Gazelle/sections/reports/compose.php

<?
if(!check_perms('site_moderate_forums')) {
	error(403);
}

if(empty($Return)) {
	$ToID = $_GET['to'];
	if($ToID == $LoggedUser['ID']) {
		error("You cannot start a conversation with yourself!");
		header('Location: inbox.php');
	}
}

if(!$ToID || !is_number($ToID)) {
	error(404);
}

$ReportID = $_GET['reportid'];
$Type = $_GET['type'];
$ThingID= $_GET['thingid'];

if(!$ReportID || !is_number($ReportID) || !$ThingID || !is_number($ThingID) || !$Type) {
	error(403);
}

if(!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$ToID])) {
	error(403);
}

$DB->query("SELECT Username FROM users_main WHERE ID='$ToID'");
list($ComposeToUsername) = $DB->next_record();
if(!$ComposeToUsername) {
	error(404);
}
View::show_header('Compose', 'inbox,bbcode');

// $TypeLink is placed directly in the <textarea> when composing a PM
switch($Type) {
	case "user" :
		$DB->query("SELECT Username FROM users_main WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error = "No user with the reported ID found";
		} else {
			list($Username) = $DB->next_record();
			$TypeLink = "the user [user]".$Username."[/user]";
			$Subject = "User Report: ".display_str($Username);
		}
		break;
	case "request" :
	case "request_update" :
		$DB->query("SELECT Title FROM requests WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error = "No request with the reported ID found";
		} else {
			list($Name) = $DB->next_record();
			$TypeLink = "the request [url=https://".SSL_SITE_URL."/requests.php?action=view&amp;id=".$ThingID."]".display_str($Name)."[/url]";
			$Subject = "Request Report: ".display_str($Name);
		}
		break;
	case "collage" :
		$DB->query("SELECT Name FROM collages WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error = "No collage with the reported ID found";
		} else {
			list($Name) = $DB->next_record();
			$TypeLink = "the collage [url=https://".SSL_SITE_URL."/collage.php?id=".$ThingID."]".display_str($Name)."[/url]";
			$Subject = "Collage Report: ".display_str($Name);
		}
		break;
	case "thread" :
		$DB->query("SELECT Title FROM forums_topics WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error = "No forum thread with the reported ID found";
		} else {
			list($Title) = $DB->next_record();
			$TypeLink = "the forum thread [url=https://".SSL_SITE_URL."/forums.php?action=viewthread&amp;threadid=".$ThingID."]".display_str($Title)."[/url]";
			$Subject = "Forum Thread Report: ".display_str($Title);
		}
		break;
	case "post" :
		if (isset($LoggedUser['PostsPerPage'])) {
			$PerPage = $LoggedUser['PostsPerPage'];
		} else {
			$PerPage = POSTS_PER_PAGE;
		}
		$DB->query("SELECT p.ID, p.Body, p.TopicID, (SELECT COUNT(ID) FROM forums_posts WHERE forums_posts.TopicID = p.TopicID AND forums_posts.ID<=p.ID) AS PostNum FROM forums_posts AS p WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error =  "No forum post with the reported ID found";
		} else {
			list($PostID,$Body,$TopicID,$PostNum) = $DB->next_record();
			$TypeLink = "this [url=https://".SSL_SITE_URL."/forums.php?action=viewthread&amp;threadid=".$TopicID."&amp;post=".$PostNum."#post".$PostID."]forum post[/url]";
			$Subject = "Forum Post Report: Post ID #".display_str($PostID);
		}
		break;
	case "requests_comment" :
		$DB->query("SELECT rc.RequestID, rc.Body, (SELECT COUNT(ID) FROM requests_comments WHERE ID <= ".$ThingID." AND requests_comments.RequestID = rc.RequestID) AS CommentNum FROM requests_comments AS rc WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error =  "No request comment with the reported ID found";
		} else {
			list($RequestID, $Body, $PostNum) = $DB->next_record();
			$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);
			$TypeLink = "this [url=https://".SSL_SITE_URL."/requests.php?action=view&amp;id=".$RequestID."&amp;page=".$PageNum."#post".$ThingID."]request comment[/url]";
			$Subject = "Request Comment Report: ID #".display_str($ThingID);
		}
		break;
	case "torrents_comment" :
		$DB->query("SELECT tc.GroupID, tc.Body, (SELECT COUNT(ID) FROM torrents_comments WHERE ID <= ".$ThingID." AND torrents_comments.GroupID = tc.GroupID) AS CommentNum FROM torrents_comments AS tc WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error =  "No torrent comment with the reported ID found";
		} else {
			list($GroupID, $Body, $PostNum) = $DB->next_record();
			$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);
			$TypeLink = "this [url=https://".SSL_SITE_URL."/torrents.php?id=".$GroupID."&amp;page=".$PageNum."#post".$ThingID."]torrent comment[/url]";
			$Subject = "Torrent Comment Report: ID #".display_str($ThingID);
		}
		break;
	case "collages_comment" :
		$DB->query("SELECT cc.CollageID, cc.Body, (SELECT COUNT(ID) FROM collages_comments WHERE ID <= ".$ThingID." AND collages_comments.CollageID = cc.CollageID) AS CommentNum FROM collages_comments AS cc WHERE ID=".$ThingID);
		if($DB->record_count() < 1) {
			$Error =  "No collage comment with the reported ID found";
		} else {
			list($CollageID, $Body, $PostNum) = $DB->next_record();
			$PerPage = POSTS_PER_PAGE;
			$PageNum = ceil($PostNum / $PerPage);
			$TypeLink = "this [url=https://".SSL_SITE_URL."/collage.php?action=comments&amp;collageid=".$CollageID."&amp;page=".$PageNum."#post".$ThingID."]collage comment[/url]";
			$Subject = "Collage Comment Report: ID #".display_str($ThingID);
		}
		break;
	default:
		error("Incorrect type");
		break;
}
if(isset($Error)) {
	error($Error);
}

$DB->query("SELECT r.Reason FROM reports AS r WHERE r.ID = $ReportID");
list($Reason) = $DB->next_record();

$Body = "You reported $TypeLink for the reason:\n[quote]".$Reason."[/quote]";

?>
<div class="thin">
	<div class="header">
		<h2>
			Send a message to <a href="user.php?id=<?=$ToID?>"> <?=$ComposeToUsername?></a>
		</h2>
	</div>
	<form class="send_form" name="message" action="reports.php" method="post" id="messageform">
		<div class="box pad">
			<input type="hidden" name="action" value="takecompose" />
			<input type="hidden" name="toid" value="<?=$ToID?>" />
			<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
			<div id="quickpost">
				<h3>Subject</h3>
				<input type="text" name="subject" size="95" value="<?=(!empty($Subject) ? $Subject : '')?>" />
				<br />
				<h3>Body</h3>
				<textarea id="body" name="body" cols="95" rows="10"><?=(!empty($Body) ? $Body : '')?></textarea>
			</div>
			<div id="preview" class="hidden"></div>
			<div id="buttons" class="center">
				<input type="button" value="Preview" onclick="Quick_Preview();" />
				<input type="submit" value="Send message" />
			</div>
		</div>
	</form>
</div>

<?
View::show_footer();
?>
Empty commit 2012-09-04 08:00:23 +00:00			`<?`
			`if(!check_perms('site_moderate_forums')) {`
			`error(403);`
			`}`

			`if(empty($Return)) {`
			`$ToID = $_GET['to'];`
			`if($ToID == $LoggedUser['ID']) {`
			`error("You cannot start a conversation with yourself!");`
			`header('Location: inbox.php');`
			`}`
			`}`

			`if(!$ToID \|\| !is_number($ToID)) {`
			`error(404);`
			`}`

			`$ReportID = $_GET['reportid'];`
			`$Type = $_GET['type'];`
			`$ThingID= $_GET['thingid'];`

			`if(!$ReportID \|\| !is_number($ReportID) \|\| !$ThingID \|\| !is_number($ThingID) \|\| !$Type) {`
			`error(403);`
			`}`

			`if(!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$ToID])) {`
			`error(403);`
			`}`

			`$DB->query("SELECT Username FROM users_main WHERE ID='$ToID'");`
Empty commit 2012-09-18 08:00:29 +00:00			`list($ComposeToUsername) = $DB->next_record();`
			`if(!$ComposeToUsername) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(404);`
			`}`
Empty commit 2012-10-11 08:00:15 +00:00			`View::show_header('Compose', 'inbox,bbcode');`
Empty commit 2012-09-04 08:00:23 +00:00
Empty commit 2013-01-16 08:00:31 +00:00			`// $TypeLink is placed directly in the <textarea> when composing a PM`
Empty commit 2012-09-04 08:00:23 +00:00			`switch($Type) {`
			`case "user" :`
			`$DB->query("SELECT Username FROM users_main WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
			`$Error = "No user with the reported ID found";`
			`} else {`
			`list($Username) = $DB->next_record();`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "the user [user]".$Username."[/user]";`
			`$Subject = "User Report: ".display_str($Username);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`case "request" :`
			`case "request_update" :`
			`$DB->query("SELECT Title FROM requests WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
			`$Error = "No request with the reported ID found";`
			`} else {`
			`list($Name) = $DB->next_record();`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "the request [url=https://".SSL_SITE_URL."/requests.php?action=view&id=".$ThingID."]".display_str($Name)."[/url]";`
			`$Subject = "Request Report: ".display_str($Name);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`case "collage" :`
			`$DB->query("SELECT Name FROM collages WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
			`$Error = "No collage with the reported ID found";`
			`} else {`
			`list($Name) = $DB->next_record();`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "the collage [url=https://".SSL_SITE_URL."/collage.php?id=".$ThingID."]".display_str($Name)."[/url]";`
			`$Subject = "Collage Report: ".display_str($Name);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`case "thread" :`
			`$DB->query("SELECT Title FROM forums_topics WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
Empty commit 2012-09-15 08:00:25 +00:00			`$Error = "No forum thread with the reported ID found";`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($Title) = $DB->next_record();`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "the forum thread [url=https://".SSL_SITE_URL."/forums.php?action=viewthread&threadid=".$ThingID."]".display_str($Title)."[/url]";`
			`$Subject = "Forum Thread Report: ".display_str($Title);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`case "post" :`
			`if (isset($LoggedUser['PostsPerPage'])) {`
			`$PerPage = $LoggedUser['PostsPerPage'];`
			`} else {`
			`$PerPage = POSTS_PER_PAGE;`
			`}`
			`$DB->query("SELECT p.ID, p.Body, p.TopicID, (SELECT COUNT(ID) FROM forums_posts WHERE forums_posts.TopicID = p.TopicID AND forums_posts.ID<=p.ID) AS PostNum FROM forums_posts AS p WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
Empty commit 2012-09-15 08:00:25 +00:00			`$Error = "No forum post with the reported ID found";`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($PostID,$Body,$TopicID,$PostNum) = $DB->next_record();`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "this [url=https://".SSL_SITE_URL."/forums.php?action=viewthread&threadid=".$TopicID."&post=".$PostNum."#post".$PostID."]forum post[/url]";`
			`$Subject = "Forum Post Report: Post ID #".display_str($PostID);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`case "requests_comment" :`
			`$DB->query("SELECT rc.RequestID, rc.Body, (SELECT COUNT(ID) FROM requests_comments WHERE ID <= ".$ThingID." AND requests_comments.RequestID = rc.RequestID) AS CommentNum FROM requests_comments AS rc WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
Empty commit 2012-09-15 08:00:25 +00:00			`$Error = "No request comment with the reported ID found";`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($RequestID, $Body, $PostNum) = $DB->next_record();`
			`$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "this [url=https://".SSL_SITE_URL."/requests.php?action=view&id=".$RequestID."&page=".$PageNum."#post".$ThingID."]request comment[/url]";`
			`$Subject = "Request Comment Report: ID #".display_str($ThingID);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`case "torrents_comment" :`
			`$DB->query("SELECT tc.GroupID, tc.Body, (SELECT COUNT(ID) FROM torrents_comments WHERE ID <= ".$ThingID." AND torrents_comments.GroupID = tc.GroupID) AS CommentNum FROM torrents_comments AS tc WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
Empty commit 2012-09-15 08:00:25 +00:00			`$Error = "No torrent comment with the reported ID found";`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($GroupID, $Body, $PostNum) = $DB->next_record();`
			`$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "this [url=https://".SSL_SITE_URL."/torrents.php?id=".$GroupID."&page=".$PageNum."#post".$ThingID."]torrent comment[/url]";`
			`$Subject = "Torrent Comment Report: ID #".display_str($ThingID);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`case "collages_comment" :`
			`$DB->query("SELECT cc.CollageID, cc.Body, (SELECT COUNT(ID) FROM collages_comments WHERE ID <= ".$ThingID." AND collages_comments.CollageID = cc.CollageID) AS CommentNum FROM collages_comments AS cc WHERE ID=".$ThingID);`
			`if($DB->record_count() < 1) {`
Empty commit 2012-09-15 08:00:25 +00:00			`$Error = "No collage comment with the reported ID found";`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($CollageID, $Body, $PostNum) = $DB->next_record();`
			`$PerPage = POSTS_PER_PAGE;`
			`$PageNum = ceil($PostNum / $PerPage);`
Empty commit 2013-01-16 08:00:31 +00:00			`$TypeLink = "this [url=https://".SSL_SITE_URL."/collage.php?action=comments&collageid=".$CollageID."&page=".$PageNum."#post".$ThingID."]collage comment[/url]";`
			`$Subject = "Collage Comment Report: ID #".display_str($ThingID);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`default:`
			`error("Incorrect type");`
			`break;`
			`}`
			`if(isset($Error)) {`
			`error($Error);`
			`}`

			`$DB->query("SELECT r.Reason FROM reports AS r WHERE r.ID = $ReportID");`
			`list($Reason) = $DB->next_record();`

Empty commit 2013-01-16 08:00:31 +00:00			`$Body = "You reported $TypeLink for the reason:\n[quote]".$Reason."[/quote]";`
Empty commit 2012-09-04 08:00:23 +00:00
			`?>`
			`<div class="thin">`
			`<div class="header">`
			`<h2>`
Empty commit 2012-09-18 08:00:29 +00:00			`Send a message to <a href="user.php?id=<?=$ToID?>"> <?=$ComposeToUsername?></a>`
Empty commit 2012-09-04 08:00:23 +00:00			`</h2>`
			`</div>`
Empty commit 2012-09-15 08:00:25 +00:00			`<form class="send_form" name="message" action="reports.php" method="post" id="messageform">`
Empty commit 2012-09-04 08:00:23 +00:00			`<div class="box pad">`
Empty commit 2013-01-16 08:00:31 +00:00			`<input type="hidden" name="action" value="takecompose" />`
			`<input type="hidden" name="toid" value="<?=$ToID?>" />`
			`<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />`
Empty commit 2012-09-04 08:00:23 +00:00			`<div id="quickpost">`
			`<h3>Subject</h3>`
Empty commit 2013-01-16 08:00:31 +00:00			`<input type="text" name="subject" size="95" value="<?=(!empty($Subject) ? $Subject : '')?>" />`
			`<br />`
Empty commit 2012-09-04 08:00:23 +00:00			`<h3>Body</h3>`
			`<textarea id="body" name="body" cols="95" rows="10"><?=(!empty($Body) ? $Body : '')?></textarea>`
			`</div>`
			`<div id="preview" class="hidden"></div>`
			`<div id="buttons" class="center">`
Empty commit 2013-01-16 08:00:31 +00:00			`<input type="button" value="Preview" onclick="Quick_Preview();" />`
			`<input type="submit" value="Send message" />`
Empty commit 2012-09-04 08:00:23 +00:00			`</div>`
			`</div>`
			`</form>`
			`</div>`

			`<?`
Empty commit 2012-10-11 08:00:15 +00:00			`View::show_footer();`
Empty commit 2012-09-04 08:00:23 +00:00			`?>`