Fix forum

e107_plugins/forum/forum_class.php

@@ -366,32 +366,139 @@ public function ajaxTrack()
 		exit;
 
 	}
-
-
+
+
+	/**
+	 * Allow a user to delete their own post, if it is the last post in the thread.
+	 */
+	function usersLastPostDeletion()
+	{
+		$ret = array('hide' => false, 'msg' => LAN_FORUM_7008, 'status' => 'error');
+		$actionAllowed = false;
+
+		if (isset($_POST['post']) && is_numeric($_POST['post']))
+		{
+			$postId = intval($_POST['post']);
+			$sql = e107::getDb();
+			$query = "SELECT fp.post_user
+                  FROM #forum_post AS fp
+                  WHERE fp.post_id = ". $postId;
+			if ($sql->gen($query) > 0)
+			{
+				$row = $sql->fetch();
+				if (USERID == $row['post_user']) $actionAllowed = true;
+			}
+		}
+
+		if ($actionAllowed && $_POST['action'] == 'deletepost')
+		{
+			if ($this->postDelete($postId))
+			{
+				$ret['msg'] 	= ''.LAN_FORUM_8021.' #'.$postId;
+				$ret['hide'] 	= true;
+				$ret['status'] 	= 'ok';
+			}
+			else
+			{
+				$ret['msg'] 	= "".LAN_FORUM_8021." #".$postId;
+				$ret['status'] 	= 'error';
+			}
+		}
+		echo json_encode($ret);
+		exit();
+	}
+
+
+	/**
+	 * get user ids with moderator permissions for the given $postId
+	 * @param $postId id of a forum post
+	 * @return an array with user ids how have moderator permissions for the $postId
+	 */
+	public function getModeratorUserIdsByPostId($postId)
+	{
+		$sql = e107::getDb();
+		$query = "SELECT f.forum_moderators
+                  FROM #forum AS f
+                  INNER JOIN #forum_thread AS ft ON f.forum_id = ft.thread_forum_id
+                  INNER JOIN #forum_post AS fp ON ft.thread_id = fp.post_thread
+                  WHERE fp.post_id = ". $postId;
+		if ($sql->gen($query) > 0)
+		{
+			$row = $sql->fetch();
+			return array_keys($this->forumGetMods($row['forum_moderators']));
+		}
+		return array();
+	}
+
+
+	/**
+	 * get user ids with moderator permissions for the given $threadId
+	 * @param $threadId id of a forum thread
+	 * @return an array with user ids how have moderator permissions for the $threadId
+	 */
+	public function getModeratorUserIdsByThreadId($threadId)
+	{
+		// get moderator-class for the thread to check permissions of the user
+		$sql = e107::getDb();
+		$query = "SELECT f.forum_moderators
+                  FROM #forum AS f
+                  INNER JOIN #forum_thread AS ft ON f.forum_id = ft.thread_forum_id
+                  WHERE ft.thread_id = ". $threadId;
+		if ($sql->gen($query) > 0)
+		{
+			$row = $sql->fetch();
+			return array_keys($this->forumGetMods($row['forum_moderators']));
+		}
+		return array();
+	}
+
+
+	/**
+	 * get user ids with moderator permissions for the given $forumId
+	 * @param $forumId id of a forum
+	 * @return an array with user ids how have moderator permissions for the $forumId
+	 */
+	public function getModeratorUserIdsByForumId($forumId)
+	{
+		// get moderator-class for the thread to check permissions of the user
+		$sql = e107::getDb();
+		$query = "SELECT f.forum_moderators
+                  FROM #forum AS f
+                  WHERE f.forum_id = ". $forumId;
+		if ($sql->gen($query) > 0)
+		{
+			$row = $sql->fetch();
+			return array_keys($this->forumGetMods($row['forum_moderators']));
+		}
+		return array();
+	}
+
+
 	public function ajaxModerate()
 	{
 		$ret = array('hide' => false, 'msg' => 'unkown', 'status' => 'error');
-		$modArray = array();
+		$moderatorUserIds = array();
 
-		// get moderator-class for the thread to check permissions of the user
-		if (isset($_POST['thread']))
+		if (isset($_POST['thread']) && is_numeric($_POST['thread']))
 		{
 			$threadId = intval($_POST['thread']);
+			$moderatorUserIds = $this->getModeratorUserIdsByThreadId($threadId);
+		}
 
-			$sql = e107::getDb();
-			$query = "SELECT f.forum_moderators
-	                  FROM #forum AS f
-	                  INNER JOIN #forum_thread AS ft ON f.forum_id = ft.thread_forum_id
-	                  WHERE ft.thread_id = ". $threadId;
-			$sql->gen($query);
-			$row = $sql->fetch();
-			$modArray = $this->forumGetMods($row[forum_moderators]);
+		/* If both, a thread-operation and a post-operation is submitted, the
+		 * thread-permissions MUST be overwritten by the post-permissions!
+		 * Otherwise it is possible that a moderator can transfer his
+		 * permissions from one forum to another forum, where he has no permissions. */
+		if (isset($_POST['post']) && is_numeric($_POST['post']))
+		{
+			$postId = intval($_POST['post']);
+			$moderatorUserIds = $this->getModeratorUserIdsByPostId($postId);
 		}
 
 		// Check if user has moderator permissions for this thread
-		if(!in_array(USERID, array_keys($modArray)))
+		if(!in_array(USERID, $moderatorUserIds))
 		{
-			$ret['msg'] 	= ''.LAN_FORUM_8030.' '. json_encode($_POST);
+			$ret['msg'] 	= ''.LAN_FORUM_8030.'';
 			$ret['hide'] 	= false;
 			$ret['status'] 	= 'error';
 		}
@@ -414,7 +521,7 @@ public function ajaxModerate()
 				break;
 
 				case 'deletepost':
-					if(!$postId = vartrue($_POST['post']))
+					if(!$postId)
 					{
 						// echo "No Post";
 						// exit;
@@ -2420,27 +2527,24 @@ function threadDelete($threadId, $updateForumLastpost = true)
 	 * Delete a Post
 	 * @param $postId integer
 	 * @param $updateCounts boolean
-	 * 
+	 * @return "null" if this post does not exist, "true" if post could deleted, otherwise "false"
 	 */
 	function postDelete($postId, $updateCounts = true)
 	{
 		$postId 	= (int)$postId;
-		$e107 		= e107::getInstance();		
+
 		$sql 		= e107::getDb();
 		$deleted 	= false;
 
 		$postInfo   = $sql->retrieve('forum_post', '*', 'post_id = '.$postId);
-		//if(!$sql->select('forum_post', '*', 'post_id = '.$postId))
+
 		if(!is_array($postInfo) || empty($postInfo))
 		{
-			echo 'NOT FOUND!'; return;
+			return null;
 		}
-
-
-		$row = $sql->fetch();
 
 		//delete attachments if they exist
-		if($row['post_attachments'])
+		if($postInfo['post_attachments'])
 		{
 			$this->postDeleteAttachments('post', $postId);
 		}
@@ -2456,24 +2560,24 @@ function postDelete($postId, $updateCounts = true)
 		if($updateCounts)
 		{
 			// decrement user post counts
-			if ($row['post_user'])
+			if ($postInfo['post_user'])
 			{
-				$sql->update('user_extended', 'user_plugin_forum_posts=GREATEST(user_plugin_forum_posts-1,0) WHERE user_extended_id='.$row['post_user']);
+				$sql->update('user_extended', 'user_plugin_forum_posts=GREATEST(user_plugin_forum_posts-1,0) WHERE user_extended_id='.$postInfo['post_user']);
 			}
 
 			// update thread with correct reply counts
-			$sql->update('forum_thread', "thread_total_replies=GREATEST(thread_total_replies-1,0) WHERE thread_id=".$row['post_thread']);
+			$sql->update('forum_thread', "thread_total_replies=GREATEST(thread_total_replies-1,0) WHERE thread_id=".$postInfo['post_thread']);
 
 			// update forum with correct thread/reply counts
-			$sql->update('forum', "forum_replies=GREATEST(forum_replies-1,0) WHERE forum_id=".$row['post_forum']);
+			$sql->update('forum', "forum_replies=GREATEST(forum_replies-1,0) WHERE forum_id=".$postInfo['post_forum']);
 
 			// update thread lastpost info
-			$this->forumUpdateLastpost('thread', $row['post_thread']);
+			$this->forumUpdateLastpost('thread', $postInfo['post_thread']);
 
 			// update forum lastpost info
-			$this->forumUpdateLastpost('forum', $row['post_forum']);
+			$this->forumUpdateLastpost('forum', $postInfo['post_forum']);
 		}
-		return $deleted; // return boolean. $threadInfo['thread_total_replies'];
+		return $deleted;
 	}
 
 

e107_plugins/forum/forum_post.php

@@ -66,8 +66,9 @@ function __construct()
 		$this->id       = (int) $_GET['id']; // forum thread/topic id.
 		$this->post     = (int) $_GET['post']; // post ID if needed.
 
-		define('MODERATOR', USER && $this->forumObj->isModerator(USERID));
 
+		$moderatorUserIds = $forum->getModeratorUserIdsByPostId($this->post);
+		define('MODERATOR', (USER && in_array(USERID, $moderatorUserIds)));
 
 
 		$this->data = $this->processGet();

e107_plugins/forum/forum_viewforum.php

@@ -200,21 +200,15 @@
 	), 250, '...'));
 }
 
-//define('MODERATOR', $forum_info['forum_moderators'] != '' && check_class($forum_info['forum_moderators']));
-//$modArray = $forum->forum_getmods($forum_info['forum_moderators']);
+$moderatorUserIds = $forum->getModeratorUserIdsByForumId($forumId);
+define('MODERATOR', (USER && in_array(USERID, $moderatorUserIds)));
 
-// $thread???
-$modArray = $forum->forumGetMods($thread->forum_info['forum_moderators']);
-define('MODERATOR', (USER && is_array($modArray) && in_array(USERID, array_keys($modArray))));
-
-//----$message = '';
 if (MODERATOR)
 {
 	if ($_POST)
 	{
 		require_once(e_PLUGIN.'forum/forum_mod.php');
-//--		$message = forum_thread_moderate($_POST);
-    $forumSCvars['message']=forum_thread_moderate($_POST);
+		$forumSCvars['message'] = forum_thread_moderate($_POST);
 	}
 }
 

e107_plugins/forum/forum_viewtopic.php

@@ -69,9 +69,27 @@
 	exit;
 }
 
+if (isset($_GET['last']))
+{
+	$_GET['f'] = 'last';
+}
+
+if(isset($_GET['f']) && $_GET['f'] == 'post')
+{
+	$thread->processFunction();
+}
+
+$thread->init();
+
+
+/* Check if use has moderator permissions for this thread */
+$moderatorUserIds = $forum->getModeratorUserIdsByThreadId($thread->threadInfo['thread_id']);
+define('MODERATOR', (USER && in_array(USERID, $moderatorUserIds)));
+
+
 if(e_AJAX_REQUEST)
 {
-    if(varset($_POST['action']) == 'quickreply')
+	if(varset($_POST['action']) == 'quickreply')
 	{
 		$forum->ajaxQuickReply();
 	}
@@ -85,22 +103,12 @@
 	{
 		$forum->ajaxModerate();
 	}
-
-}
-
-
-if (isset($_GET['last']))
-{
-	$_GET['f'] = 'last';
-}
-
-if(isset($_GET['f']) && $_GET['f'] == 'post')
-{
-	$thread->processFunction();
+	else if(varset($_POST['action']) == 'deletepost')
+	{
+		$forum->usersLastPostDeletion();
+	}
 }
 
-$thread->init();
-
 
 /*
 if(isset($_POST['track_toggle']))
@@ -142,8 +150,9 @@
 }
 
 define('e_PAGETITLE', strip_tags($tp->toHTML($thread->threadInfo['thread_name'], true, 'no_hook, emotes_off')).' / '.$tp->toHTML($thread->threadInfo['forum_name'], true, 'no_hook, emotes_off').' / '.LAN_FORUM_1001);
+
 $forum->modArray = $forum->forumGetMods($thread->threadInfo['forum_moderators']);
-define('MODERATOR', (USER && $forum->isModerator(USERID)));
+
 
 e107::getScBatch('view', 'forum')->setScVar('forum', $forum);
 //var_dump(e107::getScBatch('forum', 'forum'));
@@ -481,6 +490,8 @@ function forumbuttons($thread)
 $sc->wrapper('forum_viewtopic/end'); 
 $forend = $tp->parseTemplate($FORUMEND, true, $sc);
 
+$lastPostDetectionCounter = count($postList);
+$sc->setScVar('thisIsTheLastPost', false);
 
 foreach ($postList as $c => $postInfo)
 {
@@ -490,6 +501,9 @@ function forumbuttons($thread)
 	}
 	$loop_uid = (int)$postInfo['post_user'];
 
+	$lastPostDetectionCounter--;
+	if ($lastPostDetectionCounter == 0) $sc->setScVar('thisIsTheLastPost', true);
+
 //---- Orphan $tnum????
 	$tnum = $i;
 

e107_plugins/forum/shortcodes/batch/view_shortcodes.php

@@ -859,6 +859,17 @@ function sc_postoptions()
 
 			}
 
+			// Delete own post, if it is the last in the thread
+			if($this->thisIsTheLastPost && USER && $this->thread->threadInfo['thread_lastuser'] == USERID)
+			{
+				/* only show delete button when post is not the initial post of the topic
+				 * AND if this post is the last post in the thread */
+				if($this->thread->threadInfo['thread_active'] && empty($this->postInfo['thread_start']) )
+				{
+					$text .= "<li class='text-right'><a href='" . e_REQUEST_URI . "' data-forum-action='deletepost' data-forum-post='" . $this->postInfo['post_id'] . "'>" . LAN_DELETE . " " . $tp->toGlyph('trash') . "</a></li>";
+				}
+			}
+
 			if($this->forum->checkperm($this->postInfo['post_forum'], 'post'))
 			{
 				$url = e107::url('forum', 'post') . "?f=quote&amp;id=" . $this->postInfo['post_thread'] . "&amp;post=" . $this->postInfo['post_id'];
@@ -889,7 +900,7 @@ function sc_postoptions()
 				//	if(!$this->forum->threadDetermineInitialPost($this->postInfo['post_id']))
 				if(empty($this->postInfo['thread_start']))
 				{
-					$text .= "<li class='text-right'><a href='" . e_REQUEST_URI . "' data-forum-action='deletepost' data-forum-thread='" . $this->postInfo['post_thread'] . "' data-forum-post='" . $this->postInfo['post_id'] . "'>" . LAN_DELETE . " " . $tp->toGlyph('trash') . "</a></li>";
+					$text .= "<li class='text-right'><a href='" . e_REQUEST_URI . "' data-forum-action='deletepost' data-forum-post='" . $this->postInfo['post_id'] . "'>" . LAN_DELETE . " " . $tp->toGlyph('trash') . "</a></li>";
 				}
 
 				if($type == 'thread')