svrjs/svrjs-mods-directory
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
svrjs-mods-directory/moderation/mods.php

216 lines
8.6 KiB
PHP
Raw Permalink Normal View History

chore: init
2024-12-27 15:05:54 +01:00
<?php
define("SVRJS_MOD_DIRECTORY", null);
define("SVRJS_MOD_DIRECTORY_MODERATION", null);
include '../config.php';
$appModerationRoot = dirname($_SERVER['SCRIPT_NAME']);
if ($appModerationRoot[strlen($appModerationRoot) - 1] != "/") $appModerationRoot = $appModerationRoot . '/';
$appRoot = dirname($_SERVER['SCRIPT_NAME'], 2);
if ($appRoot[strlen($appRoot) - 1] != "/") $appRoot = $appRoot . '/';
define('APP_ROOT', $appRoot);
define('APP_FSROOT', dirname(__FILE__, 2));
define('APP_MODERATION_FILENAME', basename($_SERVER['SCRIPT_NAME']));
define('APP_MODERATION_ROOT', $appModerationRoot);
include '../vendor/autoload.php';
include '../includes/init.php';
include '../includes/moderation_init.php';
$errorMessage = null;
$modApproved = false;
$modRejected = false;
$modData = null;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['moderation_csrf']) {
$errorMessage = "Potential CSRF attack detected.";
} elseif (!isset($_POST['id']) || !$_POST['id']) {
$errorMessage = "You need to send the pending mod ID";
} elseif (!filter_var($_POST['id'], FILTER_VALIDATE_INT)) {
$errorMessage = "Invalid pending mod ID";
} else {
$modID = intval($_POST['id']);
$statement = $connection->prepare("SELECT
mods.id AS id,
mods.is_removed AS is_removed,
mods.name AS name,
mods.slug AS slug,
mods.description AS description,
mods.image_ext AS image_ext,
mods.is_paid AS is_paid,
mods.category AS category,
mods.link AS link,
mods.docs_link AS docs_link,
mods.is_paid AS is_paid,
users.username AS username,
users.email AS user_email,
users.id AS user
FROM mods
JOIN users ON users.id = mods.user
AND users.is_suspended = 0
AND users.is_deleted = 0
AND users.is_verified = 1
WHERE mods.id = ?");
if (!$statement) {
$errorMessage = "An unexcepted error occurred when checking the mod.";
} else {
$statement->bind_param('i', $modID);
$statement->execute();
$result = $statement->get_result();
if (!$result) {
$errorMessage = "An unexcepted error occurred when checking the mod.";
$statement->close();
} else {
$modData = $result->fetch_assoc();
$statement->close();
if (!$modData) {
$errorMessage = "The mod doesn't exist.";
} else {
if (!isset($_POST['action'])) {
$errorMessage = "No action specified.";
} elseif ($_POST['action'] == "remove") {
if (!isset($_POST['reason']) || !$_POST['reason']) {
$errorMessage = "You need to specify the reason for removal.";
} elseif ($modData['is_removed']) {
$errorMessage = "The mod is already removed.";
} else {
$statement = $connection->prepare('UPDATE mods SET is_removed = 1 WHERE id = ?');
if (!$statement) {
$errorMessage = "An unexpected error occurred while removing the mod.";
} else {
$statement->bind_param('i', $modData['id']);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while removing the mod.";
$statement->close();
} else {
$modRemoved = true;
$statement->close();
}
}
}
} elseif ($_POST['action'] == "restore") {
if (!$modData['is_removed']) {
$errorMessage = "The mod is already restored.";
} else {
$statement = $connection->prepare('UPDATE mods SET is_removed = 0 WHERE id = ?');
if (!$statement) {
$errorMessage = "An unexpected error occurred while restoring the mod.";
} else {
$statement->bind_param('i', $modData['id']);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while restoring the mod.";
$statement->close();
} else {
$modRestored = true;
$statement->close();
}
}
}
} else {
$errorMessage = "Unknown action specified.";
}
}
}
}
}
}
$pageTitle = "Mods";
include '../includes/moderation_header.php';
?>
<h1>Mods</h1>
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
<?php
if ($modRemoved) {
echo '<p>Mod has been removed.</p>';
} elseif ($modRestored) {
echo '<p>Mod has been restored.</p>';
}
?>
<?php
$result = $connection->query('SELECT
mods.id AS id,
mods.name AS name,
mods.slug AS slug,
mods.description AS description,
mods.image_ext AS image_ext,
mods.is_paid AS is_paid,
mods.link AS link,
mods.docs_link AS docs_link,
mods.is_removed AS is_removed,
categories.name AS category,
users.username AS user,
users.id AS user_id
FROM mods
LEFT JOIN categories ON categories.id = mods.category
JOIN users ON users.id = mods.user
AND users.is_suspended = 0
AND users.is_deleted = 0
AND users.is_verified = 1
ORDER BY mods.id DESC;');
if (!$result) {
echo "<p>An unexpected error occurred while fetching mods.</p>";
} else {
$modsPresent = false;
while ($mod = $result->fetch_assoc()) {
$modsPresent = true;
echo '<div class="mod">
<img src="' . htmlspecialchars(APP_ROOT . 'img/' . (isset($mod['image_ext']) && $mod['image_ext'] ? 'mods/' . urlencode(str_replace(['/', '\\'], '', $mod['slug'])) . '.' . urlencode(str_replace(['/', '\\'], '', $mod['image_ext'])) : 'mod-missing.png')) . '" alt="' . htmlspecialchars($mod['name']) . ' cover image">
<div class="mod-info">
<h2>' . htmlspecialchars($mod['name']) . '</h2>
<p><span class="badge">' . ($mod['is_paid'] ? 'Paid' : 'Gratis') . '</span>' . ($mod['is_removed'] ? '<span class="badge">Removed</span>' : '') . '</p>
<p>' . (isset($mod['description']) && $mod['description'] ? str_replace(["\r\n", "\n", "\r"], '<br/>', htmlspecialchars(shortenDescription($mod['description']))) : "<i>No description</i>") . '</p>
<p><strong>Publisher:</strong> <a href="' . htmlspecialchars(APP_MODERATION_ROOT . 'user.php?user=' . urlencode($mod['user'])) . '">' . htmlspecialchars($mod['user']) . '</a> | <strong>Category:</strong> ' . htmlspecialchars($mod['category']) . '</p>
<p><strong>Download URL:</strong> ' . htmlspecialchars($mod['link']) . '</p>
' . ($mod['docs_link'] ? '<p><strong>Documentation URL:</strong> ' . htmlspecialchars($mod['docs_link']) . '</p>' : '') . '
' . ($mod['is_removed'] ? '<form action="' . htmlspecialchars(APP_MODERATION_ROOT . 'mods.php') . '" method="post" class="form">
<div class="form-block">
<input type="submit" value="Restore">
</div>
<input type="hidden" name="_csrf" value="' . htmlspecialchars($_SESSION['moderation_csrf']) . '">
<input type="hidden" name="action" value="restore">
<input type="hidden" name="id" value="' . htmlspecialchars(strval($mod['id'])) . '">
</form>' : '<form action="' . htmlspecialchars(APP_MODERATION_ROOT . 'mods.php') . '" method="post" class="form">
<div class="form-block">
<label for="remove-reason-' . htmlspecialchars(strval($mod['id'])) . '">Reason for removal:</label>
<textarea name="reason" id="remove-reason-' . htmlspecialchars(strval($mod['id'])) . '" required></textarea>
</div>
<div class="form-block">
<input type="submit" value="Remove">
</div>
<input type="hidden" name="_csrf" value="' . htmlspecialchars($_SESSION['moderation_csrf']) . '">
<input type="hidden" name="action" value="remove">
<input type="hidden" name="id" value="' . htmlspecialchars(strval($mod['id'])) . '">
</form>') . '
</div>
</div>';
}
if (!$modsPresent) {
echo '<p>No mods.</p>';
}
}
?>
<?php
include '../includes/moderation_footer.php';
if ($modRemoved) {
sendEmail(
[[
"name" => $modData['username'],
"address" => $modData['user_email']
]],
'Your mod has been removed.',
'Unfortunately, your "' . str_replace(["\r\n", "\n", "\r"], '', $modData['name']) . "\" mod has been removed by the moderator. Below is the reason why the moderator removed this mod:\n\n" . $_POST['reason']
);
} elseif ($modRestored) {
sendEmail(
[[
"name" => $modData['username'],
"address" => $modData['user_email']
]],
'Your mod has been restored.',
'Your "' . str_replace(["\r\n", "\n", "\r"], '', $modData['name']) . '" mod has been restored by the moderator and is now listed again on SVR.JS Mods directory.'
);
}
include '../includes/moderation_final.php';
include '../includes/final.php';
?>
Reference in a new issue Copy permalink