP->selfname = $L['Change'].' '.$L['Status'];
$oVIP->exiturl = "qti_topic.php?s=$s&t=$t";
$oVIP->exitname = '« '.$L['Message'];
// ASK STATUS IF MISSING: When value "*" repost with method GET
if ( $v=='*' )
{
$oVIP->selfname = $L['Change'].' '.$L['Status'];
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<select name="v" size="8">'.QTasTag($oVIP->statuses,'',array('format'=>$L['Status'].': %s')).'</select><br/><br/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form>',
$_SESSION[QT]['skin_dir']
);
exit;
}
// CHANGE STATUS
$oTopic = new cTopic($t);
$oTopic->SetStatus($v,true,$oTopic->firstpostid); // this also updates the section stats in case of closed topics
if ( $v=='Z' )
{
$oVIP->exitname = '« '.$L['Section'];
$oVIP->exiturl = "qti_topics.php?s=$s";
}
// EXIT
$oVIP->EndMessage(NULL,$L['S_update'].$strMails,$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'topictype':
// --------------
if ( !$oVIP->IsStaff() ) die(Error(12));
$oVIP->selfname = $L['Change'].' '.$L['Type'];
$oVIP->exiturl = "qti_topic.php?s=$s&t=$t";
$oVIP->exitname = '« '.$L['Message'];
// ASK TYPE IF MISSING: When value "*" repost with method GET
if ( $v=='*' )
{
$oVIP->selfname = $L['Change'].' '.$L['Type'];
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<select name="v" size="6">'.
QTasTag($oVIP->types).'
</select><br/><br/><input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form>',
$_SESSION[QT]['skin_dir']
);
exit;
}
// CHANGE TYPE
cTopic::SetType($t,$v);
// EXIT
$oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'topicactor':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
$oVIP->selfname = $L['Change'].' '.$L['Userrole_MA'];
$oVIP->exiturl = "qti_topic.php?s=$s&t=$t";
$oVIP->exitname = '« '.$L['Message'];
$intOldactor = -1; if ( isset($_GET['old']) ) $intOldactor=$_GET['old'];
// ASK ACTOR IF MISSING: When value "*" repost with method GET
if ( $v=='*' )
{
$arrAdmUsers = GetUsers('A');
asort($arrAdmUsers);
$strAdmUsers = QTasTag($arrAdmUsers,$intOldactor,array('current'=>$intOldactor,'classC'=>'bold'));
$arrModUsers = GetUsers('M-');
asort($arrModUsers);
$strModUsers = QTasTag($arrModUsers,$intOldactor,array('current'=>$intOldactor,'classC'=>'bold'));
$oVIP->selfname = $L['Change'].' '.$L['Userrole_MA'];
$oVIP->EndMessage
(
NULL,
'<table class="hidden" cellspacing="0">
<tr class="hidden">
<td class="hidden">
'.$L['Userrole']['A'].'<br/><br/>
<form method="get" action="'.$oVIP->selfurl.'">
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<select name="v" size="12">'.$strAdmUsers.'</select><br/><br/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form></td>
<td class="hidden">
'.$L['Userrole']['M'].'<br/><br/>
<form method="get" action="'.$oVIP->selfurl.'">
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<select name="v" size="12">'.$strModUsers.'</select><br/><br/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form></td>
</tr></table>',
$_SESSION[QT]['skin_dir']
);
exit;
}
$v = intval($v);
// CHANGE ACTOR
$oTopic = new cTopic($t);
$oTopic->SetActor($v);
// EXIT
$oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'userrole':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( $s<2 ) die('Wrong parameters: user 0 and 1 cannot be changed');
include(Translate('qti_reg.php'));
$oVIP->selfname = $L['User_upd'];
$oVIP->exiturl = 'qti_usr.php?id='.$s;
$oVIP->exitname = '« '.$L['Memberlist'];
// ask confirmation
if ( !isset($_GET['ok']) )
{
$oDB->Query('SELECT name,photo,role FROM '.TABUSER.' WHERE id='.$s);
$row = $oDB->Getrow();
$oVIP->EndMessage
(
NULL,
'<table class="hidden" cellspacing="0">
<tr class="hidden">
<td class="hidden">'.AsImgBox(AsImg(QTI_DIR_PIC.$row['photo'],'',$row['name'],'member'),'picbox','',$row['name']).'</td>
<td class="hidden">
<form method="get" action="'.$oVIP->selfurl.'">
<h2>'.$row['name'].' ('.$L['Userrole'][$row['role']].')</h2><br/>
'.$L['Change_role'].' <select name="r" size="1">
<option value="A"'.($row['role']=='A' ? QSEL : '').($oVIP->role!='A' ? ' disabled="disabled"' : '').'>'.$L['Userrole']['A'].'</option>
<option value="M"'.($row['role']=='M' ? QSEL : '').'>'.$L['Userrole']['M'].'</option>
<option value="U"'.($row['role']=='U' ? QSEL : '').'>'.$L['Userrole']['U'].'</option>
</select> <input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/>
</form></td>
</tr>
</table>',
'admin',
0,
'500px'
);
exit;
}
//update role
if ( $oVIP->role!='A' && $v=='A' ) die('Access is restricted to administrators only');
$oDB->Query('UPDATE '.TABUSER.' SET role="'.$_GET['r'].'" WHERE id='.$s);
if ( $_GET['r']=='U' ) $oDB->Query('UPDATE '.TABSECTION.' SET moderator=1, moderatorname="Admin" WHERE moderator='.$s);
// exit
$oVIP->EndMessage(NULL,$L['S_update'],'admin',2);
exit;
break;
// --------------
case 'user_del':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( $s<2 ) die("Wrong parameters: user 0 and 1 cannot be deleted");
include(Translate("qti_reg.php"));
$oVIP->selfname = $L['User_del'];
$oVIP->exiturl = 'qti_members.php'; if ( $v=='adm' ) $oVIP->exiturl = 'qti_adm_users.php';
$oVIP->exitname = '« '.$L['Memberlist'];
$oDB->Query('SELECT name,photo FROM '.TABUSER.' WHERE id='.$s);
$row = $oDB->Getrow();
// ask confirmation
if ( !isset($_GET['ok']) )
{
$str = '<table class="hidden" cellspacing="0">';
$str .= '<tr>'.N;
$str .= '<td class="hidden">'.AsImgBox(AsImg(QTI_DIR_PIC.$row['photo'],'',$row['name'],'member'),'picbox','',$row['name']).'</td>';
$str .= '<td class="hidden">';
$str .= '<form method="get" action="'.$oVIP->selfurl.'">';
$str .= '<p style="text-align:right">'.$L['User_del'].' '.$row['name'].' <input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="v" value="'.$v.'"/><input type="hidden" name="s" value="'.$s.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></p>';
$str .= '</form></td>'.N;
$str .= '</tr></table></form>'.N;
$oVIP->EndMessage(NULL,$str,'admin',0,'500px');
exit;
}
// delete avatar first
if ( file_exists(QTI_DIR_PIC.$row['photo']) ) unlink(QTI_DIR_PIC.$row['photo']);
// update post.userid, post.username, topic.firstpostuser, topic.lastpostuser, topic.firstpostname, topic.lastpostname
$oDB->Query('UPDATE '.TABPOST.' SET userid=0, username="Visitor" WHERE userid='.$s);
$oDB->Query('UPDATE '.TABTOPIC.' SET firstpostuser=0, firstpostname="Visitor" WHERE firstpostuser='.$s);
$oDB->Query('UPDATE '.TABTOPIC.' SET lastpostuser=0, lastpostname="Visitor" WHERE lastpostuser='.$s);
$oDB->Query('UPDATE '.TABSECTION.' SET moderator=1,moderatorname="Admin" WHERE moderator='.$s);
// Delete user
$oDB->Query('DELETE FROM '.TABUSER.' WHERE id='.$s);
// Unregister global sys (will be recomputed on next page)
Unset($_SESSION[QT]['sys_members']);
Unset($_SESSION[QT]['sys_states']);
// Exit
$oVIP->EndMessage(NULL,$L['S_delete'],'admin',2);
exit;
break;
// --------------
case 'user_ban':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( $s<2 ) die('Wrong parameters: user 0 and 1 cannot be banned');
include(Translate('qti_reg.php'));
$oVIP->selfname = $L['Ban_user'];
$oVIP->exiturl = 'qti_usr.php?id='.$s;
$oVIP->exitname = '« '.$L['Profile'];
if ( $v=='adm' )
{
$oVIP->exiturl = 'qti_adm_users.php';
$oVIP->exitname = '« '.$L['Users'];
}
// ask delay
if ( !isset($_GET['ok']) || $t<0 )
{
$oDB->Query('SELECT closed,name,photo FROM '.TABUSER.' WHERE id='.$s);
$row = $oDB->Getrow();
$oVIP->EndMessage
(
NULL,
'<table class="hidden" cellspacing="0"><tr>
<td class="hidden">'.AsImgBox(AsImg(QTI_DIR_PIC.$row['photo'],'',$row['name'],'member'),'picbox','',$row['name']).'</td>
<td class="hidden">
<form method="get" action="'.$oVIP->selfurl.'">
<p style="text-align:right">'.$L['H_ban'].' <select name="t" size="1"/>
<option value="0"'.($row['closed']=='0' ? QSEL : '').'>'.$L['N'].'</option>
<option value="1"'.($row['closed']=='1' ? QSEL : '').'>1 '.$L['Day'].'</option>
<option value="2"'.($row['closed']=='2' ? QSEL : '').'>10 '.$L['Days'].'</option>
<option value="3"'.($row['closed']=='3' ? QSEL : '').'>20 '.$L['Days'].'</option>
<option value="4"'.($row['closed']=='4' ? QSEL : '').'>30 '.$L['Days'].'</option>
</select>
<input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="hidden" name="v" value="'.$v.'"/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/></p>
</form>
</td>
</tr>
</table>',
'admin',
0,
'500px'
);
exit;
}
// ban user
if ( $t==-1 ) die('Wrong parameters: delay');
$oDB->Query('UPDATE '.TABUSER.' SET closed="'.$t.'" WHERE id='.$s);
// exit
$oVIP->EndMessage(NULL,$L['S_update'],'admin',2);
exit;
break;
// --------------
case 'topicdelete':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( $t<0 ) die('Wrong parameters: missing topic id');
$oVIP->selfname = $L['Delete'].' '.$L['Topic'];
$oVIP->exiturl = 'qti_topics.php?s='.$s;
$oVIP->exitname = '« '.$L['Section'];
// ask confirmation
if ( !isset($_GET['ok']) )
{
$oTopic = new cTopic($t);
if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate).')</span>'; }
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<table cellspacing="0" class="data_o">
<tr>
<td class="th_o th_o_first" style="width:150px;">'.$L['Title'].'</td>
<td class="td_o">'.$oTopic->GetTopicTitle().'</td>
</tr>
<tr>
<td class="th_o th_o_first">'.$L['Topic_starter'].'</td>
<td class="td_o">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate).')</span></td>
</tr>
<tr>
<td class="th_o th_o_first">'.$L['Replys'].'</td>
<td class="td_o">'.$str.'</td>
</tr>
<tr>
<td class="th_o th_o_first"> </td>
<td class="td_o"><input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="s" value="'.$s.'"/><input type="hidden" name="t" value="'.$t.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></td>
</tr>
</table>
</form>',
$_SESSION[QT]['skin_dir'],
0,
'600px'
);
exit;
}
// delete topic
if ( $t<0 ) die('Wrong parameters: missing topic id');
$oDB->Query('DELETE FROM '.TABPOST.' WHERE topic='.$t);
$oDB->Query('DELETE FROM '.TABTOPIC.' WHERE id='.$t);
// update section stats
UpdateSectionStats($s);
Unset($_SESSION[QT]['sys_topics']);
Unset($_SESSION[QT]['sys_replies']);
// exit
$oVIP->EndMessage(NULL,$L['S_delete'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
case 'topicmove':
// --------------
if ( !$oVIP->IsStaff() ) die($L['R_staff']);
if ( $t<0 ) die('Wrong parameters: missing topic id');
$oVIP->selfname = $L['Move'].' '.$L['Topic'];
$oVIP->exiturl = 'qti_topics.php?s='.$s;
$oVIP->exitname = '« '.$L['Section'];
// ask confirmation
if ( !isset($_GET['ok']) || $p<0 )
{
$oTopic = new cTopic($t);
$arrSections = QTarrget(GetSections($oVIP->role,-1,$s));
if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate).')</span>'; }
$oVIP->EndMessage
(
NULL,
'<form method="get" action="'.$oVIP->selfurl.'">
<table cellspacing="0" class="data_o">
<tr>
<td class="th_o th_o_first" style="width:150px;">'.$L['Title'].'</td>
<td class="td_o">'.$oTopic->GetTopicTitle().'</td>
</tr>
<tr>
<td class="th_o th_o_first">'.$L['Topic_starter'].'</td>
<td class="td_o">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate).')</span></td>
</tr>
<tr>
<td class="th_o th_o_first">'.$L['Replys'].'</td>
<td class="td_o">'.$str.'</td>
</tr>
<tr>
<td class="th_o th_o_first">'.$L['Move_to'].'</td>
<td class="td_o"><select name="p" size="1">'.QTasTag($arrSections).'</select></td>
</tr>
<tr class="tr">
<td class="th_o th_o_first">'.$L['Ref'].'</td>
<td class="td_o"><select name="v" size="1">
<option value="1">'.$L['Move_keep'].'</option>
<option value="0">'.$L['Move_reset'].'</option>
<option value="2">'.$L['Move_follow'].'</option>
</select></td>
</tr>
<tr>
<td class="th_o th_o_first"> </td>
<td class="td_o"><input type="hidden" name="a" value="'.$a.'"/>
<input type="hidden" name="s" value="'.$s.'"/>
<input type="hidden" name="t" value="'.$t.'"/>
<input type="submit" name="ok" value="'.$L['Ok'].'"/></td>
</tr>
</table>
</form>',
$_SESSION[QT]['skin_dir'],
0,
'600px'
);
exit;
}
// move topic
if ( $s<0 ) die('Wrong parameters forum id');
if ( $t<0 ) die('Wrong parameters id');
if ( $p<0 ) die('Wrong parameters dest');
if ( $v<0 ) die('Wrong parameters ref');
$oSEC = new cSection($s);
$oSEC->MoveTopics($s,$p,$v,$t);
// exit
$oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
exit;
break;
// --------------
default:
// --------------
echo 'Unknown action';
break;
// --------------
}
$oVIP->EndMessage('!','Command ['.$a.'] failled...',$_SESSION[QT]['skin_dir'],2);
?>