From d1a804db47fe0437278c1a55e395971026b8c7f9 Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Wed, 23 Apr 2025 01:19:10 +0500
Subject: feat: report system

---
 database.sql            |   9 ++++
 public/emotes/index.php |   2 +-
 public/report/index.php | 112 ++++++++++++++++++++++++++++++++++++++++++++++++
 public/report/list.php  |  69 +++++++++++++++++++++++++++++
 public/report/send.php  |  35 +++++++++++++++
 public/users.php        |   2 +-
 src/partials.php        |  15 +++++++
 7 files changed, 242 insertions(+), 2 deletions(-)
 create mode 100644 public/report/index.php
 create mode 100644 public/report/list.php
 create mode 100644 public/report/send.php

diff --git a/database.sql b/database.sql
index 15c73e8..c415fe3 100644
--- a/database.sql
+++ b/database.sql
@@ -65,4 +65,13 @@ CREATE TABLE IF NOT EXISTS inbox_messages (
     link TEXT,
     sent_at TIMESTAMP NOT NULL DEFAULT UTC_TIMESTAMP,
     has_read BOOLEAN NOT NULL DEFAULT false
+);
+
+CREATE TABLE IF NOT EXISTS reports (
+    id INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
+    sender_id INTEGER NOT NULL REFERENCES users(id),
+    contents TEXT NOT NULL,
+    sent_at TIMESTAMP NOT NULL DEFAULT UTC_TIMESTAMP,
+    resolved_by INTEGER REFERENCES users(id),
+    response_message TEXT
 );
\ No newline at end of file
diff --git a/public/emotes/index.php b/public/emotes/index.php
index b3834c3..b9b3e2b 100644
--- a/public/emotes/index.php
+++ b/public/emotes/index.php
@@ -217,7 +217,7 @@ if (CLIENT_REQUIRES_JSON) {
                                         }
                                     }
                                     ?>
-                                    <a class="button red" href="/emotes/report.php?id=<?php echo $emote->get_id() ?>">Report
+                                    <a class="button red" href="/report?emote_id=<?php echo $emote->get_id() ?>">Report
                                         emote</a>
                                 </div>
                                 <?php
diff --git a/public/report/index.php b/public/report/index.php
new file mode 100644
index 0000000..e040123
--- /dev/null
+++ b/public/report/index.php
@@ -0,0 +1,112 @@
+<?php
+include_once "../../src/accounts.php";
+include_once "../../src/config.php";
+include_once "../../src/partials.php";
+include_once "../../src/utils.php";
+include_once "../../src/alert.php";
+
+if (!authorize_user(true)) {
+    exit;
+}
+
+$db = new PDO(DB_URL, DB_USER, DB_PASS);
+$report = null;
+$report_id = $_GET["id"] ?? "";
+
+if ($report_id != "") {
+    $stmt = $db->prepare("SELECT * FROM reports WHERE id = ? AND sender_id = ?");
+    $stmt->execute([$report_id, $_SESSION["user_id"]]);
+
+    if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+        $report = $row;
+
+        if (CLIENT_REQUIRES_JSON) {
+            json_response([
+                "status_code" => 201,
+                "message" => null,
+                "data" => $report
+            ], 201);
+            exit;
+        }
+    } else {
+        generate_alert("/report", "Report ID #" . $_GET["id"] . " not found or not accessable");
+        exit;
+    }
+}
+
+$contents = "";
+
+if ($contents == "") {
+    if (isset($_GET["user_id"])) {
+        $contents = "Hi! I want to report user ID #" . $_GET["user_id"] . " because...";
+    } else if (isset($_GET["emote_id"])) {
+        $contents = "Hi! I want to report emote ID #" . $_GET["emote_id"] . " because...";
+    }
+}
+?>
+
+<html>
+
+<head>
+    <title><?php echo $report == null ? "Send a message to MODS" : "A message to MODS" ?> - alright.party</title>
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+
+<body>
+    <div class="container">
+        <div class="wrapper">
+            <?php html_navigation_bar() ?>
+
+            <section class="content" style="width: 25%;">
+                <?php display_alert() ?>
+                <section class="box">
+                    <div class="box navtab">
+                        <?php echo $report == null ? "Send a message to MODS" : "A message to MODS" ?>
+                    </div>
+                    <?php if ($report == null) {
+                        echo '' ?>
+                        <div class="box content">
+                            <form action="/report/send.php" method="POST">
+                                <textarea name="contents" style="resize: none;height:250px;" autofocus
+                                    required><?php echo $contents; ?></textarea>
+                                <button type="submit">Send</button>
+                            </form>
+                        </div> <?php ;
+                    } else {
+                        echo '' ?>
+                        <div class="box content">
+                            <textarea name="contents" style="resize: none;height:250px;"
+                                disabled><?php echo $report["contents"]; ?></textarea>
+                        </div>
+                    </section>
+                    <section class="box">
+                        <p>Reported <?php echo format_timestamp(time() - strtotime($report["sent_at"])) ?> ago</p>
+                        <p>Status:
+                            <?php echo $report["resolved_by"] == null ? "<b style='color:red;'>Unresolved</b>" : "<b style='color:green;'>Resolved</b>" ?>
+                        </p>
+                    </section>
+                    <?php
+                    if ($report["response_message"]) {
+                        ?>
+                        <section class="box">
+                            <div class="box navtab">
+                                Response from MOD
+                            </div>
+                            <div class="box content">
+                                <textarea name="contents" style="resize: none;height:250px;"
+                                    disabled><?php echo $report["response_message"]; ?></textarea>
+                            </div>
+                        </section>
+                        <?php
+                    }
+                    ?>
+                    <?php ;
+                    }
+                    ?>
+            </section>
+            </section>
+        </div>
+    </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/public/report/list.php b/public/report/list.php
new file mode 100644
index 0000000..128f994
--- /dev/null
+++ b/public/report/list.php
@@ -0,0 +1,69 @@
+<?php
+include_once "../../src/accounts.php";
+include_once "../../src/config.php";
+include_once "../../src/partials.php";
+include_once "../../src/utils.php";
+
+if (!authorize_user(true)) {
+    exit;
+}
+
+$db = new PDO(DB_URL, DB_USER, DB_PASS);
+
+$stmt = $db->prepare("SELECT * FROM reports WHERE sender_id = ? ORDER BY sent_at DESC");
+$stmt->execute([$_SESSION["user_id"]]);
+
+$reports = $stmt->fetchAll(PDO::FETCH_ASSOC);
+?>
+
+<html>
+
+<head>
+    <title>Report list - alright.party</title>
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+
+<body>
+    <div class="container">
+        <div class="wrapper">
+            <?php html_navigation_bar() ?>
+            <section class="content">
+                <section class="box" style="width: 50%;">
+                    <section class="box navtab">
+                        Report list
+                    </section>
+                    <section class="box content">
+                        <table>
+                            <tr>
+                                <th>Contents</th>
+                                <th>Status</th>
+                                <th style="min-width: 96px;"></th>
+                            </tr>
+                            <?php
+                            foreach ($reports as $report) {
+                                echo '<tr>';
+
+                                echo '<td>' . substr($report["contents"], 0, 20) . "...";
+                                echo ' <span style="font-size:12px; color: gray;">(' . format_timestamp(time() - strtotime($report["sent_at"])) . ' ago)</span>';
+                                echo '</td>';
+
+                                echo '<td>';
+                                echo $report["resolved_by"] == null ? "<b style='color:red;'>Unresolved</b>" : "<b style='color:green;'>Resolved</b>";
+                                echo '</td>';
+
+                                echo '<td style="text-align:center;">';
+                                echo '<a href="/report?id=' . $report["id"] . '">[ View ]</a>';
+                                echo '</td>';
+
+                                echo '</tr>';
+                            }
+                            ?>
+                        </table>
+                    </section>
+                </section>
+            </section>
+        </div>
+    </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/public/report/send.php b/public/report/send.php
new file mode 100644
index 0000000..0b7abaf
--- /dev/null
+++ b/public/report/send.php
@@ -0,0 +1,35 @@
+<?php
+include_once "../../src/accounts.php";
+include_once "../../src/config.php";
+include_once "../../src/utils.php";
+include_once "../../src/alert.php";
+
+if (!authorize_user(true)) {
+    exit;
+}
+
+$db = new PDO(DB_URL, DB_USER, DB_PASS);
+
+if (!isset($_POST["contents"])) {
+    generate_alert("/report", "Not enough POST fields");
+    exit;
+}
+
+$stmt = $db->prepare("INSERT INTO reports(sender_id, contents) VALUES (?, ?)");
+$stmt->execute([$_SESSION["user_id"], str_safe($_POST["contents"], 200)]);
+
+$report_id = $db->lastInsertId();
+
+$stmt = $db->prepare("SELECT * FROM reports WHERE id = ?");
+$stmt->execute([$report_id]);
+
+if (CLIENT_REQUIRES_JSON) {
+    json_response([
+        "status_code" => 201,
+        "message" => null,
+        "data" => $stmt->fetch(PDO::FETCH_ASSOC)
+    ], 201);
+    exit;
+}
+
+generate_alert("/report?id=$report_id", "Thank you for your vigilance! MODS will take action as soon as possible.", 200);
diff --git a/public/users.php b/public/users.php
index 2de3ed2..f388dab 100644
--- a/public/users.php
+++ b/public/users.php
@@ -323,7 +323,7 @@ if ($is_json) {
                     <!-- ACTIONS -->
                     <section class="box column">
                         <a href="/message/send.php?user=<?php echo $user->id() ?>">Send a message</a>
-                        <a href="/report.php?user=<?php echo $user->id() ?>">Report user</a>
+                        <a href="/report?user_id=<?php echo $user->id() ?>">Report user</a>
                     </section>
                 </section>
 
diff --git a/src/partials.php b/src/partials.php
index 174b1d3..cf28f28 100644
--- a/src/partials.php
+++ b/src/partials.php
@@ -15,6 +15,8 @@ function html_navigation_bar()
             <?php
             if (isset($_SESSION["user_id"])) {
                 $db = new PDO(DB_URL, DB_USER, DB_PASS);
+
+                // getting inbox
                 $stmt = $db->prepare("SELECT COUNT(*) FROM inbox_messages WHERE recipient_id = ? AND has_read = false");
                 $stmt->execute([$_SESSION["user_id"]]);
                 $unread_count = intval($stmt->fetch()[0]);
@@ -24,6 +26,19 @@ function html_navigation_bar()
                 </a>
                 <?php ;
                 $stmt = null;
+
+                // getting reports
+                $stmt = $db->prepare("SELECT COUNT(*) FROM reports WHERE sender_id = ? AND resolved_by IS NULL");
+                $stmt->execute([$_SESSION["user_id"]]);
+                $unread_count = intval($stmt->fetch()[0]);
+                echo '' ?>
+                <a href="/report/list.php" class="button">
+                    Reports <?php echo $unread_count > 0 ? "($unread_count)" : "" ?>
+                </a>
+                <?php ;
+                $stmt = null;
+
+
                 $db = null;
             }
             ?>
-- 
cgit v1.2.3