added listing archiving-and-restore function (vandalism protection), …

…and ...

- added log-picture removal on log deletion (bugfix)
- block deletion of user accounts if archived logs or cache reports exist
- show number of archived logs and cache reports in adminuser interface
- improved cache description deletion confirmation message

htdocs/admins.php

@@ -30,6 +30,7 @@
 		if ($record['admin'] & ADMIN_MAINTAINANCE) 	$rights[] = "dbmaint";
 		if ($record['admin'] & ADMIN_USER)					$rights[] = "user/caches";
 		if ($record['admin'] & ADMIN_NEWS)					$rights[] = "newsapprove";
+		if ($record['admin'] & ADMIN_RESTORE)				$rights[] = "vand.restore";
 		if ($record['admin'] & 128)									$rights[] = "root";
 		$admin['rights'] = implode(", ", $rights);
 		$admins[] = $admin;

htdocs/adminuser.php

@@ -128,6 +128,8 @@ function searchUser()
 	$r['hidden'] = sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1'", 0, $r['user_id']);
 	$r['hidden_active'] = sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1' AND `status`=1", 0, $r['user_id']);
 	$r['logentries'] = sql_value("SELECT COUNT(*) FROM `cache_logs` WHERE `user_id`='&1'", 0, $r['user_id']);
+	$r['deleted_logentries'] = sql_value("SELECT COUNT(*) FROM `cache_logs_archived` WHERE `user_id`='&1'", 0, $r['user_id']);
+	$r['reports'] = sql_value("SELECT COUNT(*) FROM `cache_reports` WHERE `userid`='&1'", 0, $r['user_id']);
 
 	$r['last_known_login'] = sql_value("SELECT MAX(`last_login`) FROM `sys_sessions` WHERE `user_id`='&1'", 0, $r['user_id']);
 

htdocs/config2/settings-dev.inc.php

@@ -76,6 +76,7 @@
 	 *
 	 */
 	$opt['page']['absolute_url'] = $dev_baseurl;
+	$opt['page']['develsystem'] = true;
 	$opt['mail']['from'] = 'root';
 	$opt['mail']['subject'] = '[local.opencaching.de] ';
 

htdocs/config2/settings-dist.inc.php

@@ -179,6 +179,7 @@
  	$opt['page']['showdonations'] = false; // Show donations button
 
   $opt['page']['absolute_url'] = 'http://devel.opencaching.de/'; // may be overwritten by $opt['domain'][...]['uri']
+	$opt['page']['develsystem'] = false;
 
   /* maximum number of failed logins per hour before that IP address is blocked
    * (used to prevent brute-force-attacks)

htdocs/images/uploads/deleted/.htaccess

@@ -0,0 +1,4 @@
+<FilesMatch ".*">
+Order Deny,Allow
+Deny from All
+</FilesMatch>

htdocs/lang/de/ocstyle/removedesc.tpl.php

@@ -20,6 +20,6 @@
 		
  ****************************************************************************/
 ?>
-<h1>{t}delete this cache-description{/t}</h1>
-<p>{t}Do you really want to delete the description of your cache &quot;{cachename}&quot;{/t}</p>
+<h1>{t}delete this cache-description{/t} ({desclang_name})</h1>
+<p>{t}Do you really want to delete this  description of your cache &quot;{cachename}&quot;{/t}</p>
 <p><a href="removedesc.php?cacheid={cacheid_urlencode}&desclang={desclang_urlencode}&commit=1">{t}Yes, delete cache description{/t}</a></p>

htdocs/lib/clicompatbase.inc.php

@@ -441,16 +441,19 @@ function sql_escape($value)
 
 	function sql_error()
 	{
+		global $debug_page;
 		global $sql_errormail;
 		global $emailheaders;
 		global $absolute_server_URI;
 		global $interface_output;
 		global $dberrormsg;
 
+		$msql_error = mysql_errno() . ": " . mysql_error();
+
 		if ($sql_errormail != '')
 		{
 			// sendout email
-			$email_content = mysql_errno() . ": " . mysql_error();
+			$email_content = $msql_error;
 			$email_content .= "\n--------------------\n";
 			$email_content .= print_r(debug_backtrace(), true);
 			mb_send_mail($sql_errormail, 'sql_error: ' . $absolute_server_URI, $email_content, $emailheaders);
@@ -459,13 +462,14 @@ function sql_error()
 		if ($interface_output == 'html')
 		{
 			// display errorpage
-			tpl_errorMsg('sql_error', $dberrormsg);
+			tpl_errorMsg('sql_error', $dberrormsg . ($debug_page ? "<br />" . $msql_error : ""));
 			exit;
 		}
 		else if ($interface_output == 'plain')
 		{
 			echo "\n";
 			echo 'sql_error' . "\n";
+			if ($debug_page) echo $msql_error . "\n";
 			echo '---------' . "\n";
 			echo print_r(debug_backtrace(), true) . "\n";
 			exit;

htdocs/lib2/db.inc.php

@@ -201,7 +201,7 @@ function sql_internal($dblink, $sql)
 							else if ((substr($sql, $sqlpos - $arglength - 1, 1) == '`') && (substr($sql, $sqlpos + 1, 1) == '`'))
 								$filtered_sql .= sql_escape_backtick($args[$arg]);
 							else
-								sql_error();
+								sql_error($sql);
 						}
 					}
 					else
@@ -258,7 +258,7 @@ function sql_internal($dblink, $sql)
 							$filtered_sql .= '`';
 					}
 					else
-						sql_error();
+						sql_error($sql);
 
 					$sqlpos = $nextarg + $arglength + 1;
 				}
@@ -302,7 +302,7 @@ function sql_internal($dblink, $sql)
 			$result = $sqldebugger->execute($filtered_sql, $dblink, ($dblink===$db['dblink_slave']), $db['slave_server']);
 			if ($result === false)
 			{
-				sql_error();
+				sql_error($filtered_sql);
 			}
 		}
 		else
@@ -318,7 +318,7 @@ function sql_internal($dblink, $sql)
 			$result = @mysql_query($filtered_sql, $dblink);
 			if ($result === false)
 			{
-				sql_error();
+				sql_error($filtered_sql);
 			}
 
 			if ($opt['db']['warn']['time'] > 0)
@@ -876,7 +876,7 @@ function sql_disconnect_slave()
 		$db['dblink_slave'] = false;
 	}
 
-	function sql_error()
+	function sql_error($sqlstatement="")
 	{
 		global $tpl, $opt, $db;
 		global $bSmartyNoTranslate;
@@ -888,6 +888,8 @@ function sql_error()
 
 		$errno = mysql_errno();
 		$error = mysql_error();
+		if ($sqlstatement != "")
+			$error .= "\n\nSQL statement: " . $sqlstatement;
 
 		if ($db['connected'] == false)
 			$bSmartyNoTranslate = true;
@@ -902,7 +904,7 @@ function sql_error()
 			$mail->name = 'sql_error';
 
 			$mail->assign('errno', $errno);
-			$mail->assign('error', $error);
+			$mail->assign('error', str_replace("\n","\r\n",$error));
 			$mail->assign('trace', print_r(debug_backtrace(), true));
 
 			$mail->send();
@@ -914,14 +916,14 @@ function sql_error()
 			if (isset($tpl))
 			{
 				if ($opt['db']['error']['display'] == true)
-					$tpl->error('MySQL error' . ' (' . $errno . '): ' . $error);
+					$tpl->error('MySQL error (' . $errno . '): ' . $error);
 				else
 					$tpl->error('A database command could not be performed.');
 			}
 			else
 			{
 				if ($opt['db']['error']['display'] == true)
-					die('<html><body>' . htmlspecialchars('MySQL error (' .$errno . '): ' . $error) . '</body></html>');
+					die('<html><body>' . htmlspecialchars('MySQL error (' .$errno . '): ' . str_replace("\n,","<br />", $error)) . '</body></html>');
 				else
 					die('<html><body>A database command could not be performed</body></html>');
 			}

htdocs/lib2/logic/cachelog.class.php

@@ -146,7 +146,6 @@ function setTextHtmlEdit($value)
 	{
 		return $this->reCacheLog->setValue('text_htmledit', $value);
 	}
-
 	function getUUID()
 	{
 		return $this->reCacheLog->getValue('uuid');
@@ -168,6 +167,15 @@ function setNode($value)
 		return $this->reCacheLog->setValue('node', $value);
 	}
 
+	function getOwnerNotified()
+	{
+		return $this->reCacheLog->getValue('owner_notified') != 0;
+	}
+	function setOwnerNotified($value)
+	{
+		return $this->reCacheLog->setValue('owner_notified', $value ? 1 : 0);
+	}
+
 	function getAnyChanged()
 	{
 		return $this->reCacheLog->getAnyChanged();
@@ -177,7 +185,18 @@ function getAnyChanged()
 	function save()
 	{
 		sql_slave_exclude();
-		return $this->reCacheLog->save();
+		$saved = $this->reCacheLog->save();
+		if ($saved && $this->nLogId == ID_NEW)
+			$this->nLogId = $this->reCacheLog->getValue('id');
+		return $saved;
+	}
+
+	function updatePictureStat()
+	{
+		sql("UPDATE `cache_logs` SET `picture` =
+		       (SELECT COUNT(*) FROM `pictures` WHERE `object_type`=1 AND `object_id`='&1')
+		     WHERE `id`= '&1'",
+         $this->getLogId());
 	}
 
 	function allowView()

htdocs/lib2/logic/const.inc.php

@@ -33,6 +33,7 @@
 	define('ADMIN_MAINTAINANCE', 2);  // check table etc.
 	define('ADMIN_USER', 4);          // drop users, caches etc.
 	define('ADMIN_NEWS', 8);          // approve news entries
+	define('ADMIN_RESTORE', 16);      // restore vandalized listings
 	define('ADMIN_ROOT', 128 | 127);  // root + all previous rights
 
 	define('ATTRIB_SELECTED', 1);