Gazelle/sections/reports/compose.php

<?
if (!check_perms('site_moderate_forums')) {
	error(403);
}

if (empty($Return)) {
	$ToID = $_GET['to'];
	if ($ToID == $LoggedUser['ID']) {
		error("You cannot start a conversation with yourself!");
		header('Location: inbox.php');
	}
}

if (!$ToID || !is_number($ToID)) {
	error(404);
}

$ReportID = $_GET['reportid'];
$Type = $_GET['type'];
$ThingID= $_GET['thingid'];

if (!$ReportID || !is_number($ReportID) || !$ThingID || !is_number($ThingID) || !$Type) {
	error(403);
}

if (!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$ToID])) {
	error(403);
}

$DB->query("
	SELECT Username
	FROM users_main
	WHERE ID='$ToID'");
list($ComposeToUsername) = $DB->next_record();
if (!$ComposeToUsername) {
	error(404);
}
View::show_header('Compose', 'inbox,bbcode');

// $TypeLink is placed directly in the <textarea> when composing a PM
switch ($Type) {
	case 'user':
		$DB->query("
			SELECT Username
			FROM users_main
			WHERE ID=$ThingID");
		if (!$DB->has_results()) {
			$Error = 'No user with the reported ID found';
		} else {
			list($Username) = $DB->next_record();
			$TypeLink = "the user [user]{$Username}[/user]";
			$Subject = 'User Report: '.display_str($Username);
		}
		break;
	case 'request':
	case 'request_update':
		$DB->query("
			SELECT Title
			FROM requests
			WHERE ID=$ThingID");
		if (!$DB->has_results()) {
			$Error = 'No request with the reported ID found';
		} else {
			list($Name) = $DB->next_record();
			$TypeLink = 'the request [url=https://'.SSL_SITE_URL."/requests.php?action=view&amp;id=$ThingID]".display_str($Name).'[/url]';
			$Subject = 'Request Report: '.display_str($Name);
		}
		break;
	case 'collage':
		$DB->query("
			SELECT Name
			FROM collages
			WHERE ID=$ThingID");
		if (!$DB->has_results()) {
			$Error = 'No collage with the reported ID found';
		} else {
			list($Name) = $DB->next_record();
			$TypeLink = 'the collage [url=https://'.SSL_SITE_URL."/collage.php?id=$ThingID]".display_str($Name).'[/url]';
			$Subject = 'Collage Report: '.display_str($Name);
		}
		break;
	case 'thread':
		$DB->query("
			SELECT Title
			FROM forums_topics
			WHERE ID=$ThingID");
		if (!$DB->has_results()) {
			$Error = 'No forum thread with the reported ID found';
		} else {
			list($Title) = $DB->next_record();
			$TypeLink = 'the forum thread [url=https://'.SSL_SITE_URL."/forums.php?action=viewthread&amp;threadid=$ThingID]".display_str($Title).'[/url]';
			$Subject = 'Forum Thread Report: '.display_str($Title);
		}
		break;
	case 'post':
		if (isset($LoggedUser['PostsPerPage'])) {
			$PerPage = $LoggedUser['PostsPerPage'];
		} else {
			$PerPage = POSTS_PER_PAGE;
		}
		$DB->query("
			SELECT
				p.ID,
				p.Body,
				p.TopicID,
				(	SELECT COUNT(p2.ID)
					FROM forums_posts AS p2
					WHERE p2.TopicID = p.TopicID
						AND p2.ID <= p.ID
				) AS PostNum
			FROM forums_posts AS p
			WHERE p.ID = $ThingID");
		if (!$DB->has_results()) {
			$Error = 'No forum post with the reported ID found';
		} else {
			list($PostID, $Body, $TopicID, $PostNum) = $DB->next_record();
			$TypeLink = 'this [url=https://'.SSL_SITE_URL."/forums.php?action=viewthread&amp;threadid=$TopicID&amp;post=$PostNum#post$PostID]forum post[/url]";
			$Subject = 'Forum Post Report: Post ID #'.display_str($PostID);
		}
		break;
	case 'comment':
		$DB->query("
			SELECT 1
			FROM comments
			WHERE ID = $ThingID");
		if (!$DB->has_results()) {
			$Error = 'No comment with the reported ID found';
		} else {
			$TypeLink = '[url=https://'.SSL_SITE_URL."/comments.php?action=jump&amp;postid=$ThingID]this comment[/url]";
			$Subject = 'Comment Report: ID #'.display_str($ThingID);
		}
		break;
	default:
		error('Incorrect type');
		break;
}
if (isset($Error)) {
	error($Error);
}

$DB->query("
	SELECT Reason
	FROM reports
	WHERE ID = $ReportID");
list($Reason) = $DB->next_record();

$Body = "You reported $TypeLink for the reason:\n[quote]{$Reason}[/quote]";

?>
<div class="thin">
	<div class="header">
		<h2>
			Send a message to <a href="user.php?id=<?=$ToID?>"> <?=$ComposeToUsername?></a>
		</h2>
	</div>
	<form class="send_form" name="message" action="reports.php" method="post" id="messageform">
		<div class="box pad">
			<input type="hidden" name="action" value="takecompose" />
			<input type="hidden" name="toid" value="<?=$ToID?>" />
			<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
			<div id="quickpost">
				<h3>Subject</h3>
				<input type="text" name="subject" size="95" value="<?=(!empty($Subject) ? $Subject : '')?>" />
				<br />
				<h3>Body</h3>
				<textarea id="body" name="body" cols="95" rows="10"><?=(!empty($Body) ? $Body : '')?></textarea>
			</div>
			<div id="preview" class="hidden"></div>
			<div id="buttons" class="center">
				<input type="button" value="Preview" onclick="Quick_Preview();" />
				<input type="submit" value="Send message" />
			</div>
		</div>
	</form>
</div>
<?
View::show_footer();
?>
Empty commit 2012-09-04 08:00:23 +00:00			`<?`
Empty commit 2013-05-01 08:00:16 +00:00			`if (!check_perms('site_moderate_forums')) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(403);`
			`}`

Empty commit 2013-05-01 08:00:16 +00:00			`if (empty($Return)) {`
Empty commit 2012-09-04 08:00:23 +00:00			`$ToID = $_GET['to'];`
Empty commit 2013-05-01 08:00:16 +00:00			`if ($ToID == $LoggedUser['ID']) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error("You cannot start a conversation with yourself!");`
			`header('Location: inbox.php');`
			`}`
			`}`

Empty commit 2013-05-01 08:00:16 +00:00			`if (!$ToID \|\| !is_number($ToID)) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(404);`
			`}`

			`$ReportID = $_GET['reportid'];`
			`$Type = $_GET['type'];`
			`$ThingID= $_GET['thingid'];`

Empty commit 2013-05-01 08:00:16 +00:00			`if (!$ReportID \|\| !is_number($ReportID) \|\| !$ThingID \|\| !is_number($ThingID) \|\| !$Type) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(403);`
			`}`

Empty commit 2013-05-01 08:00:16 +00:00			`if (!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$ToID])) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(403);`
			`}`

Empty commit 2013-05-30 08:00:30 +00:00			`$DB->query("`
			`SELECT Username`
			`FROM users_main`
			`WHERE ID='$ToID'");`
Empty commit 2012-09-18 08:00:29 +00:00			`list($ComposeToUsername) = $DB->next_record();`
Empty commit 2013-05-01 08:00:16 +00:00			`if (!$ComposeToUsername) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(404);`
			`}`
Empty commit 2012-10-11 08:00:15 +00:00			`View::show_header('Compose', 'inbox,bbcode');`
Empty commit 2012-09-04 08:00:23 +00:00
Empty commit 2013-01-16 08:00:31 +00:00			`// $TypeLink is placed directly in the <textarea> when composing a PM`
Empty commit 2013-05-01 08:00:16 +00:00			`switch ($Type) {`
Empty commit 2013-05-30 08:00:30 +00:00			`case 'user':`
			`$DB->query("`
			`SELECT Username`
			`FROM users_main`
			`WHERE ID=$ThingID");`
Empty commit 2013-07-10 00:08:53 +00:00			`if (!$DB->has_results()) {`
Empty commit 2013-05-30 08:00:30 +00:00			`$Error = 'No user with the reported ID found';`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($Username) = $DB->next_record();`
Empty commit 2013-05-30 08:00:30 +00:00			`$TypeLink = "the user [user]{$Username}[/user]";`
			`$Subject = 'User Report: '.display_str($Username);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
Empty commit 2013-05-30 08:00:30 +00:00			`case 'request':`
			`case 'request_update':`
			`$DB->query("`
			`SELECT Title`
			`FROM requests`
			`WHERE ID=$ThingID");`
Empty commit 2013-07-10 00:08:53 +00:00			`if (!$DB->has_results()) {`
Empty commit 2013-05-30 08:00:30 +00:00			`$Error = 'No request with the reported ID found';`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($Name) = $DB->next_record();`
Empty commit 2013-05-30 08:00:30 +00:00			`$TypeLink = 'the request [url=https://'.SSL_SITE_URL."/requests.php?action=view&id=$ThingID]".display_str($Name).'[/url]';`
			`$Subject = 'Request Report: '.display_str($Name);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
Empty commit 2013-05-30 08:00:30 +00:00			`case 'collage':`
			`$DB->query("`
			`SELECT Name`
			`FROM collages`
			`WHERE ID=$ThingID");`
Empty commit 2013-07-10 00:08:53 +00:00			`if (!$DB->has_results()) {`
Empty commit 2013-05-30 08:00:30 +00:00			`$Error = 'No collage with the reported ID found';`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($Name) = $DB->next_record();`
Empty commit 2013-05-30 08:00:30 +00:00			`$TypeLink = 'the collage [url=https://'.SSL_SITE_URL."/collage.php?id=$ThingID]".display_str($Name).'[/url]';`
			`$Subject = 'Collage Report: '.display_str($Name);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
Empty commit 2013-05-30 08:00:30 +00:00			`case 'thread':`
			`$DB->query("`
			`SELECT Title`
			`FROM forums_topics`
			`WHERE ID=$ThingID");`
Empty commit 2013-07-10 00:08:53 +00:00			`if (!$DB->has_results()) {`
Empty commit 2013-05-30 08:00:30 +00:00			`$Error = 'No forum thread with the reported ID found';`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`list($Title) = $DB->next_record();`
Empty commit 2013-05-30 08:00:30 +00:00			`$TypeLink = 'the forum thread [url=https://'.SSL_SITE_URL."/forums.php?action=viewthread&threadid=$ThingID]".display_str($Title).'[/url]';`
			`$Subject = 'Forum Thread Report: '.display_str($Title);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
Empty commit 2013-05-30 08:00:30 +00:00			`case 'post':`
Empty commit 2012-09-04 08:00:23 +00:00			`if (isset($LoggedUser['PostsPerPage'])) {`
			`$PerPage = $LoggedUser['PostsPerPage'];`
			`} else {`
			`$PerPage = POSTS_PER_PAGE;`
			`}`
Empty commit 2013-05-30 08:00:30 +00:00			`$DB->query("`
			`SELECT`
			`p.ID,`
			`p.Body,`
			`p.TopicID,`
Empty commit 2013-11-17 08:00:47 +00:00			`( SELECT COUNT(p2.ID)`
			`FROM forums_posts AS p2`
			`WHERE p2.TopicID = p.TopicID`
			`AND p2.ID <= p.ID`
Empty commit 2013-05-30 08:00:30 +00:00			`) AS PostNum`
			`FROM forums_posts AS p`
Empty commit 2013-11-17 08:00:47 +00:00			`WHERE p.ID = $ThingID");`
Empty commit 2013-07-10 00:08:53 +00:00			`if (!$DB->has_results()) {`
Empty commit 2013-05-30 08:00:30 +00:00			`$Error = 'No forum post with the reported ID found';`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
Empty commit 2013-05-30 08:00:30 +00:00			`list($PostID, $Body, $TopicID, $PostNum) = $DB->next_record();`
			`$TypeLink = 'this [url=https://'.SSL_SITE_URL."/forums.php?action=viewthread&threadid=$TopicID&post=$PostNum#post$PostID]forum post[/url]";`
			`$Subject = 'Forum Post Report: Post ID #'.display_str($PostID);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
Empty commit 2013-08-28 23:08:41 +00:00			`case 'comment':`
Empty commit 2013-05-30 08:00:30 +00:00			`$DB->query("`
Empty commit 2013-08-28 23:08:41 +00:00			`SELECT 1`
Empty commit 2013-11-17 08:00:47 +00:00			`FROM comments`
Empty commit 2013-08-28 23:08:41 +00:00			`WHERE ID = $ThingID");`
Empty commit 2013-07-10 00:08:53 +00:00			`if (!$DB->has_results()) {`
Empty commit 2013-08-28 23:08:41 +00:00			`$Error = 'No comment with the reported ID found';`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
Empty commit 2013-08-28 23:08:41 +00:00			`$TypeLink = '[url=https://'.SSL_SITE_URL."/comments.php?action=jump&postid=$ThingID]this comment[/url]";`
			`$Subject = 'Comment Report: ID #'.display_str($ThingID);`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`break;`
			`default:`
Empty commit 2013-05-30 08:00:30 +00:00			`error('Incorrect type');`
Empty commit 2012-09-04 08:00:23 +00:00			`break;`
			`}`
Empty commit 2013-05-01 08:00:16 +00:00			`if (isset($Error)) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error($Error);`
			`}`

Empty commit 2013-05-30 08:00:30 +00:00			`$DB->query("`
Empty commit 2013-11-17 08:00:47 +00:00			`SELECT Reason`
			`FROM reports`
			`WHERE ID = $ReportID");`
Empty commit 2012-09-04 08:00:23 +00:00			`list($Reason) = $DB->next_record();`

Empty commit 2013-05-30 08:00:30 +00:00			`$Body = "You reported $TypeLink for the reason:\n[quote]{$Reason}[/quote]";`
Empty commit 2012-09-04 08:00:23 +00:00
			`?>`
			`<div class="thin">`
			`<div class="header">`
			`<h2>`
Empty commit 2012-09-18 08:00:29 +00:00			`Send a message to <a href="user.php?id=<?=$ToID?>"> <?=$ComposeToUsername?></a>`
Empty commit 2012-09-04 08:00:23 +00:00			`</h2>`
			`</div>`
Empty commit 2012-09-15 08:00:25 +00:00			`<form class="send_form" name="message" action="reports.php" method="post" id="messageform">`
Empty commit 2012-09-04 08:00:23 +00:00			`<div class="box pad">`
Empty commit 2013-01-16 08:00:31 +00:00			`<input type="hidden" name="action" value="takecompose" />`
			`<input type="hidden" name="toid" value="<?=$ToID?>" />`
			`<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />`
Empty commit 2012-09-04 08:00:23 +00:00			`<div id="quickpost">`
			`<h3>Subject</h3>`
Empty commit 2013-01-16 08:00:31 +00:00			`<input type="text" name="subject" size="95" value="<?=(!empty($Subject) ? $Subject : '')?>" />`
			`<br />`
Empty commit 2012-09-04 08:00:23 +00:00			`<h3>Body</h3>`
			`<textarea id="body" name="body" cols="95" rows="10"><?=(!empty($Body) ? $Body : '')?></textarea>`
			`</div>`
			`<div id="preview" class="hidden"></div>`
			`<div id="buttons" class="center">`
Empty commit 2013-01-16 08:00:31 +00:00			`<input type="button" value="Preview" onclick="Quick_Preview();" />`
			`<input type="submit" value="Send message" />`
Empty commit 2012-09-04 08:00:23 +00:00			`</div>`
			`</div>`
			`</form>`
			`</div>`
			`<?`
Empty commit 2012-10-11 08:00:15 +00:00			`View::show_footer();`
Empty commit 2012-09-04 08:00:23 +00:00			`?>`