misuzu/public-legacy/forum/post.php

<?php
namespace Misuzu;

use RuntimeException;

$urls = $msz->getURLs();
$forumCtx = $msz->getForumContext();
$forumPosts = $forumCtx->getPosts();
$usersCtx = $msz->getUsersContext();

$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';

$postRequestVerified = CSRF::validateRequest();

$authInfo = $msz->getAuthInfo();
if(!empty($postMode) && !$authInfo->isLoggedIn())
    Template::displayInfo('You must be logged in to manage posts.', 401);

$currentUser = $authInfo->getUserInfo();
$currentUserId = $currentUser === null ? '0' : $currentUser->getId();

if($postMode !== '' && $usersCtx->hasActiveBan($currentUser))
    Template::displayInfo('You have been banned, check your profile for more information.', 403);

try {
    $postInfo = $forumPosts->getPost(postId: $postId);
} catch(RuntimeException $ex) {
    Template::throwError(404);
}

$perms = $authInfo->getPerms('forum', $postInfo->getCategoryId());

if(!$perms->check(Perm::F_CATEGORY_VIEW))
    Template::throwError(403);

$canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);

switch($postMode) {
    case 'delete':
        if($canDeleteAny) {
            if($postInfo->isDeleted())
                Template::displayInfo('This post has already been marked as deleted.', 404);
        } else {
            if($postInfo->isDeleted())
                Template::throwError(404);

            if(!$perms->check(Perm::F_POST_DELETE_OWN))
                Template::displayInfo('You are not allowed to delete posts.', 403);

            if($postInfo->getUserId() !== $currentUser->getId())
                Template::displayInfo('You can only delete your own posts.', 403);

            // posts may only be deleted within a week of creation, this should be a config value
            $deleteTimeFrame = 60 * 60 * 24 * 7;
            if($postInfo->getCreatedTime() < time() - $deleteTimeFrame)
                Template::displayInfo('This post has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403);
        }

        $originalPostInfo = $forumPosts->getPost(topicInfo: $postInfo->getTopicId());
        if($originalPostInfo->getId() === $postInfo->getId())
            Template::displayInfo('This is the opening post of the topic it belongs to, it may not be deleted without deleting the entire topic as well.', 403);

        if($postRequestVerified && !$submissionConfirmed) {
            Tools::redirect($urls->format('forum-post', ['post' => $postInfo->getId()]));
            break;
        } elseif(!$postRequestVerified) {
            Template::render('forum.confirm', [
                'title' => 'Confirm post deletion',
                'class' => 'far fa-trash-alt',
                'message' => sprintf('You are about to delete post #%d. Are you sure about that?', $postInfo->getId()),
                'params' => [
                    'p' => $postInfo->getId(),
                    'm' => 'delete',
                ],
            ]);
            break;
        }

        $forumPosts->deletePost($postInfo);
        $msz->createAuditLog('FORUM_POST_DELETE', [$postInfo->getId()]);

        Tools::redirect($urls->format('forum-topic', ['topic' => $postInfo->getTopicId()]));
        break;

    case 'nuke':
        if(!$canDeleteAny)
            Template::throwError(403);

        if($postRequestVerified && !$submissionConfirmed) {
            Tools::redirect($urls->format('forum-post', ['post' => $postInfo->getId()]));
            break;
        } elseif(!$postRequestVerified) {
            Template::render('forum.confirm', [
                'title' => 'Confirm post nuke',
                'class' => 'fas fa-radiation',
                'message' => sprintf('You are about to PERMANENTLY DELETE post #%d. Are you sure about that?', $postInfo->getId()),
                'params' => [
                    'p' => $postInfo->getId(),
                    'm' => 'nuke',
                ],
            ]);
            break;
        }

        $forumPosts->nukePost($postInfo->getId());
        $msz->createAuditLog('FORUM_POST_NUKE', [$postInfo->getId()]);

        Tools::redirect($urls->format('forum-topic', ['topic' => $postInfo->getTopicId()]));
        break;

    case 'restore':
        if(!$canDeleteAny)
            Template::throwError(403);

        if($postRequestVerified && !$submissionConfirmed) {
            Tools::redirect($urls->format('forum-post', ['post' => $postInfo->getId()]));
            break;
        } elseif(!$postRequestVerified) {
            Template::render('forum.confirm', [
                'title' => 'Confirm post restore',
                'class' => 'fas fa-magic',
                'message' => sprintf('You are about to restore post #%d. Are you sure about that?', $postInfo->getId()),
                'params' => [
                    'p' => $postInfo->getId(),
                    'm' => 'restore',
                ],
            ]);
            break;
        }

        $forumPosts->restorePost($postInfo->getId());
        $msz->createAuditLog('FORUM_POST_RESTORE', [$postInfo->getId()]);

        Tools::redirect($urls->format('forum-topic', ['topic' => $postInfo->getTopicId()]));
        break;

    default: // function as an alt for topic.php?p= by default
        Tools::redirect($urls->format('forum-post', ['post' => $postInfo->getId()]));
        break;
}