323 lines
12 KiB
PHP
323 lines
12 KiB
PHP
|
<?php
|
||
|
define("SVRJS_MOD_DIRECTORY", null);
|
||
|
define("SVRJS_MOD_DIRECTORY_MODERATION", null);
|
||
|
include '../config.php';
|
||
|
$appModerationRoot = dirname($_SERVER['SCRIPT_NAME']);
|
||
|
if ($appModerationRoot[strlen($appModerationRoot) - 1] != "/") $appModerationRoot = $appModerationRoot . '/';
|
||
|
$appRoot = dirname($_SERVER['SCRIPT_NAME'], 2);
|
||
|
if ($appRoot[strlen($appRoot) - 1] != "/") $appRoot = $appRoot . '/';
|
||
|
define('APP_ROOT', $appRoot);
|
||
|
define('APP_FSROOT', dirname(__FILE__, 2));
|
||
|
define('APP_MODERATION_FILENAME', basename($_SERVER['SCRIPT_NAME']));
|
||
|
define('APP_MODERATION_ROOT', $appModerationRoot);
|
||
|
include '../vendor/autoload.php';
|
||
|
include '../includes/init.php';
|
||
|
include '../includes/moderation_init.php';
|
||
|
|
||
|
$userData = null;
|
||
|
$initialErrorMessage = null;
|
||
|
$userWarned = false;
|
||
|
$userSuspended = false;
|
||
|
$userReinstated = false;
|
||
|
|
||
|
$username = null;
|
||
|
if (isset($_GET['user']) && $_GET['user']) {
|
||
|
$username = $_GET['user'];
|
||
|
} elseif (isset($_POST['user']) && $_POST['user']) {
|
||
|
$username = $_POST['user'];
|
||
|
}
|
||
|
|
||
|
if (!$username) {
|
||
|
http_response_code(400);
|
||
|
$initialErrorMessage = "You need to specify the username.";
|
||
|
} else {
|
||
|
$statement = $connection->prepare("SELECT
|
||
|
users.id AS id,
|
||
|
users.username AS username,
|
||
|
users.email AS email,
|
||
|
users.bio AS bio,
|
||
|
users.is_suspended AS is_suspended,
|
||
|
users.is_deleted AS is_deleted,
|
||
|
COUNT(mods.id) AS mods,
|
||
|
COUNT(reviews.id) AS reviews
|
||
|
FROM users
|
||
|
LEFT JOIN mods ON mods.user = users.id
|
||
|
AND mods.is_removed = 0
|
||
|
LEFT JOIN (
|
||
|
SELECT reviews.id, reviews.user FROM reviews
|
||
|
JOIN (
|
||
|
SELECT mods.id AS id FROM mods
|
||
|
JOIN users ON users.id = mods.user AND users.is_verified = 1 AND users.is_deleted = 0 AND users.is_suspended = 0
|
||
|
) AS mods ON mods.id = reviews.mod
|
||
|
) AS reviews ON reviews.user = users.id
|
||
|
WHERE users.is_verified = 1
|
||
|
GROUP BY users.id
|
||
|
HAVING LOWER(users.username) = LOWER(?);");
|
||
|
if (!$statement) {
|
||
|
http_response_code(500);
|
||
|
$initialErrorMessage = "An unexpected error occurred when retrieving an user.";
|
||
|
} else {
|
||
|
$statement->bind_param('s', $username);
|
||
|
$statement->execute();
|
||
|
|
||
|
$result = $statement->get_result();
|
||
|
if (!$result) {
|
||
|
http_response_code(500);
|
||
|
$initialErrorMessage = "An unexpected error occurred when retrieving an user.";
|
||
|
$statement->close();
|
||
|
} else {
|
||
|
$userData = $result->fetch_assoc();
|
||
|
$statement->close();
|
||
|
|
||
|
if (!$userData) {
|
||
|
http_response_code(404);
|
||
|
$initialErrorMessage = "User account doesn't exist.";
|
||
|
} elseif ($userData['is_deleted']) {
|
||
|
http_response_code(410);
|
||
|
$initialErrorMessage = "User account no longer exists.";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (!$initialErrorMessage) {
|
||
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||
|
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['moderation_csrf']) {
|
||
|
$errorMessage = "Potential CSRF attack detected.";
|
||
|
} elseif (!isset($_POST['action'])) {
|
||
|
$errorMessage = "No action specified.";
|
||
|
} elseif ($_POST['action'] == "warn") {
|
||
|
if (!isset($_POST['warning']) || !$_POST['warning']) {
|
||
|
$errorMessage = "You need to specify the warning.";
|
||
|
} elseif ($userData['id'] == $_POST['id']) {
|
||
|
$errorMessage = "You cannot warn yourself.";
|
||
|
} else {
|
||
|
$sent = sendEmail(
|
||
|
[[
|
||
|
"name" => $userData['username'],
|
||
|
"address" => $userData['email']
|
||
|
]],
|
||
|
'You have been warned on SVR.JS Mods directory',
|
||
|
"You have been warned by the moderator. Below is the warning:\n\n" . $_POST['warning']
|
||
|
);
|
||
|
if (!$sent) {
|
||
|
$errorMessage = "An unexpected error occurred when warning the user.";
|
||
|
} else {
|
||
|
$userWarned = true;
|
||
|
}
|
||
|
}
|
||
|
} elseif ($_POST['action'] == "suspend") {
|
||
|
if (!isset($_POST['reason']) || !$_POST['reason']) {
|
||
|
$errorMessage = "You need to specify the reason for suspension.";
|
||
|
} elseif ($userData['id'] == $_POST['id']) {
|
||
|
$errorMessage = "You cannot suspend yourself.";
|
||
|
} elseif ($userData['is_suspended']) {
|
||
|
$errorMessage = "The user is already suspended.";
|
||
|
} else {
|
||
|
$statement = $connection->prepare("UPDATE users SET is_suspended = 1 WHERE id = ?");
|
||
|
|
||
|
if (!$statement) {
|
||
|
$errorMessage = "An unexpected error occurred while suspending the user.";
|
||
|
} else {
|
||
|
$statement->bind_param('i', $userData['id']);
|
||
|
if (!$statement->execute()) {
|
||
|
$errorMessage = "An unexpected error occurred while suspending the user.";
|
||
|
$statement->close();
|
||
|
} else {
|
||
|
$statement->close();
|
||
|
$statement = $connection->prepare("DELETE FROM reviews WHERE id = ?");
|
||
|
|
||
|
if (!$statement) {
|
||
|
$errorMessage = "An unexpected error occurred while suspending the user.";
|
||
|
} else {
|
||
|
$statement->bind_param('i', $userData['id']);
|
||
|
if (!$statement->execute()) {
|
||
|
$errorMessage = "An unexpected error occurred while suspending the user.";
|
||
|
$statement->close();
|
||
|
} else {
|
||
|
$statement->close();
|
||
|
$statement = $connection->prepare("DELETE FROM mods_pending WHERE user = ?");
|
||
|
|
||
|
if (!$statement) {
|
||
|
$errorMessage = "An unexpected error occurred while suspending the user.";
|
||
|
} else {
|
||
|
$statement->bind_param('i', $userData['id']);
|
||
|
if (!$statement->execute()) {
|
||
|
$errorMessage = "An unexpected error occurred while suspending the user.";
|
||
|
} else {
|
||
|
$userSuspended = true;
|
||
|
}
|
||
|
$statement->close();
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
} elseif ($_POST['action'] == "reinstate") {
|
||
|
if ($userData['id'] == $_POST['id']) {
|
||
|
$errorMessage = "You cannot reinstate yourself.";
|
||
|
} elseif (!$userData['is_suspended']) {
|
||
|
$errorMessage = "The user is already reinstated.";
|
||
|
} else {
|
||
|
$statement = $connection->prepare("UPDATE users SET is_suspended = 0 WHERE id = ?");
|
||
|
|
||
|
if (!$statement) {
|
||
|
$errorMessage = "An unexpected error occurred while reinstating the user.";
|
||
|
} else {
|
||
|
$statement->bind_param('i', $userData['id']);
|
||
|
if (!$statement->execute()) {
|
||
|
$errorMessage = "An unexpected error occurred while reinstating the user.";
|
||
|
} else {
|
||
|
$userReinstated = true;
|
||
|
}
|
||
|
$statement->close();
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
$errorMessage = "Unknown action specified.";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($initialErrorMessage) {
|
||
|
$pageTitle = "User error";
|
||
|
} else {
|
||
|
$pageTitle = "User: " . $userData['username'];
|
||
|
}
|
||
|
|
||
|
if ($userWarned || $userSuspended || $userReinstated) {
|
||
|
$statement = $connection->prepare("SELECT
|
||
|
users.id AS id,
|
||
|
users.username AS username,
|
||
|
users.email AS email,
|
||
|
users.bio AS bio,
|
||
|
users.is_suspended AS is_suspended,
|
||
|
users.is_deleted AS is_deleted,
|
||
|
COUNT(mods.id) AS mods,
|
||
|
COUNT(reviews.id) AS reviews
|
||
|
FROM users
|
||
|
LEFT JOIN mods ON mods.user = users.id
|
||
|
AND mods.is_removed = 0
|
||
|
LEFT JOIN (
|
||
|
SELECT reviews.id, reviews.user FROM reviews
|
||
|
JOIN (
|
||
|
SELECT mods.id AS id FROM mods
|
||
|
JOIN users ON users.id = mods.user AND users.is_verified = 1 AND users.is_deleted = 0 AND users.is_suspended = 0
|
||
|
) AS mods ON mods.id = reviews.mod
|
||
|
) AS reviews ON reviews.user = users.id
|
||
|
WHERE users.is_verified = 1
|
||
|
GROUP BY users.id
|
||
|
HAVING LOWER(users.username) = LOWER(?);");
|
||
|
if ($statement) {
|
||
|
$statement->bind_param('s', $userData['username']);
|
||
|
$statement->execute();
|
||
|
|
||
|
$result = $statement->get_result();
|
||
|
if (!$result) {;
|
||
|
$statement->close();
|
||
|
} else {
|
||
|
$newUserData = $result->fetch_assoc();
|
||
|
$statement->close();
|
||
|
|
||
|
if ($newUserData) $userData = $newUserData;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
include '../includes/moderation_header.php';
|
||
|
?>
|
||
|
<?php if ($initialErrorMessage) { ?>
|
||
|
<h1>User error</h1>
|
||
|
<p><?php echo htmlspecialchars($initialErrorMessage); ?></p>
|
||
|
<p><a href="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'users.php'); ?>" class="btn">Return to users</a></p>
|
||
|
<?php } else { ?>
|
||
|
<h1>User: <?php echo htmlspecialchars($userData['username']); ?></h1>
|
||
|
<p><a href="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'users.php'); ?>">Return to users</a></p>
|
||
|
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
|
||
|
<?php
|
||
|
if ($userWarned) {
|
||
|
echo '<p>User has been warned.</p>';
|
||
|
} elseif ($userSuspended) {
|
||
|
echo '<p>User has been suspended.</p>';
|
||
|
} elseif ($userReinstated) {
|
||
|
echo '<p>User has been reinstated.</p>';
|
||
|
}
|
||
|
?>
|
||
|
<?php if ($userData['is_suspended']) echo '<p><span class="badge">Suspended</span></p>' ?>
|
||
|
<p><?php echo isset($userData['bio']) && $userData['bio']
|
||
|
? str_replace(["\r\n", "\n", "\r"], '<br/>', htmlspecialchars($userData['bio']))
|
||
|
: "<i>No biography</i>";
|
||
|
?></p>
|
||
|
<p><b>Mods:</b> <?php echo htmlspecialchars(number_format($userData['mods'], 0)); ?></p>
|
||
|
<p><b>Reviews:</b> <?php echo htmlspecialchars(number_format($userData['reviews'], 0)); ?></p>
|
||
|
|
||
|
<?php if ($userData['id'] != $_SESSION['user']) { ?>
|
||
|
<?php if ($userData['is_suspended']) { ?>
|
||
|
<h2>Reinstate this user</h2>
|
||
|
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'user.php'); ?>" method="post" class="form">
|
||
|
<div class="form-block">
|
||
|
<input type="submit" value="Reinstate">
|
||
|
</div>
|
||
|
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
|
||
|
<input type="hidden" name="action" value="reinstate">
|
||
|
<input type="hidden" name="user" value="<?php echo htmlspecialchars($userData['username']); ?>">
|
||
|
</form>
|
||
|
<?php } else { ?>
|
||
|
<h2>Warn this user</h2>
|
||
|
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'user.php'); ?>" method="post" class="form">
|
||
|
<div class="form-block">
|
||
|
<label for="warning">Warning:</label>
|
||
|
<textarea name="warning" id="warning" required></textarea>
|
||
|
</div>
|
||
|
<div class="form-block">
|
||
|
<input type="submit" value="Warn">
|
||
|
</div>
|
||
|
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
|
||
|
<input type="hidden" name="action" value="warn">
|
||
|
<input type="hidden" name="user" value="<?php echo htmlspecialchars($userData['username']); ?>">
|
||
|
</form>
|
||
|
|
||
|
<h2>Suspend this user</h2>
|
||
|
<p>This will also remove all user's pending mods and reviews.</p>
|
||
|
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'user.php'); ?>" method="post" class="form">
|
||
|
<div class="form-block">
|
||
|
<label for="reason">Reason for suspension:</label>
|
||
|
<textarea name="reason" id="reason" required></textarea>
|
||
|
</div>
|
||
|
<div class="form-block">
|
||
|
<input type="submit" value="Suspend">
|
||
|
</div>
|
||
|
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
|
||
|
<input type="hidden" name="action" value="suspend">
|
||
|
<input type="hidden" name="user" value="<?php echo htmlspecialchars($userData['username']); ?>">
|
||
|
</form>
|
||
|
<?php } ?>
|
||
|
<?php } ?>
|
||
|
<?php } ?>
|
||
|
<?php
|
||
|
include '../includes/moderation_footer.php';
|
||
|
|
||
|
if ($userSuspended) {
|
||
|
$sent = sendEmail(
|
||
|
[[
|
||
|
"name" => $userData['username'],
|
||
|
"address" => $userData['email']
|
||
|
]],
|
||
|
'Your account has been suspended',
|
||
|
"Your account has been suspended on SVR.JS Mods directory by the moderator due to violation of Terms of Service. You can't post reviews or submit mods anymore, your reviews and pending mods are removed, and your mods are not visible anymore. Below is the reason for the account suspension\n\n" . $_POST['reason']
|
||
|
);
|
||
|
} elseif ($userReinstated) {
|
||
|
$sent = sendEmail(
|
||
|
[[
|
||
|
"name" => $userData['username'],
|
||
|
"address" => $userData['email']
|
||
|
]],
|
||
|
'Your account has been reinstated',
|
||
|
"Your account has been reinstated on SVR.JS Mods directory by the moderator after it became suspended. Your mods are now visible again. Note that your reviews and pending mods are removed during the account suspension."
|
||
|
);
|
||
|
}
|
||
|
|
||
|
include '../includes/moderation_final.php';
|
||
|
include '../includes/final.php';
|
||
|
?>
|