1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
<?php
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
if (!REPORTS_ENABLE) {
generate_alert("/404.php", "Reports are disabled", 403);
exit;
}
if (!authorize_user(true)) {
exit;
}
if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
generate_alert("/404.php", "Not enough permissions", 403);
exit;
}
$db = new PDO(DB_URL, DB_USER, DB_PASS);
if (!isset($_POST["contents"])) {
generate_alert("/report", "Not enough POST fields");
exit;
}
$stmt = $db->prepare("INSERT INTO reports(sender_id, contents) VALUES (?, ?)");
$stmt->execute([$_SESSION["user_id"], str_safe($_POST["contents"], 200)]);
$report_id = $db->lastInsertId();
$stmt = $db->prepare("SELECT * FROM reports WHERE id = ?");
$stmt->execute([$report_id]);
if (CLIENT_REQUIRES_JSON) {
json_response([
"status_code" => 201,
"message" => null,
"data" => $stmt->fetch(PDO::FETCH_ASSOC)
], 201);
exit;
}
generate_alert("/report?id=$report_id", "Thank you for your vigilance! MODS will take action as soon as possible.", 200);
|
