diff --git a/classes/script_start.php b/classes/script_start.php index e7db54c5..3684eddc 100644 --- a/classes/script_start.php +++ b/classes/script_start.php @@ -210,7 +210,10 @@ } // IP changed + + if($LoggedUser['IP'] != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) { + if(site_ban_ip($_SERVER['REMOTE_ADDR'])) { error('Your IP has been banned.'); } diff --git a/sections/reports/compose.php b/sections/reports/compose.php new file mode 100644 index 00000000..fa2bdab4 --- /dev/null +++ b/sections/reports/compose.php @@ -0,0 +1,179 @@ + +if(!check_perms('site_moderate_forums')) { + error(403); +} + +if(empty($Return)) { + $ToID = $_GET['to']; + if($ToID == $LoggedUser['ID']) { + error("You cannot start a conversation with yourself!"); + header('Location: inbox.php'); + } +} + +if(!$ToID || !is_number($ToID)) { + error(404); +} + +$ReportID = $_GET['reportid']; +$Type = $_GET['type']; +$ThingID= $_GET['thingid']; + +if(!$ReportID || !is_number($ReportID) || !$ThingID || !is_number($ThingID) || !$Type) { + error(403); +} + +if(!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$ToID])) { + error(403); +} + +$DB->query("SELECT Username FROM users_main WHERE ID='$ToID'"); +list($Username) = $DB->next_record(); +if(!$Username) { + error(404); +} +show_header('Compose', 'inbox,bbcode'); + +switch($Type) { + case "user" : + $DB->query("SELECT Username FROM users_main WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No user with the reported ID found"; + } else { + list($Username) = $DB->next_record(); + $TypeLink = "[user]".$Username."[/user]"; + $Subject = "User Report: ". display_str($Username); + } + break; + case "request" : + case "request_update" : + $DB->query("SELECT Title FROM requests WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No request with the reported ID found"; + } else { + list($Name) = $DB->next_record(); + $TypeLink = "[url=https://".NONSSL_SITE_URL."requests.php?action=view&id=".$ThingID."]".display_str($Name)."[/url]"; + $Subject = "Request Report: ". display_str($Name); + + } + break; + case "collage" : + $DB->query("SELECT Name FROM collages WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No collage with the reported ID found"; + } else { + list($Name) = $DB->next_record(); + $TypeLink = "[url=https://".NONSSL_SITE_URL."collage.php?id=".$ThingID."]".display_str($Name)."[/url]"; + $Subject = "Collage Report: ". display_str($Name); + + } + break; + case "thread" : + $DB->query("SELECT Title FROM forums_topics WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No thread with the reported ID found"; + } else { + list($Title) = $DB->next_record(); + $TypeLink = "[url=https://".NONSSL_SITE_URL."forums.php?action=viewthread&threadid=".$ThingID."]".display_str($Title)."[/url]"; + $Subject = "Thread Report: ". display_str($Title); + + } + break; + case "post" : + if (isset($LoggedUser['PostsPerPage'])) { + $PerPage = $LoggedUser['PostsPerPage']; + } else { + $PerPage = POSTS_PER_PAGE; + } + $DB->query("SELECT p.ID, p.Body, p.TopicID, (SELECT COUNT(ID) FROM forums_posts WHERE forums_posts.TopicID = p.TopicID AND forums_posts.ID<=p.ID) AS PostNum FROM forums_posts AS p WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No post with the reported ID found"; + } else { + list($PostID,$Body,$TopicID,$PostNum) = $DB->next_record(); + $TypeLink = "[url=https://".NONSSL_SITE_URL."forums.php?action=viewthread&threadid=".$TopicID."&post=".$PostNum."#post".$PostID."]POST[/url]"; + $Subject = "Post Report"; + + } + break; + case "requests_comment" : + $DB->query("SELECT rc.RequestID, rc.Body, (SELECT COUNT(ID) FROM requests_comments WHERE ID <= ".$ThingID." AND requests_comments.RequestID = rc.RequestID) AS CommentNum FROM requests_comments AS rc WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No comment with the reported ID found"; + } else { + list($RequestID, $Body, $PostNum) = $DB->next_record(); + $PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE); + $TypeLink = "[url=https://".NONSSL_SITE_URL."requests.php?action=view&id=".$RequestID."&page=".$PageNum."#post".$ThingID."]COMMENT[/url]"; + $Subject = "Requests Comment Report"; + + } + break; + case "torrents_comment" : + $DB->query("SELECT tc.GroupID, tc.Body, (SELECT COUNT(ID) FROM torrents_comments WHERE ID <= ".$ThingID." AND torrents_comments.GroupID = tc.GroupID) AS CommentNum FROM torrents_comments AS tc WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No comment with the reported ID found"; + } else { + list($GroupID, $Body, $PostNum) = $DB->next_record(); + $PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE); + $TypeLink = "[url=https://".NONSSL_SITE_URL."torrents.php?id=".$GroupID."&page=".$PageNum."#post".$ThingID."]COMMENT[/url]"; + $Subject = "Torrent Comment Report"; + + } + break; + case "collages_comment" : + $DB->query("SELECT cc.CollageID, cc.Body, (SELECT COUNT(ID) FROM collages_comments WHERE ID <= ".$ThingID." AND collages_comments.CollageID = cc.CollageID) AS CommentNum FROM collages_comments AS cc WHERE ID=".$ThingID); + if($DB->record_count() < 1) { + $Error = "No comment with the reported ID found"; + } else { + list($CollageID, $Body, $PostNum) = $DB->next_record(); + $PerPage = POSTS_PER_PAGE; + $PageNum = ceil($PostNum / $PerPage); + $TypeLink = "[url=https://".NONSSL_SITE_URL."collage.php?action=comments&collageid=".$CollageID."&page=".$PageNum."#post".$ThingID."]COMMENT[/url]"; + $Subject = "Collage Comment Report"; + } + break; + default: + error("Incorrect type"); + break; +} +if(isset($Error)) { + error($Error); +} + +$DB->query("SELECT r.Reason FROM reports AS r WHERE r.ID = $ReportID"); +list($Reason) = $DB->next_record(); + +$Body = "You reported this $TypeLink for the reason:\n[quote]".$Reason."[/quote]"; + +?> +
Report | -=$Type['title']?> was reported by =$SnitchName?> =time_diff($ReportedTime)?> | +=$Type['title']?> was reported by =$SnitchName?> =time_diff($ReportedTime)?> [Contact] |