Location: PHPKode > projects > QuickTicket > quickticket/qti_cmd.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTicket
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.3 build:20091102
*/

session_start();
require_once('bin/qti_init.php');

include('bin/qti_fn_sql.php');

// INITIALISE

$bCmdok = false;
$strMails = '';
$a = ''; // mandatory action
$s = -1; // section forum
$t = -1; // topic
$p = -1; // post
$v = ''; // value
QThttpvar('a s t p v','str int int int str');

$oVIP->selfurl = 'qti_cmd.php';
$oVIP->selfname = 'QuickTicket command';

// --------
// EXECUTE COMMAND
// --------

switch($a)
{

// --------------
case 'dropattach':
// --------------

  if ( !$oVIP->CanView('V6') ) HtmlPage(11);

  if ( $p>=0 )
  {
    $oVIP->exiturl = "qti_topic.php?s=$s&amp;t=$t#$p";
    $oVIP->exitname = '&laquo; '.$L['Message'];
    $oPost = new cPost($p);
    $oPost->Dropattach();
  }
  $oVIP->EndMessage($L['Drop_attachment'],$L['S_delete'],$_SESSION[QT]['skin_dir'],2);
  exit;
  break;

// --------------
case 'pwdreset':
// --------------

  if ( $oVIP->role!='A' ) die('Access is restricted to administrators only');

  if ( $s<0 ) die('Wrong id '.$s);
  if ( $s==1 && $oVIP->id!=1 ) die('First Admin password can be changed by himself only...');
  include('bin/qt_lib_smtp.php');
  include(Translate('qti_reg.php'));

  $oVIP->selfname = $L['Reset_pwd'];
  $oVIP->exiturl = 'qti_usr.php?id='.$s;
  $oVIP->exitname = '&laquo; '.$L['Profile'];

  $oDB->Query('SELECT name,mail,children,parentmail,photo FROM '.TABUSER.' WHERE id='.$s);
  $row = $oDB->Getrow();

  // ask delay
  if ( !isset($_GET['ok']) )
  {
    $oVIP->EndMessage
    (
    NULL,
    '<form method="get" action="'.$oVIP->selfurl.'">
    <table class="hidden" cellspacing="0">
    <tr class="hidden">
    <td class="hidden">'.AsImgBox(AsImg( (!empty($row['photo']) ? QTI_DIR_PIC.$row['photo'] : ''),'',$row['name'],'member'),'picbox','',$row['name']).'</td>
    <td class="hidden">
    <p style="text-align:right">'.$L['Reset_pwd_help'].'<br/><br/>'.$oVIP->selfname.'&nbsp;
    <input type="hidden" name="a" value="'.$a.'"/>
    <input type="hidden" name="s" value="'.$s.'"/>
    <input type="submit" name="ok" value="'.$L['Send'].'"/></p>
    </td>
    </tr>
    </table></form>',
    'admin',
    0,
    '500px'
    );
    exit;

  }

  // reset user
  $strNewpwd = 'qt'.rand(0,9).rand(0,9).rand(0,9).rand(0,9);
  $oDB->Query('UPDATE '.TABUSER.' SET pwd="'.sha1($strNewpwd).'" WHERE id='.$s);

  // send email
  $strSubject = $_SESSION[QT]['site_name'].' - New password';
  $strMessage = "Here are your login and password\nLogin: %s\nPassword: %s";
  $strFile = GetLang().'mail_pwd.php';
  if ( file_exists($strFile) ) include($strFile);
  $strMessage = sprintf($strMessage,$row['name'],$strNewpwd);
  QTmail($row['mail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
  $strEndmessage = str_replace("\n",'<br/>',$strMessage);

  // send parent email (if coppa)
  if ( QTI_USE_COPPA && $row['children']!='0' )
  {
    $strSubject = $_SESSION[QT]['site_name'].' - New password';
    $strMessage = "Here is then new password of your children.\nLogin: %s\nPassword: %s";
    $strFile = GetLang().'mail_pwd_coppa.php';
    if ( file_exists($strFile) ) { include($strFile); }
    $strMessage = sprintf($strMessage, $row['name'],$strNewpwd);
    QTmail($row['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
  }

  // exit
  if ( $_SESSION[QT]['register_mode']!='direct' ) $strEndmessage='';
  $oVIP->EndMessage(NULL,$L['S_update'].'<br/><br/>'.$strEndmessage,$_SESSION[QT]['skin_dir'],0);
  exit;
  break;

// --------------
case 'topicstatus':
// --------------

  if ( !$oVIP->IsStaff() ) die(Error(12));
  if ( !$oVIP->CanView('V6') ) die(Error(11));

  $oVIP->selfname = $L['Change'].' '.$L['Status'];
  $oVIP->exiturl = "qti_topic.php?s=$s&amp;t=$t";
  $oVIP->exitname = '&laquo; '.$L['Message'];

  // ASK STATUS IF MISSING: When value "*" repost with method GET

  if ( $v=='*' )
  {
    $oVIP->selfname = $L['Change'].' '.$L['Status'];
    $oVIP->EndMessage
    (
      NULL,
      '<form method="get" action="'.$oVIP->selfurl.'">
      <input type="hidden" name="a" value="'.$a.'"/>
      <input type="hidden" name="s" value="'.$s.'"/>
      <input type="hidden" name="t" value="'.$t.'"/>
      <select name="v" size="8">'.QTasTag($oVIP->statuses,'',array('format'=>$L['Status'].': %s')).'</select><br/><br/>
      <input type="submit" name="ok" value="'.$L['Ok'].'"/>
      </form>',
      $_SESSION[QT]['skin_dir']
    );
    exit;
  }

  // CHANGE STATUS

  $oTopic = new cTopic($t);
  $oTopic->SetStatus($v,true,$oTopic->firstpostid); // this also updates the section stats in case of closed topics
  if ( $v=='Z' )
  {
  $oVIP->exitname = '&laquo; '.$L['Section'];
  $oVIP->exiturl = "qti_topics.php?s=$s";
  }

  // EXIT

  $oVIP->EndMessage(NULL,$L['S_update'].$strMails,$_SESSION[QT]['skin_dir'],2);
  exit;
  break;

// --------------
case 'topictype':
// --------------

  if ( !$oVIP->IsStaff() ) die(Error(12));

  $oVIP->selfname = $L['Change'].' '.$L['Type'];
  $oVIP->exiturl  = "qti_topic.php?s=$s&amp;t=$t";
  $oVIP->exitname = '&laquo; '.$L['Message'];

  // ASK TYPE IF MISSING: When value "*" repost with method GET
  if ( $v=='*' )
  {
    $oVIP->selfname = $L['Change'].' '.$L['Type'];
    $oVIP->EndMessage
    (
      NULL,
      '<form method="get" action="'.$oVIP->selfurl.'">
      <input type="hidden" name="a" value="'.$a.'"/>
      <input type="hidden" name="s" value="'.$s.'"/>
      <input type="hidden" name="t" value="'.$t.'"/>
      <select name="v" size="6">'.
      QTasTag($oVIP->types).'
      </select><br/><br/><input type="submit" name="ok" value="'.$L['Ok'].'"/>
      </form>',
      $_SESSION[QT]['skin_dir']
    );
    exit;
  }

  // CHANGE TYPE

  cTopic::SetType($t,$v);

  // EXIT

  $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
  exit;
  break;

// --------------
case 'topicactor':
// --------------

  if ( !$oVIP->IsStaff() ) die($L['R_staff']);

  $oVIP->selfname = $L['Change'].' '.$L['Userrole_MA'];
  $oVIP->exiturl  = "qti_topic.php?s=$s&amp;t=$t";
  $oVIP->exitname = '&laquo; '.$L['Message'];
  $intOldactor    = -1; if ( isset($_GET['old']) ) $intOldactor=$_GET['old'];

  // ASK ACTOR IF MISSING: When value "*" repost with method GET
  if ( $v=='*' )
  {
    $arrAdmUsers = GetUsers('A');
    asort($arrAdmUsers);
    $strAdmUsers = QTasTag($arrAdmUsers,$intOldactor,array('current'=>$intOldactor,'classC'=>'bold'));
    $arrModUsers = GetUsers('M-');
    asort($arrModUsers);
    $strModUsers = QTasTag($arrModUsers,$intOldactor,array('current'=>$intOldactor,'classC'=>'bold'));
    $oVIP->selfname = $L['Change'].' '.$L['Userrole_MA'];
    $oVIP->EndMessage
    (
      NULL,
      '<table class="hidden" cellspacing="0">
      <tr class="hidden">
      <td class="hidden">
      '.$L['Userrole']['A'].'<br/><br/>
      <form method="get" action="'.$oVIP->selfurl.'">
      <input type="hidden" name="a" value="'.$a.'"/>
      <input type="hidden" name="s" value="'.$s.'"/>
      <input type="hidden" name="t" value="'.$t.'"/>
      <select name="v" size="12">'.$strAdmUsers.'</select><br/><br/>
      <input type="submit" name="ok" value="'.$L['Ok'].'"/>
      </form></td>
      <td class="hidden">
      '.$L['Userrole']['M'].'<br/><br/>
      <form method="get" action="'.$oVIP->selfurl.'">
      <input type="hidden" name="a" value="'.$a.'"/>
      <input type="hidden" name="s" value="'.$s.'"/>
      <input type="hidden" name="t" value="'.$t.'"/>
      <select name="v" size="12">'.$strModUsers.'</select><br/><br/>
      <input type="submit" name="ok" value="'.$L['Ok'].'"/>
      </form></td>
      </tr></table>',
      $_SESSION[QT]['skin_dir']
    );
    exit;
  }
  $v = intval($v);

  // CHANGE ACTOR
  $oTopic = new cTopic($t);
  $oTopic->SetActor($v);

  // EXIT

  $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
  exit;
  break;

// --------------
case 'userrole':
// --------------

  if ( !$oVIP->IsStaff() ) die($L['R_staff']);
  if ( $s<2 ) die('Wrong parameters: user 0 and 1 cannot be changed');
  include(Translate('qti_reg.php'));

  $oVIP->selfname = $L['User_upd'];
  $oVIP->exiturl  = 'qti_usr.php?id='.$s;
  $oVIP->exitname = '&laquo; '.$L['Memberlist'];

  // ask confirmation
  if ( !isset($_GET['ok']) )
  {
    $oDB->Query('SELECT name,photo,role FROM '.TABUSER.' WHERE id='.$s);
    $row = $oDB->Getrow();
    $oVIP->EndMessage
    (
      NULL,
      '<table class="hidden" cellspacing="0">
      <tr class="hidden">
      <td class="hidden">'.AsImgBox(AsImg(QTI_DIR_PIC.$row['photo'],'',$row['name'],'member'),'picbox','',$row['name']).'</td>
      <td class="hidden">
      <form method="get" action="'.$oVIP->selfurl.'">
      <h2>'.$row['name'].' ('.$L['Userrole'][$row['role']].')</h2><br/>
      '.$L['Change_role'].' <select name="r" size="1">
      <option value="A"'.($row['role']=='A' ? QSEL : '').($oVIP->role!='A' ? ' disabled="disabled"' : '').'>'.$L['Userrole']['A'].'</option>
      <option value="M"'.($row['role']=='M' ? QSEL : '').'>'.$L['Userrole']['M'].'</option>
      <option value="U"'.($row['role']=='U' ? QSEL : '').'>'.$L['Userrole']['U'].'</option>
      </select>&nbsp;<input type="hidden" name="a" value="'.$a.'"/>
      <input type="hidden" name="s" value="'.$s.'"/>
      <input type="submit" name="ok" value="'.$L['Ok'].'"/>
      </form></td>
      </tr>
      </table>',
      'admin',
      0,
      '500px'
    );
    exit;
  }

  //update role
  if ( $oVIP->role!='A' && $v=='A' ) die('Access is restricted to administrators only');
  $oDB->Query('UPDATE '.TABUSER.' SET role="'.$_GET['r'].'" WHERE id='.$s);
  if ( $_GET['r']=='U' ) $oDB->Query('UPDATE '.TABSECTION.' SET moderator=1, moderatorname="Admin" WHERE moderator='.$s);

  // exit
  $oVIP->EndMessage(NULL,$L['S_update'],'admin',2);
  exit;
  break;

// --------------
case 'user_del':
// --------------

  if ( !$oVIP->IsStaff() ) die($L['R_staff']);
  if ( $s<2 ) die("Wrong parameters: user 0 and 1 cannot be deleted");
  include(Translate("qti_reg.php"));

  $oVIP->selfname = $L['User_del'];
  $oVIP->exiturl  = 'qti_members.php'; if ( $v=='adm' ) $oVIP->exiturl = 'qti_adm_users.php';
  $oVIP->exitname = '&laquo; '.$L['Memberlist'];

  $oDB->Query('SELECT name,photo FROM '.TABUSER.' WHERE id='.$s);
  $row = $oDB->Getrow();

  // ask confirmation
  if ( !isset($_GET['ok']) )
  {
    $str  = '<table class="hidden" cellspacing="0">';
    $str .= '<tr>'.N;
    $str .= '<td class="hidden">'.AsImgBox(AsImg(QTI_DIR_PIC.$row['photo'],'',$row['name'],'member'),'picbox','',$row['name']).'</td>';
    $str .= '<td class="hidden">';
    $str .= '<form method="get" action="'.$oVIP->selfurl.'">';
    $str .= '<p style="text-align:right">'.$L['User_del'].' '.$row['name'].' <input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="v" value="'.$v.'"/><input type="hidden" name="s" value="'.$s.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></p>';
    $str .= '</form></td>'.N;
    $str .= '</tr></table></form>'.N;
    $oVIP->EndMessage(NULL,$str,'admin',0,'500px');
    exit;
  }

  // delete avatar first
  if ( file_exists(QTI_DIR_PIC.$row['photo']) ) unlink(QTI_DIR_PIC.$row['photo']);

  // update post.userid, post.username, topic.firstpostuser, topic.lastpostuser, topic.firstpostname, topic.lastpostname
  $oDB->Query('UPDATE '.TABPOST.' SET userid=0, username="Visitor" WHERE userid='.$s);
  $oDB->Query('UPDATE '.TABTOPIC.' SET firstpostuser=0, firstpostname="Visitor" WHERE firstpostuser='.$s);
  $oDB->Query('UPDATE '.TABTOPIC.' SET lastpostuser=0, lastpostname="Visitor" WHERE lastpostuser='.$s);
  $oDB->Query('UPDATE '.TABSECTION.' SET moderator=1,moderatorname="Admin" WHERE moderator='.$s);

  // Delete user
  
  $oDB->Query('DELETE FROM '.TABUSER.' WHERE id='.$s);


  // Unregister global sys (will be recomputed on next page)
  
  Unset($_SESSION[QT]['sys_members']);
  Unset($_SESSION[QT]['sys_states']);

  // Exit
  
  $oVIP->EndMessage(NULL,$L['S_delete'],'admin',2);
  exit;
  break;

// --------------
case 'user_ban':
// --------------

  if ( !$oVIP->IsStaff() ) die($L['R_staff']);
  if ( $s<2 ) die('Wrong parameters: user 0 and 1 cannot be banned');
  include(Translate('qti_reg.php'));

  $oVIP->selfname = $L['Ban_user'];
  $oVIP->exiturl  = 'qti_usr.php?id='.$s;
  $oVIP->exitname = '&laquo; '.$L['Profile'];
  if ( $v=='adm' )
  {
    $oVIP->exiturl = 'qti_adm_users.php';
    $oVIP->exitname = '&laquo; '.$L['Users'];
  }

  // ask delay
  if ( !isset($_GET['ok']) || $t<0 )
  {
    $oDB->Query('SELECT closed,name,photo FROM '.TABUSER.' WHERE id='.$s);
    $row = $oDB->Getrow();
    $oVIP->EndMessage
    (
    NULL,
    '<table class="hidden" cellspacing="0"><tr>
    <td class="hidden">'.AsImgBox(AsImg(QTI_DIR_PIC.$row['photo'],'',$row['name'],'member'),'picbox','',$row['name']).'</td>
    <td class="hidden">
    <form method="get" action="'.$oVIP->selfurl.'">
    <p style="text-align:right">'.$L['H_ban'].' <select name="t" size="1"/>
    <option value="0"'.($row['closed']=='0' ? QSEL : '').'>'.$L['N'].'</option>
    <option value="1"'.($row['closed']=='1' ? QSEL : '').'>1 '.$L['Day'].'</option>
    <option value="2"'.($row['closed']=='2' ? QSEL : '').'>10 '.$L['Days'].'</option>
    <option value="3"'.($row['closed']=='3' ? QSEL : '').'>20 '.$L['Days'].'</option>
    <option value="4"'.($row['closed']=='4' ? QSEL : '').'>30 '.$L['Days'].'</option>
    </select>&nbsp;
    <input type="hidden" name="a" value="'.$a.'"/>
    <input type="hidden" name="s" value="'.$s.'"/>
    <input type="hidden" name="v" value="'.$v.'"/>
    <input type="submit" name="ok" value="'.$L['Ok'].'"/></p>
    </form>
    </td>
    </tr>
    </table>',
    'admin',
    0,
    '500px'
    );

    exit;
  }

  // ban user
  if ( $t==-1 ) die('Wrong parameters: delay');
  $oDB->Query('UPDATE '.TABUSER.' SET closed="'.$t.'" WHERE id='.$s);

  // exit
  $oVIP->EndMessage(NULL,$L['S_update'],'admin',2);
  exit;
  break;

// --------------
case 'topicdelete':
// --------------

  if ( !$oVIP->IsStaff() ) die($L['R_staff']);
  if ( $t<0 ) die('Wrong parameters: missing topic id');

  $oVIP->selfname = $L['Delete'].' '.$L['Topic'];
  $oVIP->exiturl = 'qti_topics.php?s='.$s;
  $oVIP->exitname = '&laquo; '.$L['Section'];

  // ask confirmation
  if ( !isset($_GET['ok']) )
  {
    $oTopic = new cTopic($t);
    if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate).')</span>'; }

    $oVIP->EndMessage
    (
    NULL,
    '<form method="get" action="'.$oVIP->selfurl.'">
    <table cellspacing="0" class="data_o">
    <tr>
    <td class="th_o th_o_first" style="width:150px;">'.$L['Title'].'</td>
    <td class="td_o">'.$oTopic->GetTopicTitle().'</td>
    </tr>
    <tr>
    <td class="th_o th_o_first">'.$L['Topic_starter'].'</td>
    <td class="td_o">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate).')</span></td>
    </tr>
    <tr>
    <td class="th_o th_o_first">'.$L['Replys'].'</td>
    <td class="td_o">'.$str.'</td>
    </tr>
    <tr>
    <td class="th_o th_o_first">&nbsp;</td>
    <td class="td_o"><input type="hidden" name="a" value="'.$a.'"/><input type="hidden" name="s" value="'.$s.'"/><input type="hidden" name="t" value="'.$t.'"/><input type="submit" name="ok" value="'.$L['Delete'].'"/></td>
    </tr>
    </table>
    </form>',
    $_SESSION[QT]['skin_dir'],
    0,
    '600px'
    );
    exit;
  }

  // delete topic
  if ( $t<0 ) die('Wrong parameters: missing topic id');
  $oDB->Query('DELETE FROM '.TABPOST.' WHERE topic='.$t);
  $oDB->Query('DELETE FROM '.TABTOPIC.' WHERE id='.$t);

  // update section stats
  UpdateSectionStats($s);

  Unset($_SESSION[QT]['sys_topics']);
  Unset($_SESSION[QT]['sys_replies']);

  // exit
  $oVIP->EndMessage(NULL,$L['S_delete'],$_SESSION[QT]['skin_dir'],2);
  exit;
  break;

// --------------
case 'topicmove':
// --------------

  if ( !$oVIP->IsStaff() ) die($L['R_staff']);
  if ( $t<0 ) die('Wrong parameters: missing topic id');

  $oVIP->selfname = $L['Move'].' '.$L['Topic'];
  $oVIP->exiturl = 'qti_topics.php?s='.$s;
  $oVIP->exitname = '&laquo; '.$L['Section'];

  // ask confirmation
  if ( !isset($_GET['ok']) || $p<0 )
  {
    $oTopic = new cTopic($t);
    $arrSections = QTarrget(GetSections($oVIP->role,-1,$s));
    if ( $oTopic->replies==0 ) { $str=$L['None']; } else { $str=$oTopic->replies.' <span class="small">('.$L['Last_message'].' '.QTdatestr($oTopic->lastpostdate).')</span>'; }

    $oVIP->EndMessage
    (
    NULL,
    '<form method="get" action="'.$oVIP->selfurl.'">
    <table cellspacing="0" class="data_o">
    <tr>
    <td class="th_o th_o_first" style="width:150px;">'.$L['Title'].'</td>
    <td class="td_o">'.$oTopic->GetTopicTitle().'</td>
    </tr>
    <tr>
    <td class="th_o th_o_first">'.$L['Topic_starter'].'</td>
    <td class="td_o">'.$oTopic->firstpostname.' <span class="small">('.QTdatestr($oTopic->firstpostdate).')</span></td>
    </tr>
    <tr>
    <td class="th_o th_o_first">'.$L['Replys'].'</td>
    <td class="td_o">'.$str.'</td>
    </tr>
    <tr>
    <td class="th_o th_o_first">'.$L['Move_to'].'</td>
    <td class="td_o"><select name="p" size="1">'.QTasTag($arrSections).'</select></td>
    </tr>
    <tr class="tr">
    <td class="th_o th_o_first">'.$L['Ref'].'</td>
    <td class="td_o"><select name="v" size="1">
    <option value="1">'.$L['Move_keep'].'</option>
    <option value="0">'.$L['Move_reset'].'</option>
    <option value="2">'.$L['Move_follow'].'</option>
    </select></td>
    </tr>
    <tr>
    <td class="th_o th_o_first">&nbsp;</td>
    <td class="td_o"><input type="hidden" name="a" value="'.$a.'"/>
    <input type="hidden" name="s" value="'.$s.'"/>
    <input type="hidden" name="t" value="'.$t.'"/>
    <input type="submit" name="ok" value="'.$L['Ok'].'"/></td>
    </tr>
    </table>
    </form>',
    $_SESSION[QT]['skin_dir'],
    0,
    '600px'
    );
    exit;
  }

  // move topic
  if ( $s<0 ) die('Wrong parameters forum id');
  if ( $t<0 ) die('Wrong parameters id');
  if ( $p<0 ) die('Wrong parameters dest');
  if ( $v<0 ) die('Wrong parameters ref');
  $oSEC = new cSection($s);
  $oSEC->MoveTopics($s,$p,$v,$t);

  // exit
  $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
  exit;
  break;

// --------------
default:
// --------------

  echo 'Unknown action';
  break;

// --------------
}

$oVIP->EndMessage('!','Command ['.$a.'] failled...',$_SESSION[QT]['skin_dir'],2);

?>
Return current item: QuickTicket