These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************************** |
||
3 | * for license information see LICENSE.md |
||
4 | ***************************************************************************/ |
||
5 | |||
6 | use Doctrine\DBAL\Connection; |
||
7 | |||
8 | require __DIR__ . '/lib2/web.inc.php'; |
||
9 | |||
10 | $tpl->name = 'adminreports'; |
||
11 | $tpl->menuitem = MNU_ADMIN_REPORTS; |
||
12 | |||
13 | $error = 0; |
||
14 | |||
15 | $login->verify(); |
||
16 | if ($login->userid === 0) { |
||
17 | $tpl->redirect_login(); |
||
18 | } |
||
19 | |||
20 | if (($login->admin & ADMIN_USER) != ADMIN_USER) { |
||
21 | $tpl->error(ERROR_NO_ACCESS); |
||
22 | } |
||
23 | |||
24 | /** @var Connection $connection */ |
||
25 | $connection = AppKernel::Container()->get(Connection::class); |
||
26 | |||
27 | $id = (int) isset($_REQUEST['id']) ? $_REQUEST['id'] : 0; |
||
28 | $rId = (int) isset($_REQUEST['rid']) ? $_REQUEST['rid'] : 0; |
||
29 | $cacheId = (int) isset($_REQUEST['cacheid']) ? $_REQUEST['cacheid'] : 0; |
||
30 | $ownerId = (int) isset($_REQUEST['ownerid']) ? $_REQUEST['ownerid'] : 0; |
||
31 | |||
32 | $reportData = $connection |
||
33 | ->fetchAssoc( |
||
34 | 'SELECT `userid`, `adminid`, DATEDIFF(NOW(),`lastmodified`) AS age |
||
35 | FROM `cache_reports` |
||
36 | WHERE `id`= :id', |
||
37 | ['id' => $rId] |
||
38 | ); |
||
39 | |||
40 | $reporterId = (int) $reportData['userid']; |
||
41 | $adminId = (int) $reportData['adminid']; |
||
42 | $age = $reportData['age']; |
||
43 | |||
44 | if (isset($_REQUEST['savecomment'])) { |
||
45 | $comment = isset($_REQUEST['commenteditor']) ? $_REQUEST['commenteditor'] : ''; |
||
46 | $id = $rId; |
||
47 | $connection->update( |
||
48 | 'cache_reports', |
||
49 | ['comment' => $comment], |
||
50 | ['id' => $id] |
||
51 | ); |
||
52 | } elseif ( |
||
53 | isset($_REQUEST['assign']) && |
||
54 | $rId > 0 && |
||
55 | ($adminId === 0 || $adminId === $login->userid || ($adminId !== $login->userid && $age >= 14)) |
||
56 | ) { |
||
57 | $connection->update( |
||
58 | 'cache_reports', |
||
59 | [ |
||
60 | 'status' => 2, |
||
61 | 'adminid' => $login->userid, |
||
62 | ], |
||
63 | ['id' => $rId] |
||
64 | ); |
||
65 | $tpl->redirect('adminreports.php?id=' . $rId); |
||
66 | } elseif (isset($_REQUEST['contact']) && $ownerId > 0) { |
||
67 | $wp_oc = $connection->fetchColumn( |
||
68 | 'SELECT `wp_oc` FROM `caches` WHERE `cache_id`= :cacheId', |
||
69 | ['cacheId' => $cacheId] |
||
70 | ); |
||
71 | $tpl->redirect('mailto.php?userid=' . urlencode($ownerId) . '&wp=' . $wp_oc); |
||
72 | } elseif (isset($_REQUEST['contact_reporter']) && $reporterId > 0) { |
||
73 | $tpl->redirect('mailto.php?userid=' . urlencode($reporterId) . '&reportid=' . $rId); |
||
74 | } elseif (isset($_REQUEST['done']) && $adminId === $login->userid) { |
||
75 | $connection->update('cache_reports', ['status' => 3], ['id' => $rId]); |
||
76 | $tpl->redirect('adminreports.php?id=' . $rId); |
||
77 | } elseif (isset($_REQUEST['assign']) && ($adminId === 0 || $adminId !== $login->userid)) { |
||
78 | $error = 1; |
||
79 | $id = 0; |
||
80 | if ($rId > 0) { |
||
81 | $id = $rId; |
||
82 | } |
||
83 | } elseif (isset($_REQUEST['assign']) && $adminId === $login->userid) { |
||
84 | $error = 2; |
||
85 | $id = $rId; |
||
86 | } elseif (isset($_REQUEST['statusActive']) || |
||
87 | isset($_REQUEST['statusTNA']) || |
||
88 | isset($_REQUEST['statusArchived']) || |
||
89 | isset($_REQUEST['done']) || |
||
90 | isset($_REQUEST['statusLockedVisible']) || |
||
91 | isset($_REQUEST['statusLockedInvisible']) |
||
92 | ) { |
||
93 | if ($adminId === 0) { |
||
94 | $id = $rId; |
||
95 | $error = 4; |
||
96 | } elseif ($adminId !== $login->userid) { |
||
97 | $id = $rId; |
||
98 | $error = 3; |
||
99 | } |
||
100 | } |
||
101 | |||
102 | if ($id === 0) { |
||
103 | // no details, show list of reported caches |
||
104 | $rs = $connection->fetchAll( |
||
105 | 'SELECT `cr`.`id`, |
||
106 | IF(`cr`.`status`=1,\'(*) \', \'\') AS `new`, |
||
107 | `c`.`name`, |
||
108 | `u2`.`username` AS `ownernick`, |
||
109 | `u`.`username`, |
||
110 | IF(LENGTH(`u3`.`username`)>10, CONCAT(LEFT(`u3`.`username`,9),\'.\'),`u3`.`username`) AS `adminname`, |
||
111 | `cr`.`lastmodified`, |
||
112 | `cr`.`adminid` IS NOT NULL AND `cr`.`adminid`!= :userId AS otheradmin |
||
113 | FROM `cache_reports` `cr` |
||
114 | INNER JOIN `caches` `c` ON `c`.`cache_id` = `cr`.`cacheid` |
||
115 | INNER JOIN `user` `u` ON `u`.`user_id` = `cr`.`userid` |
||
116 | INNER JOIN `user` AS `u2` ON `u2`.`user_id`=`c`.`user_id` |
||
117 | LEFT JOIN `user` AS `u3` ON `u3`.`user_id`=`cr`.`adminid` |
||
118 | WHERE `cr`.`status` < 3 |
||
119 | ORDER BY (`cr`.`adminid` IS NULL OR `cr`.`adminid` = :userId) DESC, |
||
120 | `cr`.`status` ASC, |
||
121 | `cr`.`lastmodified` ASC', |
||
122 | ['userId' => $login->userid] |
||
123 | ); |
||
124 | |||
125 | $lastClosedReportedCaches = $connection->fetchAll( |
||
126 | 'SELECT `cr`.`id`, |
||
127 | IF(`cr`.`status`=1,\'(*) \', \'\') AS `new`, |
||
128 | `c`.`name`, |
||
129 | `u2`.`username` AS `ownernick`, |
||
130 | `u`.`username`, |
||
131 | IF(LENGTH(`u3`.`username`)>10, CONCAT(LEFT(`u3`.`username`,9),\'.\'),`u3`.`username`) AS `adminname`, |
||
132 | `cr`.`lastmodified`, |
||
133 | `cr`.`adminid` IS NOT NULL AND `cr`.`adminid`!= :userId AS otheradmin |
||
134 | FROM `cache_reports` `cr` |
||
135 | INNER JOIN `caches` `c` ON `c`.`cache_id` = `cr`.`cacheid` |
||
136 | INNER JOIN `user` `u` ON `u`.`user_id` = `cr`.`userid` |
||
137 | INNER JOIN `user` AS `u2` ON `u2`.`user_id`=`c`.`user_id` |
||
138 | LEFT JOIN `user` AS `u3` ON `u3`.`user_id`=`cr`.`adminid` |
||
139 | WHERE `cr`.`status` = 3 |
||
140 | ORDER BY `cr`.`lastmodified` DESC |
||
141 | LIMIT 100', |
||
142 | ['userId' => $login->userid] |
||
143 | ); |
||
144 | |||
145 | $tpl->assign('reportedcaches', $rs); |
||
146 | $tpl->assign('lastClosedReportedCaches', $lastClosedReportedCaches); |
||
147 | $tpl->assign('list', true); |
||
148 | } else { |
||
149 | // show details of a report |
||
150 | $record = $connection->fetchAssoc( |
||
151 | 'SELECT `cr`.`id`, `cr`.`cacheid`, `cr`.`userid`, |
||
152 | `u1`.`username` AS `usernick`, |
||
153 | IFNULL(`cr`.`adminid`, 0) AS `adminid`, |
||
154 | IFNULL(`u2`.`username`, \'\') AS `adminnick`, |
||
155 | IFNULL(`tt2`.`text`, `crr`.`name`) AS `reason`, |
||
156 | `cr`.`note`, |
||
157 | IFNULL(tt.text, crs.name) AS `status`, |
||
158 | `cr`.`status`= :inProgress AS `inprogress`, |
||
159 | `cr`.`status`= :done AS `closed`, |
||
160 | `cr`.`date_created`, `cr`.`lastmodified`, |
||
161 | `c`.`name` AS `cachename`, |
||
162 | `c`.`user_id` AS `ownerid`, |
||
163 | `cr`.`comment`, |
||
164 | DATEDIFF(NOW(),`lastmodified`) AS `days_since_change` |
||
165 | FROM `cache_reports` AS `cr` |
||
166 | LEFT JOIN `cache_report_reasons` AS `crr` ON `cr`.`reason`=`crr`.`id` |
||
167 | LEFT JOIN `caches` AS `c` ON `c`.`cache_id`=`cr`.`cacheid` |
||
168 | LEFT JOIN `user` AS `u1` ON `u1`.`user_id`=`cr`.`userid` |
||
169 | LEFT JOIN `user` AS `u2` ON `u2`.`user_id`=`cr`.`adminid` |
||
170 | LEFT JOIN `cache_report_status` AS `crs` ON `cr`.`status`=`crs`.`id` |
||
171 | LEFT JOIN `sys_trans_text` AS `tt` ON `crs`.`trans_id`=`tt`.`trans_id` AND `tt`.`lang`= :locale |
||
172 | LEFT JOIN `sys_trans_text` AS `tt2` ON `crr`.`trans_id`=`tt2`.`trans_id` AND `tt2`.`lang`= :locale |
||
173 | WHERE `cr`.`id`= :id', |
||
174 | [ |
||
175 | 'id' => $id, |
||
176 | 'inProgress' => CACHE_REPORT_INPROGRESS, |
||
177 | 'done' => CACHE_REPORT_DONE, |
||
178 | 'locale' => $opt['template']['locale'], |
||
179 | ] |
||
180 | ); |
||
181 | |||
182 | if ($record) { |
||
0 ignored issues
–
show
|
|||
183 | $note = trim($record['note']); |
||
184 | $note = nl2br(htmlentities($note)); |
||
185 | $note = preg_replace( |
||
186 | "/\b(OC[0-9A-F]{4,6})\b/", |
||
187 | "<a href='https://opencaching.de/$1' target='_blank'>$1</a>", |
||
188 | $note |
||
189 | ); |
||
190 | $note = preg_replace( |
||
191 | "/\b(GC[0-9A-Z]{3,7})\b/", |
||
192 | "<a href='https://www.geocaching.com/geocache/$1' target='_blank'>$1</a>", |
||
193 | $note |
||
194 | ); |
||
195 | |||
196 | $tpl->assign('id', $record['id']); |
||
197 | $tpl->assign('cacheid', $record['cacheid']); |
||
198 | $tpl->assign('userid', $record['userid']); |
||
199 | $tpl->assign('usernick', $record['usernick']); |
||
200 | $tpl->assign('adminid', $record['adminid']); |
||
201 | $tpl->assign('adminnick', $record['adminnick']); |
||
202 | $tpl->assign('reason', $record['reason']); |
||
203 | $tpl->assign('note', $note); |
||
204 | $tpl->assign('status', $record['status']); |
||
205 | $tpl->assign('created', $record['date_created']); |
||
206 | $tpl->assign('lastmodified', $record['lastmodified']); |
||
207 | $tpl->assign( |
||
208 | 'reopenable', |
||
209 | $record['adminid'] == $login->userid && |
||
210 | $record['closed'] == 1 && |
||
211 | $record['days_since_change'] <= 45 |
||
212 | ); |
||
213 | $tpl->assign('cachename', $record['cachename']); |
||
214 | $tpl->assign('ownerid', $record['ownerid']); |
||
215 | $tpl->assign('admin_comment', $record['comment']); |
||
216 | if (isset($opt['logic']['adminreports']['cachexternal'])) { |
||
217 | $tpl->assign('cachexternal', $opt['logic']['adminreports']['cachexternal']); |
||
218 | } else { |
||
219 | $tpl->assign('cachexternal', []); |
||
220 | } |
||
221 | |||
222 | if (isset($opt['logic']['adminreports']['external_maintainer'])) { |
||
223 | $external_maintainer = @file_get_contents( |
||
224 | mb_ereg_replace( |
||
225 | '%1', |
||
226 | $record['cacheid'], |
||
227 | $opt['logic']['adminreports']['external_maintainer']['url'] |
||
228 | ) |
||
229 | ); |
||
230 | if ($external_maintainer) { |
||
231 | $tpl->assign( |
||
232 | 'external_maintainer_msg', |
||
233 | mb_ereg_replace( |
||
234 | '%1', |
||
235 | htmlspecialchars($external_maintainer), |
||
236 | $opt['logic']['adminreports']['external_maintainer']['msg'] |
||
237 | ) |
||
238 | ); |
||
239 | } else { |
||
240 | $tpl->assign('external_maintainer_msg', false); |
||
241 | } |
||
242 | } |
||
243 | } |
||
244 | |||
245 | $tpl->assign('list', false); |
||
246 | $tpl->assign('otheradmin', $record['adminid'] > 0 && $record['adminid'] != $login->userid); |
||
247 | $tpl->assign('ownreport', $record['adminid'] == $login->userid); |
||
248 | $tpl->assign('inprogress', $record['inprogress']); |
||
249 | $otherReportInProgress = $connection->fetchColumn( |
||
250 | 'SELECT `id` |
||
251 | FROM `cache_reports` |
||
252 | WHERE `cacheid`= :cacheId AND `id`<> :id AND `status`= :reportInProgress |
||
253 | LIMIT 1', |
||
254 | [ |
||
255 | 'cacheId' => $record['cacheid'], |
||
256 | 'id' => $record['id'], |
||
257 | 'reportInProgress' => CACHE_REPORT_INPROGRESS, |
||
258 | ] |
||
259 | ); |
||
260 | $tpl->assign('other_report_in_progress', $otherReportInProgress > 0); |
||
261 | |||
262 | $cache = new cache($record['cacheid']); |
||
263 | $cache->setTplHistoryData($id); |
||
264 | } |
||
265 | |||
266 | $tpl->assign('error', $error); |
||
267 | $tpl->display(); |
||
268 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.