293 lines
No EOL
12 KiB
PHP
293 lines
No EOL
12 KiB
PHP
<?php
|
|
define("SVRJS_MOD_DIRECTORY", null);
|
|
define("SVRJS_MOD_DIRECTORY_MODERATION", null);
|
|
include '../config.php';
|
|
$appModerationRoot = dirname($_SERVER['SCRIPT_NAME']);
|
|
if ($appModerationRoot[strlen($appModerationRoot) - 1] != "/") $appModerationRoot = $appModerationRoot . '/';
|
|
$appRoot = dirname($_SERVER['SCRIPT_NAME'], 2);
|
|
if ($appRoot[strlen($appRoot) - 1] != "/") $appRoot = $appRoot . '/';
|
|
define('APP_ROOT', $appRoot);
|
|
define('APP_FSROOT', dirname(__FILE__, 2));
|
|
define('APP_MODERATION_FILENAME', basename($_SERVER['SCRIPT_NAME']));
|
|
define('APP_MODERATION_ROOT', $appModerationRoot);
|
|
include '../vendor/autoload.php';
|
|
include '../includes/init.php';
|
|
include '../includes/moderation_init.php';
|
|
|
|
$errorMessage = null;
|
|
$modApproved = false;
|
|
$modRejected = false;
|
|
$modData = null;
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['moderation_csrf']) {
|
|
$errorMessage = "Potential CSRF attack detected.";
|
|
} elseif (!isset($_POST['id']) || !$_POST['id']) {
|
|
$errorMessage = "You need to send the pending mod ID";
|
|
} elseif (!filter_var($_POST['id'], FILTER_VALIDATE_INT)) {
|
|
$errorMessage = "Invalid pending mod ID";
|
|
} else {
|
|
$pendingModID = intval($_POST['id']);
|
|
$statement = $connection->prepare("SELECT
|
|
mods_pending.id AS id,
|
|
mods_pending.is_rejected AS is_rejected,
|
|
mods_pending.name AS name,
|
|
mods_pending.slug AS slug,
|
|
mods_pending.description AS description,
|
|
mods_pending.image_ext AS image_ext,
|
|
mods_pending.is_paid AS is_paid,
|
|
mods_pending.category AS category,
|
|
mods_pending.link AS link,
|
|
mods_pending.docs_link AS docs_link,
|
|
mods_pending.is_paid AS is_paid,
|
|
users.username AS username,
|
|
users.email AS user_email,
|
|
users.id AS user
|
|
FROM mods_pending
|
|
JOIN users ON users.id = mods_pending.user
|
|
AND users.is_suspended = 0
|
|
AND users.is_deleted = 0
|
|
AND users.is_verified = 1
|
|
WHERE mods_pending.id = ?");
|
|
if (!$statement) {
|
|
$errorMessage = "An unexcepted error occurred when checking the pending mod.";
|
|
} else {
|
|
$statement->bind_param('i', $pendingModID);
|
|
$statement->execute();
|
|
$result = $statement->get_result();
|
|
if (!$result) {
|
|
$errorMessage = "An unexcepted error occurred when checking the pending mod.";
|
|
$statement->close();
|
|
} else {
|
|
$modData = $result->fetch_assoc();
|
|
$statement->close();
|
|
if (!$modData) {
|
|
$errorMessage = "The pending mod doesn't exist.";
|
|
} elseif ($modData['is_rejected']) {
|
|
$errorMessage = "The pending mod is rejected.";
|
|
} else {
|
|
if (!isset($_POST['action'])) {
|
|
$errorMessage = "No action specified.";
|
|
} elseif ($_POST['action'] == "approve") {
|
|
$modUploadDirectory = APP_FSROOT . '/img/mods';
|
|
$modPendingUploadDirectory = APP_FSROOT . '/img/mods_pending';
|
|
$pendingCoverImagePathname = isset($modData['image_ext']) && $modData['image_ext'] ? $modPendingUploadDirectory . '/' . str_replace(['/', '\\'], '', $modData['slug']) . '.' . str_replace(['/', '\\'], '', $modData['image_ext']) : null;
|
|
$liveCoverImagePathname = isset($modData['image_ext']) && $modData['image_ext'] ? $modUploadDirectory . '/' . str_replace(['/', '\\'], '', $modData['slug']) . '.' . str_replace(['/', '\\'], '', $modData['image_ext']) : null;
|
|
$fileError = false;
|
|
|
|
if ($pendingCoverImagePathname && file_exists($pendingCoverImagePathname)) {
|
|
if (!file_exists($modUploadDirectory) && !mkdir($modUploadDirectory, 0777, true)) {
|
|
$fileError = true;
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
}
|
|
if (!$fileError) {
|
|
if ($liveCoverImagePathname && !rename($pendingCoverImagePathname, $liveCoverImagePathname)) {
|
|
$fileError = true;
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!$fileError) {
|
|
$existingModIDError = false;
|
|
$existingModID = null;
|
|
$statement = $connection->prepare('SELECT id FROM mods WHERE slug = ?;');
|
|
if (!$statement) {
|
|
$existingModIDError = true;
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
} else {
|
|
$statement->bind_param('s', $modData['slug']);
|
|
$statement->execute();
|
|
$result = $statement->get_result();
|
|
if (!$result) {
|
|
$existingModIDError = true;
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
$statement->close();
|
|
} else {
|
|
$row = $result->fetch_assoc();
|
|
$statement->close();
|
|
if ($row && $row['id']) $existingModID = $row['id'];
|
|
}
|
|
}
|
|
|
|
if (!$existingModIDError) {
|
|
$statement = $connection->prepare('REPLACE INTO mods (
|
|
id,
|
|
name,
|
|
slug,
|
|
description,
|
|
category,
|
|
link,
|
|
docs_link,
|
|
user,
|
|
image_ext,
|
|
is_paid,
|
|
is_removed
|
|
) VALUES (
|
|
?,
|
|
?,
|
|
?,
|
|
?,
|
|
?,
|
|
?,
|
|
?,
|
|
?,
|
|
?,
|
|
?,
|
|
0
|
|
);');
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
} else {
|
|
$statement->bind_param('isssissisi', $existingModID, $modData['name'], $modData['slug'], $modData['description'], $modData['category'], $modData['link'], $modData['docs_link'], $modData['user'], $modData['image_ext'], $modData['is_paid']);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
$statement->close();
|
|
} else {
|
|
$statement->close();
|
|
$statement = $connection->prepare('DELETE FROM mods_pending WHERE id = ?');
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
} else {
|
|
$statement->bind_param('i', $modData['id']);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while approving the mod.";
|
|
$statement->close();
|
|
} else {
|
|
$modApproved = true;
|
|
$statement->close();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} elseif ($_POST['action'] == "reject") {
|
|
if (!isset($_POST['reason']) || !$_POST['reason']) {
|
|
$errorMessage = "You need to specify the reason for rejection.";
|
|
} else {
|
|
$statement = $connection->prepare('UPDATE mods_pending SET is_rejected = 1 WHERE id = ?');
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while rejecting the mod.";
|
|
} else {
|
|
$statement->bind_param('i', $modData['id']);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while rejecting the mod.";
|
|
$statement->close();
|
|
} else {
|
|
$modRejected = true;
|
|
$statement->close();
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
$errorMessage = "Unknown action specified.";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$pageTitle = "Pending mods";
|
|
include '../includes/moderation_header.php';
|
|
?>
|
|
<h1>Pending mods</h1>
|
|
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
|
|
<?php
|
|
if ($modApproved) {
|
|
echo '<p>Mod has been approved.</p>';
|
|
} elseif ($modRejected) {
|
|
echo '<p>Mod has been rejected.</p>';
|
|
}
|
|
?>
|
|
<?php
|
|
$result = $connection->query('SELECT
|
|
mods_pending.id AS id,
|
|
mods_pending.name AS name,
|
|
mods_pending.slug AS slug,
|
|
mods_pending.description AS description,
|
|
mods_pending.image_ext AS image_ext,
|
|
mods_pending.is_paid AS is_paid,
|
|
mods_pending.link AS link,
|
|
mods_pending.docs_link AS docs_link,
|
|
categories.name AS category,
|
|
users.username AS user,
|
|
users.id AS user_id
|
|
FROM mods_pending
|
|
LEFT JOIN categories ON categories.id = mods_pending.category
|
|
JOIN users ON users.id = mods_pending.user
|
|
AND users.is_suspended = 0
|
|
AND users.is_deleted = 0
|
|
AND users.is_verified = 1
|
|
WHERE mods_pending.is_rejected = 0
|
|
ORDER BY mods_pending.id DESC;');
|
|
if (!$result) {
|
|
echo "<p>An unexpected error occurred while fetching mods.</p>";
|
|
} else {
|
|
$modsPresent = false;
|
|
while ($mod = $result->fetch_assoc()) {
|
|
$modsPresent = true;
|
|
echo '<div class="mod">
|
|
<img src="' . htmlspecialchars(APP_ROOT . 'img/' . (isset($mod['image_ext']) && $mod['image_ext'] ? 'mods_pending/' . urlencode(str_replace(['/', '\\'], '', $mod['slug'])) . '.' . urlencode(str_replace(['/', '\\'], '', $mod['image_ext'])) : 'mod-missing.png')) . '" alt="' . htmlspecialchars($mod['name']) . ' cover image">
|
|
<div class="mod-info">
|
|
<h2>' . htmlspecialchars($mod['name']) . '</h2>
|
|
<p><span class="badge">' . ($mod['is_paid'] ? 'Paid' : 'Gratis') . '</span></p>
|
|
<p>' . (isset($mod['description']) && $mod['description'] ? str_replace(["\r\n", "\n", "\r"], '<br/>', htmlspecialchars(shortenDescription($mod['description']))) : "<i>No description</i>") . '</p>
|
|
<p><strong>Publisher:</strong> <a href="' . htmlspecialchars(APP_MODERATION_ROOT . 'user.php?user=' . urlencode($mod['user'])) . '">' . htmlspecialchars($mod['user']) . '</a> | <strong>Category:</strong> ' . htmlspecialchars($mod['category']) . '</p>
|
|
<p><strong>Download URL:</strong> ' . htmlspecialchars($mod['link']) . '</p>
|
|
' . ($mod['docs_link'] ? '<p><strong>Documentation URL:</strong> ' . htmlspecialchars($mod['docs_link']) . '</p>' : '') . '
|
|
<form action="' . htmlspecialchars(APP_MODERATION_ROOT . 'pending.php') . '" method="post" class="form">
|
|
<div class="form-block">
|
|
<input type="submit" value="Approve">
|
|
</div>
|
|
<input type="hidden" name="_csrf" value="' . htmlspecialchars($_SESSION['moderation_csrf']) . '">
|
|
<input type="hidden" name="action" value="approve">
|
|
<input type="hidden" name="id" value="' . htmlspecialchars(strval($mod['id'])) . '">
|
|
</form>
|
|
<form action="' . htmlspecialchars(APP_MODERATION_ROOT . 'pending.php') . '" method="post" class="form">
|
|
<div class="form-block">
|
|
<label for="reject-reason-' . htmlspecialchars(strval($mod['id'])) . '">Reason for rejection:</label>
|
|
<textarea name="reason" id="reject-reason-' . htmlspecialchars(strval($mod['id'])) . '" required></textarea>
|
|
</div>
|
|
<div class="form-block">
|
|
<input type="submit" value="Reject">
|
|
</div>
|
|
<input type="hidden" name="_csrf" value="' . htmlspecialchars($_SESSION['moderation_csrf']) . '">
|
|
<input type="hidden" name="action" value="reject">
|
|
<input type="hidden" name="id" value="' . htmlspecialchars(strval($mod['id'])) . '">
|
|
</form>
|
|
</div>
|
|
</div>';
|
|
}
|
|
if (!$modsPresent) {
|
|
echo '<p>No mods.</p>';
|
|
}
|
|
}
|
|
?>
|
|
<?php
|
|
include '../includes/moderation_footer.php';
|
|
|
|
if ($modApproved) {
|
|
sendEmail(
|
|
[[
|
|
"name" => $modData['username'],
|
|
"address" => $modData['user_email']
|
|
]],
|
|
'Your mod has been approved.',
|
|
'Good news for you! Your "' . str_replace(["\r\n", "\n", "\r"], '', $modData['name']) . '" mod has been approved and is now listed on SVR.JS Mods directory!'
|
|
);
|
|
} elseif ($modRejected) {
|
|
sendEmail(
|
|
[[
|
|
"name" => $modData['username'],
|
|
"address" => $modData['user_email']
|
|
]],
|
|
'Your mod has been rejected.',
|
|
'Unfortunately, your "' . str_replace(["\r\n", "\n", "\r"], '', $modData['name']) . "\" mod has been rejected by the moderator. Below is the reason why the moderator rejected this mod:\n\n" . $_POST['reason']
|
|
);
|
|
}
|
|
|
|
include '../includes/moderation_final.php';
|
|
include '../includes/final.php';
|
|
?>
|