2010-12-01 11:53:11 +01:00
< ? php
require 'inc/functions.php' ;
require 'inc/display.php' ;
require 'inc/template.php' ;
2010-12-17 15:18:03 +01:00
require 'inc/database.php' ;
2010-12-01 11:53:11 +01:00
require 'inc/user.php' ;
2011-01-01 16:05:30 +01:00
sql_open ();
// Check if banned
checkBan ();
2010-12-02 08:26:09 +01:00
require 'inc/mod.php' ;
2010-12-01 11:53:11 +01:00
2010-12-04 04:58:24 +01:00
// Fix some encoding issues
header ( 'Content-Type: text/html; charset=utf-8' , true );
2011-02-06 14:38:01 +01:00
if ( get_magic_quotes_gpc ()) {
function strip_array ( $var ) {
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
$_SESSION = strip_array ( $_SESSION );
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
2011-02-16 09:59:13 +01:00
$query = isset ( $_SERVER [ 'QUERY_STRING' ]) ? $_SERVER [ 'QUERY_STRING' ] : '' ;
2010-12-01 11:53:11 +01:00
// If not logged in
2010-12-02 08:02:48 +01:00
if ( ! $mod ) {
2010-12-01 11:53:11 +01:00
if ( isset ( $_POST [ 'login' ])) {
// Check if inputs are set and not empty
if ( ! isset ( $_POST [ 'username' ]) ||
! isset ( $_POST [ 'password' ]) ||
empty ( $_POST [ 'username' ]) ||
empty ( $_POST [ 'password' ])
2011-02-16 09:59:13 +01:00
) loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
2010-12-01 11:53:11 +01:00
if ( ! login ( $_POST [ 'username' ], $_POST [ 'password' ]))
2011-02-16 09:59:13 +01:00
loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
2010-12-01 11:53:11 +01:00
2011-02-11 13:02:30 +01:00
modLog ( " Logged in. " );
2010-12-01 11:53:11 +01:00
// Login successful
// Set cookies
setCookies ();
2010-12-02 08:02:48 +01:00
// Redirect
2011-02-16 09:59:13 +01:00
if ( isset ( $_POST [ 'redirect' ]))
header ( 'Location: ' . $_POST [ 'redirect' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?' . $config [ 'mod' ][ 'default' ], true , $config [ 'redirect_http' ]);
2010-12-02 08:02:48 +01:00
2010-12-01 11:53:11 +01:00
// Close connection
sql_close ();
} else {
2011-02-16 09:59:13 +01:00
loginForm ( false , false , '?' . $query );
2010-12-01 11:53:11 +01:00
}
} else {
2011-02-22 07:52:26 +01:00
// Redirect (for index pages)
if ( count ( $_GET ) == 2 && isset ( $_GET [ 'status' ]) && isset ( $_GET [ 'r' ]))
header ( 'Location: ' . $_GET [ 'r' ], true , $_GET [ 'status' ]);
2010-12-16 06:36:40 +01:00
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
2010-12-01 15:17:27 +01:00
$regex = Array (
2011-02-12 07:25:15 +01:00
'board' => str_replace ( '%s' , '(\w{1,8})' , preg_quote ( $config [ 'board_path' ], '/' )),
'page' => str_replace ( '%d' , '(\d+)' , preg_quote ( $config [ 'file_page' ], '/' )),
'img' => preg_quote ( $config [ 'dir' ][ 'img' ], '/' ),
'thumb' => preg_quote ( $config [ 'dir' ][ 'thumb' ], '/' ),
'res' => preg_quote ( $config [ 'dir' ][ 'res' ], '/' ),
'index' => preg_quote ( $config [ 'file_index' ], '/' )
2010-12-01 15:17:27 +01:00
);
if ( preg_match ( '/^\/?$/' , $query )) {
2010-12-02 08:02:48 +01:00
// Dashboard
2010-12-16 16:20:16 +01:00
$fieldset = Array (
'Boards' => '' ,
2011-03-30 12:47:06 +02:00
'Noticeboard' => '' ,
2011-03-27 05:48:22 +02:00
'Administration' => '' ,
2011-04-14 09:10:59 +02:00
'Themes' => '' ,
2011-03-29 15:56:38 +02:00
'Search' => '' ,
2011-03-27 05:48:22 +02:00
'Logout' => ''
2010-12-16 16:20:16 +01:00
);
2010-12-02 08:26:09 +01:00
2010-12-16 16:20:16 +01:00
// Boards
$fieldset [ 'Boards' ] .= ulBoards ();
2011-03-30 12:47:06 +02:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'noticeboard' ]) {
2011-03-30 12:57:51 +02:00
$query = prepare ( " SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_dashboard' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$fieldset [ 'Noticeboard' ] .= '<li>' ;
$_body = '' ;
while ( $notice = $query -> fetch ()) {
$m_query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$m_query -> bindValue ( ':id' , $notice [ 'mod' ], PDO :: PARAM_INT );
$m_query -> execute () or error ( db_error ( $m_query ));
if ( ! $_mod = $m_query -> fetch ()) {
$_mod = Array ( 'username' => '<em>???</em>' );
}
$_body .= '<li><a href="?/noticeboard#' .
$notice [ 'id' ] .
'">' .
( $notice [ 'subject' ] ?
$notice [ 'subject' ]
:
'<em>no subject</em>'
) .
'</a><span class="unimportant"> — by ' .
$_mod [ 'username' ] .
' at ' .
date ( $config [ 'post_date' ], $notice [ 'time' ]) .
'</span></li>' ;
}
if ( ! empty ( $_body )) {
$fieldset [ 'Noticeboard' ] .= '<ul>' . $_body . '</ul></li><li>' ;
}
$fieldset [ 'Noticeboard' ] .= '<a href="?/noticeboard">View all entires</a></li>' ;
2011-04-12 10:02:20 +02:00
$query = prepare ( " SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1 " );
$query -> bindValue ( ':id' , $mod [ 'id' ]);
$query -> execute () or error ( db_error ( $query ));
$count = $query -> fetch ();
$count = $count [ 'count' ];
$fieldset [ 'Noticeboard' ] .= '<li><a href="?/inbox">PM inbox' .
( $count > 0
?
' <strong>(' . $count . ' unread)</strong>'
: '' ) .
'</a></li>' ;
2011-04-13 16:24:49 +02:00
$fieldset [ 'Noticeboard' ] .= '<li><a href="?/news">News</a></li>' ;
2011-03-30 12:47:06 +02:00
}
2011-02-20 07:19:57 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'reports' ]) {
$fieldset [ 'Administration' ] .= '<li><a href="?/reports">Report queue</a></li>' ;
}
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'view_banlist' ]) {
2011-02-06 14:38:01 +01:00
$fieldset [ 'Administration' ] .= '<li><a href="?/bans">Ban list</a></li>' ;
2011-03-02 07:15:37 +01:00
}
2011-03-02 07:51:29 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'manageusers' ]) {
2011-03-02 07:15:37 +01:00
$fieldset [ 'Administration' ] .= '<li><a href="?/users">Manage users</a></li>' ;
2011-02-06 14:38:01 +01:00
}
2011-03-02 07:51:29 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'modlog' ]) {
$fieldset [ 'Administration' ] .= '<li><a href="?/log">Moderation log</a></li>' ;
}
2011-03-26 16:35:54 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'rebuild' ]) {
$fieldset [ 'Administration' ] .= '<li><a href="?/rebuild">Rebuild static files</a></li>' ;
}
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'show_config' ]) {
2010-12-16 16:20:16 +01:00
$fieldset [ 'Administration' ] .= '<li><a href="?/config">Show configuration</a></li>' ;
}
2010-12-02 08:26:09 +01:00
2011-04-14 09:10:59 +02:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'themes' ]) {
$fieldset [ 'Themes' ] .= '<li><a href="?/themes">Manage themes</a></li>' ;
}
2011-03-29 15:56:38 +02:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'search' ]) {
$fieldset [ 'Search' ] .= '<li><form style="display:inline" action="?/search" method="post">' .
'<label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" />' .
'<input type="submit" value="Search" />' .
'</form>' .
2011-03-29 16:36:19 +02:00
'<p class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</p>' .
2011-03-29 15:56:38 +02:00
'</li>' ;
}
2011-03-27 05:48:22 +02:00
$fieldset [ 'Logout' ] .= '<li><a href="?/logout">Logout</a></li>' ;
2010-12-02 10:55:56 +01:00
// TODO: Statistics, etc, in the dashboard.
2010-12-16 16:20:16 +01:00
$body = '' ;
foreach ( $fieldset as $title => $data ) {
if ( $data )
$body .= " <fieldset><legend> { $title } </legend><ul> { $data } </ul></fieldset> " ;
}
2010-12-02 10:55:56 +01:00
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2010-12-02 08:26:09 +01:00
'title' => 'Dashboard' ,
2011-03-28 17:00:17 +02:00
'body' => $body ,
'__mod' => true
2010-12-10 10:57:34 +01:00
)
);
2011-03-27 05:48:22 +02:00
} elseif ( preg_match ( '/^\/logout$/' , $query )) {
destroyCookies ();
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-04-06 10:31:26 +02:00
} elseif ( preg_match ( '/^\/confirm\/(.+)$/' , $query , $matches )) {
$uri = $matches [ 1 ];
$body = '<p style="text-align:center">' .
'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
'You clicked ' .
'<strong>?/' . htmlentities ( $uri ) . '</strong>' .
' but had Javascript disabled, so we weren\'t able to serve the confirmation dialog.' .
'</p>' .
'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . htmlentities ( $uri ) . '">Confirm.</a></p>' ;
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Confirm' ,
'body' => $body ,
'mod' => true
)
);
2011-03-02 07:51:29 +01:00
} elseif ( preg_match ( '/^\/log$/' , $query )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'modlog' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-28 08:24:23 +02:00
$boards = Array ();
$_boards = listBoards ();
foreach ( $_boards as & $_b ) {
$boards [ $_b [ 'id' ]] = $_b [ 'uri' ];
}
$body = '<table class="modlog"><tr><th>User</th><th>IP address</th><th>Ago</th><th>Board</th><th>Action</th></tr>' ;
2011-03-02 07:51:29 +01:00
2011-03-28 08:24:23 +02:00
$query = prepare ( " SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :limit " );
2011-03-02 07:51:29 +01:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $log = $query -> fetch ()) {
$log [ 'text' ] = htmlentities ( $log [ 'text' ]);
$log [ 'text' ] = preg_replace ( '/(\d+\.\d+\.\d+\.\d+)/' , '<a href="?/IP/$1">$1</a>' , $log [ 'text' ]);
$body .= '<tr>' .
'<td class="minimal"><a href="?/users/' . $log [ 'id' ] . '">' . $log [ 'username' ] . '</a></td>' .
'<td class="minimal"><a href="?/IP/' . $log [ 'ip' ] . '">' . $log [ 'ip' ] . '</a></td>' .
'<td class="minimal">' . ago ( $log [ 'time' ]) . '</td>' .
2011-03-28 08:24:23 +02:00
'<td class="minimal">' .
( $log [ 'board' ] ?
( isset ( $boards [ $log [ 'board' ]]) ?
'<a href="?/' . $boards [ $log [ 'board' ]] . '/' . $config [ 'file_index' ] . '">' . sprintf ( $config [ 'board_abbreviation' ], $boards [ $log [ 'board' ]]) . '</a></td>'
: '<em>deleted?</em>' )
: '-' ) .
2011-03-02 07:51:29 +01:00
'<td>' . $log [ 'text' ] . '</td>' .
'</tr>' ;
}
$body .= '</table>' ;
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-02 07:51:29 +01:00
'title' => 'Moderation log' ,
'body' => $body ,
2011-03-30 12:47:06 +02:00
'mod' => true
)
);
2011-04-14 09:10:59 +02:00
} elseif ( preg_match ( '/^\/themes\/none$/' , $query , $match )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'themes' ]) error ( $config [ 'error' ][ 'noaccess' ]);
// Clearsettings
query ( " TRUNCATE TABLE `theme_settings` " ) or error ( db_error ());
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'No theme' ,
'body' => '<p style="text-align:center">Successfully stopped using any themes. You\'ll have to create a homepage manually if you want one.</p>' ,
'mod' => true
)
);
2011-04-13 15:47:47 +02:00
} elseif ( preg_match ( '/^\/themes(\/(\w+))?$/' , $query , $match )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'themes' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! is_dir ( $config [ 'dir' ][ 'homepage' ]))
error ( 'Homepage directory doesn\'t exist!' );
if ( ! $dir = opendir ( $config [ 'dir' ][ 'homepage' ]))
error ( 'Cannot open homepage directory; check permissions.' );
if ( isset ( $match [ 2 ])) {
$_theme = $match [ 2 ];
2011-04-14 09:10:59 +02:00
if ( ! $theme = loadThemeConfig ( $_theme )) {
error ( $config [ 'error' ][ 'invalidtheme' ]);
}
2011-04-13 15:47:47 +02:00
if ( isset ( $_POST [ 'install' ])) {
// Check if everything is submitted
foreach ( $theme [ 'config' ] as & $c ) {
if ( ! isset ( $_POST [ $c [ 'name' ]]) && $c [ 'type' ] != 'checkbox' )
error ( spritnf ( $config [ 'error' ][ 'required' ], $c [ 'title' ]));
}
// Clear previous settings
query ( " TRUNCATE TABLE `theme_settings` " ) or error ( db_error ());
foreach ( $theme [ 'config' ] as & $c ) {
$query = prepare ( " INSERT INTO `theme_settings` VALUES(:name, :value) " );
$query -> bindValue ( ':name' , $c [ 'name' ]);
$query -> bindValue ( ':value' , $_POST [ $c [ 'name' ]]);
$query -> execute () or error ( db_error ( $query ));
}
$query = prepare ( " INSERT INTO `theme_settings` VALUES('theme', :value) " );
$query -> bindValue ( ':value' , $_theme );
$query -> execute () or error ( db_error ( $query ));
// Build theme
2011-04-14 12:43:34 +02:00
rebuildTheme ( 'all' );
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Installed "' . htmlentities ( $theme [ 'name' ]) . '"' ,
'body' => '<p style="text-align:center">Successfully installed and built theme.</p>' ,
'mod' => true
)
);
2011-04-13 15:47:47 +02:00
} else {
$body = '<form action="" method="post">' ;
if ( ! isset ( $theme [ 'config' ]) || empty ( $theme [ 'config' ])) {
$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>' ;
} else {
$body .= '<table>' ;
foreach ( $theme [ 'config' ] as & $c ) {
$body .= '<tr><th>' . $c [ 'title' ] . '</th><td>' ;
switch ( $c [ 'type' ]) {
case 'text' :
default :
$body .= '<input type="text" name="' . $c [ 'name' ] . '" />' ;
}
$body .= '</td></tr>' ;
}
$body .= '</table>' ;
}
$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>' ;
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Installing "' . htmlentities ( $theme [ 'name' ]) . '"' ,
'body' => $body ,
'mod' => true
)
);
}
} else {
// Scan directory for themes
$themes = Array ();
while ( $file = readdir ( $dir )) {
if ( $file [ 0 ] != '.' && is_dir ( $config [ 'dir' ][ 'homepage' ] . '/' . $file )) {
$themes [] = $file ;
}
}
closedir ( $dir );
$body = '' ;
if ( empty ( $themes )) {
$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>' ;
} else {
$body .= '<table class="modlog">' ;
foreach ( $themes as & $_theme ) {
$theme = loadThemeConfig ( $_theme );
markup ( $theme [ 'description' ]);
$body .= '<tr>' .
'<th class="minimal">Name</th>' .
'<td>' . htmlentities ( $theme [ 'name' ]) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Version</th>' .
'<td>' . htmlentities ( $theme [ 'version' ]) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Description</th>' .
'<td>' . $theme [ 'description' ] . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Thumbnail</th>' .
'<td><img style="float:none;margin:4px" src="' . $config [ 'dir' ][ 'homepage_uri' ] . '/' . $_theme . '/thumb.png" /></td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Actions</th>' .
'<td><ul style="padding:0 20px">' .
'<li>' .
2011-04-14 08:58:43 +02:00
'<a title="Use theme" href="?/themes/' . $_theme . '">Use</a>' .
2011-04-13 15:47:47 +02:00
'</li>' .
'<li>' .
confirmLink ( 'Remove' , 'Uninstall theme' , 'Are you sure you want to permanently remove this theme?' , 'themes/' . $_theme . '/uninstall' ) .
'</li>' .
'</ul></td>' .
'</tr>' .
2011-04-14 08:58:43 +02:00
'<tr style="height:40px"><td colspan="2"><hr/></td></tr>' ;
2011-04-13 15:47:47 +02:00
}
$body .= '</table>' ;
}
2011-04-14 09:10:59 +02:00
$body .= '<p style="text-align:center"><a href="?/themes/none">Don\'t use a theme.</a></p>' ;
2011-04-13 15:47:47 +02:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Select theme' ,
'body' => $body ,
'mod' => true
)
);
}
2011-03-30 12:47:06 +02:00
} elseif ( preg_match ( '/^\/noticeboard\/delete\/(\d+)$/' , $query , $match )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'noticeboard_delete' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `noticeboard` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $match [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/noticeboard' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/noticeboard$/' , $query )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'noticeboard' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$body = '' ;
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'noticeboard_post' ]) {
2011-03-30 12:57:51 +02:00
if ( isset ( $_POST [ 'subject' ]) && isset ( $_POST [ 'body' ]) && ! empty ( $_POST [ 'body' ])) {
2011-03-30 12:47:06 +02:00
$query = prepare ( " INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body) " );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindvalue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':subject' , utf8tohtml ( $_POST [ 'subject' ]));
markup ( $_POST [ 'body' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
}
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
'<th><label for="subject">Name</label></th>' .
'<td>' . $mod [ 'username' ] . '</td>' .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to noticeboard" /></td>' .
'</tr></table>' .
'</form></fieldset>' ;
}
$query = prepare ( " SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_display' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $notice = $query -> fetch ()) {
$m_query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$m_query -> bindValue ( ':id' , $notice [ 'mod' ], PDO :: PARAM_INT );
$m_query -> execute () or error ( db_error ( $m_query ));
if ( ! $_mod = $m_query -> fetch ()) {
$_mod = Array ( 'username' => '<em>???</em>' );
}
$body .= '<div class="ban">' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'noticeboard_delete' ] ?
2011-04-13 16:15:20 +02:00
'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice [ 'id' ] . '">[delete]</a></span>'
2011-03-30 12:47:06 +02:00
: '' ) .
2011-04-13 16:15:20 +02:00
'<h2 id="' . $notice [ 'id' ] . '">' .
2011-03-30 12:47:06 +02:00
( $notice [ 'subject' ] ?
$notice [ 'subject' ]
:
'<em>no subject</em>'
) .
'<span class="unimportant"> — by ' .
$_mod [ 'username' ] .
' at ' .
date ( $config [ 'post_date' ], $notice [ 'time' ]) .
'</span></h2><p>' . $notice [ 'body' ] . '</p></div>' ;
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Noticeboard' ,
'body' => $body ,
2011-03-02 07:51:29 +01:00
'mod' => true
)
);
2011-04-13 16:24:49 +02:00
} elseif ( preg_match ( '/^\/news\/delete\/(\d+)$/' , $query , $match )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'noticeboard_delete' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `news` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $match [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-04-14 12:43:34 +02:00
rebuildTheme ( 'news' );
2011-04-14 09:03:12 +02:00
2011-04-13 16:24:49 +02:00
header ( 'Location: ?/news' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/news$/' , $query )) {
$body = '' ;
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'news' ]) {
if ( isset ( $_POST [ 'subject' ]) && isset ( $_POST [ 'body' ]) && ! empty ( $_POST [ 'body' ])) {
$query = prepare ( " INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body) " );
if ( isset ( $_POST [ 'name' ]) && $mod [ 'type' ] >= $config [ 'mod' ][ 'news_custom' ])
$name = $_POST [ 'name' ];
else
$name = $mod [ 'username' ];
$query -> bindValue ( ':name' , utf8tohtml ( $name ), PDO :: PARAM_INT );
$query -> bindvalue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':subject' , utf8tohtml ( $_POST [ 'subject' ]));
markup ( $_POST [ 'body' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
2011-04-14 09:03:12 +02:00
2011-04-14 12:43:34 +02:00
rebuildTheme ( 'news' );
2011-04-13 16:24:49 +02:00
}
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
2011-04-14 09:03:12 +02:00
'<th>Name</th>' .
2011-04-13 16:24:49 +02:00
( $mod [ 'type' ] >= $config [ 'mod' ][ 'news_custom' ] ?
2011-04-14 09:03:12 +02:00
'<td><input type="text" size="55" name="name" id="name" value="' . htmlentities ( $mod [ 'username' ]) . '" /></td>'
2011-04-13 16:24:49 +02:00
:
'<td>' . $mod [ 'username' ] . '</td>' ) .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to news" /></td>' .
'</tr></table>' .
'</form></fieldset>' ;
}
$query = prepare ( " SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_display' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $news = $query -> fetch ()) {
$body .= '<div class="ban">' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'news_delete' ] ?
'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news [ 'id' ] . '">[delete]</a></span>'
: '' ) .
'<h2 id="' . $news [ 'id' ] . '">' .
( $news [ 'subject' ] ?
$news [ 'subject' ]
:
'<em>no subject</em>'
) .
'<span class="unimportant"> — by ' .
$news [ 'name' ] .
' at ' .
date ( $config [ 'post_date' ], $news [ 'time' ]) .
'</span></h2><p>' . $news [ 'body' ] . '</p></div>' ;
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'News' ,
'body' => $body ,
'mod' => true
)
);
2011-04-12 10:02:20 +02:00
} elseif ( preg_match ( '/^\/inbox$/' , $query , $match )) {
$query = prepare ( " SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC " );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () == 0 ) {
$body = '<p style="text-align:center" class="unimportant">(No private messages for you.)</p>' ;
} else {
$unread_pms = 0 ;
$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>' ;
while ( $pm = $query -> fetch ()) {
$body .= '<tr' . ( $pm [ 'unread' ] ? ' style="font-weight:bold"' : '' ) . '>' .
'<td class="minimal"><a href="?/PM/' . $pm [ 'id' ] . '">' . $pm [ 'id' ] . '</a></td>' .
'<td class="minimal"><a href="?/new_PM/' . $pm [ 'sender' ] . '">' . $pm [ 'username' ] . '</a></td>' .
'<td class="minimal">' . date ( $config [ 'post_date' ], $pm [ 'time' ]) . '</td>' .
'<td><a href="?/PM/' . $pm [ 'id' ] . '">' . pm_snippet ( $pm [ 'message' ]) . '</a></td>' .
'</tr>' ;
if ( $pm [ 'unread' ])
$unread_pms ++ ;
}
$body .= '</table>' ;
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'PM Inbox (' . ( $query -> rowCount () == 0 ? 'empty' : $unread_pms . ' unread' ) . ')' ,
'body' => $body ,
'mod' => true
)
);
2011-03-17 06:52:43 +01:00
} elseif ( preg_match ( '/^\/PM\/(\d+)$/' , $query , $match )) {
$id = $match [ 1 ];
2011-04-10 21:15:15 +02:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'master_pm' ]) {
$query = prepare ( " SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id " );
} else {
$query = prepare ( " SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod " );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
}
2011-03-17 06:52:43 +01:00
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $pm = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'delete' ])) {
$query = prepare ( " DELETE FROM `pms` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 08:24:23 +02:00
modLog ( 'Deleted a PM' );
2011-03-17 06:52:43 +01:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
} else {
$query = prepare ( " UPDATE `pms` SET `unread` = 0 WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-04-10 21:15:15 +02:00
if ( $pm [ 'to' ] != $mod [ 'id' ]) {
$query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $pm [ 'to' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $_mod = $query -> fetch ()) {
$__to = $_mod [ 'username' ];
} else {
$__to = '<em>??</em>' ;
}
}
2011-03-28 08:24:23 +02:00
modLog ( 'Read a PM' );
2011-04-12 11:56:37 +02:00
$body = '<form action="" method="post" style="margin:0"><table>' .
2011-04-10 21:15:15 +02:00
'<th>From</th><td>' .
'<a href="?/new_PM/' . $pm [ 'sender' ] . '">' . htmlentities ( $pm [ 'username' ]) . '</a>' .
2011-03-17 06:52:43 +01:00
'</td></tr>' .
2011-04-10 21:15:15 +02:00
( isset ( $__to ) ?
'<th>To</th><td>' .
'<a href="?/new_PM/' . $pm [ 'to' ] . '">' . htmlentities ( $__to ) . '</a>' .
'</td></tr>'
: '' ) .
2011-03-17 06:52:43 +01:00
'<tr><th>Date</th><td> ' . date ( $config [ 'post_date' ], $pm [ 'time' ]) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm [ 'message' ] . '</td></tr>' .
'</table>' .
'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
2011-04-12 11:56:37 +02:00
'</form>' .
'<p style="text-align:center"><a href="?/new_PM/' . $pm [ 'sender' ] . '/' . $pm [ 'id' ] . '">Reply with quote</a></p>' ;
2011-03-17 06:52:43 +01:00
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-17 06:52:43 +01:00
'title' => 'Private message' ,
'body' => $body ,
'mod' => true
)
);
}
2011-04-12 11:56:37 +02:00
} elseif ( preg_match ( '/^\/new_PM\/(\d+)(\/(\d+))?$/' , $query , $match )) {
2011-03-17 06:52:43 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'create_pm' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$to = $match [ 1 ];
$query = prepare ( " SELECT `username`,`id` FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $to , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $to = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'message' ])) {
// Post message
$message = $_POST [ 'message' ];
if ( empty ( $message ))
error ( $config [ 'error' ][ 'tooshort_body' ]);
markup ( $message );
$query = prepare ( " INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1) " );
$query -> bindValue ( ':sender' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':to' , $to [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':message' , $message );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 08:24:23 +02:00
modLog ( 'Sent a PM to ' . $to [ 'username' ]);
2011-03-17 06:52:43 +01:00
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-17 06:52:43 +01:00
'title' => 'PM sent' ,
'body' => '<p style="text-align:center">Message sent successfully to ' . htmlentities ( $to [ 'username' ]) . '.</p>' ,
'mod' => true
)
);
} else {
2011-04-12 11:56:37 +02:00
$value = '' ;
if ( isset ( $match [ 3 ])) {
$reply = $match [ 3 ];
$query = prepare ( " SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id " );
$query -> bindValue ( ':sender' , $to [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':id' , $reply , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $pm = $query -> fetch ()) {
$value = quote ( $pm [ 'message' ]);
}
}
2011-03-17 06:52:43 +01:00
$body = '<form action="" method="post">' .
'<table>' .
'<tr><th>To</th><td>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'editusers' ] ?
'<a href="?/users/' . $to [ 'id' ] . '">' . htmlentities ( $to [ 'username' ]) . '</a>' :
htmlentities ( $to [ 'username' ])
) .
'</td>' .
2011-04-12 11:56:37 +02:00
'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40">' . $value . '</textarea></td>' .
2011-03-17 06:52:43 +01:00
'</table>' .
'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
'</form>' ;
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-17 06:52:43 +01:00
'title' => 'New PM for ' . htmlentities ( $to [ 'username' ]),
2011-03-29 15:56:38 +02:00
'body' => $body ,
'mod' => true
2011-03-17 06:52:43 +01:00
)
);
}
2011-03-29 15:56:38 +02:00
} elseif ( preg_match ( '/^\/search$/' , $query )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'search' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
'<p><label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" ' .
( isset ( $_POST [ 'search' ]) ? 'value="' . htmlentities ( $_POST [ 'search' ]) . '" ' : '' ) .
'/>' .
'<input type="submit" value="Search" />' .
'</p></form>' .
2011-03-29 16:36:19 +02:00
'<p><span class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</span></p>' .
2011-03-29 15:56:38 +02:00
'</div>' ;
if ( isset ( $_POST [ 'search' ]) && ! empty ( $_POST [ 'search' ])) {
$phrase = $_POST [ 'search' ];
$_body = '' ;
2011-03-30 07:55:43 +02:00
// Escape escape character
$phrase = str_replace ( '!' , '!!' , $phrase );
2011-03-29 16:26:02 +02:00
// Remove SQL wildcard
2011-03-29 16:41:59 +02:00
$phrase = str_replace ( '%' , '!%' , $phrase );
2011-03-29 16:26:02 +02:00
// Use asterisk as wildcard to suit convention
$phrase = str_replace ( '*' , '%' , $phrase );
$like = '' ;
$match = Array ();
// Find exact phrases
if ( preg_match_all ( '/"(.+?)"/' , $phrase , $m )) {
foreach ( $m [ 1 ] as & $quote ) {
$phrase = str_replace ( " \" { $quote } \" " , '' , $phrase );
$match [] = $pdo -> quote ( $quote );
}
}
$words = explode ( ' ' , $phrase );
foreach ( $words as & $word ) {
if ( empty ( $word ))
continue ;
$match [] = $pdo -> quote ( $word );
}
$like = '' ;
foreach ( $match as & $phrase ) {
if ( ! empty ( $like ))
$like .= ' AND ' ;
$phrase = preg_replace ( '/^\'(.+)\'$/' , '\'%$1%\'' , $phrase );
2011-03-29 16:41:59 +02:00
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'' ;
2011-03-29 16:26:02 +02:00
}
$like = str_replace ( '%' , '%%' , $like );
2011-03-29 15:56:38 +02:00
$boards = listBoards ();
foreach ( $boards as & $_b ) {
openBoard ( $_b [ 'uri' ]);
2011-03-29 16:26:02 +02:00
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit " , $board [ 'uri' ]));
2011-03-29 15:56:38 +02:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'search_results' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$temp = '' ;
while ( $post = $query -> fetch ()) {
if ( ! $post [ 'thread' ]) {
2011-04-12 13:08:54 +02:00
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], '?/' , $mod , false );
2011-03-29 15:56:38 +02:00
} else {
2011-04-12 13:08:54 +02:00
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], '?/' , $mod );
2011-03-29 15:56:38 +02:00
}
$temp .= $po -> build ( true ) . '<hr/>' ;
}
if ( ! empty ( $temp ))
$_body .= '<fieldset><legend>' . $query -> rowCount () . ' result' . ( $query -> rowCount () != 1 ? 's' : '' ) . ' on <a href="?/' .
sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'file_index' ] .
'">' .
sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . ' - ' . $board [ 'title' ] .
'</a></legend>' . $temp . '</fieldset>' ;
}
$body .= '<hr/>' ;
if ( ! empty ( $_body ))
$body .= $_body ;
else
$body .= '<p style="text-align:center" class="unimportant">(No results.)</p>' ;
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Search' ,
'body' => $body ,
'mod' => true
)
);
2011-03-02 07:15:37 +01:00
} elseif ( preg_match ( '/^\/users$/' , $query )) {
2011-03-02 07:51:29 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'manageusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 07:15:37 +01:00
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Last action</th><th>…</th></tr>' ;
$query = query ( " SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id` " ) or error ( db_error ());
while ( $_mod = $query -> fetch ()) {
$type = $_mod [ 'type' ] == JANITOR ? 'Janitor' : ( $_mod [ 'type' ] == MOD ? 'Mod' : 'Admin' );
$body .= '<tr>' .
'<td>' .
$_mod [ 'id' ] .
'</td>' .
'<td>' .
$_mod [ 'username' ] .
'</td>' .
'<td>' .
$type .
'</td>' .
'<td>' .
( $_mod [ 'last' ] ?
'<span title="' . htmlentities ( $_mod [ 'action' ]) . '">' . ago ( $_mod [ 'last' ]) . '</span>'
: '<em>never</em>' ) .
'</td>' .
'<td style="white-space:nowrap">' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'promoteusers' ] ?
( $_mod [ 'type' ] != ADMIN ?
'<a style="text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/promote" title="Promote">▲</a>'
: '' ) .
( $_mod [ 'type' ] != JANITOR ?
'<a style="text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/demote" title="Demote">▼</a>'
: '' )
: ''
) .
2011-03-27 17:41:06 +02:00
( $mod [ 'type' ] >= $config [ 'mod' ][ 'editusers' ] ||
( $mod [ 'type' ] >= $config [ 'mod' ][ 'change_password' ] && $_mod [ 'id' ] == $mod [ 'id' ]) ?
2011-03-02 07:15:37 +01:00
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod [ 'id' ] . '">[edit]</a>'
2011-03-17 06:52:43 +01:00
: '' ) .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'create_pm' ] ?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod [ 'id' ] . '">[PM]</a>'
: '' ) .
2011-03-02 07:15:37 +01:00
'</td></tr>' ;
}
$body .= '</table>' ;
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'createusers' ]) {
$body .= '<p style="text-align:center"><a href="?/users/new">Create new user</a></p>' ;
}
$body .= '</form>' ;
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-02 07:15:37 +01:00
'title' => 'Manage users' ,
'body' => $body
, 'mod' => true
)
);
} elseif ( preg_match ( '/^\/users\/new$/' , $query )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'createusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) {
if ( ! isset ( $_POST [ 'type' ])) {
error ( sprintf ( $config [ 'error' ][ 'required' ], 'type' ));
}
if ( $_POST [ 'type' ] != ADMIN && $_POST [ 'type' ] != MOD && $_POST [ 'type' ] != JANITOR ) {
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'type' ));
}
// Check if already exists
$query = prepare ( " SELECT `id` FROM `mods` WHERE `username` = :username " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> execute () or error ( db_error ( $query ));
if ( $_mod = $query -> fetch ()) {
error ( sprintf ( $config [ 'error' ][ 'modexists' ], $_mod [ 'id' ]));
}
$query = prepare ( " INSERT INTO `mods` VALUES (NULL, :username, :password, :type) " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
$query -> bindValue ( ':type' , $_POST [ 'type' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-02 07:19:36 +01:00
modLog ( 'Create a new user: "' . $_POST [ 'username' ] . '"' );
2011-03-02 07:15:37 +01:00
}
$body = '<fieldset><legend>New user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Type</th><td>' .
'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
'</td></tr>' .
'</table>' .
'<input style="margin-top:10px" type="submit" value="Create user" />' .
// End form
'</form></fieldset>' ;
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-02 07:15:37 +01:00
'title' => 'New user' ,
'body' => $body
, 'mod' => true
)
);
} elseif ( preg_match ( '/^\/users\/(\d+)(\/(promote|demote|delete))?$/' , $query , $matches )) {
$modID = $matches [ 1 ];
if ( isset ( $matches [ 2 ])) {
if ( $matches [ 3 ] == 'delete' ) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'deleteusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 08:24:23 +02:00
modLog ( 'Deleted user #' . $modID );
2011-03-02 07:15:37 +01:00
} else {
// Promote/demote
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'promoteusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $matches [ 3 ] == 'promote' ) {
$query = prepare ( " UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id " );
$query -> bindValue ( ':admin' , ADMIN , PDO :: PARAM_INT );
} else {
$query = prepare ( " UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id " );
$query -> bindValue ( ':janitor' , JANITOR , PDO :: PARAM_INT );
}
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
} else {
// Edit user
2011-03-27 17:41:06 +02:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'editusers' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'change_password' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 07:15:37 +01:00
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $_mod = $query -> fetch ()) {
error ( $config [ 'error' ][ '404' ]);
}
2011-03-27 17:41:06 +02:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'editusers' ] && ! ( $mod [ 'type' ] >= $config [ 'mod' ][ 'change_password' ] && $mod [ 'id' ] == $_mod [ 'id' ] && $change_password_only = true ))
error ( $config [ 'error' ][ 'noaccess' ]);
if (( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) || ( isset ( $change_password_only ) && isset ( $_POST [ 'password' ]))) {
if ( ! isset ( $change_password_only )) {
$query = prepare ( " UPDATE `mods` SET `username` = :username WHERE `id` = :id " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 08:24:23 +02:00
modLog ( 'Edited login details for user "' . $_mod [ 'username' ] . '"' );
} else {
modLog ( 'Changed own password' );
2011-03-27 17:41:06 +02:00
}
2011-03-02 07:15:37 +01:00
if ( ! empty ( $_POST [ 'password' ])) {
$query = prepare ( " UPDATE `mods` SET `password` = :password WHERE `id` = :id " );
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
// Refresh
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-27 17:41:06 +02:00
if ( ! $_mod = $query -> fetch ()) {
error ( $config [ 'error' ][ '404' ]);
}
if ( $_mod [ 'id' ] == $mod [ 'id' ]) {
// Changed own password. Update cookies
var_dump ( login ( $_mod [ 'username' ], $_mod [ 'password' ], false ));
setCookies ();
}
2011-03-02 07:15:37 +01:00
}
$body = '<fieldset><legend>Edit user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
2011-03-27 17:41:06 +02:00
'<tr><th>Username</th><td>' .
( isset ( $change_password_only ) ?
$_mod [ 'username' ]
: '<input size="20" maxlength="30" type="text" name="username" value="' . $_mod [ 'username' ] . '" autocomplete="off" />' ) .
'</td></tr>' .
2011-03-02 07:15:37 +01:00
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'</table>' .
'<input type="submit" value="Save changes" />' .
// End form
'</form> ' .
// Delete button
( $mod [ 'type' ] >= $config [ 'mod' ][ 'deleteusers' ] ?
'<p style="text-align:center"><a href="?/users/' . $_mod [ 'id' ] . '/delete">Delete user</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-02 07:15:37 +01:00
'title' => 'Edit user' ,
'body' => $body
, 'mod' => true
)
);
}
2011-02-20 07:19:57 +01:00
} elseif ( preg_match ( '/^\/reports$/' , $query )) {
2011-03-02 07:15:37 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'reports' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-20 07:19:57 +01:00
$body = '' ;
2011-02-20 08:28:39 +01:00
$reports = 0 ;
$query = prepare ( " SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'recent_reports' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-02-20 07:19:57 +01:00
2011-02-20 08:42:00 +01:00
while ( $report = $query -> fetch ()) {
$p_query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `id` = :id " , $report [ 'uri' ]));
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
if ( ! $post = $p_query -> fetch ()) {
// Invalid report (post has since been deleted)
$p_query = prepare ( " DELETE FROM `reports` WHERE `post` = :id " );
2011-02-20 07:19:57 +01:00
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
2011-02-20 09:00:02 +01:00
continue ;
2011-02-20 07:19:57 +01:00
}
2011-02-20 08:42:00 +01:00
$reports ++ ;
openBoard ( $report [ 'uri' ]);
if ( ! $post [ 'thread' ]) {
2011-04-12 13:08:54 +02:00
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], '?/' , $mod , false );
2011-02-20 08:42:00 +01:00
} else {
2011-04-12 13:08:54 +02:00
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], '?/' , $mod );
2011-02-20 08:42:00 +01:00
}
$po -> body .=
'<div class="report">' .
'<hr/>' .
'Board: <a href="?/' . $report [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' . sprintf ( $config [ 'board_abbreviation' ], $report [ 'uri' ]) . '</a><br/>' .
'Reason: ' . $report [ 'reason' ] . '<br/>' .
'Reported by: <a href="?/IP/' . $report [ 'ip' ] . '">' . $report [ 'ip' ] . '</a><br/>' .
'<hr/>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'report_dismiss' ] ?
'<a title="Discard abuse report" href="?/reports/' . $report [ 'id' ] . '/dismiss">Dismiss</a> | ' : '' ) .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'report_dismiss_ip' ] ?
'<a title="Discard all abuse reports by this user" href="?/reports/' . $report [ 'id' ] . '/dismiss/all">Dismiss+</a>' : '' ) .
'</div>' ;
$body .= $po -> build ( true ) . '<hr/>' ;
2011-02-20 07:19:57 +01:00
}
2011-02-20 08:28:39 +01:00
$query = query ( " SELECT COUNT(`id`) AS `count` FROM `reports` " ) or error ( db_error ());
$count = $query -> fetch ();
$body .= '<p class="unimportant" style="text-align:center">Showing ' .
( $reports == $count [ 'count' ] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count [ 'count' ] . ' reports' ) . '.</p>' ;
2011-02-20 07:19:57 +01:00
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-03-28 17:00:17 +02:00
'title' => 'Report queue (' . $count [ 'count' ] . ')' ,
2011-02-20 07:19:57 +01:00
'body' => $body ,
'mod' => true
));
} elseif ( preg_match ( '/^\/reports\/(\d+)\/dismiss(\/all)?$/' , $query , $matches )) {
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/all' ) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'report_dismiss_ip' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " SELECT `ip` FROM `reports` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
$query = prepare ( " DELETE FROM `reports` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $report [ 'ip' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-02 07:19:36 +01:00
modLog ( 'Dismissed all reports by ' . $report [ 'ip' ]);
2011-02-20 07:19:57 +01:00
}
} else {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'report_dismiss' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-30 07:55:43 +02:00
$query = prepare ( " SELECT `post`, `board` FROM `reports` WHERE `id` = :id " );
2011-02-20 07:19:57 +01:00
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
2011-03-30 07:55:43 +02:00
modLog ( 'Dismissed a report for post #' . $report [ 'post' ], $report [ 'board' ]);
2011-03-02 07:19:36 +01:00
2011-02-20 07:19:57 +01:00
$query = prepare ( " DELETE FROM `reports` WHERE `post` = :post " );
$query -> bindValue ( ':post' , $report [ 'post' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
}
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/reports' , true , $config [ 'redirect_http' ]);
2011-02-22 07:38:38 +01:00
} elseif ( preg_match ( '/^\/board\/(\w+)(\/delete)?$/' , $query , $matches )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'manageboards' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! openBoard ( $matches [ 1 ]))
error ( $config [ 'error' ][ 'noboard' ]);
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/delete' ) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'deleteboard' ]) error ( $config [ 'error' ][ 'noaccess' ]);
// Delete board
2011-03-28 08:24:23 +02:00
modLog ( 'Deleted board ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]));
2011-02-22 07:38:38 +01:00
// Delete entire board directory
rrmdir ( $board [ 'uri' ] . '/' );
// Delete posting table
$query = query ( sprintf ( " DROP TABLE IF EXISTS `posts_%s` " , $board [ 'uri' ])) or error ( db_error ());
// Clear reports
$query = prepare ( " DELETE FROM `reports` WHERE `board` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// Delete from table
$query = prepare ( " DELETE FROM `boards` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-04-14 12:43:34 +02:00
rebuildTheme ( 'boards' );
2011-02-22 07:38:38 +01:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-02-22 07:43:42 +01:00
} else {
if ( isset ( $_POST [ 'title' ]) && isset ( $_POST [ 'subtitle' ])) {
$query = prepare ( " UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id " );
$query -> bindValue ( ':title' , utf8tohtml ( $_POST [ 'title' ], true ));
if ( ! empty ( $_POST [ 'subtitle' ]))
$query -> bindValue ( ':subtitle' , utf8tohtml ( $_POST [ 'subtitle' ], true ));
else
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-04-14 12:43:34 +02:00
rebuildTheme ( 'boards' );
2011-02-22 07:43:42 +01:00
openBoard ( $board [ 'uri' ]);
}
2011-02-22 07:38:38 +01:00
2011-02-22 07:43:42 +01:00
$body =
'<fieldset><legend><a href="?/' .
$board [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' .
sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . '</a>' .
' - ' . $board [ 'name' ] . '</legend>' .
2011-02-22 07:38:38 +01:00
2011-02-22 07:43:42 +01:00
// Begin form
'<form style="text-align:center" action="" method="post">' .
2011-02-22 07:38:38 +01:00
2011-02-22 07:43:42 +01:00
'<table>' .
'<tr><th>URI</th><td>' . $board [ 'uri' ] . '</td>' .
'<tr><th>Title</th><td><input size="20" maxlength="20" type="text" name="title" value="' . $board [ 'name' ] . '" /></td></tr>' .
'<tr><th>Subtitle</th><td><input size="20" maxlength="40" type="text" name="subtitle" value="' .
( isset ( $board [ 'title' ]) ? $board [ 'title' ] : '' ) . '" /></td></tr>' .
'</table>' .
'<input type="submit" value="Update" />' .
// End form
'</form> ' .
// Delete button
( $mod [ 'type' ] >= $config [ 'mod' ][ 'deleteboard' ] ?
'<p style="text-align:center"><a href="?/board/' . $board [ 'uri' ] . '/delete">Delete board</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-02-22 07:43:42 +01:00
'title' => 'Manage – ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]),
'body' => $body ,
'mod' => true
));
2011-02-22 07:38:38 +01:00
}
2011-02-06 14:38:01 +01:00
} elseif ( preg_match ( '/^\/bans$/' , $query )) {
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'view_banlist' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-06 14:38:01 +01:00
2011-03-26 16:55:11 +01:00
if ( isset ( $_POST [ 'unban' ])) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'unban' ]) error ( $config [ 'error' ][ 'noaccess' ]);
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^ban_(.+)$/' , $post , $m )) {
$m [ 1 ] = str_replace ( '_' , '.' , $m [ 1 ]);
$query = prepare ( " DELETE FROM `bans` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $m [ 1 ]);
$query -> execute () or error ( db_error ( $query ));
}
}
}
2011-02-17 14:36:50 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'view_banexpired' ]) {
2011-03-26 16:55:11 +01:00
$query = prepare ( " SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC " );
2011-02-06 14:38:01 +01:00
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
} else {
// Filter out expired bans
$query = prepare ( " SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
if ( $query -> rowCount () < 1 ) {
2011-03-30 15:12:36 +02:00
$body = '<p style="text-align:center" class="unimportant">(There are no active bans.)</p>' ;
2011-02-06 14:38:01 +01:00
} else {
$body = '<form action="" method="post">' ;
2011-03-26 16:55:11 +01:00
$body .= '<table><tr><th>IP address</th><th>Reason</th><th>Set</th><th>Expires</th><th>Staff</th></tr>' ;
2011-02-06 14:38:01 +01:00
while ( $ban = $query -> fetch ()) {
$body .=
'<tr' .
2011-02-12 07:25:15 +01:00
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
2011-02-06 14:38:01 +01:00
' style="text-decoration:line-through"'
: '' ) .
'>' .
'<td style="white-space: nowrap">' .
// Checkbox
'<input type="checkbox" name="ban_' . $ban [ 'ip' ] . '" id="ban_' . $ban [ 'ip' ] . '" /> ' .
// IP address
2011-03-30 15:12:36 +02:00
( preg_match ( '/^(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')$/' , $ban [ 'ip' ]) ?
'<a href="?/IP/' .
$ban [ 'ip' ] .
'">' . $ban [ 'ip' ] . '</a>'
: $ban [ 'ip' ]) .
'</td>' .
2011-02-06 14:38:01 +01:00
// Reason
2011-03-27 05:48:22 +02:00
'<td>' . ( $ban [ 'reason' ] ? $ban [ 'reason' ] : '<em>-</em>' ) . '</td>' .
2011-02-06 14:38:01 +01:00
// Set
2011-02-12 07:25:15 +01:00
'<td style="white-space: nowrap">' . date ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td>' .
2011-02-06 14:38:01 +01:00
// Expires
'<td style="white-space: nowrap">' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
:
2011-02-12 07:25:15 +01:00
date ( $config [ 'post_date' ], $ban [ 'expires' ])
2011-02-06 14:38:01 +01:00
) .
'</td>' .
// Staff
'<td>' .
2011-02-12 07:25:15 +01:00
( $mod [ 'type' ] < $config [ 'mod' ][ 'view_banstaff' ] ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
2011-02-06 14:38:01 +01:00
'?'
:
2011-02-12 07:25:15 +01:00
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
2011-02-06 14:38:01 +01:00
'?' )))
)
:
$ban [ 'username' ]
) .
'</td>' .
'</tr>' ;
}
2011-03-26 16:55:11 +01:00
$body .= '</table>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'unban' ] ?
'<p style="text-align:center"><input name="unban" type="submit" value="Unban selected" /></p>'
: '' ) .
'</form>' ;
2011-02-06 14:38:01 +01:00
}
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-02-06 14:38:01 +01:00
'title' => 'Ban list' ,
'body' => $body ,
'mod' => true
)
);
2011-02-17 14:36:50 +01:00
} elseif ( preg_match ( '/^\/rebuild$/' , $query )) {
2011-03-26 16:35:54 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'rebuild' ]) error ( $config [ 'error' ][ 'noaccess' ]);
set_time_limit ( $config [ 'mod' ][ 'rebuild_timelimit' ]);
$body = '<div class="ban"><h2>Rebuilding…</h2><p>' ;
2011-02-17 14:36:50 +01:00
2011-04-14 09:03:12 +02:00
$body .= 'Regenerating theme files…<br/>' ;
2011-04-14 12:43:34 +02:00
rebuildTheme ( 'all' );
2011-04-14 09:03:12 +02:00
2011-03-26 16:35:54 +01:00
$body .= 'Generating Javascript file…<br/>' ;
buildJavascript ();
2011-02-17 14:36:50 +01:00
$boards = listBoards ();
foreach ( $boards as & $board ) {
2011-03-26 16:35:54 +01:00
$body .= " <strong style= \" display:inline-block;margin: 15px 0 2px 0; \" >Opening board / { $board [ 'uri' ] } /</strong><br/> " ;
2011-02-17 14:36:50 +01:00
openBoard ( $board [ 'uri' ]);
2011-03-26 16:35:54 +01:00
$body .= 'Creating index pages<br/>' ;
2011-02-17 14:36:50 +01:00
buildIndex ();
$query = query ( sprintf ( " SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL " , $board [ 'uri' ])) or error ( db_error ());
while ( $post = $query -> fetch ()) {
2011-03-26 16:35:54 +01:00
$body .= " Rebuilding # { $post [ 'id' ] } <br/> " ;
2011-02-17 14:36:50 +01:00
buildThread ( $post [ 'id' ]);
}
}
2011-03-26 16:35:54 +01:00
$body .= 'Complete!</p></div>' ;
2011-03-28 08:50:59 +02:00
unset ( $board );
2011-03-28 08:24:23 +02:00
modLog ( 'Rebuilt everything' );
2011-03-26 16:35:54 +01:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Rebuilt' ,
'body' => $body ,
'mod' => true
));
2010-12-10 10:57:34 +01:00
} elseif ( preg_match ( '/^\/config$/' , $query )) {
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'show_config' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-10 10:57:34 +01:00
2011-02-16 09:27:52 +01:00
// Show instance-config.php
2010-12-16 18:41:11 +01:00
$data = '' ;
2011-02-16 09:27:52 +01:00
function do_array_part ( $array , $prefix = '' ) {
global $data , $config ;
foreach ( $array as $name => $value ) {
if ( is_array ( $value )) {
do_array_part ( $value , $prefix . $name . ' → ' );
} else {
if ( $config [ 'mod' ][ 'never_reveal_password' ] && $prefix == 'db → ' && $name == 'password' ) {
$value = '<em>hidden</em>' ;
} elseif ( gettype ( $value ) == 'boolean' ) {
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>' ;
} elseif ( gettype ( $value ) == 'string' ) {
if ( empty ( $value ))
$value = '<em>empty</em>' ;
else
$value = '<span style="color:maroon;">' . utf8tohtml ( substr ( $value , 0 , 110 ) . ( strlen ( $value ) > 110 ? '…' : '' )) . '</span>' ;
} elseif ( gettype ( $value ) == 'integer' ) {
$value = '<span style="color:black;">' . $value . '</span>' ;
}
$data .=
'<tr><th style="text-align:left;">' .
$prefix . ( gettype ( $name ) == 'integer' ? '[]' : $name ) .
'</th><td>' .
$value .
'</td></tr>' ;
2010-12-17 06:25:32 +01:00
}
2010-12-16 18:41:11 +01:00
}
}
2011-02-16 09:27:52 +01:00
do_array_part ( $config );
2010-12-10 10:57:34 +01:00
2010-12-16 18:41:11 +01:00
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>' ;
2010-12-10 10:57:34 +01:00
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2010-12-10 10:57:34 +01:00
'title' => 'Configuration' ,
2010-12-10 10:42:16 +01:00
'body' => $body ,
'mod' => true
2010-12-02 08:26:09 +01:00
)
2010-12-02 10:55:56 +01:00
);
} elseif ( preg_match ( '/^\/new$/' , $query )) {
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'newboard' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-10 10:38:49 +01:00
2010-12-02 10:55:56 +01:00
// New board
$body = '' ;
if ( isset ( $_POST [ 'new_board' ])) {
// Create new board
if ( ! isset ( $_POST [ 'uri' ]) ||
! isset ( $_POST [ 'title' ]) ||
! isset ( $_POST [ 'subtitle' ])
2011-02-12 07:25:15 +01:00
) error ( $config [ 'error' ][ 'missedafield' ]);
2010-12-02 10:55:56 +01:00
$b = Array (
'uri' => $_POST [ 'uri' ],
'title' => $_POST [ 'title' ],
'subtitle' => $_POST [ 'subtitle' ]
);
2011-02-22 07:38:38 +01:00
// HTML characters
$b [ 'title' ] = utf8tohtml ( $b [ 'title' ], true );
$b [ 'subtitle' ] = utf8tohtml ( $b [ 'subtitle' ], true );
2010-12-02 10:55:56 +01:00
// Check required fields
if ( empty ( $b [ 'uri' ]))
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'URI' ));
2010-12-02 10:55:56 +01:00
if ( empty ( $b [ 'title' ]))
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'title' ));
2010-12-02 10:55:56 +01:00
// Check string lengths
if ( strlen ( $b [ 'uri' ]) > 8 )
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'URI' ));
2010-12-02 10:55:56 +01:00
if ( strlen ( $b [ 'title' ]) > 20 )
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'title' ));
2010-12-02 10:55:56 +01:00
if ( strlen ( $b [ 'subtitle' ]) > 40 )
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subtitle' ));
2010-12-02 10:55:56 +01:00
if ( ! preg_match ( '/^\w+$/' , $b [ 'uri' ]))
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'URI' ));
2010-12-02 10:55:56 +01:00
2011-01-03 07:30:17 +01:00
if ( openBoard ( $b [ 'uri' ])) {
unset ( $board );
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'boardexists' ], sprintf ( $config [ 'board_abbreviation' ], $b [ 'uri' ])));
2011-01-03 07:30:17 +01:00
}
2011-01-03 07:28:18 +01:00
2010-12-17 15:18:03 +01:00
$query = prepare ( " INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle) " );
$query -> bindValue ( ':uri' , $b [ 'uri' ]);
$query -> bindValue ( ':title' , $b [ 'title' ]);
if ( ! empty ( $b [ 'subtitle' ])) {
$query -> bindValue ( ':subtitle' , $b [ 'subtitle' ]);
} else {
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
}
$query -> execute () or error ( db_error ( $query ));
2010-12-02 10:55:56 +01:00
2011-02-11 13:02:30 +01:00
// Record the action
modLog ( " Created a new board: { $b [ 'title' ] } " );
2010-12-02 10:55:56 +01:00
// Open the board
openBoard ( $b [ 'uri' ]) or error ( " Couldn't open board after creation. " );
// Create the posts table
2010-12-17 15:18:03 +01:00
query ( Element ( 'posts.sql' , Array ( 'board' => $board [ 'uri' ]))) or error ( db_error ());
2010-12-02 10:55:56 +01:00
// Build the board
buildIndex ();
2011-02-22 07:43:42 +01:00
2011-04-14 12:43:34 +02:00
rebuildTheme ( 'boards' );
2011-02-22 07:43:42 +01:00
header ( 'Location: ?/board/' . $board [ 'uri' ], true , $config [ 'redirect_http' ]);
} else {
$body .= form_newBoard ();
// TODO: Statistics, etc, in the dashboard.
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-02-22 07:43:42 +01:00
'title' => 'New board' ,
'body' => $body ,
'mod' => true
)
);
2010-12-02 10:55:56 +01:00
}
2010-12-16 11:28:03 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(' . $regex [ 'index' ] . '|' . $regex [ 'page' ] . ')?$/' , $query , $matches )) {
2010-12-02 08:02:48 +01:00
// Board index
2010-12-01 15:17:27 +01:00
2010-12-02 08:02:48 +01:00
$boardName = $matches [ 1 ];
2010-12-16 11:28:03 +01:00
2010-12-02 08:02:48 +01:00
// Open board
2010-12-10 10:45:09 +01:00
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-01 15:17:27 +01:00
2011-02-16 13:32:43 +01:00
$page_no = empty ( $matches [ 2 ]) || $matches [ 2 ] == $config [ 'file_index' ] ? 1 : $matches [ 2 ];
if ( ! $page = index ( $page_no , $mod )) {
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ '404' ]);
2010-12-16 13:09:44 +01:00
}
2011-02-16 13:32:43 +01:00
2010-12-16 11:28:03 +01:00
$page [ 'pages' ] = getPages ( true );
2011-02-16 13:32:43 +01:00
$page [ 'pages' ][ $page_no - 1 ][ 'selected' ] = true ;
2011-02-17 08:37:18 +01:00
$page [ 'btn' ] = getPageButtons ( $page [ 'pages' ], true );
2011-02-17 12:03:52 +01:00
$page [ 'hidden_inputs' ] = createHiddenInputs ();
2010-12-10 11:15:44 +01:00
$page [ 'mod' ] = true ;
echo Element ( 'index.html' , $page );
2010-12-16 06:36:40 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . $regex [ 'res' ] . $regex [ 'page' ] . '$/' , $query , $matches )) {
// View thread
$boardName = $matches [ 1 ];
$thread = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-16 06:36:40 +01:00
2011-01-01 12:12:31 +01:00
$page = buildThread ( $thread , true , $mod );
2010-12-16 06:36:40 +01:00
echo $page ;
2011-01-01 12:12:31 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletefile\/(\d+)$/' , $query , $matches )) {
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'deletefile' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-01 12:12:31 +01:00
// Delete file from post
$boardName = $matches [ 1 ];
$post = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-01 12:12:31 +01:00
// Delete post
deleteFile ( $post );
2011-02-11 13:02:30 +01:00
// Record the action
modLog ( " Removed file from post # { $post } " );
2011-01-01 12:12:31 +01:00
// Rebuild board
buildIndex ();
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-01 12:12:31 +01:00
else
2011-02-12 07:25:15 +01:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2010-12-16 06:36:40 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'delete\/(\d+)$/' , $query , $matches )) {
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'delete' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-16 06:36:40 +01:00
// Delete post
$boardName = $matches [ 1 ];
$post = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-16 06:36:40 +01:00
// Delete post
deletePost ( $post );
2011-02-11 13:02:30 +01:00
// Record the action
modLog ( " Deleted post # { $post } " );
2010-12-16 06:36:40 +01:00
// Rebuild board
buildIndex ();
2010-12-16 09:13:04 +01:00
2011-01-02 11:27:28 +01:00
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-02 11:27:28 +01:00
else
2011-02-12 07:25:15 +01:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-02 11:27:28 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?sticky\/(\d+)$/' , $query , $matches )) {
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'sticky' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 16:00:30 +01:00
// Add/remove sticky
2011-01-02 11:27:28 +01:00
$boardName = $matches [ 1 ];
$post = $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-02 11:27:28 +01:00
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
2011-02-11 13:02:30 +01:00
// Record the action
modLog ( " Unstickied post # { $post } " );
2011-01-02 11:27:28 +01:00
$query -> bindValue ( ':sticky' , 0 , PDO :: PARAM_INT );
} else {
2011-02-11 13:02:30 +01:00
// Record the action
modLog ( " Stickied post # { $post } " );
2011-01-02 11:27:28 +01:00
$query -> bindValue ( ':sticky' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
2011-01-02 16:00:30 +01:00
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-02 16:00:30 +01:00
else
2011-02-12 07:25:15 +01:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-02 16:00:30 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?lock\/(\d+)$/' , $query , $matches )) {
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'lock' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 16:00:30 +01:00
// Lock/Unlock
$boardName = $matches [ 1 ];
$post = $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-02 16:00:30 +01:00
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
2011-02-11 13:02:30 +01:00
// Record the action
modLog ( " Unlocked post # { $post } " );
2011-01-02 16:00:30 +01:00
$query -> bindValue ( ':locked' , 0 , PDO :: PARAM_INT );
} else {
2011-02-11 13:02:30 +01:00
// Record the action
modLog ( " Locked post # { $post } " );
2011-01-02 16:00:30 +01:00
$query -> bindValue ( ':locked' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
2010-12-16 09:13:04 +01:00
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2010-12-16 09:13:04 +01:00
else
2011-02-12 07:25:15 +01:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-20 09:25:11 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletebyip\/(\d+)$/' , $query , $matches )) {
// Delete all posts by an IP
$boardName = $matches [ 1 ];
$post = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-20 09:25:11 +01:00
2011-02-11 13:02:30 +01:00
$query = prepare ( sprintf ( " SELECT `ip` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
2011-02-05 05:43:42 +01:00
$query -> bindValue ( ':id' , $post );
2011-01-20 09:25:11 +01:00
$query -> execute () or error ( db_error ( $query ));
2011-02-11 13:02:30 +01:00
if ( ! $post = $query -> fetch ())
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-02-11 13:02:30 +01:00
$ip = $post [ 'ip' ];
// Record the action
2011-03-02 07:51:29 +01:00
modLog ( " Deleted all posts by IP address: { $ip } " );
2011-02-11 13:02:30 +01:00
$query = prepare ( sprintf ( " SELECT `id` FROM `posts_%s` WHERE `ip` = :ip " , $board [ 'uri' ]));
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
2011-02-05 05:43:42 +01:00
if ( $query -> rowCount () < 1 )
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-02-05 05:43:42 +01:00
while ( $post = $query -> fetch ()) {
deletePost ( $post [ 'id' ], false );
}
2011-03-28 07:51:29 +02:00
buildIndex ();
2011-02-05 05:43:42 +01:00
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-02-05 05:43:42 +01:00
else
2011-02-12 07:25:15 +01:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-15 05:37:39 +01:00
} elseif ( preg_match ( '/^\/ban$/' , $query )) {
2011-04-13 11:39:21 +02:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'ban' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-15 05:37:39 +01:00
// Ban page
2011-01-01 14:27:30 +01:00
if ( isset ( $_POST [ 'new_ban' ])) {
if ( ! isset ( $_POST [ 'ip' ]) ||
! isset ( $_POST [ 'reason' ]) ||
! isset ( $_POST [ 'length' ])
2011-02-12 07:25:15 +01:00
) error ( $config [ 'error' ][ 'missedafield' ]);
2011-01-01 14:27:30 +01:00
// Check required fields
if ( empty ( $_POST [ 'ip' ]))
2011-02-12 07:25:15 +01:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'IP address' ));
2011-01-01 14:27:30 +01:00
2011-01-01 16:05:30 +01:00
$query = prepare ( " INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason) " );
2011-01-01 14:27:30 +01:00
// 1yr2hrs30mins
// 1y2h30m
2011-01-02 11:34:04 +01:00
$expire = 0 ;
2011-02-27 07:30:33 +01:00
if ( preg_match ( '/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/' , $_POST [ 'length' ], $m )) {
2011-01-01 14:27:30 +01:00
if ( isset ( $m [ 2 ])) {
// Years
2011-01-02 16:04:32 +01:00
$expire += $m [ 2 ] * 60 * 60 * 24 * 365 ;
2011-01-01 14:27:30 +01:00
}
if ( isset ( $m [ 4 ])) {
2011-02-27 07:30:33 +01:00
// Months
$expire += $m [ 4 ] * 60 * 60 * 24 * 30 ;
2011-01-01 14:27:30 +01:00
}
if ( isset ( $m [ 6 ])) {
2011-02-27 07:30:33 +01:00
// Weeks
$expire += $m [ 6 ] * 60 * 60 * 24 * 7 ;
2011-01-01 14:27:30 +01:00
}
if ( isset ( $m [ 8 ])) {
2011-02-27 07:30:33 +01:00
// Days
$expire += $m [ 8 ] * 60 * 60 * 24 ;
2011-01-01 14:27:30 +01:00
}
if ( isset ( $m [ 10 ])) {
2011-02-27 07:30:33 +01:00
// Hours
$expire += $m [ 10 ] * 60 * 60 ;
2011-01-01 14:27:30 +01:00
}
if ( isset ( $m [ 12 ])) {
2011-02-27 07:30:33 +01:00
// Minutes
$expire += $m [ 12 ] * 60 ;
}
if ( isset ( $m [ 14 ])) {
2011-01-01 14:27:30 +01:00
// Seconds
2011-02-27 07:30:33 +01:00
$expire += $m [ 14 ];
2011-01-01 14:27:30 +01:00
}
2011-01-02 11:34:04 +01:00
}
if ( $expire ) {
2011-01-01 14:27:30 +01:00
$query -> bindValue ( ':expires' , time () + $expire , PDO :: PARAM_INT );
} else {
// Never expire
$query -> bindValue ( ':expires' , null , PDO :: PARAM_NULL );
}
$query -> bindValue ( ':ip' , $_POST [ 'ip' ], PDO :: PARAM_STR );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
2011-01-01 16:05:30 +01:00
$query -> bindValue ( ':set' , time (), PDO :: PARAM_INT );
2011-01-01 14:27:30 +01:00
if ( isset ( $_POST [ 'reason' ])) {
$query -> bindValue ( ':reason' , $_POST [ 'reason' ], PDO :: PARAM_STR );
} else {
$query -> bindValue ( ':reason' , null , PDO :: PARAM_NULL );
}
2011-02-11 13:02:30 +01:00
// Record the action
2011-03-28 08:24:23 +02:00
modLog ( 'Created a ' . ( $expire ? $expire . ' second' : 'permanent' ) . " ban for { $_POST [ 'ip' ] } with " . ( ! empty ( $_POST [ 'reason' ]) ? " reason \" { $_POST [ 'reason' ] } \" " : 'no reason' ));
2011-02-11 13:02:30 +01:00
2011-04-03 10:25:01 +02:00
$query -> execute () or error ( db_error ( $query ));
2011-01-01 14:27:30 +01:00
2011-01-15 05:05:58 +01:00
// Delete too
2011-02-12 07:25:15 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'delete' ] && isset ( $_POST [ 'delete' ]) && isset ( $_POST [ 'board' ])) {
2011-01-15 05:37:39 +01:00
openBoard ( $_POST [ 'board' ]);
2011-03-15 13:20:37 +01:00
$post = round ( $_POST [ 'delete' ]);
deletePost ( $post );
2011-03-14 05:57:12 +01:00
// Record the action
modLog ( " Deleted post # { $post } " );
// Rebuild board
buildIndex ();
2011-01-15 05:37:39 +01:00
}
2011-01-15 05:05:58 +01:00
2011-04-03 10:20:55 +02:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'public_ban' ] && isset ( $_POST [ 'post' ]) && isset ( $_POST [ 'board' ]) && isset ( $_POST [ 'public_message' ]) && isset ( $_POST [ 'message' ])) {
openBoard ( $_POST [ 'board' ]);
$post = round ( $_POST [ 'post' ]);
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> bindValue ( ':body' , sprintf ( $config [ 'mod' ][ 'ban_message' ], htmlentities ( $_POST [ 'message' ])));
$query -> execute () or error ( db_error ( $query ));
// Record the action
modLog ( " Attached a public ban message for post # { $post } : " . $_POST [ 'message' ]);
}
2011-01-01 14:27:30 +01:00
// Redirect
if ( isset ( $_POST [ 'continue' ]))
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $_POST [ 'continue' ], true , $config [ 'redirect_http' ]);
2011-02-17 14:36:50 +01:00
elseif ( isset ( $board ))
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
elseif ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-01 14:27:30 +01:00
else
2011-02-17 14:36:50 +01:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-01-01 14:27:30 +01:00
}
2011-01-15 05:37:39 +01:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'ban(&delete)?\/(\d+)$/' , $query , $matches )) {
2011-04-13 11:39:21 +02:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'ban' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-15 05:37:39 +01:00
// Ban by post
$boardName = $matches [ 1 ];
$delete = isset ( $matches [ 2 ]) && $matches [ 2 ] == '&delete' ;
2011-04-13 11:39:21 +02:00
if ( $delete && $mod [ 'type' ] < $config [ 'mod' ][ 'delete' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-15 05:37:39 +01:00
$post = $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-15 05:37:39 +01:00
$query = prepare ( sprintf ( " SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1 " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () < 1 ) {
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-01-15 05:37:39 +01:00
}
$post = $query -> fetch ();
2011-01-01 14:27:30 +01:00
2011-04-03 10:20:55 +02:00
$body = form_newBan ( $post [ 'ip' ], null , isset ( $_SERVER [ 'HTTP_REFERER' ]) ? $_SERVER [ 'HTTP_REFERER' ] : false , $post [ 'id' ], $boardName , ! $delete );
2011-01-01 14:27:30 +01:00
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-01-01 14:27:30 +01:00
'title' => 'New ban' ,
'body' => $body ,
'mod' => true
)
);
2011-04-05 09:36:00 +02:00
} elseif ( preg_match ( '/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')\/deletenote\/(?P<id>\d+)$/' , $query , $matches )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'remove_notes' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$ip = $matches [ 1 ];
$id = $matches [ 'id' ];
$query = prepare ( " DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id " );
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/IP/' . $ip , true , $config [ 'redirect_http' ]);
2011-02-17 10:41:00 +01:00
} elseif ( preg_match ( '/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')$/' , $query , $matches )) {
2011-01-15 05:29:05 +01:00
// View information on an IP address
$ip = $matches [ 1 ];
2011-02-12 07:25:15 +01:00
$host = $config [ 'mod' ][ 'dns_lookup' ] ? gethostbyaddr ( $ip ) : false ;
2011-01-15 05:29:05 +01:00
2011-02-17 14:36:50 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'unban' ] && isset ( $_POST [ 'unban' ])) {
$query = prepare ( " DELETE FROM `bans` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
2011-04-05 09:36:00 +02:00
} elseif ( $mod [ 'type' ] >= $config [ 'mod' ][ 'create_notes' ] && isset ( $_POST [ 'note' ])) {
$query = prepare ( " INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body) " );
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
markup ( $_POST [ 'note' ]);
$query -> bindValue ( ':body' , $_POST [ 'note' ]);
$query -> execute () or error ( db_error ( $query ));
2011-02-17 14:36:50 +01:00
}
2011-01-15 05:29:05 +01:00
$body = '' ;
$boards = listBoards ();
foreach ( $boards as & $_board ) {
openBoard ( $_board [ 'uri' ]);
$temp = '' ;
2011-01-19 02:37:31 +01:00
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit " , $_board [ 'uri' ]));
2011-01-15 05:29:05 +01:00
$query -> bindValue ( ':ip' , $ip );
2011-02-12 07:25:15 +01:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'ip_recentposts' ], PDO :: PARAM_INT );
2011-01-15 05:29:05 +01:00
$query -> execute () or error ( db_error ( $query ));
while ( $post = $query -> fetch ()) {
2011-02-17 14:44:01 +01:00
if ( ! $post [ 'thread' ]) {
2011-04-12 13:08:54 +02:00
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], '?/' , $mod , false );
2011-02-17 14:44:01 +01:00
} else {
2011-04-12 13:08:54 +02:00
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], '?/' , $mod );
2011-02-17 14:44:01 +01:00
}
2011-02-19 07:28:34 +01:00
$temp .= $po -> build ( true ) . '<hr/>' ;
2011-01-15 05:29:05 +01:00
}
2011-02-17 14:44:01 +01:00
2011-01-15 05:29:05 +01:00
if ( ! empty ( $temp ))
$body .= '<fieldset><legend>Last ' . $query -> rowCount () . ' posts on <a href="?/' .
2011-02-12 07:25:15 +01:00
sprintf ( $config [ 'board_path' ], $_board [ 'uri' ]) . $config [ 'file_index' ] .
2011-01-15 05:29:05 +01:00
'">' .
2011-02-12 07:25:15 +01:00
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ]) . ' - ' . $_board [ 'title' ] .
2011-01-15 05:29:05 +01:00
'</a></legend>' . $temp . '</fieldset>' ;
}
2011-04-05 09:36:00 +02:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'view_notes' ]) {
$query = prepare ( " SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () > 0 || $mod [ 'type' ] >= $config [ 'mod' ][ 'create_notes' ] ) {
$body .= '<fieldset><legend>' .
$query -> rowCount () . ' note' . ( $query -> rowCount () == 1 ? '' : 's' ) . ' on record' .
'</legend>' ;
if ( $query -> rowCount () > 0 ) {
$body .= '<table class="modlog">' .
'<tr><th>Staff</th><th>Note</th><th>Date</th>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'remove_notes' ] ? '<th>Actions</th>' : '' ) .
'</td>' ;
while ( $note = $query -> fetch ()) {
if ( $note [ 'mod' ]) {
$_query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$_query -> bindValue ( ':id' , $note [ 'mod' ]);
$_query -> execute () or error ( db_error ( $_query ));
if ( $_mod = $_query -> fetch ()) {
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'editusers' ])
$staff = '<a href="?/users/' . $note [ 'mod' ] . '">' . htmlentities ( $_mod [ 'username' ]) . '</a>' ;
else
$staff = $_mod [ 'username' ];
} else {
$staff = '<em>??</em>' ;
}
} else {
$staff = '<em>system</em>' ;
}
$body .= '<tr>' .
'<td class="minimal">' .
$staff .
'</td><td>' .
$note [ 'body' ] .
'</td><td class="minimal">' .
date ( $config [ 'post_date' ], $note [ 'time' ]) .
'</td>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'remove_notes' ] ?
'<td class="minimal"><a class="unimportant" href="?/IP/' . $ip . '/deletenote/' . $note [ 'id' ] . '">[delete]</a></td>'
: '' ) .
'</tr>' ;
}
$body .= '</table>' ;
}
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'create_notes' ]) {
$body .= '<form action="" method="post" style="text-align:center;margin:0">' .
'<table>' .
'<tr>' .
'<th>Staff</th>' .
'<td>' . $mod [ 'username' ] . '</td>' .
'</tr>' .
'<tr>' .
'<th><label for="note">Note</label></th>' .
'<td><textarea id="note" name="note" rows="5" cols="30"></textarea></td>' .
'</tr>' .
'<tr>' .
'<td></td>' .
'<td><input type="submit" value="New note" /></td>' .
'</tr>' .
'</table>' .
'</form>' ;
}
$body .= '</fieldset>' ;
}
}
2011-02-17 14:36:50 +01:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'view_ban' ]) {
$query = prepare ( " SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () > 0 ) {
$body .= '<fieldset><legend>Ban' . ( $query -> rowCount () == 1 ? '' : 's' ) . ' on record</legend><form action="" method="post" style="text-align:center">' ;
while ( $ban = $query -> fetch ()) {
$body .= '<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' .
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
'Expired'
: 'Active' ) .
'</td></tr>' .
// IP
'<tr><th>IP</th><td>' . $ban [ 'ip' ] . '</td></tr>' .
// Reason
'<tr><th>Reason</th><td>' . $ban [ 'reason' ] . '</td></tr>' .
// Set
'<tr><th>Set</th><td>' . date ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td></tr>' .
// Expires
'<tr><th>Expires</th><td>' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
:
date ( $config [ 'post_date' ], $ban [ 'expires' ])
) .
'</td></tr>' .
// Staff
'<tr><th>Staff</th><td>' .
( $mod [ 'type' ] < $config [ 'mod' ][ 'view_banstaff' ] ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
'?'
:
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
'?' )))
)
:
$ban [ 'username' ]
) .
'</td></tr>' .
'</tr></table>' ;
}
$body .= '<input type="submit" name="unban" value="Remove ban' . ( $query -> rowCount () == 1 ? '' : 's' ) . '" ' .
( $mod [ 'type' ] < $config [ 'mod' ][ 'unban' ] ? 'disabled' : '' ) .
'/></form></fieldset>' ;
}
}
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'ip_banform' ])
2011-01-15 05:29:05 +01:00
$body .= form_newBan ( $ip , null , isset ( $_SERVER [ 'HTTP_REFERER' ]) ? $_SERVER [ 'HTTP_REFERER' ] : false );
echo Element ( 'page.html' , Array (
2011-03-26 08:23:15 +01:00
'config' => $config ,
2011-01-15 05:29:05 +01:00
'title' => 'IP: ' . $ip ,
'subtitle' => $host ,
'body' => $body ,
'mod' => true
)
);
2010-12-01 15:17:27 +01:00
} else {
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ '404' ]);
2010-12-01 15:17:27 +01:00
}
2010-12-01 11:53:11 +01:00
}
2010-12-02 08:26:09 +01:00
// Close the connection in-case it's still open
sql_close ();
2010-12-01 11:53:11 +01:00
?>