diff options
| -rw-r--r-- | system/reports/answer.php | 42 | ||||
| -rw-r--r-- | system/reports/index.php | 108 |
2 files changed, 150 insertions, 0 deletions
diff --git a/system/reports/answer.php b/system/reports/answer.php new file mode 100644 index 0000000..8c88a4a --- /dev/null +++ b/system/reports/answer.php @@ -0,0 +1,42 @@ +<?php +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php"; + +if (!CONFIG['reports']['enable']) { + generate_alert("/404.php", "Reports are disabled", 405); + exit(); +} + +if (!authorize_user(true) || !$_SESSION["user_role"]["permission_report_review"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit(); +} + +if (!isset($_POST["id"], $_POST["response"])) { + generate_alert("/system/reports/", "Not enough POST fields"); + exit(); +} + +$id = $_POST["id"]; + +$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']); + +$stmt = $db->prepare("SELECT id, sender_id FROM reports WHERE id = ? AND resolved_by IS NULL"); +$stmt->execute([$id]); + +$row = $stmt->fetch(PDO::FETCH_ASSOC) ?: null; + +if (!$row) { + generate_alert("/system/reports/", "Report ID $id not found", 404); + exit(); +} + +$db->prepare("UPDATE reports SET resolved_by = ?, response_message = ? WHERE id = ?") + ->execute([$_SESSION['user_id'], str_safe($_POST['response'], null), $id]); + +$db->prepare("INSERT INTO inbox_messages(recipient_id, message_type, contents, link) VALUES (?, ?, ?, ?)") + ->execute([$row["sender_id"], "2", "Your report has been reviewed!", "/report/?id=" . $row["id"]]); + +generate_alert("/system/reports", 'The report has been reviewed!', 200);
\ No newline at end of file diff --git a/system/reports/index.php b/system/reports/index.php new file mode 100644 index 0000000..3109adc --- /dev/null +++ b/system/reports/index.php @@ -0,0 +1,108 @@ +<?php +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/partials.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php"; + +if (!CONFIG['reports']['enable']) { + generate_alert("/404.php", "Reports are disabled", 405); + exit; +} + +if (!authorize_user(true) || !$_SESSION["user_role"]["permission_report_review"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + +$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']); +$reports = $db->query("SELECT r.id, u.username AS sender_name, r.contents FROM reports r + JOIN users u ON u.id = r.sender_id + WHERE r.resolved_by IS NULL + ORDER BY r.sent_at DESC +"); +$reports->execute(); + +$reports = $reports->fetchAll(PDO::FETCH_ASSOC); + +$report = $reports[0] ?? null; + +if (isset($_GET["id"])) { + $stmt = $db->prepare("SELECT r.id, u.id AS sender_id, u.username AS sender_name, r.contents, r.sent_at, resolved_by, response_message FROM reports r + JOIN users u ON u.id = r.sender_id + WHERE r.id = ? + "); + + $stmt->execute([$_GET["id"]]); + $report = $stmt->fetch(PDO::FETCH_ASSOC) ?? null; +} +?> +<!DOCTYPE html> +<html> + +<head> + <title>Report review - <?= CONFIG['instance']['name'] ?></title> + <link rel="stylesheet" href="/static/style.css"> + <link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon"> +</head> + +<body> + <div class="container"> + <div class="wrapper"> + <?php html_navigation_bar() ?> + <?php display_alert() ?> + <section class="content row"> + <section class="box"> + <div class="box navtab">System panel - Report review section</div> + <div class="box content"> + <?php foreach ($reports as $r): ?> + <a href="/system/reports/?id=<?= $r['id'] ?>"><b><?= substr($r['contents'], 0, 10) ?>...</b> + <span style="font-size:10px;">by <?= $r['sender_name'] ?></span></a> + <?php endforeach; ?> + <?php if (empty($reports)): ?> + <p>Everything is clear. Good job!</p> + <?php endif; ?> + </div> + </section> + <?php if ($report != null): ?> + <section class="content"> + <div class="box"> + <div class="box navtab">Report</div> + <div class="box content"> + <textarea disabled style="resize:none; height:250px;"><?= $report['contents'] ?></textarea> + </div> + </div> + <div class="box"> + <table class="vertical left"> + <tr> + <th>Reported by</th> + <td><a + href="/users.php?id=<?= $report['sender_id'] ?>"><?= $report['sender_name'] ?></a> + (<?= format_timestamp(time() - strtotime($report['sent_at'])) ?> ago)</td> + </tr> + <tr> + <th>Status</th> + <td> + <?php if (isset($report['resolved_by'])): ?> + <b style="color:green">Resolved</b> + <?php else: ?> + <b style="color:red">Unresolved</b> + <?php endif; ?> + </td> + </tr> + </table> + </div> + <form action="/system/reports/answer.php" method="post" class="box row small-gap"> + <input type="text" name="id" value="<?= $report['id'] ?>" style="display:none;"> + <textarea name="response" required placeholder="Write your response here..." + style="resize:none;height:128px;" class="grow"></textarea> + <button type="submit" class="green big">Send</button> + </form> + </section> + <?php endif; ?> + </section> + </div> + </div> +</body> + +</html>
\ No newline at end of file |