1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
<?php
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";
if (!CONFIG['reports']['enable']) {
generate_alert("/404.php", "Reports are disabled", 405);
exit();
}
if (!authorize_user(true) || !$_SESSION["user_role"]["permission_report_review"]) {
generate_alert("/404.php", "Not enough permissions", 403);
exit();
}
if (!isset($_POST["id"], $_POST["response"])) {
generate_alert("/system/reports/", "Not enough POST fields");
exit();
}
$id = $_POST["id"];
$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT id, sender_id FROM reports WHERE id = ? AND resolved_by IS NULL");
$stmt->execute([$id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
if (!$row) {
generate_alert("/system/reports/", "Report ID $id not found", 404);
exit();
}
$db->prepare("UPDATE reports SET resolved_by = ?, response_message = ? WHERE id = ?")
->execute([$_SESSION['user_id'], str_safe($_POST['response'], null), $id]);
$db->prepare("INSERT INTO inbox_messages(recipient_id, message_type, contents, link) VALUES (?, ?, ?, ?)")
->execute([$row["sender_id"], "2", "Your report has been reviewed!", "/report/?id=" . $row["id"]]);
generate_alert("/system/reports", 'The report has been reviewed!', 200);
|
