A new, object-oriented, better vesion of μForum
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

613 lines
19 KiB

  1. <?php
  2. /**
  3. * @package uForum2
  4. * @file inc/controllers/AdminController.class.php
  5. * @copyright 2007-2015 (c) PioDer <piotrek@pioder.pl>
  6. * @link http://www.pioder.pl/
  7. * @license see LICENSE.txt
  8. **/
  9. require ('./inc/controller.class.php');
  10. class AdminController extends Controller
  11. {
  12. public function loadDefault()
  13. {
  14. $this->main();
  15. }
  16. private function loadDependencies() // zależności (sesje itp)
  17. {
  18. $this->loadModel('SessionModel'); //aktywacja sesji
  19. $this->loadModel('ConfigModel'); //konfiguracja ogólna skryptu
  20. $this->loadView('MainView');
  21. $this->getView('MainView')->putExistingModel('SessionModel', $this->getModel('SessionModel'));
  22. $this->getView('MainView')->putExistingModel('ConfigModel', $this->getModel('ConfigModel'));
  23. if ($_SERVER['REQUEST_SCHEME'] == 'http')
  24. $this->forward('https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
  25. if (!$this->getModel('SessionModel')->isLogged())
  26. {
  27. $this->getView('MainView')->forum_message('You are not logged.', 'index.php?mode=login', true);
  28. $lockv = true;
  29. }
  30. if ($this->getModel('SessionModel')->getRank() == RANK_USER && !isset($lockv))
  31. {
  32. $this->getView('MainView')->forum_message('You are not admin', 'index.php');
  33. $lockv = true;
  34. }
  35. if (!isset($lockv))
  36. return true;
  37. else
  38. return false;
  39. }
  40. public function main()
  41. {
  42. if ($this->loadDependencies())
  43. {
  44. $this->getView('MainView')->admin_main();
  45. }
  46. }
  47. public function eduser()
  48. {
  49. if ($this->loadDependencies())
  50. {
  51. $this->loadModel('UsersModel');
  52. $user_info = $this->getModel('UsersModel')->getUserInformation($_GET['id'], true);
  53. if ($user_info == null)
  54. {
  55. $this->getView('MainView')->forum_message('User does not exist!', 'index.php?mode=admin&amp;submode=users');
  56. $lockv = true;
  57. }
  58. else
  59. {
  60. $msg = '';
  61. if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
  62. {
  63. //secure pools
  64. $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
  65. $_POST['passwd'] = trim(strip_tags($_POST['passwd']));
  66. $_POST['passwd_confirm'] = trim(strip_tags($_POST['passwd_confirm']));
  67. $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
  68. $_POST['location'] = trim(strip_tags($this->db->real_escape_string($_POST['location'])));
  69. $_POST['signature'] = trim(strip_tags($this->db->real_escape_string($_POST['signature'])));
  70. $_POST['user_rank'] = trim(strip_tags($this->db->real_escape_string($_POST['user_rank'])));
  71. if ($_POST['passwd'] != '')
  72. {
  73. if (strlen($_POST['passwd']) < 8)
  74. $msg .= 'Password is too short (min 8 characters)<br>';
  75. if ($_POST['passwd'] != $_POST['passwd_confirm'])
  76. $msg .= 'Password do not match!<br>';
  77. }
  78. if ($_GET['id'] == $this->getModel('SessionModel')->getID() && $_POST['user_rank'] != RANK_ADMIN)
  79. {
  80. $msg .= 'You cannot set rank for your profile<br>';
  81. $_POST['user_rank'] = RANK_ADMIN;
  82. }
  83. if ($this->getModel('UsersModel')->nickExists($_POST['nick']) == true && $_POST['nick'] != $user_info['nick'])
  84. $msg .= 'Nick is in use. Type another one.<br>';
  85. if (strlen($_POST['nick']) < 3)
  86. $msg .= 'Nick is too short (min 3 characters)<br>';
  87. if ($_POST['user_rank'] > RANK_ADMIN || $_POST['user_rank'] < RANK_USER)
  88. $msg .= 'Rank is not valid!<br>';
  89. //check if avatar is uploaded
  90. if ($_FILES['avatar']['tmp_name'] != null)
  91. {
  92. global $allowed_avatars;
  93. $image_size = @getimagesize($_FILES['avatar']['tmp_name']);
  94. if ($image_size == null)
  95. $msg .= 'Type of uploaded file are not allowed.<br>';
  96. else
  97. if (!in_array($image_size['mime'], $allowed_avatars))
  98. $msg .= 'Type of uploaded avatar is not supported.<br>';
  99. else
  100. if ($image_size[0] > 120 || $image_size[1] > 150)
  101. $msg .= 'Uploaded avatar is too big (maximum 120x150 px).<br>';
  102. }
  103. if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  104. $msg .= 'Email is incorrect<br>';
  105. if ($msg == '')
  106. {
  107. if ($_FILES['avatar']['tmp_name'] != null && !isset($_POST['delete_avatar'])) //change an avatar
  108. {
  109. if ($user_info['avatar'] != '')
  110. unlink('./'.$user_info['avatar']);
  111. $ext = pathinfo($_FILES['avatar']['name'], PATHINFO_EXTENSION);
  112. $av = 'images/avatars/'.$this->getModel('SessionModel')->getID().'.'.$ext;
  113. move_uploaded_file($_FILES['avatar']['tmp_name'], './'.$av);
  114. }
  115. else
  116. if (isset($_POST['delete_avatar']))
  117. {
  118. unlink('./'.$user_info['avatar']);
  119. $av = '';
  120. }
  121. else
  122. $av = $user_info['avatar']; //if new avatar is not set
  123. if ($_POST['passwd'] != '')
  124. $this->getModel('UsersModel')->changeUserPassword($_GET['id'], sha1($_POST['passwd']));
  125. $this->getModel('UsersModel')->changeUserRank($_GET['id'], $_POST['user_rank']);
  126. $this->getModel('UsersModel')->updateUserProfile($_GET['id'], $_POST['nick'], $_POST['email'], $_POST['location'], $_POST['signature'], $av);
  127. $this->getView('MainView')->forum_message('User profile has changed.', 'index.php?mode=admin&amp;submode=users');
  128. $lockv = true;
  129. }
  130. }
  131. $_POST['nick'] = (isset($_POST['nick'])) ? $_POST['nick'] : $user_info['nick'];
  132. $_POST['email'] = (isset($_POST['email'])) ? $_POST['email'] : $user_info['email'];
  133. $_POST['location'] = (isset($_POST['location'])) ? $_POST['location'] : $user_info['location'];
  134. $_POST['signature'] = (isset($_POST['signature'])) ? $_POST['signature'] : $user_info['signature'];
  135. $_POST['user_rank'] = (isset($_POST['user_rank'])) ? $_POST['user_rank'] : $user_info['rank'];
  136. $this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
  137. if (!isset($lockv))
  138. $this->getView('MainView')->edprofile_form($msg, true);
  139. }
  140. }
  141. }
  142. public function users()
  143. {
  144. if ($this->loadDependencies())
  145. {
  146. if (isset($_GET['rank']))
  147. {
  148. switch ($_GET['rank'])
  149. {
  150. case 'admin':
  151. $_GET['rank'] = RANK_ADMIN;
  152. break;
  153. case 'mod':
  154. $_GET['rank'] = RANK_MOD;
  155. break;
  156. case 'user':
  157. $_GET['rank'] = RANK_USER;
  158. break;
  159. default:
  160. $_GET['rank'] = '';
  161. break;
  162. }
  163. }
  164. else
  165. $_GET['rank'] = '';
  166. $_POST['sort_type'] = (isset($_POST['sort_type'])) ? $this->db->real_escape_string($_POST['sort_type']) : 'regdate';
  167. $allowed_sorting = array('regdate', 'lastvisit', 'nick', 'post_count');
  168. if (!in_array($_POST['sort_type'], $allowed_sorting))
  169. $_POST['sort_type'] = '';
  170. $_POST['sort_desc'] = (isset($_POST['sort_desc'])) ? 'DESC' : 'ASC';
  171. $this->getView('MainView')->admin_userlist();
  172. }
  173. }
  174. public function deluser()
  175. {
  176. if ($this->loadDependencies())
  177. {
  178. $this->loadModel('UsersModel');
  179. $this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
  180. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  181. $user_info = $this->getModel('UsersModel')->getUserInformation($_GET['id']);
  182. if ($user_info == null)
  183. {
  184. $this->getView('MainView')->forum_message('User does not exist!', 'index.php?mode=admin&amp;submode=users');
  185. $lockv = true;
  186. }
  187. else
  188. {
  189. if ($_GET['id'] == $this->getModel('SessionModel')->getID())
  190. {
  191. $this->getView('MainView')->forum_message('You cannot delete own profile!', 'index.php?mode=admin&amp;submode=users');
  192. $lockv = true;
  193. }
  194. }
  195. if (isset($_POST['confirmed']) && !isset($lockv))
  196. {
  197. if (!isset($_POST['rejected']))
  198. {
  199. $this->getModel('UsersModel')->deleteUser($_GET['id']);
  200. if ($user_info['avatar'] != null) //delete user's avatar
  201. unlink('./'.$user_info['avatar']);
  202. $this->getView('MainView')->forum_message('Profile deleted. Redirecting to users list...', 'index.php?mode=admin&amp;submode=users');
  203. $lockv = true;
  204. }
  205. else
  206. {
  207. $this->forward('index.php?mode=admin&submode=users');
  208. }
  209. }
  210. if (!isset($lockv))
  211. $this->getView('MainView')->confirm_action('Do you want delete user <span style="font-weight: bold">'.$user_info['nick'].'</span>? This operation cannot undone.');
  212. }
  213. }
  214. public function config()
  215. {
  216. if ($this->loadDependencies())
  217. {
  218. $msg = '';
  219. if (isset($_POST['forum_name'], $_POST['forum_desc']))
  220. {
  221. $_POST['forum_name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['forum_name'])));
  222. $_POST['forum_desc'] = trim(htmlspecialchars($_POST['forum_desc']));
  223. if (strlen($_POST['forum_name']) < 3)
  224. {
  225. $msg .= 'Forum name is too short (min 3 characters)!<br>';
  226. }
  227. if (strlen($_POST['forum_name']) > 30)
  228. {
  229. $msg .= 'Forum name is too long (max 30 characters)!<br>';
  230. }
  231. if (strlen($_POST['forum_desc']) > 50)
  232. {
  233. $msg .= 'Forum description is too long (max 50 characters)!<br>';
  234. }
  235. if ($msg == '')
  236. {
  237. $what = '';
  238. if ($_POST['forum_name'] != $this->getModel('ConfigModel')->getConf('forum_name'))
  239. $this->getModel('ConfigModel')->updateConf('forum_name', $_POST['forum_name']);
  240. if ($_POST['forum_desc'] != $this->getModel('ConfigModel')->getConf('forum_desc'))
  241. $this->getModel('ConfigModel')->updateConf('forum_desc', $_POST['forum_desc']);
  242. $this->getView('MainView')->forum_message('Forum configuration updated. Redirecting...', 'index.php?mode=admin&amp;submode=config');
  243. $lockv = true;
  244. }
  245. }
  246. $_POST['forum_name'] = (isset($_POST['forum_name'])) ? $_POST['forum_name'] : $this->getModel('ConfigModel')->getConf('forum_name');
  247. $_POST['forum_desc'] = (isset($_POST['forum_desc'])) ? $_POST['forum_desc'] : $this->getModel('ConfigModel')->getConf('forum_desc');
  248. if (!isset($lockv))
  249. {
  250. $this->getView('MainView')->admin_config($msg);
  251. }
  252. }
  253. }
  254. public function forums()
  255. {
  256. if ($this->loadDependencies())
  257. {
  258. $this->getView('MainView')->admin_forums();
  259. }
  260. }
  261. public function addcat()
  262. {
  263. if ($this->loadDependencies())
  264. {
  265. $this->modify_cat('add');
  266. }
  267. }
  268. public function edcat()
  269. {
  270. if ($this->loadDependencies())
  271. {
  272. $this->modify_cat('edit');
  273. }
  274. }
  275. public function addforum()
  276. {
  277. if ($this->loadDependencies())
  278. {
  279. $this->modify_forum('add');
  280. }
  281. }
  282. public function edforum()
  283. {
  284. if ($this->loadDependencies())
  285. {
  286. $this->modify_forum('edit');
  287. }
  288. }
  289. public function delforum()
  290. {
  291. if ($this->loadDependencies())
  292. {
  293. $this->loadModel('ForumsModel');
  294. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  295. $forum_info = $this->getModel('ForumsModel')->getForum($_GET['id']);
  296. if ($forum_info == null)
  297. {
  298. $this->getView('MainView')->forum_message('Forum does not exist!', 'index.php?mode=admin&amp;submode=forums');
  299. $lockv = true;
  300. }
  301. if (isset($_POST['confirmed']) && !isset($lockv))
  302. {
  303. if (!isset($_POST['rejected']))
  304. {
  305. $this->getModel('ForumsModel')->deleteForum($_GET['id']);
  306. $this->getView('MainView')->forum_message('Forum deleted. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  307. $lockv = true;
  308. }
  309. else
  310. $this->forward('index.php?mode=admin&submode=forums');
  311. }
  312. if (!isset($lockv))
  313. $this->getView('MainView')->confirm_action('Do you REALLY want delete forum <span style="font-weight: bold">'.$forum_info['name'].'</span> with ALL CONTENT? <span style="text-decoration: underline">This operation cannot undone!</span>');
  314. }
  315. }
  316. public function delcat()
  317. {
  318. if ($this->loadDependencies())
  319. {
  320. $this->loadModel('ForumsModel');
  321. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  322. $cat_info = $this->getModel('ForumsModel')->getCat($_GET['id']);
  323. if ($cat_info == null)
  324. {
  325. $this->getView('MainView')->forum_message('Category does not exist!', 'index.php?mode=admin&amp;submode=forums');
  326. $lockv = true;
  327. }
  328. if (isset($_POST['confirmed']) && !isset($lockv))
  329. {
  330. if (!isset($_POST['rejected']))
  331. {
  332. $this->getModel('ForumsModel')->deleteCat($_GET['id']);
  333. $this->getView('MainView')->forum_message('Category deleted. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  334. $lockv = true;
  335. }
  336. else
  337. $this->forward('index.php?mode=admin&submode=forums');
  338. }
  339. if (!isset($lockv))
  340. $this->getView('MainView')->confirm_action('Do you REALLY want delete category <span style="font-weight: bold">'.$cat_info['name'].'</span> with ALL FORUMS AND CONTENT? <span style="text-decoration: underline">This operation cannot undone!</span>');
  341. }
  342. }
  343. private function modify_cat($m)
  344. {
  345. $msg = '';
  346. $this->loadModel('ForumsModel');
  347. if ($m == 'edit')
  348. {
  349. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  350. $cat_info = $this->getModel('ForumsModel')->getCat($_GET['id']);
  351. if ($cat_info == null)
  352. {
  353. $this->getView('MainView')->forum_message('Category does not exist!', 'index.php?mode=admin&amp;submode=forums');
  354. $lockv = true;
  355. }
  356. }
  357. if (isset($_POST['name']) && !isset($lockv))
  358. {
  359. $_POST['name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['name'])));
  360. if (strlen($_POST['name']) < 3)
  361. $msg .= 'Category name is too short (min 3 characters)!<br>';
  362. if ($msg == '')
  363. {
  364. if ($m == 'add')
  365. {
  366. $this->getModel('ForumsModel')->addCat($_POST['name']);
  367. $this->getView('MainView')->forum_message('Category added. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  368. $lockv = true;
  369. }
  370. else
  371. {
  372. $this->getModel('ForumsModel')->changeCat($_GET['id'], $_POST['name']);
  373. $this->getView('MainView')->forum_message('Category updated. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  374. $lockv = true;
  375. }
  376. }
  377. }
  378. if (!isset($lockv))
  379. {
  380. if ($m == 'add')
  381. $_POST['name'] = (isset($_POST['name'])) ? $_POST['name'] : '';
  382. else
  383. $_POST['name'] = (isset($_POST['name'])) ? $_POST['name'] : $cat_info['name'];
  384. $this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
  385. $this->getView('MainView')->admin_cat_form($msg, $m);
  386. }
  387. }
  388. private function modify_forum($m)
  389. {
  390. $msg = '';
  391. $this->loadModel('ForumsModel');
  392. if ($m == 'edit')
  393. {
  394. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  395. $forum_info = $this->getModel('ForumsModel')->getForum($_GET['id']);
  396. if ($forum_info == null)
  397. {
  398. $this->getView('MainView')->forum_message('Forum does not exist!', 'index.php?mode=admin&amp;submode=forums');
  399. $lockv = true;
  400. }
  401. }
  402. if (isset($_POST['name']) && !isset($lockv))
  403. {
  404. $_POST['name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['name'])));
  405. $_POST['desc'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['desc'])));
  406. $_POST['category_id'] = trim(strip_tags($this->db->real_escape_string($_POST['category_id'])));
  407. $_POST['locked'] = trim(strip_tags($this->db->real_escape_string($_POST['locked'])));
  408. $_POST['locked'] = ($_POST['locked'] == true) ? true : false;
  409. if (strlen($_POST['name']) < 3)
  410. $msg .= 'Forum name is too short (min 3 characters)!<br>';
  411. $c = $this->getModel('ForumsModel')->getCat($_POST['category_id']);
  412. if ($c == null)
  413. $msg .= 'Category does not exist!<br>';
  414. if ($msg == '')
  415. {
  416. if ($m == 'add')
  417. {
  418. $this->getModel('ForumsModel')->addForum($_POST['name'], $_POST['desc'], $_POST['category_id'], $_POST['locked']);
  419. $this->getView('MainView')->forum_message('Forum added. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  420. $lockv = true;
  421. }
  422. else
  423. {
  424. $this->getModel('ForumsModel')->changeForum($_GET['id'], $_POST['name'], $_POST['desc'], $_POST['category_id'], $_POST['locked']);
  425. $this->getView('MainView')->forum_message('Forum updated. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  426. $lockv = true;
  427. }
  428. }
  429. }
  430. if (!isset($lockv))
  431. {
  432. if ($m == 'add')
  433. {
  434. $_POST['name'] = (isset($_POST['name'])) ? $_POST['name'] : '';
  435. $_POST['desc'] = (isset($_POST['desc'])) ? $_POST['desc'] : '';
  436. $_POST['category_id'] = (isset($_POST['category_id'])) ? $_POST['category_id'] : '';
  437. $_POST['locked'] = (isset($_POST['locked'])) ? $_POST['locked'] : '';
  438. }
  439. else
  440. {
  441. $_POST['name'] = (isset($_POST['name'])) ? $_POST['name'] : $forum_info['name'];
  442. $_POST['desc'] = (isset($_POST['desc'])) ? $_POST['desc'] : $forum_info['desc'];
  443. $_POST['category_id'] = (isset($_POST['category_id'])) ? $_POST['category_id'] : $forum_info['category_id'];
  444. $_POST['locked'] = (isset($_POST['locked'])) ? $_POST['locked'] : $forum_info['locked'];
  445. }
  446. $this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
  447. $this->getView('MainView')->admin_forum_form($msg, $m);
  448. }
  449. }
  450. public function banlist()
  451. {
  452. if ($this->loadDependencies())
  453. $this->getView('MainView')->admin_banlist();
  454. }
  455. public function delban()
  456. {
  457. if ($this->loadDependencies())
  458. {
  459. $this->loadModel('BansModel');
  460. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  461. $ban_info = $this->getModel('BansModel')->getBan($_GET['id']);
  462. if ($ban_info == null)
  463. {
  464. $this->getView('MainView')->forum_message('Ban does not exist!', 'index.php?mode=admin&amp;submode=banlist');
  465. $lockv = true;
  466. }
  467. if (isset($_POST['confirmed']) && !isset($lockv))
  468. {
  469. if (!isset($_POST['rejected']))
  470. {
  471. $this->getModel('BansModel')->deleteBan($_GET['id']);
  472. $this->getView('MainView')->forum_message('Ban deleted. Redirecting...', 'index.php?mode=admin&amp;submode=banlist');
  473. $lockv = true;
  474. }
  475. else
  476. $this->forward('index.php?mode=admin&submode=banlist');
  477. }
  478. if (!isset($lockv))
  479. $this->getView('MainView')->confirm_action('Do you want delete ban for user <span style="font-weight: bold">'.$ban_info['nick'].'</span>?');
  480. }
  481. }
  482. public function addban()
  483. {
  484. if ($this->loadDependencies())
  485. {
  486. $msg = '';
  487. $this->loadModel('BansModel');
  488. $this->loadModel('UsersModel');
  489. if (isset($_POST['user_id'], $_POST['reason']))
  490. {
  491. $_POST['user_id'] = trim(strip_tags($this->db->real_escape_string($_POST['user_id'])));
  492. $_POST['reason'] = trim(strip_tags($this->db->real_escape_string($_POST['reason'])));
  493. if ($_POST['user_id'] == $this->getModel('SessionModel')->getID())
  494. $msg .= 'You cannot ban your profile!<br>';
  495. if ($this->getModel('BansModel')->getUserBan($_POST['user_id']) != null)
  496. $msg .= 'This user has already been banned!<br>';
  497. if ($this->getModel('UsersModel')->getUserInformation($_POST['user_id']) == null)
  498. $msg .= 'User does not exist!<br>';
  499. if ($msg == '')
  500. {
  501. $this->getModel('BansModel')->addBan($_POST['user_id'], $_POST['reason']);
  502. $this->getView('MainView')->forum_message('Ban added. Redirecting...', 'index.php?mode=admin&amp;submode=banlist');
  503. $lockv = true;
  504. }
  505. }
  506. if (!isset($lockv))
  507. {
  508. $_POST['user_id'] = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
  509. $_POST['reason'] = (isset($_POST['reason'])) ? $_POST['reason'] : '';
  510. $this->getView('MainView')->admin_ban_form($msg);
  511. }
  512. }
  513. }
  514. }
  515. ?>