flag.pl
Copying Source is Forbidden
499 lines of code
1
#!/usr/local/bin/perl
2
3
# send msg to flagged user, notifying of pending review of flagged item
4
# this could use a serious rewrite!
5
6
# the idea: allow users to flag content. all other operations
7
# will be for moderators+
8
9
# must have's!
10
use strict;
11
use warnings;
12
use CGI::Carp qw(fatalsToBrowser);
13
use DBI;
14
use URI::Escape;
15
16
use lib "/var/www/html/Pm";
17
18
use Html qw(pre_html_header);
19
use Bc_chef qw(cookie_get);
20
use Bc_misc qw(get_param referrer);
21
use Bc_sql qw(
22
get_constant
23
sql_execute
24
user_exists
25
$QUERY_PAGE
26
$QUERY_UID
27
$LOGGEDIN
28
msg_exists
29
msgid_exists
30
is_flagged
31
$PROFILE_PAGE
32
33
$DB
34
);
35
use Date qw(get_today);
36
use Redir qw(notice_redir error_redir);
37
use Security qw(banned); Security::count_hits();
38
39
use User qw(
40
get_user_stat
41
isUserAdmin
42
isUserModerator
43
get_user_message
44
$USER_DATA
45
);
46
47
my $DEBUG = 0;
48
49
if (not $LOGGEDIN) {
50
print error_redir("/?$QUERY_PAGE=" . get_constant("MAIL_PAGE"), "Premium Membership Required");
51
exit 1;
52
}
53
54
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN)) {
55
my $msg = "Access Denied";
56
57
if ($DEBUG) {
58
print pre_html_header() . "Access Denied\n";
59
} else {
60
$msg .= " (flag.pl)";
61
print error_redir(referrer(), $msg);
62
#print error_redir("/", $msg);
63
}
64
65
exit 1;
66
}
67
68
my $refurl = referrer();
69
if (get_param("dbpl")) { $refurl .= "#subtests"; }
70
my $output = pre_html_header({type=>'text/plain'});
71
72
############################################################
73
74
# we need to keep track of how many times this user has been flagged
75
# may as well keep track of how many of each TYPE of $content_ID
76
# has been flagged, too. like, 10 images, 3 msgs? kinda thing.
77
# related db table columns: UID,
78
# content_ID,
79
# link,
80
# type,
81
# flagger_ID,
82
# flagger_reason,
83
# DOF,
84
# moderator_ID,
85
# moderator_notes,
86
# status
87
# too simple? does it NEED more?
88
89
# where $LOGGEDIN = flagging user
90
# where $content_ID = image ID or flagged user ID
91
92
my $content_ID = get_param("id");
93
my $flag_id = get_param(get_constant("FLAG_ID"));
94
my $uid = get_param($QUERY_UID);
95
my $type = get_param(get_constant("FLAG_TYPE"));
96
my $reason = get_param(get_constant("FLAG_REASON"));
97
my $ignore = get_param("ignore");
98
my $del = get_param("del");
99
my $rv = 0;
100
my $sql = "";
101
my $fid = is_flagged($uid, $content_ID, "d");
102
103
if (not referrer()) {
104
if ($DEBUG) {
105
print pre_html_header() . "Access Denied";
106
} else {
107
print error_redir($refurl, "Access Denied");
108
}
109
exit 1;
110
}
111
112
if ($DEBUG) {
113
$output .= "Content ID: $content_ID\n";
114
$output .= "Flag ID: $flag_id\n";
115
$output .= "User ID: $uid\n";
116
$output .= "Flag Type: $type\n";
117
$output .= "reason: $reason\n";
118
$output .= "ignore: $ignore\n";
119
$output .= "delete: $del\n";
120
$output .= "Already Flagged: $content_ID\n";
121
$output .= "-----------------------\n";
122
}
123
124
# now, check if the ID is a registered UID
125
if (user_exists($content_ID)) {
126
# flagging user content
127
# it's not enough to just flag stuff
128
# we need to know what is being flagged
129
# is it a description? nickname? message? image?
130
131
if ($DEBUG) { $output .= "flagging user "; }
132
133
if ($type eq "d") {
134
if ($DEBUG) { $output .= "description"; }
135
136
if ($del) {
137
if ($DEBUG) { $output .= "delete description flag"; }
138
139
my $fstats = sql_execute("select * from flagged where ID=" . $DB->quote($flag_id), "flag.pl");
140
if (ref $fstats eq "HASH") {
141
my $desc = "your introduction was deleted by " . get_user_stat($fstats->{flagger_ID}, "nickname") . " because it violated the terms and conditions you agreed to faithfully adhere to. We also sent two alerts regarding this issue, and yet your introduction did not change";
142
my $rflagged = sql_execute("update flagged set status='deled' where ID=" . $DB->quote($flag_id), "flag.pl");
143
my $rupdate = sql_execute("update users set description=" . $DB->quote($desc) . " where ID=" . $DB->quote($fstats->{UID}), "flag.pl");
144
145
if ($rflagged and $rupdate) {
146
if ($DEBUG) {
147
$output .= "description flag deleted\n";
148
} else {
149
$output = notice_redir($refurl, "description flag deleted");
150
}
151
} else {
152
if ($DEBUG) {
153
$output .= "description flag not deleted ($rflagged, $rupdate)\n";
154
} else {
155
$output = error_redir($refurl, "description flag not deleted ($rflagged, $rupdate)");
156
}
157
}
158
} else {
159
if ($DEBUG) {
160
$output .= "description flag not found\n";
161
} else {
162
$output = error_redir($refurl, "description flag not found");
163
}
164
}
165
} elsif ($ignore) {
166
if ($DEBUG) { $output .= "ignore description flag\n"; }
167
168
$sql = "update flagged set status='unflagged' where ID=" . $DB->quote($flag_id);
169
if (sql_execute($sql, "flag.pl")) {
170
if ($DEBUG) {
171
$output .= "description flag removed\n";
172
} else {
173
$output = notice_redir($refurl, "description flag removed");
174
}
175
} else {
176
if ($DEBUG) {
177
$output .= "description flag not removed\n";
178
} else {
179
$output = notice_redir($refurl, "description flag not removed");
180
}
181
}
182
} else {
183
if ($DEBUG) { $output .= "new\n"; }
184
$reason = "description violates terms and conditions";
185
186
$sql = "insert into flagged values (NULL, " .
187
$DB->quote($uid) . ", " . # uid being flagged
188
$DB->quote($content_ID) . ", " . # id of flagged content (or uid being flagged)
189
$DB->quote(referrer()) . ", " . # a URL to the originating page
190
$DB->quote($type) . ", " . # the type of content being flagged (image, description, message)
191
$DB->quote($LOGGEDIN) . ", " . # ID of the one flagging (redundant? see "$LOGGEDIN")
192
$DB->quote($reason) . ", " . # a reason for the flagging
193
$DB->quote(get_today("db", 1)) . ", " . # date of flagging
194
"'', " . # user ID of moderator who reacts to flagged content
195
"'', " . # notes made by moderator regarding flagged content
196
"'pending'" . # the status of the flagging (pending, solved, etc)
197
")";
198
199
$rv = sql_execute($sql, "flag.pl");
200
if ($rv) {
201
# insert successful
202
if ($DEBUG) {
203
$output .= "description flagged for review\n";
204
} else {
205
$output = notice_redir($refurl, "description flagged for review");
206
}
207
} else {
208
# insert NOT successful
209
if ($DEBUG) {
210
$output .= "flag description process failed\n";
211
} else {
212
$output = error_redir($refurl, "flag descriptions process failed");
213
}
214
}
215
}
216
} # end if ($type eq "d")
217
else {
218
# flag the user's nickname
219
if ($DEBUG) { $output .= "nickname (" . get_user_stat($content_ID, "nickname") . ")\n"; }
220
221
my $sql = "delete from flagged where ID=" . $DB->quote($flag_id);
222
if (sql_execute($sql, "flag.pl")) {
223
# delete successful
224
if ($DEBUG) {
225
$output .= "nickname flag removed\n";
226
} else {
227
$output = notice_redir($refurl, "nickname flag removed");
228
}
229
} else {
230
# delete unsuccessful
231
if ($DEBUG) {
232
$output .= "nickname flag not removed\n";
233
} else {
234
$output = error_redir($refurl, "nickname flag not removed");
235
}
236
}
237
238
if ($del) {
239
# need to complete this!
240
# end if ($del)
241
} else {
242
$type = "n";
243
$reason = "nickname violates terms and conditions";
244
245
$sql = "insert into flagged values (NULL, " .
246
$DB->quote($uid) . ", " . # uid being flagged
247
$DB->quote($content_ID) . ", " . # id of flagged content (or another user id, who is being flagged)
248
$DB->quote(referrer()) . ", " . # a URL to the user, or content being flagged
249
$DB->quote($type) . ", " . # the type of content being flagged (image, description, message)
250
$DB->quote($LOGGEDIN) . ", " . # ID of the one flagging (redundant? see "$LOGGEDIN")
251
$DB->quote($reason) . ", " . # a reason for the flagging
252
$DB->quote(get_today("db", 1)) . ", " . # date of flagging
253
"'', " . # user ID of moderator who reacts to flagged content
254
"'', " . # notes made by moderator regarding flagged content
255
"'pending'" . # the status of the flagging (pending, solved, etc)
256
")";
257
258
$rv = sql_execute($sql, "flag.pl");
259
if ($rv) {
260
# insert successful
261
if ($DEBUG) {
262
$output .= "nickname flagged for review\n";
263
} else {
264
$output = notice_redir($refurl, "nickname flagged for review");
265
}
266
} else {
267
# insert NOT successful
268
if ($DEBUG) {
269
$output .= "nickname flagging process failed\n";
270
} else {
271
$output = error_redir($refurl, "nickname flagging process failed");
272
}
273
}
274
# end else of if ($del)
275
}
276
# end else of if ($type eq "d")
277
}
278
279
# end if (user_exists($content_ID))
280
} elsif (msg_exists($content_ID) and $type eq "m") {
281
282
# flag message
283
if ($DEBUG) { $output .= "message\n"; }
284
285
if ($del) {
286
if ($DEBUG) {
287
$output .= "delete message and flag\n";
288
$output .= "Flag ID='$flag_id'\n";
289
} else {
290
my $delflag = "delete from flagged where ID=" . $DB->quote($flag_id);
291
my $delmsg = "delete from messages where ID=" . $DB->quote($content_ID);
292
if (sql_execute($delflag, "flag.pl")) {
293
if (sql_execute($delmsg, "flag.pl")) {
294
$output = notice_redir("/?$QUERY_PAGE=" . get_constant("MOD_PAGE"), "msg deleted");
295
} else {
296
# should insert the flag data back into the db here, too
297
$output = error_redir($refurl, "msg delete failed");
298
}
299
} else {
300
$output = error_redir($refurl, "delete msg flag failed");
301
}
302
}
303
304
# end if ($del)
305
} elsif ($ignore) {
306
if ($DEBUG) {
307
$output .= "ignore message flag\n";
308
$output .= "Flag ID='$flag_id'\n";
309
} else {
310
$sql = "delete from flagged where ID=" . $DB->quote($flag_id);
311
if (sql_execute($sql, "flag.pl")) {
312
if ($DEBUG) {
313
$output .= "message unflagged\n";
314
} else {
315
$output = notice_redir($refurl, "message unflagged");
316
}
317
} else {
318
if ($DEBUG) {
319
$output .= "message not unflagged\n";
320
} else {
321
$output = notice_redir($refurl, "message not unflagged");
322
}
323
}
324
}
325
326
# end elsif ($ignore) of if ($del)
327
} else {
328
# flagging
329
330
if ($DEBUG) {
331
$output .= "MsgID=$content_ID (valid)\n";
332
$output .= "type=$type\n";
333
$output .= "reason=$reason\n";
334
}
335
336
my $msgData = msg_exists($content_ID);
337
if (ref $msgData eq "HASH") {
338
my $fid = is_flagged($msgData->{from_ID}, $content_ID, "m");
339
if (ref $fid ne "HASH") {
340
if ($DEBUG) { $output .= "not flagged\n"; }
341
342
$reason = "message violates terms and conditions";
343
$sql = "insert into flagged values (NULL, " .
344
$DB->quote($uid) . ", " . # uid being flagged
345
$DB->quote($content_ID) . ", " . # id of flagged content (or a user id, who is being flagged)
346
$DB->quote(referrer()) . ", " . # a URL to the user, or content being flagged
347
$DB->quote($type) . ", " . # the type of content being flagged (nickname, image, description, message)
348
$DB->quote($LOGGEDIN) . ", " . # ID of the one flagging (redundant? see "$LOGGEDIN")
349
$DB->quote($reason) . ", " . # a reason for the flagging
350
$DB->quote(get_today("db", 1)) . ", " . # date of flagging
351
"NULL, " . # user ID of moderator who reacts to flagged content
352
"NULL, " . # notes made by moderator regarding flagged content
353
"'pending'" . # the status of the flagging (pending, solved, etc)
354
")";
355
$rv = sql_execute($sql, "flag.pl");
356
if ($rv) {
357
# insert successful
358
if ($DEBUG) {
359
$output .= "msg flagged for review\n";
360
} else {
361
$output = notice_redir($refurl, "msg flagged for review");
362
}
363
} else {
364
# insert NOT successful
365
if ($DEBUG) {
366
$output .= "msg flagging process failed\n";
367
} else {
368
$output = error_redir($refurl, "msg flagging process failed");
369
}
370
}
371
# end if ($fid)
372
} else {
373
# msg is flagged
374
if ($DEBUG) { $output .= "msg is already flagged\n"; }
375
376
if ($fid->{status} eq "pending") {
377
my $delflag = "delete from flagged where ID=" . $DB->quote($fid->{ID});
378
my $delmsg = "delete from messages where ID=" . $DB->quote($fid->{content_ID});
379
if (sql_execute($delflag, "flag.pl")) {
380
if (sql_execute($delmsg, "flag.pl")) {
381
$output = notice_redir("/?$QUERY_PAGE=" . get_constant("MOD_PAGE"), "msg deleted");
382
} else {
383
# should insert the flag data back into the db here, too
384
$output = error_redir($refurl, "msg delete failed");
385
}
386
} else {
387
$output = error_redir($refurl, "delete msg flag failed");
388
}
389
# end if ($fid->{status} eq "pending")
390
} else {
391
$output = error_redir($refurl, "status of flagged msg is not 'pending'");
392
# end else of if (ref $fid eq "HASH")
393
}
394
# end else of if ($fid)
395
}
396
# end if (ref $msgData eq "HASH")
397
} else {
398
# the msgid has already been flagged
399
if ($DEBUG) {
400
$output .= "msg doesn't exist\n";
401
} else {
402
$output = error_redir(referrer(), "msg doesn't exist");
403
}
404
# end else of if (ref $msgData eq "HASH")
405
}
406
# end else of elsif ($ignore)
407
}
408
409
# end elsif (msg_exists($msgid) and $type eq "m")
410
} elsif ($content_ID and $LOGGEDIN) {
411
412
# flagging image
413
if (not $ignore) {
414
if ($DEBUG) { $output .= "flagging image\n"; }
415
$type = "i";
416
$reason = "image violates terms and conditions";
417
418
my $link = "/getimage.pl?id=" . $content_ID;
419
420
$sql = "insert into flagged values (NULL, " .
421
$DB->quote($uid) . ", " . # uid being flagged
422
$DB->quote($content_ID) . ", " . # id of flagged content (or another user id, who is being flagged)
423
$DB->quote($link) . ", " . # a URL to the user, or content being flagged
424
$DB->quote($type) . ", " . # the type of content being flagged (image, description, message)
425
$DB->quote($LOGGEDIN) . ", " . # ID of the one flagging (redundant? see "$LOGGEDIN")
426
$DB->quote($reason) . ", " . # a reason for the flagging
427
$DB->quote(get_today("db", 1)) . ", " . # date of flagging
428
"'', " . # user ID of moderator who reacts to flagged content
429
"'', " . # notes made by moderator regarding flagged content
430
"'pending'" . # the status of the flagging (pending, solved, etc)
431
")";
432
433
$rv = sql_execute($sql, "flag.pl");
434
if ($rv) {
435
# insert successful
436
if ($DEBUG) {
437
$output .= "image flagged for review\n";
438
} else {
439
$output = notice_redir($refurl, "image flagged for review");
440
}
441
} else {
442
# insert NOT successful
443
if ($DEBUG) {
444
$output .= "flagging process failed\n";
445
} else {
446
$output = error_redir($refurl, "flagging process failed");
447
}
448
}
449
450
# end if (not $ignore)
451
} else {
452
453
if (isUserAdmin($LOGGEDIN) or isUserModerator($LOGGEDIN) and not is_flagged("", "", "i")) {
454
# ignore this flag
455
$sql = "delete from flagged where ID=" . $DB->quote($flag_id);
456
$rv = sql_execute($sql, "flag.pl");
457
if ($rv) {
458
if ($DEBUG) {
459
$output .= "flag ignored\n";
460
} else {
461
$output = notice_redir($refurl, "flag ignored (img)");
462
}
463
} else {
464
# this will happen if the status is not "resolved";
465
if ($DEBUG) {
466
$output .= "ignore flag failed (img)\n";
467
} else {
468
$output = error_redir($refurl, "ignore flag failed (img)");
469
}
470
}
471
} else {
472
if ($DEBUG) {
473
$output .= "Access Denied\n";
474
} else {
475
$output = error_redir($refurl, "Access Denied");
476
}
477
}
478
# end else of if (not $ignore)
479
}
480
# end elsif ($content_ID and $LOGGEDIN)
481
} else {
482
# invalid content type!
483
if ($DEBUG) {
484
$output .= "Invalid content type\n";
485
} else {
486
$output = error_redir($refurl, "Invalid content type");
487
}
488
# end else of elsif ($content_ID and $LOGGEDIN)
489
}
490
491
############################################################
492
493
if ($DEBUG) {
494
$output .= "Debug Mode END\n";
495
}
496
497
print $output;
498
499
exit 1;