192 lines
6.6 KiB
PHP
192 lines
6.6 KiB
PHP
<?php
|
|
namespace Misuzu;
|
|
|
|
use Misuzu\Users\User;
|
|
use Misuzu\Users\UserSession;
|
|
|
|
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
|
|
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
|
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
|
|
|
|
$postRequestVerified = CSRF::validateRequest();
|
|
|
|
if(!empty($postMode) && !UserSession::hasCurrent()) {
|
|
echo render_info('You must be logged in to manage posts.', 401);
|
|
return;
|
|
}
|
|
|
|
$currentUser = User::getCurrent();
|
|
$currentUserId = $currentUser === null ? 0 : $currentUser->getId();
|
|
|
|
if($postMode !== '' && $msz->hasActiveBan()) {
|
|
echo render_info('You have been banned, check your profile for more information.', 403);
|
|
return;
|
|
}
|
|
|
|
$postInfo = forum_post_get($postId, true);
|
|
$perms = empty($postInfo)
|
|
? 0
|
|
: forum_perms_get_user($postInfo['forum_id'], $currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
|
|
|
switch($postMode) {
|
|
case 'delete':
|
|
$canDelete = forum_post_can_delete($postInfo, $currentUserId);
|
|
$canDeleteMsg = '';
|
|
$responseCode = 200;
|
|
|
|
switch($canDelete) {
|
|
case MSZ_E_FORUM_POST_DELETE_USER: // i don't think this is ever reached but we may as well have it
|
|
$responseCode = 401;
|
|
$canDeleteMsg = 'You must be logged in to delete posts.';
|
|
break;
|
|
case MSZ_E_FORUM_POST_DELETE_POST:
|
|
$responseCode = 404;
|
|
$canDeleteMsg = "This post doesn't exist.";
|
|
break;
|
|
case MSZ_E_FORUM_POST_DELETE_DELETED:
|
|
$responseCode = 404;
|
|
$canDeleteMsg = 'This post has already been marked as deleted.';
|
|
break;
|
|
case MSZ_E_FORUM_POST_DELETE_OWNER:
|
|
$responseCode = 403;
|
|
$canDeleteMsg = 'You can only delete your own posts.';
|
|
break;
|
|
case MSZ_E_FORUM_POST_DELETE_OLD:
|
|
$responseCode = 401;
|
|
$canDeleteMsg = 'This post has existed for too long. Ask a moderator to remove if it absolutely necessary.';
|
|
break;
|
|
case MSZ_E_FORUM_POST_DELETE_PERM:
|
|
$responseCode = 401;
|
|
$canDeleteMsg = 'You are not allowed to delete posts.';
|
|
break;
|
|
case MSZ_E_FORUM_POST_DELETE_OP:
|
|
$responseCode = 403;
|
|
$canDeleteMsg = 'This is the opening post of a topic, it may not be deleted without deleting the entire topic as well.';
|
|
break;
|
|
case MSZ_E_FORUM_POST_DELETE_OK:
|
|
break;
|
|
default:
|
|
$responseCode = 500;
|
|
$canDeleteMsg = sprintf('Unknown error \'%d\'', $canDelete);
|
|
}
|
|
|
|
if($canDelete !== MSZ_E_FORUM_POST_DELETE_OK) {
|
|
echo render_info($canDeleteMsg, $responseCode);
|
|
break;
|
|
}
|
|
|
|
if($postRequestVerified && !$submissionConfirmed) {
|
|
url_redirect('forum-post', [
|
|
'post' => $postInfo['post_id'],
|
|
'post_fragment' => 'p' . $postInfo['post_id'],
|
|
]);
|
|
break;
|
|
} elseif(!$postRequestVerified) {
|
|
Template::render('forum.confirm', [
|
|
'title' => 'Confirm post deletion',
|
|
'class' => 'far fa-trash-alt',
|
|
'message' => sprintf('You are about to delete post #%d. Are you sure about that?', $postInfo['post_id']),
|
|
'params' => [
|
|
'p' => $postInfo['post_id'],
|
|
'm' => 'delete',
|
|
],
|
|
]);
|
|
break;
|
|
}
|
|
|
|
$deletePost = forum_post_delete($postInfo['post_id']);
|
|
|
|
if($deletePost) {
|
|
$msz->createAuditLog('FORUM_POST_DELETE', [$postInfo['post_id']]);
|
|
}
|
|
|
|
if(!$deletePost) {
|
|
echo render_error(500);
|
|
break;
|
|
}
|
|
|
|
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
|
|
break;
|
|
|
|
case 'nuke':
|
|
if(!perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST)) {
|
|
echo render_error(403);
|
|
break;
|
|
}
|
|
|
|
if($postRequestVerified && !$submissionConfirmed) {
|
|
url_redirect('forum-post', [
|
|
'post' => $postInfo['post_id'],
|
|
'post_fragment' => 'p' . $postInfo['post_id'],
|
|
]);
|
|
break;
|
|
} elseif(!$postRequestVerified) {
|
|
Template::render('forum.confirm', [
|
|
'title' => 'Confirm post nuke',
|
|
'class' => 'fas fa-radiation',
|
|
'message' => sprintf('You are about to PERMANENTLY DELETE post #%d. Are you sure about that?', $postInfo['post_id']),
|
|
'params' => [
|
|
'p' => $postInfo['post_id'],
|
|
'm' => 'nuke',
|
|
],
|
|
]);
|
|
break;
|
|
}
|
|
|
|
$nukePost = forum_post_nuke($postInfo['post_id']);
|
|
|
|
if(!$nukePost) {
|
|
echo render_error(500);
|
|
break;
|
|
}
|
|
|
|
$msz->createAuditLog('FORUM_POST_NUKE', [$postInfo['post_id']]);
|
|
|
|
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
|
|
break;
|
|
|
|
case 'restore':
|
|
if(!perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST)) {
|
|
echo render_error(403);
|
|
break;
|
|
}
|
|
|
|
if($postRequestVerified && !$submissionConfirmed) {
|
|
url_redirect('forum-post', [
|
|
'post' => $postInfo['post_id'],
|
|
'post_fragment' => 'p' . $postInfo['post_id'],
|
|
]);
|
|
break;
|
|
} elseif(!$postRequestVerified) {
|
|
Template::render('forum.confirm', [
|
|
'title' => 'Confirm post restore',
|
|
'class' => 'fas fa-magic',
|
|
'message' => sprintf('You are about to restore post #%d. Are you sure about that?', $postInfo['post_id']),
|
|
'params' => [
|
|
'p' => $postInfo['post_id'],
|
|
'm' => 'restore',
|
|
],
|
|
]);
|
|
break;
|
|
}
|
|
|
|
$restorePost = forum_post_restore($postInfo['post_id']);
|
|
|
|
if(!$restorePost) {
|
|
echo render_error(500);
|
|
break;
|
|
}
|
|
|
|
$msz->createAuditLog('FORUM_POST_RESTORE', [$postInfo['post_id']]);
|
|
|
|
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
|
|
break;
|
|
|
|
default: // function as an alt for topic.php?p= by default
|
|
url_redirect('forum-post', [
|
|
'post' => $postInfo['post_id'],
|
|
'post_fragment' => 'p' . $postInfo['post_id'],
|
|
]);
|
|
break;
|
|
}
|