modreports.php

<?php
/**
*
* @package Icy Phoenix
* @version $Id$
* @copyright (c) 2008 Icy Phoenix
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

define('IN_ICYPHOENIX', true);
if (!defined('IP_ROOT_PATH')) define('IP_ROOT_PATH', './');
if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
include(IP_ROOT_PATH . 'common.' . PHP_EXT);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
// End session management

/**
 * SQL :
CREATE TABLE ip_mod_reports (
  `report_id` MEDIUMINT(8) PRIMARY KEY AUTO INCREMENT,
  `reporter_id` MEDIUMINT(8) UNSIGNED NOT NULL,
  `reporter_username` varchar(255) NOT NULL,
  `forum_id` MEDIUMINT(8) UNSIGNED NOT NULL,
  `post_id` MEDIUMINT(8) UNSIGNED NOT NULL,
  `report_message` TEXT,
  `report_state` SMALLINT(2) UNSIGNED NOT NULL,
  `report_category` SMALLINT(2) UNSIGNED,
  `handler_id` MEDIUMINT(8) UNSIGNED
);
reporter_id/username : user that reported the message
report_message: message left by the reporter to explain what the incrimined post has
report_state: see constants below
report_category: we might need another table+ACP control for this one.
  It could be like "spam", "pornographic", "swearings".
  Null means "none in the list"
handler_id: who's handling the report (one of the mods)
 */

/** !! NOTES !!
 * Should this allow to have conversations between reporter/handler ?
 *   vB allows that, seems a bit complicated to me, maybe we could use a special forum.
 * Maybe just "handler_message", which is sent as a PM to the user and kept as a future ref
 *
 * This requires $config['report_per_page'] to exist
 *
 * TODO : templates :D
 */


// THIS GOES INTO constants.php
define('CMS_PAGE_MODREPORTS', 'modreports.'.PHP_EXT);

// new report: nobody touched it yet
define('REPORT_STATE_NEW', 0);
// handling: somebody has been assigned to it
define('REPORT_STATE_HANDLING', 1);
// handled: the case is closed
define('REPORT_STATE_HANDLED', 2);
// closed: report not handled because considered invalid
define('REPORT_STATE_CLOSED', 3);

define('AUTH_REPORT', 20);

if (!$user->data['session_logged_in'])
{
  message_die(GENERAL_ERROR, 'Not_authorized');
}
// END OF constants.php PART

@include_once(IP_ROOT_PATH . 'includes/class_topics.' . PHP_EXT);
$class_topics = new class_topics();

// Init common vars: forum_id, topic_id, post_id, etc.
$class_topics->var_init(true);

$report_categories = array(
	'Spam',
	'Pornographic_content',
	'Swearings',
	'Bad_Behaviors',
);

$confirm = !empty($_POST['confirm']);

switch (request_var('mode', ''))
{
	case 'report':
		// step 1 : show a form to type in the mesage
		if (!$forum_id || !$post_id)
		{
			message_die(GENERAL_ERROR, 'Select_message_first');
		}
		if (!auth(AUTH_REPORT, $forum_id, $user->data))
		{
			message_die(GENERAL_ERROR, 'Not_authorized');
		}

		if (isset($_POST['cancel']))
		{
			message_die(GENERAL_MESSAGE, 'Canceled_report');
		}
		else if ($confirm)
		{
			// user selected a category
			if (isset($_POST['category']))
			{
				// check if the category is valid; else use null
				if (!isset($report_categories[$category = $_POST['category']]))
				{
					$category = NULL;
				}
			}
			else
			{
				$category = NULL;
			}

			$sql = 'INSERT INTO ' . MOD_REPORTS_TABLE . $db->sql_build_insert_update(array(
				'reporter_id' => $user->data['user_id'],
				'reporter_username' => $user->data['username'],
				'forum_id' => $forum_id,
				'post_id' => $topic_id,
				'report_message' => request_post_var('message', ''),
				'report_state' => REPORT_STATE_NEW,
				'report_category' => $category,
			));
			if (!$db->sql_query($sql))
			{
				message_die(GENERAL_ERROR, 'Unable to add report to db', '', __LINE__, __FILE__, $sql);
			}
		}
		else
		{
			// display form
		}
	break;

	case 'manage':
		// @todo AUTH_MANAGE_REPORT might be better handled by AUTH_MOD ? or something
		$report_id = request_var('report_id', 0);

		$sql = 'SELECT *
			FROM ' . MOD_REPORTS_TABLE . '
			WHERE report_id = ' . $report_id;
		$result = $db->sql_query($sql);
		$row = $db->sql_fetchrow($result);
		if (!$row)
		{
			message_die(GENERAL_MESSAGE, 'Select_report_first');
		}
		if (!auth(AUTH_MANAGE_REPORT, $row['forum_id'], $user->data))
		{
			message_die(GENERAL_MESSAGE, 'Not_authorized');
		}

		$valid = false;
		switch (request_var('action', ''))
		{
			case 'handle':
				$state = REPORT_STATE_HANDLING;
				$valid = $row['report_state'] == REPORT_STATE_NEW || $user->data['user_level'] == ADMIN)
			break;

			case 'solve':
			case 'close':
				// Either :
				// - Report is in state "new"
				// - Report is in state "handling" and :
				//   - User is admin
				//   - User is handler
				$valid = ($row['report_state'] == REPORT_STATE_NEW
				 || $row['report_state'] == REPORT_STATE_HANDLING
				  && ($user->data['user_level'] == ADMIN || $row['handler_id'] == $user->data['user_id']))
				
				$state = $action == 'solve' ? REPORT_STATE_HANDLED : REPORT_STATE_CLOSED;
			break;

			default:
				message_die(GENERAL_MESSAGE, 'Select_action_first');
		}
		
		$sql = 'UPDATE ' . MOD_REPORTS_TABLE . '
			SET report_state = ' . $state . '
				handler_id = ' . $user->data['user_id'] . 
				' WHERE report_id = ' . $report_id;
		if (!$db->sql_query($sql))
		{
			message_die(GENERAL_ERROR, 'Unable to change report state', '', __LINE__, __FILE__, $sql);
		}
	break;

	// case 'list'
	default:
		$is_auth = auth(AUTH_ALL, AUTH_LIST_ALL, $user->data);
		if ($user->data['user_level'] != ADMIN && $user->data['user_level'] != MOD)
		{
			message_die(GENERAL_ERROR, 'Not_authorized');
		}
		
		if ($user->data['user_level'] == ADMIN)
		{
			$where_forum_sql = '';
		}
		else
		{
			$where_forum_sql = ' AND ';
			$forum_ids = array();
			foreach ($is_auth as $forum_id => $auth)
			{
				if ($auth['auth_manage_report'])
				{
					$forum_ids[] = $forum_id;
				}
			}
			$where_forum_sql .= $db->sql_in_set('forum_id');
		}
		$where_sql = ' WHERE report_state = ' . REPORT_STATE_NEW . '
				OR (report_state = ' . REPORT_STATE_HANDLING . ' AND handler_id = ' . $user->data['user_id'] . ')
			' . $where_forum_sql;

		$start = request_var('start', 0);
		$start = ($start < 0) ? 0 : $start;

		// TODO also allow to select which state we want to look into
		$sql = 'SELECT mr.*, f.forum_title,
				r.user_id, r.username, r.user_color, r.user_active,
				p.post_id, p.topic_id
			FROM ' . MOD_REPORTS_TABLE . ' mr
				LEFT JOIN ' . FORUMS_TABLE . ' f ON f.forum_id = mr.forum_id
				LEFT JOIN ' . USERS_TABLE . ' r ON r.user_id = mr.reporter_id
				LEFT JOIN ' . POSTS_TABLE . ' p ON p.post_id = mr.post_id

			' . $where_sql . '

			LIMIT ' . $start . ', ' . $config['report_per_page'];
		$result = $db->sql_query($sql);

		while ($row = $db->sql_fetchrow($result))
		{
			$post_link = '<a href="' . append_sid(CMS_PAGE_VIEWTOPIC . '?' . POST_FORUM_URL . '=' . $row['forum_id']
			 . '&amp;' . POST_TOPIC_URL . '=' . $row['topic_id'] . '&amp;' . POST_POST_URL . '=' . $row['post_id']);
			$post_link .= '">' . $lang['Go_to_post'] . '</a>';

			$template->assign_block_vars('reportrow', array(
				'REPORTER_NAME' => colorize_username($row['user_id'], $row['username'], $row['user_color'], $row['user_active']),
				'GO_TO_POST' => $post_link,
			));
		}

		$sql = 'SELECT count(id) as numrows
			FROM ' . MOD_REPORTS_TABLE .
			$where_sql;
		$result = $db->sql_query($sql);
		$row = $db->sql_fetchrow($result);
		$count = $row['numrows'];

		$template->assign_vars(array(
			'PAGINATION' => generate_pagination(CMS_PAGE_MODREPORTS, $count, $config['reports_per_page'], $start),
		));
}