Fixed a long-standing quirk of the submission handling where the "Submissions" entry in the Admins Block wasn't updated after accepting / rejecting a submission
3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
9 // | Geeklog main administration page. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
35 require_once '../lib-common.php';
36 require_once 'auth.inc.php';
37 require_once $_CONF['path_system'] . 'lib-user.php';
38 require_once $_CONF['path_system'] . 'lib-story.php';
39 require_once $_CONF['path_system'] . 'lib-comment.php';
41 // Uncomment the line below if you need to debug the HTTP variables being passed
42 // to the script. This will sometimes cause errors but it will allow you to see
43 // the data being passed in a POST operation
44 // echo COM_debug($_POST);
46 // this defines the amount of icons displayed next to another in the CC-block
47 define ('ICONS_PER_ROW', 6);
50 * Renders an entry (icon) for the "Command and Control" center
52 * @param template $template template to use
53 * @param string $url URL the entry links to
54 * @param string $image URL of the icon
55 * @param string $label text to use under the icon
59 function render_cc_item (&$template, $url = '', $image = '', $label = '')
62 $template->set_var ('page_url', $url);
63 $template->set_var ('page_image', $image);
64 $template->set_var ('option_label', $label);
65 $template->set_var ('cell_width', ((int)(100 / ICONS_PER_ROW)) . '%');
67 return $template->parse ('cc_main_options', 'ccitem', false);
74 * Prints the command & control block at the top
76 * @param string $token CSRF token
77 * @return string HTML for the C&C block
78 * @todo The moderation items should be displayed with the help of ul/li
82 function commandcontrol($token)
84 global $_CONF, $_TABLES, $LANG01, $LANG29, $_IMAGE_TYPE, $_DB_dbms;
88 $admin_templates = new Template($_CONF['path_layout'] . 'admin/moderation');
89 $admin_templates->set_file (array ('cc' => 'moderation.thtml',
90 'ccrow' => 'ccrow.thtml',
91 'ccitem' => 'ccitem.thtml'));
92 $admin_templates->set_var('xhtml', XHTML);
93 $admin_templates->set_var('layout_url', $_CONF['layout_url']);
94 $admin_templates->set_var('site_url', $_CONF['site_url']);
95 $admin_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
97 $retval .= COM_startBlock ('Geeklog ' . VERSION . ' -- ' . $LANG29[34], '',
98 COM_getBlockTemplate ('_admin_block', 'header'));
100 $showTrackbackIcon = (($_CONF['trackback_enabled'] ||
101 $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])
102 && SEC_hasRights('story.ping'));
104 array('condition' => SEC_hasRights('story.edit'),
105 'url' => $_CONF['site_admin_url'] . '/story.php',
106 'lang' => $LANG01[11], 'image' => '/images/icons/story.'),
107 array('condition' => SEC_hasRights('block.edit'),
108 'url' => $_CONF['site_admin_url'] . '/block.php',
109 'lang' => $LANG01[12], 'image' => '/images/icons/block.'),
110 array('condition' => SEC_hasRights('topic.edit'),
111 'url' => $_CONF['site_admin_url'] . '/topic.php',
112 'lang' => $LANG01[13], 'image' => '/images/icons/topic.'),
113 array('condition' => SEC_hasRights('user.edit'),
114 'url' => $_CONF['site_admin_url'] . '/user.php',
115 'lang' => $LANG01[17], 'image' => '/images/icons/user.'),
116 array('condition' => SEC_hasRights('group.edit'),
117 'url' => $_CONF['site_admin_url'] . '/group.php',
118 'lang' => $LANG01[96], 'image' => '/images/icons/group.'),
119 array('condition' => SEC_hasRights('user.mail'),
120 'url' => $_CONF['site_admin_url'] . '/mail.php',
121 'lang' => $LANG01[105], 'image' => '/images/icons/mail.'),
122 array('condition' => SEC_hasRights ('syndication.edit'),
123 'url' => $_CONF['site_admin_url'] . '/syndication.php',
124 'lang' => $LANG01[38], 'image' => '/images/icons/syndication.'),
125 array('condition' => $showTrackbackIcon,
126 'url' => $_CONF['site_admin_url'] . '/trackback.php',
127 'lang' => $LANG01[116], 'image' => '/images/icons/trackback.'),
128 array('condition' => SEC_hasRights('plugin.edit'),
129 'url' => $_CONF['site_admin_url'] . '/plugins.php',
130 'lang' => $LANG01[98], 'image' => '/images/icons/plugins.')
132 $admin_templates->set_var('cc_icon_width', floor(100/ICONS_PER_ROW));
134 for ($i = 0; $i < count ($cc_arr); $i++) {
135 if ($cc_arr[$i]['condition']) {
136 $item = render_cc_item ($admin_templates, $cc_arr[$i]['url'],
137 $_CONF['layout_url'] . $cc_arr[$i]['image'] . $_IMAGE_TYPE,
138 $cc_arr[$i]['lang']);
139 $items[$cc_arr[$i]['lang']] = $item;
143 // now add the plugins
144 $plugins = PLG_getCCOptions ();
145 for ($i = 0; $i < count ($plugins); $i++) {
146 $cur_plugin = current ($plugins);
147 $item = render_cc_item ($admin_templates, $cur_plugin->adminurl,
148 $cur_plugin->plugin_image, $cur_plugin->adminlabel);
149 $items[$cur_plugin->adminlabel] = $item;
153 // and finally, add the remaining admin items
154 $docsUrl = $_CONF['site_url'] . '/docs/english/index.html';
155 if ($_CONF['link_documentation'] == 1) {
156 $doclang = COM_getLanguageName();
157 $docs = 'docs/' . $doclang . '/index.html';
158 if (file_exists($_CONF['path_html'] . $docs)) {
159 $docsUrl = $_CONF['site_url'] . '/' . $docs;
163 array('condition' => ($_CONF['allow_mysqldump'] == 1) &&
164 ($_DB_dbms == 'mysql') && SEC_inGroup('Root'),
165 'url' => $_CONF['site_admin_url'] . '/database.php',
166 'lang' => $LANG01[103], 'image' => '/images/icons/database.'),
167 array('condition' => ($_CONF['link_documentation'] == 1),
169 'lang' => $LANG01[113], 'image' => '/images/icons/docs.'),
170 array('condition' => (SEC_inGroup ('Root') &&
171 ($_CONF['link_versionchecker'] == 1)),
172 'url' => 'http://www.geeklog.net/versionchecker.php?version='
174 'lang' => $LANG01[107], 'image' => '/images/icons/versioncheck.'),
175 array('condition' => (SEC_inGroup ('Root')),
176 'url'=>$_CONF['site_admin_url'] . '/configuration.php',
177 'lang' => $LANG01[129], 'image' => '/images/icons/configuration.')
180 for ($i = 0; $i < count ($cc_arr); $i++) {
181 if ($cc_arr[$i]['condition']) {
182 $item = render_cc_item ($admin_templates, $cc_arr[$i]['url'],
183 $_CONF['layout_url'] . $cc_arr[$i]['image'] . $_IMAGE_TYPE,
184 $cc_arr[$i]['lang']);
185 $items[$cc_arr[$i]['lang']] = $item;
189 if ($_CONF['sort_admin']) {
190 uksort ($items, 'strcasecmp');
192 // logout is always the last entry
193 $item = render_cc_item ($admin_templates,
194 $_CONF['site_url'] . '/users.php?mode=logout',
195 $_CONF['layout_url'] . '/images/icons/logout.' . $_IMAGE_TYPE,
197 $items[$LANG01[35]] = $item;
200 $cc_main_options = '';
201 foreach ($items as $key => $val) {
202 $cc_main_options .= $val . LB;
204 if ($cols == ICONS_PER_ROW) {
205 $admin_templates->set_var('cc_main_options', $cc_main_options);
206 $admin_templates->parse ('cc_rows', 'ccrow', true);
207 $admin_templates->clear_var ('cc_main_options');
208 $cc_main_options = '';
214 // "flush out" any unrendered entries
215 $admin_templates->set_var('cc_main_options', $cc_main_options);
216 $admin_templates->parse ('cc_rows', 'ccrow', true);
217 $admin_templates->clear_var ('cc_main_options');
220 $retval .= $admin_templates->finish($admin_templates->parse('output','cc'));
222 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
224 if (SEC_hasRights('story.moderate')) {
225 $retval .= itemlist('story', $token);
228 if ($_CONF['listdraftstories'] == 1) {
229 if (SEC_hasRights('story.edit')) {
230 $retval .= draftlist ($token);
234 if ($_CONF['commentsubmission'] == 1) {
235 if (SEC_hasRights('comment.moderate')) {
236 $retval .= itemlist('comment', $token);
240 if ($_CONF['usersubmission'] == 1) {
241 if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
242 $retval .= userlist ($token);
246 $retval .= PLG_showModerationList($token);
252 * Displays items needing moderation
254 * Displays the moderation list of items from the submission tables
256 * @param string $type Type of object to build list for
257 * @param string $token CSRF token
258 * @return string HTML for the list of items
261 function itemlist($type, $token)
263 global $_CONF, $_TABLES, $LANG29, $LANG_ADMIN;
265 require_once( $_CONF['path_system'] . 'lib-admin.php' );
270 if ((strlen ($type) > 0) && ($type <> 'story') && ($type <> 'comment')) {
271 $function = 'plugin_itemlist_' . $type;
272 if (function_exists ($function)) {
273 // Great, we found the plugin, now call its itemlist method
274 $plugin = new Plugin();
275 $plugin = $function();
276 if (isset ($plugin)) {
277 $helpfile = $plugin->submissionhelpfile;
278 $sql = $plugin->getsubmissionssql;
279 $H = $plugin->submissionheading;
280 $section_title = $plugin->submissionlabel;
281 $section_help = $helpfile;
285 } elseif ( $type == 'story') { // story submission
286 $sql = "SELECT sid AS id,title,date,tid FROM {$_TABLES['storysubmission']}" . COM_getTopicSQL ('WHERE') . " ORDER BY date ASC";
287 $H = array($LANG29[10], $LANG29[14], $LANG29[15]);
288 $section_title = $LANG29[35];
289 $section_help = 'ccstorysubmission.html';
290 } elseif ($type == 'comment') {
291 $sql = "SELECT cid AS id,title,comment,date,uid,type,sid "
292 . "FROM {$_TABLES['commentsubmissions']} "
293 . "ORDER BY cid ASC";
294 $H = array($LANG29[10], $LANG29[36], $LANG29[14]);
295 $section_title = $LANG29[41];
296 $section_help = 'ccstorysubmission.html'; // FIXME
299 // run SQL but this time ignore any errors
301 $sql .= ' LIMIT 50'; // quick'n'dirty workaround to prevent timeouts
302 $result = DB_query($sql, 1);
304 if (empty ($sql) || DB_error()) {
305 // was more than likely a plugin that doesn't need moderation
309 $nrows = DB_numRows($result);
312 for ($i = 0; $i < $nrows; $i++) {
313 $A = DB_fetchArray($result);
315 $A['edit'] = $_CONF['site_admin_url'] . '/plugins/' . $type
316 . '/index.php?mode=editsubmission&id=' . $A[0];
317 } elseif ($type == 'comment') {
318 $A['edit'] = $_CONF['site_url'] . '/comment.php'
319 . '?mode=editsubmission&cid=' . $A[0];
321 $A['edit'] = $_CONF['site_admin_url'] . '/' . $type
322 . '.php?mode=editsubmission&id=' . $A[0];
325 $A['_moderation_type'] = $type;
330 $header_arr = array( // display 'text' and use table field 'field'
331 array('text' => $LANG_ADMIN['edit'], 'field' => 0),
332 array('text' => $H[0], 'field' => 1),
333 array('text' => $H[1], 'field' => 2),
334 array('text' => $H[2], 'field' => 3),
335 array('text' => $LANG29[2], 'field' => 'delete'),
336 array('text' => $LANG29[1], 'field' => 'approve'));
337 if ($type == 'comment') {
338 //data for comment submission headers
339 $header_arr[6]['text'] = $LANG29[42];
340 $header_arr[6]['field'] = 'uid';
341 $header_arr[7]['text'] = $LANG29[43];
342 $header_arr[7]['field'] = 'publishfuture';
345 $text_arr = array('has_menu' => false,
346 'title' => $section_title,
347 'help_url' => $section_help,
348 'no_data' => $LANG29[39],
349 'form_url' => "{$_CONF['site_admin_url']}/moderation.php"
351 $form_arr = array("bottom" => '', "top" => '');
353 $form_arr['bottom'] = '<input type="hidden" name="type" value="' . $type . '"' . XHTML . '>' . LB
354 . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"'. XHTML . '>' . LB
355 . '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB
356 . '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>'
357 . '<p class="aligncenter"><input type="submit" value="'
358 . $LANG_ADMIN['submit'] . '"' . XHTML . '></p>' . LB;
361 $listoptions = array('chkdelete' => true, 'chkfield' => 'id');
362 $table = ADMIN_simpleList('ADMIN_getListField_moderation', $header_arr,
363 $text_arr, $data_arr, $listoptions, $form_arr);
370 * Displays new user submissions
372 * When enabled, this will list all the new users which have applied for a
373 * site membership. When approving an application, an email containing the
374 * password is sent out immediately.
376 * @param string $token CSRF token
377 * @return string HTML for the list of users
380 function userlist($token)
382 global $_CONF, $_TABLES, $LANG29, $LANG_ADMIN;
384 require_once ($_CONF['path_system'] . 'lib-admin.php');
387 $sql = "SELECT uid as id,username,fullname,email FROM {$_TABLES['users']} WHERE status = 2";
388 $result = DB_query ($sql);
389 $nrows = DB_numRows($result);
391 for ($i = 0; $i < $nrows; $i++) {
392 $A = DB_fetchArray($result);
393 $A['edit'] = $_CONF['site_admin_url'].'/user.php?mode=edit&uid='.$A['id'];
395 $A['fullname'] = stripslashes($A['fullname']);
396 $A['email'] = stripslashes($A['email']);
400 array('text' => $LANG_ADMIN['edit'], 'field' => 0),
401 array('text' => $LANG29[16], 'field' => 1),
402 array('text' => $LANG29[17], 'field' => 2),
403 array('text' => $LANG29[18], 'field' => 3),
404 array('text' => $LANG29[2], 'field' => 'delete'),
405 array('text' => $LANG29[1], 'field' => 'approve')
408 $text_arr = array('has_menu' => false,
409 'title' => $LANG29[40],
411 'no_data' => $LANG29[39],
412 'form_url' => "{$_CONF['site_admin_url']}/moderation.php"
415 $listoptions = array('chkdelete' => true, 'chkfield' => 'id');
417 $form_arr = array("bottom" => '', "top" => '');
419 $form_arr['bottom'] = '<input type="hidden" name="type" value="user"' . XHTML . '>' . LB
420 . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"'. XHTML . '>' . LB
421 . '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB
422 . '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>'
423 . '<p align="center"><input type="submit" value="'
424 . $LANG_ADMIN['submit'] . '"' . XHTML . '></p>' . LB;
427 $table = ADMIN_simpleList('ADMIN_getListField_moderation', $header_arr,
428 $text_arr, $data_arr, $listoptions, $form_arr);
436 * Displays a list of all the stories that have the 'draft' flag set.
438 * When enabled, this will list all the stories that have been marked as
439 * 'draft'. Approving a story from this list will clear the draft flag and
440 * thus publish the story.
442 * @param string $token CSRF token
443 * @return string HTML for the list of draft stories
446 function draftlist($token)
448 global $_CONF, $_TABLES, $LANG24, $LANG29, $LANG_ADMIN;
450 require_once( $_CONF['path_system'] . 'lib-admin.php' );
454 $result = DB_query ("SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL ('AND') . COM_getPermSQL ('AND', 0, 3) . " ORDER BY date ASC");
455 $nrows = DB_numRows($result);
458 for ($i = 0; $i < $nrows; $i++) {
459 $A = DB_fetchArray($result);
460 $A['edit'] = $_CONF['site_admin_url'] . '/story.php?mode=edit&sid='
463 $A['title'] = stripslashes($A['title']);
464 $A['tid'] = stripslashes($A['tid']);
469 array('text' => $LANG_ADMIN['edit'], 'field' => 0),
470 array('text' => $LANG29[10], 'field' => 'title'),
471 array('text' => $LANG29[14], 'field' => 'day'),
472 array('text' => $LANG29[15], 'field' => 'tid'),
473 array('text' => $LANG29[2], 'field' => 'delete'),
474 array('text' => $LANG29[1], 'field' => 'approve'));
476 $text_arr = array('has_menu' => false,
477 'title' => $LANG29[35] . ' (' . $LANG24[34] . ')',
479 'no_data' => $LANG29[39],
480 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
482 $form_arr = array("bottom" => '', "top" => '');
484 $form_arr['bottom'] = '<input type="hidden" name="type" value="draft"' . XHTML . '>' . LB
485 . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"'. XHTML . '>' . LB
486 . '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB
487 . '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>'
488 . '<p align="center"><input type="submit" value="'
489 . $LANG_ADMIN['submit'] . '"' . XHTML . '></p>' . LB;
492 $listoptions = array('chkdelete' => true, 'chkfield' => 'id');
493 $table = ADMIN_simpleList('ADMIN_getListField_moderation', $header_arr,
494 $text_arr, $data_arr, $listoptions, $form_arr);
502 * This will actually perform moderation (approve or delete) one or more items
504 * @param array $mid Array of items
505 * @param array $action Array of actions to perform on items
506 * @param string $type Type of items ('story', etc.)
507 * @param int $count Number of items to moderate
508 * @return string HTML for "command and control" page
511 function moderation ($mid, $action, $type, $count)
513 global $_CONF, $_TABLES;
520 $table = $_TABLES['stories'];
521 $submissiontable = $_TABLES['storysubmission'];
522 $fields = 'sid,uid,tid,title,introtext,date,postmode';
526 $submissiontable = $_TABLES['commentsubmissions'];
530 if (strlen($type) <= 0) {
531 // something is terribly wrong, bail
532 $retval .= COM_errorLog("Unable to find type of $type in moderation() in moderation.php");
535 list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
538 // Set true if an valid action other than delete_all is selected
541 for ($i = 0; $i < $count; $i++) {
542 if (isset($action[$i]) AND ($action[$i] != '')) {
548 switch ($action[$i]) {
550 if (!empty ($type) && ($type <> 'story') && ($type <> 'draft')) {
551 // There may be some plugin specific processing that needs to
553 $retval .= PLG_deleteSubmission($type, $mid[$i]);
555 if (empty($mid[$i])) {
556 $retval .= COM_errorLog("moderation.php just tried deleting everything in table $submissiontable because it got an empty id. Please report this immediately to your site administrator");
559 if ($type == 'draft') {
560 STORY_deleteStory($mid[$i]);
562 DB_delete($submissiontable,"$id",$mid[$i]);
567 if ($type == 'story') {
568 $result = DB_query ("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '$mid[$i]'");
569 $A = DB_fetchArray ($result);
570 $A['related'] = addslashes (implode ("\n", STORY_extractLinks ($A['introtext'])));
571 $A['owner_id'] = $A['uid'];
572 $A['title'] = addslashes ($A['title']);
573 $A['introtext'] = addslashes ($A['introtext']);
574 $A['bodytext'] = addslashes( $A['bodytext'] );
575 $result = DB_query ("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'");
576 $T = DB_fetchArray ($result);
577 if ($T['archive_flag'] == 1) {
579 } else if (isset ($_CONF['frontpage'])) {
580 $frontpage = $_CONF['frontpage'];
584 DB_save ($_TABLES['stories'],'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon',
585 "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',$frontpage,{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}");
586 DB_delete($_TABLES['storysubmission'],"$id",$mid[$i]);
588 PLG_itemSaved($A['sid'], 'article');
589 COM_rdfUpToDateCheck ();
591 } else if ($type == 'draft') {
592 DB_query ("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'");
594 COM_rdfUpToDateCheck ();
596 } else if ($type == 'comment') {
597 $sid = CMT_approveModeration($mid[$i]);
598 if ( !in_array($sid, $sidArray) ) {
599 $sidArray[$i] = $sid;
602 // This is called in case this is a plugin. There may be some
603 // plugin specific processing that needs to happen.
604 DB_copy($table,$fields,$fields,$submissiontable,$id,$mid[$i]);
605 $retval .= PLG_approveSubmission($type,$mid[$i]);
611 // after loop update comment tree and count for each story
612 if (isset($sidArray)) {
613 foreach($sidArray as $sid) {
614 CMT_rebuildTree($sid);
615 //update comment count of stories;
616 $comments = DB_count ($_TABLES['comments'], 'sid', $sid);
617 DB_change ($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
621 //Add new comment users to group comment.submit group
622 if (isset($_POST['publishfuture']) ) {
623 for ($i = 0; $i < count($_POST['publishfuture']); $i++ ) {
624 $uid = COM_applyFilter($_POST['publishfuture'][$i], true);
625 if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid) ) {
626 SEC_addUserToGroup($uid, 'Comment Submitters');
631 // Check if there was no direct action used on the form
632 // and if the delete_all submit action was used
633 if (!$formaction AND isset($_POST['delitem'])) {
634 foreach ($_POST['delitem'] as $delitem) {
635 $delitem = COM_applyFilter($delitem);
636 if (!empty ($type) && ($type <> 'story') && ($type <> 'draft')) {
637 // There may be some plugin specific processing that needs to
639 $retval .= PLG_deleteSubmission($type, $delitem);
641 if ($type == 'draft') {
642 STORY_deleteStory($delitem);
644 DB_delete($submissiontable,"$id",$delitem);
649 $retval .= commandcontrol(SEC_createToken());
655 * Moderate user submissions
657 * Users from the user submission queue are either appoved (an email containing
658 * the password is sent out) or deleted.
660 * @param int $uid Array of items
661 * @param array $action Action to perform ('delete', 'approve')
662 * @param int $count Number of items
663 * @return string HTML for "command and control" page
666 function moderateusers ($uid, $action, $count)
668 global $_CONF, $_TABLES, $LANG04;
672 // Set true if an valid action other then delete_all is selected
675 for ($i = 0; $i < $count; $i++) {
676 if (isset($action[$i]) AND ($action[$i] != '')) {
682 switch ($action[$i]) {
683 case 'delete': // Ok, delete everything related to this user
685 USER_deleteAccount ($uid[$i]);
690 $uid[$i] = COM_applyFilter($uid[$i], true);
691 $result = DB_query ("SELECT email,username, uid FROM {$_TABLES['users']} WHERE uid = $uid[$i]");
692 $nrows = DB_numRows($result);
694 $A = DB_fetchArray($result);
695 $sql = "UPDATE {$_TABLES['users']} SET status=3 WHERE uid={$A['uid']}";
697 USER_createAndSendPassword ($A['username'], $A['email'], $A['uid']);
703 // Check if there was no direct action used on the form
704 // and if the delete_all submit action was used
705 if (!$formaction AND isset($_POST['delitem'])) {
706 foreach ($_POST['delitem'] as $del_uid) {
707 $del_uid = COM_applyFilter($del_uid,true);
709 USER_deleteAccount ($del_uid);
714 $retval .= commandcontrol(SEC_createToken());
720 * Display a reminder to execute the security check script
722 * @return string HTML for security reminder (or empty string)
724 function security_check_reminder()
726 global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE;
730 if (!SEC_inGroup ('Root')) {
734 $done = DB_getItem ($_TABLES['vars'], 'value', "name = 'security_check'");
736 $retval .= COM_showMessage(92);
746 if (isset($_POST['mode']) && ($_POST['mode'] == 'moderation') &&
749 if (isset($_POST['action'])) {
750 $action = $_POST['action'];
752 if ($_POST['type'] == 'user') {
753 $mod_result = moderateusers($_POST['id'], $action,
754 COM_applyFilter($_POST['count'], true));
756 $mod_result = moderation($_POST['id'], $action, $_POST['type'],
757 COM_applyFilter($_POST['count'], true));
759 $display .= COM_siteHeader('menu', $LANG29[34])
760 . COM_showMessageFromParameter()
763 $display .= COM_siteHeader('menu', $LANG29[34])
764 . COM_showMessageFromParameter()
765 . security_check_reminder()
766 . commandcontrol(SEC_createToken());
769 $display .= COM_siteFooter();
771 COM_output($display);