2010-12-01 21:53:11 +11:00
< ? php
2012-04-12 02:49:22 +10:00
/*
* Copyright ( c ) 2010 - 2012 Tinyboard Development Group
*/
require 'inc/functions.php' ;
require 'inc/mod.php' ;
if ( get_magic_quotes_gpc ()) {
function strip_array ( $var ) {
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
2010-12-01 21:53:11 +11:00
2012-04-12 02:49:22 +10:00
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
$query = isset ( $_SERVER [ 'QUERY_STRING' ]) ? $_SERVER [ 'QUERY_STRING' ] : '' ;
// If not logged in
if ( ! $mod ) {
if ( isset ( $_POST [ 'login' ])) {
// Check if inputs are set and not empty
if ( ! isset ( $_POST [ 'username' ]) ||
! isset ( $_POST [ 'password' ]) ||
empty ( $_POST [ 'username' ]) ||
empty ( $_POST [ 'password' ])
) loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
if ( ! login ( $_POST [ 'username' ], $_POST [ 'password' ])) {
if ( $config [ 'syslog' ])
_syslog ( LOG_WARNING , 'Unauthorized login attempt!' );
loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
2011-02-07 00:38:01 +11:00
}
2012-04-12 02:49:22 +10:00
modLog ( " Logged in. " );
// Login successful
// Set cookies
setCookies ();
// Redirect
if ( isset ( $_POST [ 'redirect' ]))
header ( 'Location: ' . $_POST [ 'redirect' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?' . $config [ 'mod' ][ 'default' ], true , $config [ 'redirect_http' ]);
} else {
loginForm ( false , false , '?' . $query );
}
} else {
// Redirect (for index pages)
if ( count ( $_GET ) == 2 && isset ( $_GET [ 'status' ]) && isset ( $_GET [ 'r' ])) {
header ( 'Location: ' . $_GET [ 'r' ], true , $_GET [ 'status' ]);
exit ;
2011-02-07 00:38:01 +11:00
}
2012-04-12 02:49:22 +10:00
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
$regex = array (
'board' => str_replace ( '%s' , '(\w{1,8})' , preg_quote ( $config [ 'board_path' ], '/' )),
'page' => str_replace ( '%d' , '(\d+)' , preg_quote ( $config [ 'file_page' ], '/' )),
'img' => preg_quote ( $config [ 'dir' ][ 'img' ], '/' ),
'thumb' => preg_quote ( $config [ 'dir' ][ 'thumb' ], '/' ),
'res' => preg_quote ( $config [ 'dir' ][ 'res' ], '/' ),
'index' => preg_quote ( $config [ 'file_index' ], '/' )
);
2011-02-16 19:59:13 +11:00
2012-04-12 02:49:22 +10:00
if ( preg_match ( '/^\/?$/' , $query )) {
// Dashboard
$fieldset = array (
'Boards' => '' ,
'Noticeboard' => '' ,
'Administration' => '' ,
'Themes' => '' ,
'Search' => '' ,
'Update' => '' ,
'Logout' => ''
);
// Boards
$fieldset [ 'Boards' ] .= ulBoards ();
if ( hasPermission ( $config [ 'mod' ][ 'noticeboard' ])) {
if ( ! $config [ 'cache' ][ 'enabled' ] || ! ( $fieldset [ 'Noticeboard' ] = cache :: get ( 'noticeboard_preview' ))) {
$query = prepare ( " SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_dashboard' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2010-12-01 21:53:11 +11:00
2012-04-12 02:49:22 +10:00
$fieldset [ 'Noticeboard' ] .= '<li>' ;
2010-12-01 21:53:11 +11:00
2012-04-12 02:49:22 +10:00
$_body = '' ;
while ( $notice = $query -> fetch ()) {
$_body .= '<li><a href="?/noticeboard#' .
$notice [ 'id' ] .
'">' .
( $notice [ 'subject' ] ?
$notice [ 'subject' ]
:
'<em>' . _ ( 'no subject' ) . '</em>'
) .
'</a><span class="unimportant"> — by ' .
( isset ( $notice [ 'username' ]) ?
utf8tohtml ( $notice [ 'username' ])
: '<em>???</em>' ) .
' at ' .
strftime ( $config [ 'post_date' ], $notice [ 'time' ]) .
'</span></li>' ;
}
if ( ! empty ( $_body )) {
$fieldset [ 'Noticeboard' ] .= '<ul>' . $_body . '</ul></li><li>' ;
}
if ( $config [ 'cache' ][ 'enabled' ])
cache :: set ( 'noticeboard_preview' , $fieldset [ 'Noticeboard' ]);
2011-11-18 23:39:13 +11:00
}
2010-12-01 21:53:11 +11:00
2012-04-12 02:49:22 +10:00
$fieldset [ 'Noticeboard' ] .= '<a href="?/noticeboard">' . _ ( 'View all entries' ) . '</a></li>' ;
$query = prepare ( " SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1 " );
$query -> bindValue ( ':id' , $mod [ 'id' ]);
$query -> execute () or error ( db_error ( $query ));
$count = $query -> fetch ();
$count = $count [ 'count' ];
$fieldset [ 'Noticeboard' ] .= '<li><a href="?/inbox">' . _ ( 'PM Inbox' ) .
( $count > 0
?
' <strong>(' . $count . ' unread)</strong>'
: '' ) .
'</a></li>' ;
$fieldset [ 'Noticeboard' ] .= '<li><a href="?/news">' . _ ( 'News' ) . '</a></li>' ;
2010-12-01 21:53:11 +11:00
}
2012-04-12 02:49:22 +10:00
if ( hasPermission ( $config [ 'mod' ][ 'reports' ])) {
$fieldset [ 'Administration' ] .= '<li><a href="?/reports">' . _ ( 'Report queue' ) . '</a></li>' ;
}
if ( hasPermission ( $config [ 'mod' ][ 'view_banlist' ])) {
$fieldset [ 'Administration' ] .= '<li><a href="?/bans">' . _ ( 'Ban list' ) . '</a></li>' ;
}
if ( hasPermission ( $config [ 'mod' ][ 'manageusers' ])) {
$fieldset [ 'Administration' ] .= '<li><a href="?/users">' . _ ( 'Manage users' ) . '</a></li>' ;
} elseif ( hasPermission ( $config [ 'mod' ][ 'change_password' ])) {
$fieldset [ 'Administration' ] .= '<li><a href="?/users/' . $user [ 'id' ] . '">' . _ ( 'Change own password' ) . '</a></li>' ;
}
if ( hasPermission ( $config [ 'mod' ][ 'modlog' ])) {
$fieldset [ 'Administration' ] .= '<li><a href="?/log">' . _ ( 'Moderation log' ) . '</a></li>' ;
}
if ( hasPermission ( $config [ 'mod' ][ 'rebuild' ])) {
$fieldset [ 'Administration' ] .= '<li><a href="?/rebuild">' . _ ( 'Rebuild static files' ) . '</a></li>' ;
}
if ( hasPermission ( $config [ 'mod' ][ 'rebuild' ]) && $config [ 'cache' ][ 'enabled' ]) {
$fieldset [ 'Administration' ] .= '<li><a href="?/flush">' . _ ( 'Clear cache' ) . '</a></li>' ;
}
if ( hasPermission ( $config [ 'mod' ][ 'show_config' ])) {
$fieldset [ 'Administration' ] .= '<li><a href="?/config">' . _ ( 'Show configuration' ) . '</a></li>' ;
2011-11-23 15:43:07 +11:00
}
2011-02-22 17:52:26 +11:00
2012-04-12 02:49:22 +10:00
if ( hasPermission ( $config [ 'mod' ][ 'themes' ])) {
$fieldset [ 'Themes' ] .= '<li><a href="?/themes">' . _ ( 'Manage themes' ) . '</a></li>' ;
}
2010-12-02 01:17:27 +11:00
2012-04-12 02:49:22 +10:00
if ( hasPermission ( $config [ 'mod' ][ 'search' ])) {
$fieldset [ 'Search' ] .= '<li><form style="display:inline" action="?/search" method="post">' .
'<label style="display:inline" for="search">' . _ ( 'Phrase:' ) . '</label> ' .
'<input id="search" name="search" type="text" size="35" />' .
'<input type="submit" value="' . _ ( 'Search' ) . '" />' .
'</form>' .
'<p class="unimportant">' . _ ( '(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)' ) . '</p>' .
'</li>' ;
}
if ( $mod [ 'type' ] >= ADMIN && $config [ 'check_updates' ]) {
if ( ! $config [ 'version' ])
error ( _ ( 'Could not find current version! (Check .installed)' ));
if ( isset ( $_COOKIE [ 'update' ])) {
$latest = unserialize ( $_COOKIE [ 'update' ]);
} else {
$ctx = stream_context_create ( array (
'http' => array (
'timeout' => 3
)
)
);
2011-12-04 11:20:14 +11:00
2012-04-12 02:49:22 +10:00
if ( $code = @ file_get_contents ( 'http://tinyboard.org/version.txt' , 0 , $ctx )) {
eval ( $code );
if ( preg_match ( '/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/' , $config [ 'version' ], $m )) {
$current = array (
'massive' => ( int ) $m [ 1 ],
'major' => ( int ) $m [ 2 ],
'minor' => ( int ) $m [ 3 ]
);
if ( isset ( $m [ 4 ])) {
// Development versions are always ahead in the versioning numbers
$current [ 'minor' ] -- ;
}
2011-12-04 11:20:14 +11:00
}
2012-04-12 02:49:22 +10:00
// Check if it's newer
if ( $latest [ 'massive' ] > $current [ 'massive' ] ||
$latest [ 'major' ] > $current [ 'major' ] ||
( $latest [ 'massive' ] == $current [ 'massive' ] &&
$latest [ 'major' ] == $current [ 'major' ] &&
$latest [ 'minor' ] > $current [ 'minor' ]
)) {
$latest = $latest ;
} else $latest = false ;
} else {
// Couldn't get latest version
// TODO: Display some sort of warning message
$latest = false ;
2011-12-04 11:20:14 +11:00
}
2012-01-07 12:31:59 +11:00
2012-04-12 02:49:22 +10:00
setcookie ( 'update' , serialize ( $latest ), time () + $config [ 'check_updates_time' ], $config [ 'cookies' ][ 'jail' ] ? $config [ 'cookies' ][ 'path' ] : '/' , null , false , true );
}
2012-01-07 12:31:59 +11:00
2012-04-12 02:49:22 +10:00
if ( $latest ) {
$fieldset [ 'Update' ] .=
'<li>A newer version of Tinyboard (<strong>v' .
$latest [ 'massive' ] . '.' .
$latest [ 'major' ] . '.' .
$latest [ 'minor' ] .
'</strong>) is available! See <a href="http://tinyboard.org">http://tinyboard.org/</a> for upgrade instructions.</li>' ;
}
}
$fieldset [ 'Logout' ] .= '<li><a href="?/logout">' . _ ( 'Logout' ) . '</a></li>' ;
// TODO: Statistics, etc, in the dashboard.
$body = '' ;
foreach ( $fieldset as $title => $data ) {
if ( $data )
$body .= '<fieldset><legend>' . _ ( $title ) . '</legend><ul>' . $data . '</ul></fieldset>' ;
}
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Dashboard' ),
'body' => $body ,
'__mod' => true
));
} elseif ( preg_match ( '/^\/logout$/' , $query )) {
destroyCookies ();
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/confirm\/(.+)$/' , $query , $matches )) {
$uri = & $matches [ 1 ];
$body = '<p style="text-align:center">' .
'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
'We were unable to serve a confirmation dialog for ' .
'<strong>?/' . utf8tohtml ( $uri ) . '</strong>' .
', probably due to Javascript being disabled.' .
'</p>' .
'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . utf8tohtml ( $uri ) . '">Confirm</a></p>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Confirm' ,
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/upgrade$/' , $query )) {
if ( $mod [ 'type' ] != ADMIN )
error ( $config [ 'error' ][ 'noaccess' ]);
if ( is_dir ( '.git' )) {
// use git instead
2012-01-07 12:31:59 +11:00
2012-04-12 02:49:22 +10:00
$body = '<div class="ban"><h2>git pull</h2>' ;
$body .= '<p>' . str_replace ( " \n " , '<br/>' , shell_exec ( 'git pull' )) . '</p>' ;
$body .= '</div>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Upgraded' ,
'body' => $body
));
exit ;
}
if ( ! extension_loaded ( 'curl' ))
error ( 'You need the cURL PHP extension to do that.' );
if ( ! class_exists ( 'ZipArchive' ))
error ( 'You need <a href="http://php.net/manual/en/class.ziparchive.php">the ZipArchive class</a> to do that.' );
if ( ! in_array ( 'zip' , stream_get_wrappers ()))
error ( 'You need the zip:// stream wrapper to do that.' );
$temp = tempnam ( $config [ 'tmp' ], 'tinyboard' );
$fp = fopen ( $temp , 'w+' );
$curl = curl_init ();
curl_setopt ( $curl , CURLOPT_URL , 'https://github.com/savetheinternet/Tinyboard/zipball/master' );
curl_setopt ( $curl , CURLOPT_FAILONERROR , true );
curl_setopt ( $curl , CURLOPT_FOLLOWLOCATION , true );
curl_setopt ( $curl , CURLOPT_SSL_VERIFYPEER , true );
curl_setopt ( $curl , CURLOPT_SSL_VERIFYHOST , 2 );
curl_setopt ( $curl , CURLOPT_CONNECTTIMEOUT , 5 );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 45 );
curl_setopt ( $curl , CURLOPT_FILE , $fp );
curl_setopt ( $curl , CURLOPT_WRITEHEADER , $header = tmpfile ());
curl_setopt ( $curl , CURLOPT_HEADER , true );
curl_exec ( $curl );
if ( curl_errno ( $curl ))
error ( 'Failed downloading newest revision: ' . curl_error ( $curl ));
curl_close ( $curl );
fflush ( $fp );
fclose ( $fp );
fseek ( $header , 0 );
$version = false ;
while ( $line = fgets ( $header )) {
if ( preg_match ( '/^Content-Disposition: attachment; filename=savetheinternet-Tinyboard-(.+)\.zip\s?$/' , $line , $m )) {
$version = $m [ 1 ];
2011-03-30 21:47:06 +11:00
}
2012-04-12 02:49:22 +10:00
}
fclose ( $header );
$zip = new ZipArchive ();
if ( ! $zip -> open ( $temp ))
error ( 'Could not make sense of the ZIP archive.' );
$version = preg_replace ( '/^savetheinternet-Tinyboard-(\w+)\//' , '$1' , $dir = $zip -> getNameIndex ( 0 ));
$errors = array ();
for ( $i = 1 ; $i < $zip -> numFiles ; $i ++ ) {
$filename = str_replace ( $dir , '' , $zip -> getNameIndex ( $i ));
2011-03-30 21:47:06 +11:00
2012-04-12 02:49:22 +10:00
if ( $filename == 'inc/instance-config.php' )
continue ; // don't override config
2011-12-04 11:20:14 +11:00
2012-04-12 02:49:22 +10:00
// are we able to write here?
if ( ! (( file_exists ( $filename ) && is_writable ( $filename )) || ( ! file_exists ( $filename ) && is_writable ( dirname ( $filename ))))) {
// nope
$errors [] = 'Cannot write to ' . $filename . '!' ;
2011-02-07 00:38:01 +11:00
}
2012-04-12 02:49:22 +10:00
}
$zip -> close ();
if ( $errors ) {
$body = '<div class="ban"><h2>Error(s) upgrading</h2><p>Tinyboard can not self-upgrade until the following is fixed:</p><ul>' ;
foreach ( $errors as $error ) {
$body .= '<li>' . $error . '</li>' ;
2011-04-14 17:10:59 +10:00
}
2012-04-12 02:49:22 +10:00
$body .= '</ul><p>Please fix the above errors and refresh to try again.</p></div>' ;
2011-04-14 17:10:59 +10:00
2012-04-12 02:49:22 +10:00
unlink ( $temp );
2011-03-30 00:56:38 +11:00
2012-04-12 02:49:22 +10:00
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Error(s) upgrading' ,
'body' => $body
));
exit ;
}
// For some reason, reading the ZIP entries in PHP doesn't seem to work very well.
// Use shell instead.
shell_exec ( 'TEMP_DIR=$(mktemp -d); unzip -q ' . escapeshellarg ( $temp ) . ' -d $TEMP_DIR -x "' . escapeshellarg ( $dir ) . 'inc/instance-config.php"; mv -v $TEMP_DIR/' . escapeshellarg ( $dir ) . '* "' . getcwd () . '"; rm -rf $TEMP_DIR' );
unlink ( $temp );
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Upgraded' ,
'body' => '<p style="text-align:center">Upgrading seems to have gone okay. You are now at revision <strong>' . $version . '</strong>.</p>'
));
} elseif ( preg_match ( '/^\/log(\/(\d+))?$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'modlog' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$page = isset ( $match [ 2 ]) ? $match [ 2 ] : 1 ;
$boards = array ();
$_boards = listBoards ();
foreach ( $_boards as & $_b ) {
$boards [ $_b [ 'id' ]] = $_b [ 'uri' ];
}
$query = prepare ( " SELECT `mod` as `id`, `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> bindValue ( ':offset' , ( $page - 1 ) * $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $query -> rowCount ()) {
$body = '<p class="unimportant" style="text-align:center">(Nothing to display.)</p>' ;
} else {
$body = '<table class="modlog">' .
'<tr>' .
'<th>' . _ ( 'User' ) . '</th>' .
'<th>' . _ ( 'IP address' ) . '</th>' .
'<th>' . _ ( 'Ago' ) . '</th>' .
'<th>' . _ ( 'Board' ) . '</th>' .
'<th>' . _ ( 'Action' ) . '</th>' .
'</tr>' ;
while ( $log = $query -> fetch ()) {
$log_id = 'log_' . md5 ( $log [ 'text' ]);
if ( $config [ 'cache' ][ 'enabled' ] && $_log = cache :: get ( $log_id ))
$log [ 'text' ] = $_log ;
else {
$log [ 'text' ] = utf8tohtml ( $log [ 'text' ]);
$log [ 'text' ] = preg_replace ( '/(\d+\.\d+\.\d+\.\d+)/' , '<a href="?/IP/$1">$1</a>' , $log [ 'text' ]);
if ( isset ( $boards [ $log [ 'board' ]])) {
if ( preg_match ( '/post #(\d+)/' , $log [ 'text' ], $match )) {
$post_query = prepare ( sprintf ( " SELECT `thread` FROM `posts_%s` WHERE `id` = :id " , $boards [ $log [ 'board' ]]));
$post_query -> bindValue ( ':id' , $match [ 1 ], PDO :: PARAM_INT );
$post_query -> execute () or error ( db_error ( $query ));
if ( $post = $post_query -> fetch ()) {
$log [ 'text' ] = preg_replace ( '/post (#(\d+))/' ,
'post <a href="' .
'?/' .
sprintf ( $config [ 'board_path' ], $boards [ $log [ 'board' ]]) .
$config [ 'dir' ][ 'res' ] .
( $post [ 'thread' ] ?
sprintf ( $config [ 'file_page' ], $post [ 'thread' ]) . '#' . $match [ 1 ]
: sprintf ( $config [ 'file_page' ], $match [ 1 ])) .
'">$1</a>' , $log [ 'text' ]);
} else {
$log [ 'text' ] = preg_replace ( '/post (#(\d+))/' , 'post <s>$1</s>' , $log [ 'text' ]);
2011-05-21 15:21:45 +10:00
}
2012-04-12 02:49:22 +10:00
if ( $config [ 'cache' ][ 'enabled' ])
cache :: set ( $log_id , $log [ 'text' ]);
2011-05-21 15:21:45 +10:00
}
2011-08-15 00:49:52 +10:00
}
2011-05-21 15:21:45 +10:00
}
2012-04-12 02:49:22 +10:00
$body .= '<tr>' .
'<td class="minimal">' .
( $log [ 'username' ] ?
'<a href="?/new_PM/' . $log [ 'id' ] . '">' . $log [ 'username' ] . '</a>'
: '<em>' . ( $log [ 'id' ] < 0 ? 'system' : 'deleted?' ) . '</em>' ) .
'</td>' .
'<td class="minimal">' . ( $log [ 'id' ] < 0 ? '–' : '<a href="?/IP/' . $log [ 'ip' ] . '">' . $log [ 'ip' ] . '</a>' ) . '</td>' .
'<td class="minimal">' . ago ( $log [ 'time' ]) . '</td>' .
'<td class="minimal">' .
( $log [ 'board' ] ?
( isset ( $boards [ $log [ 'board' ]]) ?
'<a href="?/' . sprintf ( $config [ 'board_path' ], $boards [ $log [ 'board' ]]) . $config [ 'file_index' ] . '">' . sprintf ( $config [ 'board_abbreviation' ], $boards [ $log [ 'board' ]]) . '</a></td>'
: '<em>deleted?</em>' )
: '-' ) .
'<td>' . $log [ 'text' ] . '</td>' .
'</tr>' ;
2011-05-21 15:21:45 +10:00
}
2012-04-12 02:49:22 +10:00
$body .= '</table>' ;
2011-05-21 15:21:45 +10:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " SELECT COUNT(*) AS `count` FROM `modlogs` " );
$query -> execute () or error ( db_error ( $query ));
$count = $query -> fetch ();
2010-12-02 20:55:56 +11:00
2012-04-12 02:49:22 +10:00
$body .= '<p class="unimportant" style="text-align:center;word-wrap:break-word">' ;
for ( $x = 0 ; $x < $count [ 'count' ] / $config [ 'mod' ][ 'modlog_page' ]; $x ++ ) {
$body .= '<a href="?/log/' . ( $x + 1 ) . '">[' . ( $x + 1 ) . ']</a> ' ;
2010-12-17 02:20:16 +11:00
}
2012-04-12 02:49:22 +10:00
$body .= '</p>' ;
}
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Moderation log' ),
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/themes\/none$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
// Clearsettings
query ( " TRUNCATE TABLE `theme_settings` " ) or error ( db_error ());
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'No theme' ,
'body' => '<p style="text-align:center">Successfully uninstalled all themes.</p>' .
'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/themes\/([\w\-]+)\/rebuild$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
rebuildTheme ( $match [ 1 ], 'all' );
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Rebuilt' ,
'body' => '<p style="text-align:center">Successfully rebuilt the <strong>' . $match [ 1 ] . '</strong> theme.</p>' .
'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/themes\/(\w+)\/uninstall$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `theme_settings` WHERE `theme` = :theme " );
$query -> bindValue ( ':theme' , $match [ 1 ]);
$query -> execute () or error ( db_error ( $query ));
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Uninstalled' ,
'body' => '<p style="text-align:center">Successfully uninstalled the <strong>' . $match [ 1 ] . '</strong> theme.</p>' .
'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/themes(\/([\w\-]+))?$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! is_dir ( $config [ 'dir' ][ 'themes' ]))
error ( _ ( 'Themes directory doesn\'t exist!' ));
if ( ! $dir = opendir ( $config [ 'dir' ][ 'themes' ]))
error ( _ ( 'Cannot open themes directory; check permissions.' ));
if ( isset ( $match [ 2 ])) {
$_theme = & $match [ 2 ];
2010-12-17 02:20:16 +11:00
2012-04-12 02:49:22 +10:00
if ( ! $theme = loadThemeConfig ( $_theme )) {
error ( $config [ 'error' ][ 'invalidtheme' ]);
2012-03-14 16:56:33 +11:00
}
2012-04-12 02:49:22 +10:00
if ( isset ( $_POST [ 'install' ])) {
// Check if everything is submitted
foreach ( $theme [ 'config' ] as & $c ) {
if ( ! isset ( $_POST [ $c [ 'name' ]]) && $c [ 'type' ] != 'checkbox' )
error ( sprintf ( $config [ 'error' ][ 'required' ], $c [ 'title' ]));
2012-03-13 03:46:58 +11:00
}
2012-04-12 02:49:22 +10:00
// Clear previous settings
$query = prepare ( " DELETE FROM `theme_settings` WHERE `theme` = :theme " );
$query -> bindValue ( ':theme' , $_theme );
$query -> execute () or error ( db_error ( $query ));
foreach ( $theme [ 'config' ] as & $c ) {
$query = prepare ( " INSERT INTO `theme_settings` VALUES(:theme, :name, :value) " );
$query -> bindValue ( ':theme' , $_theme );
$query -> bindValue ( ':name' , $c [ 'name' ]);
$query -> bindValue ( ':value' , $_POST [ $c [ 'name' ]]);
$query -> execute () or error ( db_error ( $query ));
}
$query = prepare ( " INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL) " );
$query -> bindValue ( ':theme' , $_theme );
$query -> execute () or error ( db_error ( $query ));
2012-03-13 03:46:58 +11:00
2012-04-12 02:49:22 +10:00
$result = true ;
$body = '' ;
if ( isset ( $theme [ 'install_callback' ])) {
$ret = $theme [ 'install_callback' ]( themeSettings ( $_theme ));
if ( $ret && ! empty ( $ret )) {
if ( is_array ( $ret ) && count ( $ret ) == 2 ) {
$result = $ret [ 0 ];
$ret = $ret [ 1 ];
}
$body .= '<div style="border:1px dashed maroon;padding:20px;margin:auto;max-width:800px">' . $ret . '</div>' ;
}
2012-03-13 03:46:58 +11:00
}
2012-04-12 02:49:22 +10:00
if ( $result ) {
$body .= '<p style="text-align:center">Successfully installed and built theme.</p>' ;
} else {
// install failed
$query = prepare ( " DELETE FROM `theme_settings` WHERE `theme` = :theme " );
$query -> bindValue ( ':theme' , $_theme );
$query -> execute () or error ( db_error ( $query ));
2012-03-13 03:46:58 +11:00
}
2012-04-12 02:49:22 +10:00
$body .= '<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ;
2012-03-21 22:04:58 +11:00
2012-04-12 02:49:22 +10:00
// Build themes
rebuildThemes ( 'all' );
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => ( $result ? 'Installed "' . utf8tohtml ( $theme [ 'name' ]) . '"' : 'Installation failed!' ),
'body' => $body ,
'mod' => true
)
);
2012-01-09 10:20:13 +11:00
} else {
2012-04-12 02:49:22 +10:00
$body = '<form action="" method="post">' ;
if ( ! isset ( $theme [ 'config' ]) || empty ( $theme [ 'config' ])) {
$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>' ;
} else {
$settings = themeSettings ( $_theme );
2012-01-09 10:42:03 +11:00
2012-04-12 02:49:22 +10:00
$body .= '<table>' ;
foreach ( $theme [ 'config' ] as & $c ) {
$body .= '<tr><th>' . $c [ 'title' ] . '</th><td>' ;
switch ( $c [ 'type' ]) {
case 'text' :
default :
$body .= '<input type="text" name="' . utf8tohtml ( $c [ 'name' ]) . '" ' .
( isset ( $settings [ $c [ 'name' ]]) ?
' value="' . utf8tohtml ( $settings [ $c [ 'name' ]]) . '" '
:
( isset ( $c [ 'default' ]) ?
'value="' . utf8tohtml ( $c [ 'default' ]) . '" '
: '' )
) .
( isset ( $c [ 'size' ]) ? 'size="' . ( int ) $c [ 'size' ] . '" ' : '' ) .
'/>' ;
2012-01-09 10:38:01 +11:00
}
2012-04-12 02:49:22 +10:00
if ( isset ( $c [ 'comment' ]))
$body .= ' <span class="unimportant">' . $c [ 'comment' ] . '</span>' ;
$body .= '</td></tr>' ;
2012-01-09 10:38:01 +11:00
}
2012-04-12 02:49:22 +10:00
$body .= '</table>' ;
2012-01-09 10:20:13 +11:00
}
2012-04-12 02:49:22 +10:00
$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>' ;
2012-01-09 10:20:13 +11:00
2012-04-12 02:49:22 +10:00
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Installing "' . utf8tohtml ( $theme [ 'name' ]) . '"' ,
'body' => $body ,
'mod' => true
)
);
2012-01-09 10:20:13 +11:00
}
2012-04-12 02:49:22 +10:00
} else {
2011-03-02 17:51:29 +11:00
2012-04-12 02:49:22 +10:00
$themes_in_use = array ();
$query = query ( " SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL " ) or error ( db_error ());
while ( $theme = $query -> fetch ()) {
$themes_in_use [ $theme [ 'theme' ]] = true ;
}
2011-04-13 23:47:47 +10:00
2012-04-12 02:49:22 +10:00
// Scan directory for themes
$themes = array ();
while ( $file = readdir ( $dir )) {
if ( $file [ 0 ] != '.' && is_dir ( $config [ 'dir' ][ 'themes' ] . '/' . $file )) {
$themes [] = $file ;
2011-04-13 23:47:47 +10:00
}
}
2012-04-12 02:49:22 +10:00
closedir ( $dir );
2011-03-30 21:47:06 +11:00
$body = '' ;
2012-04-12 02:49:22 +10:00
if ( empty ( $themes )) {
$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>' ;
} else {
$body .= '<table class="modlog">' ;
foreach ( $themes as & $_theme ) {
$theme = loadThemeConfig ( $_theme );
2011-07-30 15:56:57 +10:00
2012-04-12 02:49:22 +10:00
markup ( $theme [ 'description' ]);
2011-12-04 11:20:14 +11:00
2012-04-12 02:49:22 +10:00
$body .= '<tr>' .
'<th class="minimal">' . _ ( 'Name' ) . '</th>' .
'<td>' . utf8tohtml ( $theme [ 'name' ]) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">' . _ ( 'Version' ) . '</th>' .
'<td>' . utf8tohtml ( $theme [ 'version' ]) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">' . _ ( 'Description' ) . '</th>' .
'<td>' . $theme [ 'description' ] . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">' . _ ( 'Thumbnail' ) . '</th>' .
'<td><img style="float:none;margin:4px' .
( isset ( $themes_in_use [ $_theme ]) ?
';border:2px solid red;padding:4px'
: '' ) .
'" src="' . $config [ 'dir' ][ 'themes_uri' ] . '/' . $_theme . '/thumb.png" /></td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">' . _ ( 'Actions' ) . '</th>' .
'<td><ul style="padding:0 20px">' .
'<li><a title="' . _ ( 'Use theme' ) . '" href="?/themes/' . $_theme . '">' .
( isset ( $themes_in_use [ $_theme ]) ? _ ( 'Reconfigure' ) : _ ( 'Install' )) .
'</a></li>' .
( isset ( $themes_in_use [ $_theme ]) ?
'<li><a href="?/themes/' . $_theme . '/rebuild">' . _ ( 'Rebuild' ) . '</a></li>' .
'<li><a href="?/themes/' . $_theme . '/uninstall">' . _ ( 'Uninstall' ) . '</a></li>'
:
'' ) .
'</ul></td>' .
'</tr>' .
'<tr style="height:40px"><td colspan="2"><hr/></td></tr>' ;
2011-03-30 21:47:06 +11:00
}
2012-04-12 02:49:22 +10:00
$body .= '</table>' ;
2011-07-30 15:56:57 +10:00
}
2011-04-14 17:03:12 +10:00
2012-04-12 02:49:22 +10:00
if ( ! empty ( $themes_in_use ))
$body .= '<p style="text-align:center"><a href="?/themes/none">' . _ ( 'Uninstall all themes.' ) . '</a></p>' ;
2011-04-14 00:24:49 +10:00
2012-04-12 02:49:22 +10:00
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Manage themes' ),
'body' => $body ,
'mod' => true
)
);
}
} elseif ( preg_match ( '/^\/noticeboard\/delete\/(\d+)$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard_delete' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `noticeboard` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $match [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $config [ 'cache' ][ 'enabled' ])
cache :: delete ( 'noticeboard_preview' );
header ( 'Location: ?/noticeboard' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/noticeboard$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$body = '' ;
if ( hasPermission ( $config [ 'mod' ][ 'noticeboard_post' ]) && isset ( $_POST [ 'subject' ]) && isset ( $_POST [ 'body' ]) && ! empty ( $_POST [ 'body' ])) {
$query = prepare ( " INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body) " );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindvalue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':subject' , utf8tohtml ( $_POST [ 'subject' ]));
markup ( $_POST [ 'body' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
if ( $config [ 'cache' ][ 'enabled' ])
cache :: delete ( 'noticeboard_preview' );
2011-04-14 00:24:49 +10:00
2012-04-12 02:49:22 +10:00
header ( 'Location: ?/noticeboard#' . $pdo -> lastInsertId (), true , $config [ 'redirect_http' ]);
} else {
if ( hasPermission ( $config [ 'mod' ][ 'noticeboard_post' ])) {
2011-04-14 00:24:49 +10:00
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
2012-04-12 02:49:22 +10:00
'<th><label for="subject">' . _ ( 'Name' ) . '</label></th>' .
'<td>' . $mod [ 'username' ] . '</td>' .
2011-04-14 00:24:49 +10:00
'</tr><tr>' .
2011-11-23 23:47:54 +11:00
'<th>' . _ ( 'Subject' ) . '</th>' .
2011-04-14 00:24:49 +10:00
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
2011-11-23 23:47:54 +11:00
'<th>' . _ ( 'Body' ) . '</th>' .
2011-04-14 00:24:49 +10:00
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
2012-04-12 02:49:22 +10:00
'<td></td><td><input type="submit" value="' . _ ( 'Post to noticeboard' ) . '" /></td>' .
2011-04-14 00:24:49 +10:00
'</tr></table>' .
'</form></fieldset>' ;
}
2012-04-12 02:49:22 +10:00
$query = prepare ( " SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit " );
2011-04-14 00:24:49 +10:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_display' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
while ( $notice = $query -> fetch ()) {
2011-04-14 00:24:49 +10:00
$body .= '<div class="ban">' .
2012-04-12 02:49:22 +10:00
( hasPermission ( $config [ 'mod' ][ 'noticeboard_delete' ]) ?
'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice [ 'id' ] . '">[delete]</a></span>'
2011-04-14 00:24:49 +10:00
: '' ) .
2012-04-12 02:49:22 +10:00
'<h2 id="' . $notice [ 'id' ] . '">' .
( $notice [ 'subject' ] ?
$notice [ 'subject' ]
2011-04-14 00:24:49 +10:00
:
2011-11-23 23:47:54 +11:00
'<em>' . _ ( 'no subject' ) . '</em>'
2011-04-14 00:24:49 +10:00
) .
2011-10-08 17:36:27 +11:00
'<span class="unimportant"> — by ' .
2012-04-12 02:49:22 +10:00
( isset ( $notice [ 'username' ]) ?
utf8tohtml ( $notice [ 'username' ])
:
'<em>???</em>'
) .
2011-04-14 00:24:49 +10:00
' at ' .
2012-04-12 02:49:22 +10:00
strftime ( $config [ 'post_date' ], $notice [ 'time' ]) .
'</span></h2><p>' . $notice [ 'body' ] . '</p></div>' ;
2011-04-14 00:24:49 +10:00
}
2012-04-12 02:49:22 +10:00
echo Element ( 'page.html' , array (
2011-04-14 00:24:49 +10:00
'config' => $config ,
2012-04-12 02:49:22 +10:00
'title' => _ ( 'Noticeboard' ),
2011-04-14 00:24:49 +10:00
'body' => $body ,
'mod' => true
)
);
2012-04-12 02:49:22 +10:00
}
} elseif ( preg_match ( '/^\/news\/delete\/(\d+)$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard_delete' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `news` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $match [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
rebuildThemes ( 'news' );
header ( 'Location: ?/news' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/news$/' , $query )) {
$body = '' ;
if ( hasPermission ( $config [ 'mod' ][ 'news' ])) {
if ( isset ( $_POST [ 'subject' ]) && isset ( $_POST [ 'body' ]) && ! empty ( $_POST [ 'body' ])) {
$query = prepare ( " INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body) " );
if ( isset ( $_POST [ 'name' ]) && hasPermission ( $config [ 'mod' ][ 'news_custom' ]))
$name = & $_POST [ 'name' ];
else
$name = & $mod [ 'username' ];
$query -> bindValue ( ':name' , utf8tohtml ( $name ), PDO :: PARAM_INT );
$query -> bindvalue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':subject' , utf8tohtml ( $_POST [ 'subject' ]));
markup ( $_POST [ 'body' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
rebuildThemes ( 'news' );
}
2012-01-07 12:31:59 +11:00
2012-04-12 02:49:22 +10:00
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
'<th>' . _ ( 'Name' ) . '</th>' .
( hasPermission ( $config [ 'mod' ][ 'news_custom' ]) ?
'<td><input type="text" size="55" name="name" id="name" value="' . utf8tohtml ( $mod [ 'username' ]) . '" /></td>'
:
'<td>' . $mod [ 'username' ] . '</td>' ) .
'</tr><tr>' .
'<th>' . _ ( 'Subject' ) . '</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>' . _ ( 'Body' ) . '</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="' . _ ( 'Post to news' ) . '" /></td>' .
'</tr></table>' .
'</form></fieldset>' ;
}
$query = prepare ( " SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_display' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $news = $query -> fetch ()) {
$body .= '<div class="ban">' .
( hasPermission ( $config [ 'mod' ][ 'news_delete' ]) ?
'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news [ 'id' ] . '">[delete]</a></span>'
: '' ) .
'<h2 id="' . $news [ 'id' ] . '">' .
( $news [ 'subject' ] ?
$news [ 'subject' ]
:
'<em>' . _ ( 'no subject' ) . '</em>'
) .
'<span class="unimportant"> — by ' .
$news [ 'name' ] .
' at ' .
strftime ( $config [ 'post_date' ], $news [ 'time' ]) .
'</span></h2><p>' . $news [ 'body' ] . '</p></div>' ;
}
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'News' ),
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/inbox\/readall$/' , $query , $match )) {
$query = prepare ( " UPDATE `pms` SET `unread` = 0 WHERE `to` = :id " );
$query -> bindValue ( ':id' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Marked all PMs as read' );
header ( 'Location: ?/inbox' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/inbox$/' , $query , $match )) {
$query = prepare ( " SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC " );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () == 0 ) {
$body = '<p style="text-align:center" class="unimportant">(' . _ ( 'No private messages for you.' ) . ')</p>' ;
} else {
$unread_pms = 0 ;
$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>' ;
while ( $pm = $query -> fetch ()) {
$body .= '<tr' . ( $pm [ 'unread' ] ? ' style="font-weight:bold"' : '' ) . '>' .
'<td class="minimal"><a href="?/PM/' . $pm [ 'id' ] . '">' . $pm [ 'id' ] . '</a></td>' .
'<td class="minimal">' .
( $pm [ 'username' ] ?
'<a href="?/new_PM/' . $pm [ 'sender' ] . '">' . $pm [ 'username' ] . '</a>'
: '<em>deleted?</em>' ) .
'</td>' .
'<td class="minimal">' . strftime ( $config [ 'post_date' ], $pm [ 'time' ]) . '</td>' .
'<td><a href="?/PM/' . $pm [ 'id' ] . '">' . pm_snippet ( $pm [ 'message' ]) . '</a></td>' .
'</tr>' ;
if ( $pm [ 'unread' ])
$unread_pms ++ ;
}
$body .= '</table>' ;
2012-01-07 12:32:43 +11:00
2012-04-12 02:49:22 +10:00
if ( $unread_pms ) {
$body = '<p style="text-align:center" class="unimportant">(<a href="?/inbox/readall">Mark all as read</a>)</p>' . $body ;
}
}
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'PM Inbox' ) . ' (' . ( $query -> rowCount () == 0 ? _ ( 'empty' ) : $unread_pms . ' ' . _ ( 'unread' )) . ')' ,
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/PM\/(\d+)$/' , $query , $match )) {
$id = & $match [ 1 ];
if ( hasPermission ( $config [ 'mod' ][ 'master_pm' ])) {
$query = prepare ( " SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id " );
} else {
$query = prepare ( " SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod " );
2011-04-12 18:02:20 +10:00
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
2012-04-12 02:49:22 +10:00
}
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $pm = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'delete' ])) {
$query = prepare ( " DELETE FROM `pms` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
2011-04-12 18:02:20 +10:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
modLog ( 'Deleted a PM' );
header ( 'Location: ?/inbox' , true , $config [ 'redirect_http' ]);
} else {
if ( $pm [ 'unread' ]) {
$query = prepare ( " UPDATE `pms` SET `unread` = 0 WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Read a PM' );
}
if ( $pm [ 'to' ] != $mod [ 'id' ]) {
$query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $pm [ 'to' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2012-01-07 12:31:59 +11:00
2012-04-12 02:49:22 +10:00
if ( $_mod = $query -> fetch ()) {
$__to = & $_mod [ 'username' ];
} else {
$__to = false ;
2012-01-07 12:31:59 +11:00
}
2011-04-12 18:02:20 +10:00
}
2012-04-12 02:49:22 +10:00
$body = '<form action="" method="post" style="margin:0"><table>' .
'<th>From</th><td>' .
( ! $pm [ 'username' ] ?
'<em>???</em>'
:
'<a href="?/new_PM/' . $pm [ 'sender' ] . '">' . utf8tohtml ( $pm [ 'username' ]) . '</a>'
) .
'</td></tr>' .
( isset ( $__to ) ?
'<th>To</th><td>' .
( $__to === false ?
'<em>???</em>'
:
'<a href="?/new_PM/' . $pm [ 'to' ] . '">' . utf8tohtml ( $__to ) . '</a>'
) .
'</td></tr>'
: '' ) .
'<tr><th>Date</th><td> ' . strftime ( $config [ 'post_date' ], $pm [ 'time' ]) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm [ 'message' ] . '</td></tr>' .
'</table>' .
2011-04-12 18:02:20 +10:00
2012-04-12 02:49:22 +10:00
'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
'</form>' .
'<p style="text-align:center"><a href="?/new_PM/' . $pm [ 'sender' ] . '/' . $pm [ 'id' ] . '">Reply with quote</a></p>' ;
echo Element ( 'page.html' , array (
2011-04-12 18:02:20 +10:00
'config' => $config ,
2012-04-12 02:49:22 +10:00
'title' => 'Private message' ,
2011-04-12 18:02:20 +10:00
'body' => $body ,
'mod' => true
)
);
2012-04-12 02:49:22 +10:00
}
} elseif ( preg_match ( '/^\/new_PM\/(\d+)(\/(\d+))?$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'create_pm' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$to = & $match [ 1 ];
$query = prepare ( " SELECT `username`,`id` FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $to , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $to = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'message' ])) {
// Post message
$message = & $_POST [ 'message' ];
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
if ( empty ( $message ))
error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-04-11 05:15:15 +10:00
2012-04-12 02:49:22 +10:00
markup ( $message );
$query = prepare ( " INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1) " );
$query -> bindValue ( ':sender' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':to' , $to [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':message' , $message );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
2011-03-17 16:52:43 +11:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
modLog ( 'Sent a PM to ' . $to [ 'username' ]);
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'PM sent' ,
'body' => '<p style="text-align:center">Message sent successfully to ' . utf8tohtml ( $to [ 'username' ]) . '.</p>' ,
'mod' => true
)
);
} else {
$value = '' ;
if ( isset ( $match [ 3 ])) {
$reply = & $match [ 3 ];
2011-03-28 17:24:23 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id " );
$query -> bindValue ( ':sender' , $to [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':id' , $reply , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $pm = $query -> fetch ()) {
$value = quote ( $pm [ 'message' ]);
2011-07-26 16:00:20 +10:00
}
2012-04-12 02:49:22 +10:00
}
$body = '<form action="" method="post">' .
'<table>' .
'<tr><th>To</th><td>' .
( hasPermission ( $config [ 'mod' ][ 'editusers' ]) ?
'<a href="?/users/' . $to [ 'id' ] . '">' . utf8tohtml ( $to [ 'username' ]) . '</a>' :
utf8tohtml ( $to [ 'username' ])
) .
'</td>' .
'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40">' . $value . '</textarea></td>' .
'</table>' .
'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
'</form>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'New PM for ' . utf8tohtml ( $to [ 'username' ]),
'body' => $body ,
'mod' => true
)
);
}
} elseif ( preg_match ( '/^\/search$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'search' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
'<p><label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" ' .
( isset ( $_POST [ 'search' ]) ? 'value="' . str_replace ( '"' , '"' , utf8tohtml ( $_POST [ 'search' ])) . '" ' : '' ) .
'/>' .
'<input type="submit" value="Search" />' .
'</p></form>' .
'<p><span class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</span></p>' .
'</div>' ;
if ( isset ( $_POST [ 'search' ]) && ! empty ( $_POST [ 'search' ])) {
$phrase = & $_POST [ 'search' ];
$_body = '' ;
$filters = array ();
function search_filters ( $m ) {
global $filters ;
$name = $m [ 2 ];
$value = isset ( $m [ 4 ]) ? $m [ 4 ] : $m [ 3 ];
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
if ( ! in_array ( $name , array ( 'id' , 'thread' , 'subject' , 'email' , 'name' , 'trip' , 'capcode' , 'filename' , 'filehash' , 'ip' ))) {
// unknown filter
return $m [ 0 ];
}
2011-04-12 19:56:37 +10:00
2012-04-12 02:49:22 +10:00
$filters [ $name ] = $value ;
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
return $m [ 1 ];
2011-03-17 16:52:43 +11:00
}
2012-04-12 02:49:22 +10:00
$phrase = trim ( preg_replace_callback ( '/(^|\s)(\w+):("(.*)?"|[^\s]*)/' , 'search_filters' , $phrase ));
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
// Escape escape character
$phrase = str_replace ( '!' , '!!' , $phrase );
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
// Remove SQL wildcard
$phrase = str_replace ( '%' , '!%' , $phrase );
// Use asterisk as wildcard to suit convention
$phrase = str_replace ( '*' , '%' , $phrase );
$like = '' ;
$match = array ();
// Find exact phrases
if ( preg_match_all ( '/"(.+?)"/' , $phrase , $m )) {
foreach ( $m [ 1 ] as & $quote ) {
$phrase = str_replace ( " \" { $quote } \" " , '' , $phrase );
$match [] = $pdo -> quote ( $quote );
}
2011-03-17 16:52:43 +11:00
}
2012-04-12 02:49:22 +10:00
$words = explode ( ' ' , $phrase );
foreach ( $words as & $word ) {
if ( empty ( $word ))
continue ;
$match [] = $pdo -> quote ( $word );
}
$like = '' ;
foreach ( $match as & $phrase ) {
if ( ! empty ( $like ))
$like .= ' AND ' ;
$phrase = preg_replace ( '/^\'(.+)\'$/' , '\'%$1%\'' , $phrase );
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'' ;
}
foreach ( $filters as $name => $value ) {
if ( ! empty ( $like ))
$like .= ' AND ' ;
$like .= '`' . $name . '` = ' . $pdo -> quote ( $value );
}
$like = str_replace ( '%' , '%%' , $like );
$boards = listBoards ();
foreach ( $boards as & $_b ) {
openBoard ( $_b [ 'uri' ]);
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit " , $board [ 'uri' ]));
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'search_results' ], PDO :: PARAM_INT );
2011-03-17 16:52:43 +11:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
$temp = '' ;
while ( $post = $query -> fetch ()) {
if ( ! $post [ 'thread' ]) {
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], $post [ 'sage' ], $post [ 'embed' ], '?/' , $mod , false );
} else {
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'embed' ], '?/' , $mod );
2011-04-12 19:56:37 +10:00
}
2012-04-12 02:49:22 +10:00
$temp .= $po -> build ( true ) . '<hr/>' ;
2011-04-12 19:56:37 +10:00
}
2012-04-12 02:49:22 +10:00
if ( ! empty ( $temp ))
$_body .= '<fieldset><legend>' . $query -> rowCount () . ' result' . ( $query -> rowCount () != 1 ? 's' : '' ) . ' on <a href="?/' .
sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'file_index' ] .
'">' .
sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . ' - ' . $board [ 'title' ] .
'</a></legend>' . $temp . '</fieldset>' ;
}
$body .= '<hr/>' ;
if ( ! empty ( $_body ))
$body .= $_body ;
else
$body .= '<p style="text-align:center" class="unimportant">(No results.)</p>' ;
}
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Search' ,
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/users$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'manageusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$body = '<form action="" method="post"><table class="modlog" style="width:auto"><tr><th>' . _ ( 'ID' ) . '</th><th>' . _ ( 'Username' ) . '</th><th>' . _ ( 'Type' ) . '</th><th>' . _ ( 'Boards' ) . '</th><th>' . _ ( 'Last action' ) . '</th><th>…</th></tr>' ;
$query = query ( " SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id` " ) or error ( db_error ());
while ( $_mod = $query -> fetch ()) {
$type = $_mod [ 'type' ] == JANITOR ? 'Janitor' : ( $_mod [ 'type' ] == MOD ? 'Mod' : 'Admin' );
$_mod [ 'boards' ] = explode ( ',' , $_mod [ 'boards' ]);
foreach ( $_mod [ 'boards' ] as & $_board ) {
if ( $_board != '*' )
$_board = '/' . $_board . '/' ;
}
$body .= '<tr>' .
'<td>' .
$_mod [ 'id' ] .
2011-03-17 16:52:43 +11:00
'</td>' .
2012-04-12 02:49:22 +10:00
'<td>' .
utf8tohtml ( $_mod [ 'username' ]) .
'</td>' .
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
'<td>' .
$type .
'</td>' .
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
'<td>' .
implode ( ', ' , $_mod [ 'boards' ]) .
'</td>' .
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
'<td>' .
( $_mod [ 'last' ] ?
( hasPermission ( $config [ 'mod' ][ 'modlog' ]) ?
'<span title="' . str_replace ( '"' , '"' , utf8tohtml ( $_mod [ 'action' ])) . '">' . ago ( $_mod [ 'last' ]) . '</span>'
: ago ( $_mod [ 'last' ]))
: '<em>never</em>' ) .
'</td>' .
2011-03-17 16:52:43 +11:00
2012-04-12 02:49:22 +10:00
'<td style="white-space:nowrap">' .
( hasPermission ( $config [ 'mod' ][ 'promoteusers' ]) ?
( $_mod [ 'type' ] != ADMIN ?
'<a style="float:left;text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/promote" title="Promote">▲</a>'
: '' ) .
( $_mod [ 'type' ] != JANITOR ?
'<a style="float:left;text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/demote" title="Demote">▼</a>'
: '' )
: ''
) .
( hasPermission ( $config [ 'mod' ][ 'editusers' ]) ||
( hasPermission ( $config [ 'mod' ][ 'change_password' ]) && $_mod [ 'id' ] == $mod [ 'id' ]) ?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod [ 'id' ] . '">[edit]</a>'
: '' ) .
( hasPermission ( $config [ 'mod' ][ 'create_pm' ]) ?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod [ 'id' ] . '">[PM]</a>'
: '' ) .
'</td></tr>' ;
}
$body .= '</table>' ;
if ( hasPermission ( $config [ 'mod' ][ 'createusers' ])) {
$body .= '<p style="text-align:center"><a href="?/users/new">' . _ ( 'Create new user' ) . '</a></p>' ;
}
$body .= '</form>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Manage users' ),
'body' => $body
, 'mod' => true
)
);
} elseif ( preg_match ( '/^\/users\/new$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'createusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) {
if ( ! isset ( $_POST [ 'type' ])) {
error ( sprintf ( $config [ 'error' ][ 'required' ], 'type' ));
2011-03-17 16:52:43 +11:00
}
2011-03-30 00:56:38 +11:00
2012-04-12 02:49:22 +10:00
if ( $_POST [ 'type' ] != ADMIN && $_POST [ 'type' ] != MOD && $_POST [ 'type' ] != JANITOR ) {
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'type' ));
2011-03-30 00:56:38 +11:00
}
2011-03-02 17:51:29 +11:00
2012-04-12 02:49:22 +10:00
// Check if already exists
$query = prepare ( " SELECT `id` FROM `mods` WHERE `username` = :username " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> execute () or error ( db_error ( $query ));
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
if ( $_mod = $query -> fetch ()) {
error ( sprintf ( $config [ 'error' ][ 'modexists' ], $_mod [ 'id' ]));
2011-03-02 17:15:37 +11:00
}
2012-04-12 02:49:22 +10:00
$boards = array ();
foreach ( $_POST as $name => $null ) {
if ( preg_match ( '/^board_(.+)$/' , $name , $m ))
$boards [] = $m [ 1 ];
}
$boards = implode ( ',' , $boards );
$query = prepare ( " INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards) " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
$query -> bindValue ( ':type' , $_POST [ 'type' ], PDO :: PARAM_INT );
$query -> bindValue ( ':boards' , $boards );
$query -> execute () or error ( db_error ( $query ));
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
modLog ( 'Create a new user: "' . $_POST [ 'username' ] . '"' );
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
} else {
$__boards = '<ul style="list-style:none;padding:2px 5px">' ;
$boards = array_merge (
array ( array ( 'uri' => '*' , 'title' => 'All' )
), listBoards ());
foreach ( $boards as & $_board ) {
$__boards .= '<li>' .
'<input type="checkbox" name="board_' . $_board [ 'uri' ] . '" id="board_' . $_board [ 'uri' ] . '">' .
'<label style="display:inline" for="board_' . $_board [ 'uri' ] . '"> ' .
( $_board [ 'uri' ] == '*' ?
'<em>"*"</em>'
:
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ])
) .
' - ' . $_board [ 'title' ] .
'</label>' .
'</li>' ;
2011-03-02 17:15:37 +11:00
}
2012-04-12 02:49:22 +10:00
$body = '<fieldset><legend>New user</legend>' .
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
// Begin form
'<form style="text-align:center" action="" method="post">' .
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
'<table>' .
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Type</th><td>' .
'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
'</td></tr>' .
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
'</table>' .
'<input style="margin-top:10px" type="submit" value="Create user" />' .
// End form
'</form></fieldset>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'New user' ,
'body' => $body
, 'mod' => true
)
);
}
} elseif ( preg_match ( '/^\/users\/(\d+)(\/(promote|demote|delete))?$/' , $query , $matches )) {
$modID = & $matches [ 1 ];
if ( isset ( $matches [ 2 ])) {
if ( $matches [ 3 ] == 'delete' ) {
if ( ! hasPermission ( $config [ 'mod' ][ 'deleteusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " DELETE FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
2011-03-02 17:15:37 +11:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
modLog ( 'Deleted user #' . $modID );
} else {
// Promote/demote
if ( ! hasPermission ( $config [ 'mod' ][ 'promoteusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
if ( $matches [ 3 ] == 'promote' ) {
$query = prepare ( " UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id " );
$query -> bindValue ( ':admin' , ADMIN , PDO :: PARAM_INT );
} else {
$query = prepare ( " UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id " );
$query -> bindValue ( ':janitor' , JANITOR , PDO :: PARAM_INT );
2011-07-03 23:05:14 +10:00
}
2012-04-12 02:49:22 +10:00
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
2011-03-02 17:15:37 +11:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
}
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
} else {
// Edit user
if ( ! hasPermission ( $config [ 'mod' ][ 'editusers' ]) && ! hasPermission ( $config [ 'mod' ][ 'change_password' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-07-03 23:05:14 +10:00
2012-04-12 02:49:22 +10:00
if ( ! $_mod = $query -> fetch ()) {
error ( $config [ 'error' ][ '404' ]);
}
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
if ( ! hasPermission ( $config [ 'mod' ][ 'editusers' ]) && ! ( hasPermission ( $config [ 'mod' ][ 'change_password' ]) && $mod [ 'id' ] == $_mod [ 'id' ] && $change_password_only = true ))
error ( $config [ 'error' ][ 'noaccess' ]);
if (( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) || ( isset ( $change_password_only ) && isset ( $_POST [ 'password' ]))) {
if ( ! isset ( $change_password_only )) {
$boards = array ();
foreach ( $_POST as $name => $null ) {
if ( preg_match ( '/^board_(.+)$/' , $name , $m ))
$boards [] = $m [ 1 ];
}
$boards = implode ( ',' , $boards );
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id " );
$query -> bindValue ( ':username' , $_POST [ 'username' ], PDO :: PARAM_STR );
$query -> bindValue ( ':boards' , $boards , PDO :: PARAM_STR );
2011-03-02 17:15:37 +11:00
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
modLog ( 'Edited login details for user "' . $_mod [ 'username' ] . '"' );
2011-03-02 17:15:37 +11:00
} else {
2012-04-12 02:49:22 +10:00
modLog ( 'Changed own password' );
}
if ( ! empty ( $_POST [ 'password' ])) {
$query = prepare ( " UPDATE `mods` SET `password` = :password WHERE `id` = :id " );
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
2011-03-02 17:15:37 +11:00
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
2012-04-12 02:49:22 +10:00
// Refresh
2011-03-02 17:15:37 +11:00
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $_mod = $query -> fetch ()) {
error ( $config [ 'error' ][ '404' ]);
}
2012-04-12 02:49:22 +10:00
if ( $_mod [ 'id' ] == $mod [ 'id' ]) {
// Changed own password. Update cookies
2011-12-10 13:40:48 +11:00
2012-04-12 02:49:22 +10:00
if ( ! login ( $_mod [ 'username' ], $_mod [ 'password' ], false , true ))
error ( _ ( 'Could not re-login after changing password. (?)' ));
2011-12-10 13:40:48 +11:00
2012-04-12 02:49:22 +10:00
setCookies ();
2011-07-03 23:05:14 +10:00
}
2011-03-02 17:15:37 +11:00
2012-04-12 02:49:22 +10:00
if ( hasPermission ( $config [ 'mod' ][ 'manageusers' ]))
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
exit ;
2011-03-02 17:15:37 +11:00
}
2012-04-12 02:49:22 +10:00
$__boards = '<ul style="list-style:none;padding:2px 5px">' ;
$boards = array_merge (
array ( array ( 'uri' => '*' , 'title' => 'All' )
), listBoards ());
2011-02-20 18:28:39 +11:00
2012-04-12 02:49:22 +10:00
$_mod [ 'boards' ] = explode ( ',' , $_mod [ 'boards' ]);
foreach ( $boards as & $_board ) {
$__boards .= '<li>' .
'<input type="checkbox" name="board_' . $_board [ 'uri' ] . '" id="board_' . $_board [ 'uri' ] . '"' .
( in_array ( $_board [ 'uri' ], $_mod [ 'boards' ]) ?
' checked="checked"'
: '' ) .
'/> ' .
'<label style="display:inline" for="board_' . $_board [ 'uri' ] . '">' .
( $_board [ 'uri' ] == '*' ?
'<em>"*"</em>'
:
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ])
) .
' - ' . $_board [ 'title' ] .
'</label>' .
'</li>' ;
}
$__boards .= '</ul>' ;
$body = '<fieldset><legend>Edit user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td>' .
2011-02-20 17:19:57 +11:00
2012-04-12 02:49:22 +10:00
( isset ( $change_password_only ) ?
utf8tohtml ( $_mod [ 'username' ])
: '<input size="20" maxlength="30" type="text" name="username" value="' . utf8tohtml ( $_mod [ 'username' ]) . '" autocomplete="off" />' ) .
'</td></tr>' .
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
( isset ( $change_password_only ) ? '' :
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
) .
'</table>' .
'<input type="submit" value="Save changes" />' .
// End form
'</form> ' .
// Delete button
( hasPermission ( $config [ 'mod' ][ 'deleteusers' ]) ?
'<p style="text-align:center"><a href="?/users/' . $_mod [ 'id' ] . '/delete">Delete user</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Edit user' ,
'body' => $body
, 'mod' => true
)
);
}
} elseif ( preg_match ( '/^\/reports$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'reports' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$body = '' ;
$reports = 0 ;
$query = prepare ( " SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'recent_reports' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $report = $query -> fetch ()) {
$p_query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `id` = :id " , $report [ 'uri' ]));
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
if ( ! $post = $p_query -> fetch ()) {
// Invalid report (post has since been deleted)
$p_query = prepare ( " DELETE FROM `reports` WHERE `post` = :id " );
2011-02-20 18:42:00 +11:00
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
continue ;
2011-02-20 17:19:57 +11:00
}
2012-04-12 02:49:22 +10:00
$reports ++ ;
openBoard ( $report [ 'uri' ]);
if ( ! $post [ 'thread' ]) {
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], $post [ 'sage' ], $post [ 'embed' ], '?/' , $mod , false );
} else {
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'embed' ], '?/' , $mod );
}
2011-02-20 18:28:39 +11:00
2012-04-12 02:49:22 +10:00
$append_html =
'<div class="report">' .
'<hr/>' .
'Board: <a href="?/' . $report [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' . sprintf ( $config [ 'board_abbreviation' ], $report [ 'uri' ]) . '</a><br/>' .
'Reason: ' . $report [ 'reason' ] . '<br/>' .
'Report date: ' . strftime ( $config [ 'post_date' ], $report [ 'time' ]) . '<br/>' .
( hasPermission ( $config [ 'mod' ][ 'show_ip' ]) ?
'Reported by: <a href="?/IP/' . $report [ 'ip' ] . '">' . $report [ 'ip' ] . '</a><br/>'
: '' ) .
'<hr/>' .
( hasPermission ( $config [ 'mod' ][ 'report_dismiss' ]) ?
'<a title="Discard abuse report" href="?/reports/' . $report [ 'id' ] . '/dismiss">Dismiss</a> | ' : '' ) .
( hasPermission ( $config [ 'mod' ][ 'report_dismiss_ip' ]) ?
'<a title="Discard all abuse reports by this user" href="?/reports/' . $report [ 'id' ] . '/dismiss/all">Dismiss+</a>' : '' ) .
'</div>' ;
2011-02-20 18:28:39 +11:00
2012-04-12 02:49:22 +10:00
// Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21
$po -> body = truncate ( $po -> body , $po -> link (), $config [ 'body_truncate' ] - substr_count ( $append_html , '<br/>' ));
if ( mb_strlen ( $po -> body ) + mb_strlen ( $append_html ) > $config [ 'body_truncate_char' ]) {
// still too long. temporarily increase limit in the config
$__old_body_truncate_char = $config [ 'body_truncate_char' ];
$config [ 'body_truncate_char' ] = mb_strlen ( $po -> body ) + mb_strlen ( $append_html );
}
$po -> body .= $append_html ;
$body .= $po -> build ( true ) . '<hr/>' ;
if ( isset ( $__old_body_truncate_char ))
$config [ 'body_truncate_char' ] = $__old_body_truncate_char ;
}
$query = query ( " SELECT COUNT(`id`) AS `count` FROM `reports` " ) or error ( db_error ());
$count = $query -> fetch ();
$body .= '<p class="unimportant" style="text-align:center">Showing ' .
( $reports == $count [ 'count' ] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count [ 'count' ] . ' reports' ) . '.</p>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Report queue' ) . ' (' . $count [ 'count' ] . ')' ,
'body' => $body ,
'mod' => true
));
} elseif ( preg_match ( '/^\/reports\/(\d+)\/dismiss(\/all)?$/' , $query , $matches )) {
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/all' ) {
if ( ! hasPermission ( $config [ 'mod' ][ 'report_dismiss_ip' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " SELECT `ip` FROM `reports` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
$query = prepare ( " DELETE FROM `reports` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $report [ 'ip' ], PDO :: PARAM_INT );
2011-02-20 17:19:57 +11:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
modLog ( 'Dismissed all reports by ' . $report [ 'ip' ]);
}
} else {
if ( ! hasPermission ( $config [ 'mod' ][ 'report_dismiss' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " SELECT `post`, `board` FROM `reports` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
modLog ( 'Dismissed a report for post #' . $report [ 'post' ], $report [ 'board' ]);
2011-02-20 17:19:57 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " DELETE FROM `reports` WHERE `post` = :post AND `board` = :board " );
$query -> bindValue ( ':board' , $report [ 'board' ], PDO :: PARAM_INT );
$query -> bindValue ( ':post' , $report [ 'post' ], PDO :: PARAM_INT );
2011-02-20 17:19:57 +11:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
}
}
// Redirect
header ( 'Location: ?/reports' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/board\/(\w+)(\/delete)?$/' , $query , $matches )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'manageboards' ])) error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! openBoard ( $matches [ 1 ]))
error ( $config [ 'error' ][ 'noboard' ]);
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/delete' ) {
if ( ! hasPermission ( $config [ 'mod' ][ 'deleteboard' ])) error ( $config [ 'error' ][ 'noaccess' ]);
// Delete board
modLog ( 'Deleted board ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]));
// Delete entire board directory
rrmdir ( $board [ 'uri' ] . '/' );
// Delete posting table
$query = query ( sprintf ( " DROP TABLE IF EXISTS `posts_%s` " , $board [ 'uri' ])) or error ( db_error ());
// Clear reports
$query = prepare ( " DELETE FROM `reports` WHERE `board` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// Delete from table
$query = prepare ( " DELETE FROM `boards` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'board_' . $board [ 'uri' ]);
cache :: delete ( 'all_boards' );
}
$query = prepare ( " SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board " );
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> execute () or error ( db_error ( $query ));
while ( $cite = $query -> fetch ()) {
if ( $board [ 'uri' ] != $cite [ 'board' ]) {
if ( ! isset ( $tmp_board ))
$tmp_board = $board ;
openBoard ( $cite [ 'board' ]);
rebuildPost ( $cite [ 'post' ]);
2011-02-20 17:19:57 +11:00
}
}
2012-04-12 02:49:22 +10:00
if ( isset ( $tmp_board ))
$board = $tmp_board ;
2011-02-22 17:38:38 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board " );
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> execute () or error ( db_error ( $query ));
2011-02-22 17:38:38 +11:00
2012-04-12 02:49:22 +10:00
$_board = $board ;
rebuildThemes ( 'boards' );
$board = $_board ;
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
} else {
if ( isset ( $_POST [ 'title' ]) && isset ( $_POST [ 'subtitle' ])) {
$query = prepare ( " UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id " );
$query -> bindValue ( ':title' , utf8tohtml ( $_POST [ 'title' ], true ));
2011-02-22 17:38:38 +11:00
2012-04-12 02:49:22 +10:00
if ( ! empty ( $_POST [ 'subtitle' ]))
$query -> bindValue ( ':subtitle' , utf8tohtml ( $_POST [ 'subtitle' ], true ));
else
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
2011-02-22 17:38:38 +11:00
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-10-08 17:46:48 +11:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'board_' . $board [ 'uri' ]);
cache :: delete ( 'all_boards' );
}
2012-02-19 19:01:03 +11:00
$_board = $board ;
2011-05-28 01:43:04 +10:00
rebuildThemes ( 'boards' );
2011-04-14 20:43:34 +10:00
2012-02-19 19:01:03 +11:00
$board = $_board ;
2012-04-12 02:49:22 +10:00
openBoard ( $board [ 'uri' ]);
}
$body =
'<fieldset><legend><a href="?/' .
$board [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' .
sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . '</a>' .
' - ' . $board [ 'name' ] . '</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>URI</th><td>' . $board [ 'uri' ] . '</td>' .
'<tr><th>Title</th><td><input size="20" type="text" name="title" value="' . $board [ 'name' ] . '" /></td></tr>' .
'<tr><th>Subtitle</th><td><input size="20" type="text" name="subtitle" value="' .
( isset ( $board [ 'title' ]) ? $board [ 'title' ] : '' ) . '" /></td></tr>' .
'</table>' .
'<input type="submit" value="Update" />' .
// End form
'</form> ' .
// Delete button
( hasPermission ( $config [ 'mod' ][ 'deleteboard' ]) ?
'<p style="text-align:center"><a href="?/board/' . $board [ 'uri' ] . '/delete">Delete board</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Manage – ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]),
'body' => $body ,
'mod' => true
));
}
} elseif ( preg_match ( '/^\/bans$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'view_banlist' ])) error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'unban' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'unban' ])) error ( $config [ 'error' ][ 'noaccess' ]);
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^ban_(\d+)$/' , $post , $m )) {
removeBan ( $m [ 1 ]);
2011-02-22 17:43:42 +11:00
}
2012-04-12 02:49:22 +10:00
}
}
if ( hasPermission ( $config [ 'mod' ][ 'view_banexpired' ])) {
$query = prepare ( " SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
} else {
// Filter out expired bans
$query = prepare ( " SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
if ( $query -> rowCount () < 1 ) {
$body = '<p style="text-align:center" class="unimportant">(There are no active bans.)</p>' ;
} else {
$body = '<form action="" method="post">' ;
$body .= '<table><tr><th>' . _ ( 'IP address' ) . '</th><th>' . _ ( 'Reason' ) . '</th><th>' . _ ( 'Board' ) . '</th><th>' . _ ( 'Set' ) . '</th><th>' . _ ( 'Expires' ) . '</th><th>' . _ ( 'Staff' ) . '</th></tr>' ;
while ( $ban = $query -> fetch ()) {
$body .=
'<tr' .
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
' style="text-decoration:line-through"'
: '' ) .
'>' .
2011-02-22 17:38:38 +11:00
2012-04-12 02:49:22 +10:00
'<td style="white-space: nowrap">' .
2011-02-22 17:43:42 +11:00
2012-04-12 02:49:22 +10:00
// Checkbox
'<input type="checkbox" name="ban_' . $ban [ 'id' ] . '" id="ban_' . $ban [ 'id' ] . '" /> ' .
2011-02-22 17:43:42 +11:00
2012-04-12 02:49:22 +10:00
// IP address
( preg_match ( '/^(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')$/' , $ban [ 'ip' ]) ?
'<a href="?/IP/' .
$ban [ 'ip' ] .
'">' . $ban [ 'ip' ] . '</a>'
: utf8tohtml ( $ban [ 'ip' ])) .
2011-02-22 17:43:42 +11:00
2012-04-12 02:49:22 +10:00
'</td>' .
2011-02-22 17:43:42 +11:00
2012-04-12 02:49:22 +10:00
// Reason
'<td>' . ( $ban [ 'reason' ] ? $ban [ 'reason' ] : '<em>-</em>' ) . '</td>' .
2011-02-22 17:43:42 +11:00
2012-04-12 02:49:22 +10:00
'<td style="white-space: nowrap">' .
( isset ( $ban [ 'uri' ]) ?
sprintf ( $config [ 'board_abbreviation' ], $ban [ 'uri' ])
:
'<em>' . _ ( 'all boards' ) . '</em>'
) . '</td>' .
2011-03-27 02:55:11 +11:00
2012-04-12 02:49:22 +10:00
// Set
'<td style="white-space: nowrap">' . strftime ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td>' .
2011-02-07 00:38:01 +11:00
2012-04-12 02:49:22 +10:00
// Expires
'<td style="white-space: nowrap">' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
2011-07-27 13:40:27 +10:00
:
2012-04-12 02:49:22 +10:00
strftime ( $config [ 'post_date' ], $ban [ 'expires' ])
) .
'</td>' .
// Staff
'<td>' .
( isset ( $ban [ 'username' ]) ?
( ! hasPermission ( $config [ 'mod' ][ 'view_banstaff' ]) ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
'?'
2011-02-07 00:38:01 +11:00
:
2012-04-12 02:49:22 +10:00
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
'?' )))
2011-02-07 00:38:01 +11:00
)
:
2012-04-12 02:49:22 +10:00
utf8tohtml ( $ban [ 'username' ])
)
:
'<em>deleted?</em>'
) .
'</td>' .
2011-03-27 02:55:11 +11:00
2012-04-12 02:49:22 +10:00
'</tr>' ;
2011-05-21 15:21:45 +10:00
}
2012-04-12 02:49:22 +10:00
$body .= '</table>' .
2011-03-27 02:35:54 +11:00
2012-04-12 02:49:22 +10:00
( hasPermission ( $config [ 'mod' ][ 'unban' ]) ?
'<p style="text-align:center"><input name="unban" type="submit" value="Unban selected" /></p>'
: '' ) .
2011-02-18 00:36:50 +11:00
2012-04-12 02:49:22 +10:00
'</form>' ;
}
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Ban list' ),
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/flush$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'rebuild' ])) error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! $config [ 'cache' ][ 'enabled' ]) error ( _ ( 'Cache is not enabled.' ));
if ( cache :: flush ()) {
$body = 'Successfully invalidated all items in cache.' ;
modLog ( 'Cleared cache' );
} else {
$body = 'An error occured while trying to flush cache.' ;
}
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Flushed' ,
'body' => '<p style="text-align:center">' . $body . '</p>' ,
'mod' => true
));
} elseif ( preg_match ( '/^\/rebuild$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'rebuild' ])) error ( $config [ 'error' ][ 'noaccess' ]);
set_time_limit ( $config [ 'mod' ][ 'rebuild_timelimit' ]);
2011-10-08 17:34:40 +11:00
2012-04-12 02:49:22 +10:00
$body = '<div class="ban"><h2>Rebuilding…</h2><p>' ;
$body .= 'Clearing template cache…<br/>' ;
$twig = new Twig_Environment ( $loader , array (
'cache' => " { $config [ 'dir' ][ 'template' ] } /cache "
));
$twig -> clearCacheFiles ();
$body .= 'Regenerating theme files…<br/>' ;
rebuildThemes ( 'all' );
$body .= 'Generating Javascript file…<br/>' ;
buildJavascript ();
$main_js = $config [ 'file_script' ];
$boards = listBoards ();
foreach ( $boards as & $board ) {
$body .= " <strong style= \" display:inline-block;margin: 15px 0 2px 0; \" >Opening board / { $board [ 'uri' ] } /</strong><br/> " ;
openBoard ( $board [ 'uri' ]);
2011-04-14 17:03:12 +10:00
2012-04-12 02:49:22 +10:00
$body .= 'Creating index pages<br/>' ;
buildIndex ();
2011-02-18 00:36:50 +11:00
2012-04-12 02:49:22 +10:00
if ( $config [ 'file_script' ] != $main_js ) {
// different javascript file
$body .= 'Generating Javascript file…<br/>' ;
buildJavascript ();
}
2012-03-14 21:44:41 +11:00
2012-04-12 02:49:22 +10:00
$query = query ( sprintf ( " SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL " , $board [ 'uri' ])) or error ( db_error ());
while ( $post = $query -> fetch ()) {
$body .= " Rebuilding # { $post [ 'id' ] } <br/> " ;
buildThread ( $post [ 'id' ]);
}
}
$body .= 'Complete!</p></div>' ;
unset ( $board );
modLog ( 'Rebuilt everything' );
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'Rebuilt' ,
'body' => $body ,
'mod' => true
));
} elseif ( preg_match ( '/^\/config\/edit$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_config' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
// TODO: display "unset variables"
// $config_file = file_get_contents('inc/config.php');
// preg_match_all('/\$config\[\'(\w+)\']/', $config_file, $matches);
// $config_variables = array_unique($matches[1]);
$body = '<fieldset><legend>' . _ ( 'Configuration' ) . '</legend><form action="" method="post"><table style="width:100%">' ;
$var_force_string = array ( 'blotter' );
$var_system = array ( 'version' );
if ( isset ( $_POST [ 'save_changes' ])) {
$config_append = '' ;
2011-02-18 00:36:50 +11:00
2012-04-12 02:49:22 +10:00
foreach ( $config as $name => $original_value ) {
if ( in_array ( $name , $var_system ))
continue ;
$type = gettype ( $original_value );
if ( $type == 'array' || $type == 'NULL' )
continue ;
2011-02-18 00:36:50 +11:00
2012-04-12 02:49:22 +10:00
if ( $type == 'boolean' && in_array ( $name , $var_force_string ))
$type = 'string' ;
2011-02-18 00:36:50 +11:00
2012-04-12 02:49:22 +10:00
if ( ! isset ( $_POST [ $name ]) && $type != 'boolean' )
continue ;
2012-03-14 21:44:41 +11:00
2012-04-12 02:49:22 +10:00
if ( $type == 'boolean' )
$value = isset ( $_POST [ $name ]);
else
$value = $_POST [ $name ];
2012-02-06 17:36:14 +11:00
2012-04-12 02:49:22 +10:00
if ( $value != $original_value ) {
// value has been changed
$config_append .= " \$ config[' " . addslashes ( $name ) . " '] = " ;
2012-02-06 17:36:14 +11:00
if ( $type == 'boolean' )
2012-04-12 02:49:22 +10:00
$config_append .= $value ? 'true' : 'false' ;
elseif ( $type == 'integer' )
$config_append .= ( int ) $value ;
elseif ( $type == 'string' )
$config_append .= '\'' . addslashes ( $value ) . '\'' ;
$config_append .= " ; \n " ;
2012-02-06 17:36:14 +11:00
}
}
2012-04-12 02:49:22 +10:00
if ( ! empty ( $config_append )) {
$config_append = " \n // Changes made via web editor by \" " . $mod [ 'username' ] . " \" @ " . date ( 'r' ) . " : \n " . $config_append . " \n " ;
if ( @ file_put_contents ( 'inc/instance-config.php' , $config_append , FILE_APPEND )) {
header ( 'Location: ?/config' . $b [ 'uri' ], true , $config [ 'redirect_http' ]);
exit ;
2012-02-06 17:36:14 +11:00
} else {
2012-04-12 02:49:22 +10:00
$config_append = htmlentities ( $config_append );
if ( $config [ 'minify_html' ])
$config_append = str_replace ( " \n " , '
' , $config_append );
$page = array ();
$page [ 'title' ] = 'Cannot write to file!' ;
$page [ 'config' ] = $config ;
$page [ 'body' ] = '
< p > Tinyboard could not write to < strong > inc / instance - config . php </ strong > with the ammended configuration , probably due to a permissions error .</ p >
< p > You may proceed with these changes manually by copying and pasting the following code to the bottom of < strong > inc / instance - config . php </ strong >:</ p >
< textarea style = " width:700px;height:370px;margin:auto;display:block;background:white;color:black " readonly > ' . $config_append . ' </ textarea >
' ;
echo Element ( 'page.html' , $page );
exit ;
2012-02-06 17:36:14 +11:00
}
}
2012-04-12 02:49:22 +10:00
}
foreach ( $config as $name => $value ) {
$body .= '<tr>' ;
2012-02-06 17:36:14 +11:00
2012-04-12 02:49:22 +10:00
$body .= '<th style="text-align:left" class="minimal">' . utf8tohtml ( $name ) . '</th>' ;
$type = gettype ( $value );
if ( $type == 'array' ) {
$body .= '<td><a href="?/config/edit/' . utf8tohtml ( $name ) . '">[edit]' . '</a></td>' ;
} else {
if ( $type == 'string' || $type == 'integer' ) {
$body .= '<td><input style="width:100%" type="text" name="' . utf8tohtml ( $name ) . '" value="' . str_replace ( '"' , '"' , utf8tohtml ( $value )) . '"' .
( in_array ( $name , $var_system ) ? ' readonly="readonly"' : '' ) . '></td>' ;
} elseif ( $type == 'boolean' ) {
if ( in_array ( $name , $var_force_string ))
$body .= '<td><input style="width:100%" type="text" name="' . utf8tohtml ( $name ) . '" value=""></td>' ;
else
$body .= '<td><input type="checkbox" name="' . utf8tohtml ( $name ) . '" ' . ( $value ? 'checked' : '' ) . '></td>' ;
} else {
$body .= '<td>' . utf8tohtml ( $value ) . '</td>' ;
}
}
2010-12-17 04:41:11 +11:00
2012-04-12 02:49:22 +10:00
$body .= '</tr>' ;
}
$body .= '</table><div style="text-align:center"><input name="save_changes" type="submit" value="Save changes"></div></form></fieldset>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Configuration' ),
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/config$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'show_config' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
// Show instance-config.php
$data = '' ;
function do_array_part ( $array , $prefix = '' ) {
global $data , $config ;
2011-02-16 19:27:52 +11:00
2012-04-12 02:49:22 +10:00
foreach ( $array as $name => $value ) {
if ( is_array ( $value )) {
do_array_part ( $value , $prefix . $name . ' → ' );
} else {
if ( $config [ 'mod' ][ 'never_reveal_password' ] && $prefix == 'db → ' && $name == 'password' ) {
$value = '<em>hidden</em>' ;
} elseif ( gettype ( $value ) == 'boolean' ) {
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>' ;
} elseif ( gettype ( $value ) == 'string' ) {
if ( empty ( $value ))
$value = '<em>empty</em>' ;
else
$value = '<span style="color:maroon;">' . utf8tohtml ( substr ( $value , 0 , 110 ) . ( mb_strlen ( $value ) > 110 ? '…' : '' )) . '</span>' ;
} elseif ( gettype ( $value ) == 'integer' ) {
$value = '<span style="color:black;">' . $value . '</span>' ;
} elseif ( is_object ( $value ) && get_class ( $value ) == 'Closure' ) {
$value = '[callback]' ;
}
$data .=
'<tr><th style="text-align:left;">' .
$prefix . ( gettype ( $name ) == 'integer' ? '[]' : utf8tohtml ( $name )) .
'</th><td>' .
$value .
'</td></tr>' ;
2010-12-17 04:41:11 +11:00
}
}
2012-04-12 02:49:22 +10:00
}
do_array_part ( $config );
$body = ( hasPermission ( $config [ 'mod' ][ 'edit_config' ]) ?
'<p style="text-align:center" class="unimportant">' .
'<a href="?/config/edit">[Edit using web editor]</a>' : '' ) .
'<fieldset><legend>' . _ ( 'Configuration' ) . '</legend><table>' . $data . '</table></fieldset>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => _ ( 'Configuration' ),
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/new$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'newboard' ])) error ( $config [ 'error' ][ 'noaccess' ]);
// New board
$body = '' ;
if ( isset ( $_POST [ 'new_board' ])) {
// Create new board
if ( ! isset ( $_POST [ 'uri' ]) ||
! isset ( $_POST [ 'title' ]) ||
! isset ( $_POST [ 'subtitle' ])
) error ( $config [ 'error' ][ 'missedafield' ]);
$b = array (
'uri' => $_POST [ 'uri' ],
'title' => $_POST [ 'title' ],
'subtitle' => $_POST [ 'subtitle' ]
);
2011-02-16 19:27:52 +11:00
2012-04-12 02:49:22 +10:00
// HTML characters
$b [ 'title' ] = utf8tohtml ( $b [ 'title' ], true );
$b [ 'subtitle' ] = utf8tohtml ( $b [ 'subtitle' ], true );
2012-02-06 17:38:18 +11:00
2012-04-12 02:49:22 +10:00
// Check required fields
if ( empty ( $b [ 'uri' ]))
error ( sprintf ( $config [ 'error' ][ 'required' ], 'URI' ));
if ( empty ( $b [ 'title' ]))
error ( sprintf ( $config [ 'error' ][ 'required' ], 'title' ));
2010-12-10 20:57:34 +11:00
2012-04-12 02:49:22 +10:00
if ( ! preg_match ( '/^\w+$/' , $b [ 'uri' ]))
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'URI' ));
2010-12-10 20:38:49 +11:00
2012-04-12 02:49:22 +10:00
if ( openBoard ( $b [ 'uri' ])) {
unset ( $board );
error ( sprintf ( $config [ 'error' ][ 'boardexists' ], sprintf ( $config [ 'board_abbreviation' ], $b [ 'uri' ])));
}
2010-12-02 20:55:56 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle) " );
$query -> bindValue ( ':uri' , $b [ 'uri' ]);
$query -> bindValue ( ':title' , $b [ 'title' ]);
if ( ! empty ( $b [ 'subtitle' ])) {
$query -> bindValue ( ':subtitle' , $b [ 'subtitle' ]);
2011-02-22 17:43:42 +11:00
} else {
2012-04-12 02:49:22 +10:00
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
2010-12-02 20:55:56 +11:00
}
2012-04-12 02:49:22 +10:00
$query -> execute () or error ( db_error ( $query ));
2010-12-16 21:28:03 +11:00
2012-04-12 02:49:22 +10:00
// Record the action
modLog ( " Created a new board: { $b [ 'title' ] } " );
2010-12-02 01:17:27 +11:00
2012-04-12 02:49:22 +10:00
// Open the board
openBoard ( $b [ 'uri' ]) or error ( _ ( " Couldn't open board after creation. " ));
2011-02-16 23:32:43 +11:00
2012-04-12 02:49:22 +10:00
// Create the posts table
query ( Element ( 'posts.sql' , array ( 'board' => $board [ 'uri' ]))) or error ( db_error ());
2011-02-16 23:32:43 +11:00
2012-04-12 02:49:22 +10:00
if ( $config [ 'cache' ][ 'enabled' ])
cache :: delete ( 'all_boards' );
2010-12-10 21:15:44 +11:00
2012-04-12 02:49:22 +10:00
// Build the board
buildIndex ();
2010-12-16 16:36:40 +11:00
2012-04-12 02:49:22 +10:00
rebuildThemes ( 'boards' );
2010-12-16 16:36:40 +11:00
2012-04-12 02:49:22 +10:00
header ( 'Location: ?/board/' . $b [ 'uri' ], true , $config [ 'redirect_http' ]);
} else {
2010-12-16 16:36:40 +11:00
2012-04-12 02:49:22 +10:00
$body .= form_newBoard ();
2012-02-15 20:11:09 +11:00
2012-04-12 02:49:22 +10:00
// TODO: Statistics, etc, in the dashboard.
2012-02-15 20:11:09 +11:00
2012-04-12 02:49:22 +10:00
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'New board' ,
'body' => $body ,
'mod' => true
)
);
}
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(' . $regex [ 'index' ] . '|' . $regex [ 'page' ] . ')?$/' , $query , $matches )) {
// Board index
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
$page_no = empty ( $matches [ 2 ]) || $matches [ 2 ] == $config [ 'file_index' ] ? 1 : $matches [ 2 ];
if ( ! $page = index ( $page_no , $mod )) {
error ( $config [ 'error' ][ '404' ]);
}
$page [ 'pages' ] = getPages ( true );
$page [ 'pages' ][ $page_no - 1 ][ 'selected' ] = true ;
$page [ 'btn' ] = getPageButtons ( $page [ 'pages' ], true );
$page [ 'mod' ] = true ;
echo Element ( 'index.html' , $page );
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . $regex [ 'res' ] . $regex [ 'page' ] . '$/' , $query , $matches )) {
// View thread
$boardName = & $matches [ 1 ];
$thread = & $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
$page = buildThread ( $thread , true , $mod );
echo $page ;
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'edit\/(\d+)$/' , $query , $matches )) {
// Edit post body
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'editpost' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$postID = & $matches [ 2 ];
$query = prepare ( sprintf ( " SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $postID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$post = $query -> fetch () or error ( $config [ 'error' ][ 'invalidpost' ]);
if ( isset ( $_POST [ 'submit' ]) && isset ( $_POST [ 'body' ]) && isset ( $_POST [ 'subject' ])) {
if ( mb_strlen ( $_POST [ 'subject' ]) > 100 )
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subject' ));
2012-02-15 20:11:09 +11:00
2012-04-12 02:49:22 +10:00
$body = $_POST [ 'body' ];
$body_nomarkup = $body ;
2012-02-15 20:11:09 +11:00
2012-04-12 02:49:22 +10:00
wordfilters ( $body );
$tracked_cites = markup ( $body , true );
2012-02-15 20:11:09 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " DELETE FROM `cites` WHERE `board` = :board AND `post` = :post " );
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> bindValue ( ':post' , $postID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id " , $board [ 'uri' ]));
2012-02-15 20:11:09 +11:00
$query -> bindValue ( ':id' , $postID , PDO :: PARAM_INT );
2012-04-12 02:49:22 +10:00
$query -> bindValue ( ':body' , $body );
$query -> bindValue ( ':body_nomarkup' , $body_nomarkup );
$query -> bindValue ( ':subject' , utf8tohtml ( $_POST [ 'subject' ]));
2012-02-15 20:11:09 +11:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
if ( isset ( $tracked_cites )) {
foreach ( $tracked_cites as $cite ) {
$query = prepare ( 'INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)' );
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> bindValue ( ':post' , $postID , PDO :: PARAM_INT );
$query -> bindValue ( ':target_board' , $cite [ 0 ]);
$query -> bindValue ( ':target' , $cite [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2012-02-15 20:11:09 +11:00
}
}
2012-04-12 02:49:22 +10:00
2011-02-11 23:02:30 +11:00
// Record the action
2012-04-12 02:49:22 +10:00
modLog ( " Edited post # { $postID } " );
buildThread ( $post [ 'thread' ] ? $post [ 'thread' ] : $postID );
2011-02-11 23:02:30 +11:00
2011-01-01 22:12:31 +11:00
// Rebuild board
buildIndex ();
2012-04-12 02:49:22 +10:00
2011-01-01 22:12:31 +11:00
// Redirect
2011-06-19 11:26:26 +10:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2012-04-12 02:49:22 +10:00
exit ;
}
$post [ 'body_nomarkup' ] = utf8tohtml ( $post [ 'body_nomarkup' ]);
if ( $config [ 'minify_html' ])
$post [ 'body_nomarkup' ] = str_replace ( " \n " , '
' , $post [ 'body_nomarkup' ]);
$body = '<form name="post" action="" method="post">' .
'<table>' .
'<tr>' .
'<th>Name</th>' .
'<td>' . utf8tohtml ( $post [ 'name' ]) . '</td>' .
'</tr>' .
'<tr>' .
'<th>Subject</th>' .
'<td>' .
'<input style="float:left;" type="text" name="subject" size="25" maxlength="50" value="' . str_replace ( '"' , '"' , $post [ 'subject' ]) . '"/>' .
'<input style="margin-left:2px;" type="submit" name="submit" value="Edit Post"/>' .
'</td>' .
'</tr>' .
'<tr>' .
'<th>Body</th>' .
'<td>' .
'<textarea name="body" rows="8" cols="38">' .
$post [ 'body_nomarkup' ] .
'</textarea>' .
'</td>' .
'</tr>' .
'</table>' .
'</form>' ;
echo Element ( 'page.html' , array (
'config' => $config ,
'body' => $body ,
'title' => 'Edit Post #' . $postID
));
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletefile\/(\d+)$/' , $query , $matches )) {
// Delete file from post
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'deletefile' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$post = & $matches [ 2 ];
// Delete post
deleteFile ( $post );
// Record the action
modLog ( " Removed file from post # { $post } " );
// Rebuild board
buildIndex ();
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'delete\/(\d+)$/' , $query , $matches )) {
// Delete post
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'delete' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$post = & $matches [ 2 ];
// Delete post
deletePost ( $post );
// Record the action
modLog ( " Deleted post # { $post } " );
// Rebuild board
buildIndex ();
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?sticky\/(\d+)$/' , $query , $matches )) {
// Add/remove sticky
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'sticky' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$post = & $matches [ 3 ];
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
// Record the action
modLog ( " Unstickied post # { $post } " );
$query -> bindValue ( ':sticky' , 0 , PDO :: PARAM_INT );
} else {
2011-02-11 23:02:30 +11:00
// Record the action
2012-04-12 02:49:22 +10:00
modLog ( " Stickied post # { $post } " );
$query -> bindValue ( ':sticky' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?lock\/(\d+)$/' , $query , $matches )) {
// Lock/Unlock
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'lock' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$post = & $matches [ 3 ];
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
// Record the action
modLog ( " Unlocked post # { $post } " );
$query -> bindValue ( ':locked' , 0 , PDO :: PARAM_INT );
} else {
// Record the action
modLog ( " Locked post # { $post } " );
$query -> bindValue ( ':locked' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'bump(un)?lock\/(\d+)$/' , $query , $matches )) {
// Lock/Unlock
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'bumplock' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$post = & $matches [ 3 ];
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
// Record the action
modLog ( " Unbumplocked post # { $post } " );
$query -> bindValue ( ':bumplocked' , 0 , PDO :: PARAM_INT );
} else {
// Record the action
modLog ( " Bumplocked post # { $post } " );
$query -> bindValue ( ':bumplocked' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletebyip\/(\d+)(\/global)?$/' , $query , $matches )) {
// Delete all posts by an IP
$boardName = & $matches [ 1 ];
$post = & $matches [ 2 ];
$global = isset ( $matches [ 3 ]) && $matches [ 3 ] == '/global' ;
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
$query = prepare ( sprintf ( " SELECT `ip` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post );
$query -> execute () or error ( db_error ( $query ));
if ( ! $post = $query -> fetch ())
error ( $config [ 'error' ][ 'invalidpost' ]);
$ip = $post [ 'ip' ];
if ( $global )
$boards = listBoards ();
else
$boards = array ( array ( 'uri' => $board [ 'uri' ]));
$query = '' ;
foreach ( $boards as $_board ) {
$query .= sprintf ( " SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL " , $_board [ 'uri' ], $_board [ 'uri' ]);
}
$query = preg_replace ( '/UNION ALL $/' , '' , $query );
$query = prepare ( $query );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () < 1 )
error ( $config [ 'error' ][ 'invalidpost' ]);
$boards = array ();
while ( $post = $query -> fetch ()) {
openBoard ( $post [ 'board' ]);
$boards [] = $post [ 'board' ];
2011-02-11 23:02:30 +11:00
2012-04-12 02:49:22 +10:00
deletePost ( $post [ 'id' ], false );
}
foreach ( $boards as & $_board ) {
openBoard ( $_board );
2010-12-16 16:36:40 +11:00
buildIndex ();
2012-04-12 02:49:22 +10:00
}
// Record the action
modLog ( " Deleted all posts by IP address: { $ip } " );
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/ban$/' , $query )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'ban' ])) error ( $config [ 'error' ][ 'noaccess' ]);
// Ban page
if ( isset ( $_POST [ 'new_ban' ])) {
if ( ! isset ( $_POST [ 'ip' ]) ||
! isset ( $_POST [ 'reason' ]) ||
! isset ( $_POST [ 'length' ]) ||
! isset ( $_POST [ 'board_id' ])
) error ( $config [ 'error' ][ 'missedafield' ]);
// Check required fields
if ( empty ( $_POST [ 'ip' ]))
error ( sprintf ( $config [ 'error' ][ 'required' ], 'IP address' ));
$query = prepare ( " INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board) " );
// 1yr2hrs30mins
// 1y2h30m
$expire = 0 ;
if ( preg_match ( '/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/' , $_POST [ 'length' ], $m )) {
if ( isset ( $m [ 2 ])) {
// Years
$expire += $m [ 2 ] * 60 * 60 * 24 * 365 ;
}
if ( isset ( $m [ 4 ])) {
// Months
$expire += $m [ 4 ] * 60 * 60 * 24 * 30 ;
}
if ( isset ( $m [ 6 ])) {
// Weeks
$expire += $m [ 6 ] * 60 * 60 * 24 * 7 ;
}
if ( isset ( $m [ 8 ])) {
// Days
$expire += $m [ 8 ] * 60 * 60 * 24 ;
}
if ( isset ( $m [ 10 ])) {
// Hours
$expire += $m [ 10 ] * 60 * 60 ;
}
if ( isset ( $m [ 12 ])) {
// Minutes
$expire += $m [ 12 ] * 60 ;
}
if ( isset ( $m [ 14 ])) {
// Seconds
$expire += $m [ 14 ];
}
2011-01-02 21:27:28 +11:00
}
2012-04-12 02:49:22 +10:00
if ( $expire ) {
$query -> bindValue ( ':expires' , time () + $expire , PDO :: PARAM_INT );
2011-01-03 02:00:30 +11:00
} else {
2012-04-12 02:49:22 +10:00
// Never expire
$query -> bindValue ( ':expires' , null , PDO :: PARAM_NULL );
2011-01-03 02:00:30 +11:00
}
2012-04-12 02:49:22 +10:00
$query -> bindValue ( ':ip' , $_POST [ 'ip' ], PDO :: PARAM_STR );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':set' , time (), PDO :: PARAM_INT );
2011-10-15 09:21:24 +11:00
2011-10-10 22:37:39 +11:00
2012-04-12 02:49:22 +10:00
if ( ! empty ( $_POST [ 'reason' ])) {
$reason = $_POST [ 'reason' ];
markup ( $reason );
$query -> bindValue ( ':reason' , $reason , PDO :: PARAM_STR );
2011-10-10 22:37:39 +11:00
} else {
2012-04-12 02:49:22 +10:00
$query -> bindValue ( ':reason' , null , PDO :: PARAM_NULL );
2011-02-05 15:43:42 +11:00
}
2012-04-12 02:49:22 +10:00
if ( $_POST [ 'board_id' ] < 0 ) {
$query -> bindValue ( ':board' , null , PDO :: PARAM_NULL );
} else {
$query -> bindValue ( ':board' , ( int ) $_POST [ 'board_id' ], PDO :: PARAM_INT );
}
// Record the action
modLog ( 'Created a ' . ( $expire ? $expire . ' second' : 'permanent' ) . " ban for { $_POST [ 'ip' ] } with " . ( ! empty ( $_POST [ 'reason' ]) ? " reason \" ${ reason } \" " : 'no reason' ));
$query -> execute () or error ( db_error ( $query ));
if ( isset ( $_POST [ 'board' ]))
openBoard ( $_POST [ 'board' ]);
// Delete too
if ( isset ( $_POST [ 'delete' ]) && isset ( $_POST [ 'board' ]) && hasPermission ( $config [ 'mod' ][ 'delete' ], $_POST [ 'board' ])) {
$post = round ( $_POST [ 'delete' ]);
2011-02-11 23:02:30 +11:00
2012-04-12 02:49:22 +10:00
deletePost ( $post );
2011-07-27 13:40:27 +10:00
2011-02-11 23:02:30 +11:00
// Record the action
2012-04-12 02:49:22 +10:00
modLog ( " Deleted post # { $post } " );
2011-02-11 23:02:30 +11:00
2012-04-12 02:49:22 +10:00
// Rebuild board
buildIndex ();
}
if ( hasPermission ( $config [ 'mod' ][ 'public_ban' ]) && isset ( $_POST [ 'post' ]) && isset ( $_POST [ 'board' ]) && isset ( $_POST [ 'public_message' ]) && isset ( $_POST [ 'message' ])) {
$post = round ( $_POST [ 'post' ]);
2011-01-02 00:27:30 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> bindValue ( ':body' , sprintf ( $config [ 'mod' ][ 'ban_message' ], utf8tohtml ( $_POST [ 'message' ])));
$query -> execute () or error ( db_error ( $query ));
2011-11-30 14:35:59 +11:00
2012-04-12 02:49:22 +10:00
// Rebuild thread
$query = prepare ( sprintf ( " SELECT `thread` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$thread = $query -> fetch ();
if ( $thread [ 'thread' ])
buildThread ( $thread [ 'thread' ]);
else
buildThread ( $post );
2011-01-15 15:05:58 +11:00
2012-04-12 02:49:22 +10:00
// Rebuild board
buildIndex ();
2011-04-03 18:20:55 +10:00
2012-04-12 02:49:22 +10:00
// Record the action
modLog ( " Attached a public ban message for post # { $post } : " . $_POST [ 'message' ]);
2011-01-02 00:27:30 +11:00
}
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
// Redirect
if ( isset ( $_POST [ 'continue' ]))
header ( 'Location: ' . $_POST [ 'continue' ], true , $config [ 'redirect_http' ]);
elseif ( isset ( $board ))
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
}
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'move\/(\d+)$/' , $query , $matches )) {
$boardName = & $matches [ 1 ];
$postID = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'move' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'board' ])) {
$targetBoard = $_POST [ 'board' ];
$shadow = isset ( $_POST [ 'shadow' ]);
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
if ( $targetBoard == $boardName )
error ( _ ( " Target and source board are the same. " ));
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
// copy() if leaving a shadow thread behind. otherwise, rename().
$clone = $shadow ? 'copy' : 'rename' ;
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $postID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $post = $query -> fetch ()) {
error ( $config [ 'error' ][ 'nonexistant' ]);
}
$post [ 'op' ] = true ;
if ( $post [ 'file' ]) {
$post [ 'has_file' ] = true ;
$post [ 'width' ] = & $post [ 'filewidth' ];
$post [ 'height' ] = & $post [ 'fileheight' ];
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
$file_src = sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $post [ 'file' ];
$file_thumb = sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $post [ 'thumb' ];
} else $post [ 'has_file' ] = false ;
// allow thread to keep its same traits (stickied, locked, etc.)
$post [ 'mod' ] = true ;
if ( ! openBoard ( $targetBoard ))
error ( $config [ 'error' ][ 'noboard' ]);
$newID = post ( $post );
if ( $post [ 'has_file' ]) {
$clone ( $file_src , sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $post [ 'file' ]);
$clone ( $file_thumb , sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $post [ 'thumb' ]);
}
// move replies too...
openBoard ( $boardName );
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $postID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$replies = array ();
while ( $post = $query -> fetch ()) {
$post [ 'mod' ] = true ;
$post [ 'thread' ] = $newID ;
2011-11-19 01:35:22 +11:00
if ( $post [ 'file' ]) {
$post [ 'has_file' ] = true ;
$post [ 'width' ] = & $post [ 'filewidth' ];
$post [ 'height' ] = & $post [ 'fileheight' ];
2012-04-12 02:49:22 +10:00
$post [ 'file_src' ] = sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $post [ 'file' ];
$post [ 'file_thumb' ] = sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $post [ 'thumb' ];
2011-11-19 01:35:22 +11:00
} else $post [ 'has_file' ] = false ;
2012-04-12 02:49:22 +10:00
$replies [] = $post ;
}
$newIDs = array ( $postID => $newID );
openBoard ( $targetBoard );
foreach ( $replies as & $post ) {
$query = prepare ( " SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post " );
$query -> bindValue ( ':board' , $boardName );
$query -> bindValue ( ':post' , $post [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $qurey ));
while ( $cite = $query -> fetch ( PDO :: FETCH_ASSOC )) {
if ( isset ( $newIDs [ $cite [ 'target' ]])) {
$post [ 'body_nomarkup' ] = preg_replace (
'/(>>(>\/' . preg_quote ( $boardName , '/' ) . '\/)?)' . preg_quote ( $cite [ 'target' ], '/' ) . '/' ,
'>>' . $newIDs [ $cite [ 'target' ]],
$post [ 'body_nomarkup' ]);
$post [ 'body' ] = $post [ 'body_nomarkup' ];
}
}
$post [ 'op' ] = false ;
$post [ 'tracked_cites' ] = markup ( $post [ 'body' ], true );
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
$newIDs [ $post [ 'id' ]] = $newPostID = post ( $post );
2011-11-19 01:35:22 +11:00
if ( $post [ 'has_file' ]) {
2012-04-12 02:49:22 +10:00
$clone ( $post [ 'file_src' ], sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $post [ 'file' ]);
$clone ( $post [ 'file_thumb' ], sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $post [ 'thumb' ]);
2011-11-19 01:35:22 +11:00
}
2012-04-12 02:49:22 +10:00
foreach ( $post [ 'tracked_cites' ] as $cite ) {
$query = prepare ( 'INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)' );
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> bindValue ( ':post' , $newPostID , PDO :: PARAM_INT );
$query -> bindValue ( ':target_board' , $cite [ 0 ]);
$query -> bindValue ( ':target' , $cite [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
}
// build thread
buildThread ( $newID );
buildIndex ();
// trigger themes
rebuildThemes ( 'post' );
openBoard ( $boardName );
if ( $shadow ) {
// lock thread
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id " , $board [ 'uri' ]));
2011-11-19 01:35:22 +11:00
$query -> bindValue ( ':id' , $postID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
$post = array (
'mod' => true ,
'subject' => '' ,
'email' => '' ,
'name' => $config [ 'mod' ][ 'shadow_name' ],
'capcode' => $config [ 'mod' ][ 'shadow_capcode' ],
'trip' => '' ,
'body' => sprintf ( $config [ 'mod' ][ 'shadow_mesage' ], '>>>/' . $targetBoard . '/' . $newID ),
'password' => '' ,
'has_file' => false ,
// attach to original thread
'thread' => $postID ,
'op' => false
);
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
markup ( $post [ 'body' ]);
2012-04-02 23:47:32 +10:00
2012-04-12 02:49:22 +10:00
$botID = post ( $post );
buildThread ( $postID );
2011-11-19 01:35:22 +11:00
2012-04-12 02:49:22 +10:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $postID ) . '#' . $botID , true , $config [ 'redirect_http' ]);
} else {
deletePost ( $postID );
2011-11-19 01:35:22 +11:00
buildIndex ();
2012-04-12 02:49:22 +10:00
openBoard ( $targetBoard );
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $newID ), true , $config [ 'redirect_http' ]);
2011-11-19 01:35:22 +11:00
}
2012-04-12 02:49:22 +10:00
} else {
$body = '<fieldset><legend>Move thread</legend>' .
'<form action="?/' . $boardName . '/move/' . $postID . '" method="post">' .
'<table>'
;
$boards = listBoards ();
if ( count ( $boards ) <= 1 )
error ( _ ( 'No board to move to; there is only one.' ));
2011-01-15 15:37:39 +11:00
2012-04-12 02:49:22 +10:00
$__boards = '' ;
foreach ( $boards as & $_board ) {
if ( $_board [ 'uri' ] == $board [ 'uri' ])
continue ;
$__boards .= '<li>' .
'<input type="radio" name="board" id="board_' . $_board [ 'uri' ] . '" value="' . $_board [ 'uri' ] . '">' .
'<label style="display:inline" for="board_' . $_board [ 'uri' ] . '"> ' .
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ]) .
' - ' . $_board [ 'title' ] .
'</label>' .
'</li>' ;
2011-01-15 15:37:39 +11:00
}
2012-04-12 02:49:22 +10:00
$body .= '<tr>' .
'<th>Thread ID</th>' .
'<td><input type="text" size="7" value="' . $postID . '" disabled /></td>' .
'</tr>' .
'<tr>' .
'<th><label for="message">Leave shadow thread</label></th>' .
'<td>' .
'<input type="checkbox" id="shadow" name="shadow" checked/>' .
' <span class="unimportant">(locks thread; replies to it with a link.)</span>' .
'</td>' .
'</tr>' .
'<tr>' .
'<th>Target board</th>' .
'<td><ul style="list-style:none;padding:2px 5px">' . $__boards . '</tl></td>' .
'</tr>' .
'<tr>' .
'<td></td>' .
'<td><input type="submit" value="Move thread" /></td>' .
'</tr>' .
'</table>' .
'</form></fieldset>' ;
echo Element ( 'page.html' , array (
2011-03-26 18:23:15 +11:00
'config' => $config ,
2012-04-12 02:49:22 +10:00
'title' => 'Move #' . $postID ,
2011-01-02 00:27:30 +11:00
'body' => $body ,
'mod' => true
)
);
2012-04-12 02:49:22 +10:00
}
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'ban(&delete)?\/(\d+)$/' , $query , $matches )) {
// Ban by post
$boardName = & $matches [ 1 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'ban' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$delete = isset ( $matches [ 2 ]) && $matches [ 2 ] == '&delete' ;
if ( $delete && ! hasPermission ( $config [ 'mod' ][ 'delete' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$post = $matches [ 3 ];
$query = prepare ( sprintf ( " SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1 " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () < 1 ) {
error ( $config [ 'error' ][ 'invalidpost' ]);
}
$post = $query -> fetch ();
$body = form_newBan ( $post [ 'ip' ], null , '?/' . sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'file_index' ], $post [ 'id' ], $boardName , ! $delete );
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'New ban' ,
'body' => $body ,
'mod' => true
)
);
} elseif ( preg_match ( '/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')\/deletenote\/(?P<id>\d+)$/' , $query , $matches )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'remove_notes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$ip = $matches [ 1 ];
$id = $matches [ 'id' ];
2011-04-05 17:36:00 +10:00
2012-04-12 02:49:22 +10:00
$query = prepare ( " DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id " );
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/IP/' . $ip , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')$/' , $query , $matches )) {
// View information on an IP address
$ip = $matches [ 1 ];
$host = $config [ 'mod' ][ 'dns_lookup' ] ? rDNS ( $ip ) : false ;
if ( hasPermission ( $config [ 'mod' ][ 'unban' ]) && isset ( $_POST [ 'unban' ]) && isset ( $_POST [ 'ban_id' ])) {
removeBan ( $_POST [ 'ban_id' ]);
header ( 'Location: ?/IP/' . $ip , true , $config [ 'redirect_http' ]);
} elseif ( hasPermission ( $config [ 'mod' ][ 'create_notes' ]) && isset ( $_POST [ 'note' ])) {
$query = prepare ( " INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body) " );
2011-04-05 17:36:00 +10:00
$query -> bindValue ( ':ip' , $ip );
2012-04-12 02:49:22 +10:00
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
markup ( $_POST [ 'note' ]);
$query -> bindValue ( ':body' , $_POST [ 'note' ]);
2011-04-05 17:36:00 +10:00
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/IP/' . $ip , true , $config [ 'redirect_http' ]);
2012-04-12 02:49:22 +10:00
} else {
$body = '' ;
$boards = listBoards ();
foreach ( $boards as & $_board ) {
openBoard ( $_board [ 'uri' ]);
2011-01-15 15:29:05 +11:00
2012-04-12 02:49:22 +10:00
$temp = '' ;
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit " , $_board [ 'uri' ]));
2011-04-05 17:36:00 +10:00
$query -> bindValue ( ':ip' , $ip );
2012-04-12 02:49:22 +10:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'ip_recentposts' ], PDO :: PARAM_INT );
2011-04-05 17:36:00 +10:00
$query -> execute () or error ( db_error ( $query ));
2012-04-12 02:49:22 +10:00
while ( $post = $query -> fetch ()) {
if ( ! $post [ 'thread' ]) {
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], $post [ 'sage' ], $post [ 'embed' ], '?/' , $mod , false );
} else {
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'embed' ], '?/' , $mod );
2011-02-18 00:44:01 +11:00
}
2012-04-12 02:49:22 +10:00
$temp .= $po -> build ( true ) . '<hr/>' ;
2011-07-30 15:42:28 +10:00
}
2011-01-15 15:29:05 +11:00
2012-04-12 02:49:22 +10:00
if ( ! empty ( $temp ))
$body .= '<fieldset><legend>Last ' . $query -> rowCount () . ' posts on <a href="?/' .
sprintf ( $config [ 'board_path' ], $_board [ 'uri' ]) . $config [ 'file_index' ] .
'">' .
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ]) . ' - ' . $_board [ 'title' ] .
'</a></legend>' . $temp . '</fieldset>' ;
}
if ( hasPermission ( $config [ 'mod' ][ 'view_notes' ])) {
$query = prepare ( " SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () > 0 || hasPermission ( $config [ 'mod' ][ 'create_notes' ])) {
$body .= '<fieldset><legend>' .
$query -> rowCount () . ' note' . ( $query -> rowCount () == 1 ? '' : 's' ) . ' on record' .
'</legend>' ;
if ( $query -> rowCount () > 0 ) {
$body .= '<table class="modlog">' .
'<tr><th>Staff</th><th>Note</th><th>Date</th>' .
( hasPermission ( $config [ 'mod' ][ 'remove_notes' ]) ? '<th>Actions</th>' : '' ) .
'</td>' ;
while ( $note = $query -> fetch ()) {
if ( $note [ 'mod' ]) {
$_query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$_query -> bindValue ( ':id' , $note [ 'mod' ]);
$_query -> execute () or error ( db_error ( $_query ));
if ( $_mod = $_query -> fetch ()) {
$staff = '<a href="?/new_PM/' . $note [ 'mod' ] . '">' . utf8tohtml ( $_mod [ 'username' ]) . '</a>' ;
2011-04-05 17:36:00 +10:00
} else {
2012-04-12 02:49:22 +10:00
$staff = '<em>???</em>' ;
2011-04-05 17:36:00 +10:00
}
2012-04-12 02:49:22 +10:00
} else {
$staff = '<em>system</em>' ;
2011-04-05 17:36:00 +10:00
}
2012-04-12 02:49:22 +10:00
$body .= '<tr>' .
'<td class="minimal">' .
$staff .
'</td><td>' .
$note [ 'body' ] .
'</td><td class="minimal">' .
strftime ( $config [ 'post_date' ], $note [ 'time' ]) .
'</td>' .
( hasPermission ( $config [ 'mod' ][ 'remove_notes' ]) ?
'<td class="minimal"><a class="unimportant" href="?/IP/' . $ip . '/deletenote/' . $note [ 'id' ] . '">[delete]</a></td>'
: '' ) .
'</tr>' ;
2011-04-05 17:36:00 +10:00
}
2012-04-12 02:49:22 +10:00
$body .= '</table>' ;
2011-07-30 15:42:28 +10:00
}
2012-04-12 02:49:22 +10:00
if ( hasPermission ( $config [ 'mod' ][ 'create_notes' ])) {
$body .= '<form action="" method="post" style="text-align:center;margin:0">' .
'<table>' .
'<tr>' .
'<th>Staff</th>' .
'<td>' . $mod [ 'username' ] . '</td>' .
'</tr>' .
'<tr>' .
'<th><label for="note">Note</label></th>' .
'<td><textarea id="note" name="note" rows="5" cols="30"></textarea></td>' .
'</tr>' .
'<tr>' .
'<td></td>' .
'<td><input type="submit" value="New note" /></td>' .
'</tr>' .
'</table>' .
'</form>' ;
}
$body .= '</fieldset>' ;
2011-04-05 17:36:00 +10:00
}
2012-04-12 02:49:22 +10:00
}
if ( hasPermission ( $config [ 'mod' ][ 'view_ban' ])) {
$query = prepare ( " SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
2011-04-05 17:36:00 +10:00
2012-04-12 02:49:22 +10:00
if ( $query -> rowCount () > 0 ) {
$body .= '<fieldset><legend>Ban' . ( $query -> rowCount () == 1 ? '' : 's' ) . ' on record</legend>' ;
2011-02-18 00:36:50 +11:00
2012-04-12 02:49:22 +10:00
while ( $ban = $query -> fetch ()) {
$body .= '<form action="" method="post" style="text-align:center">' .
'<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' .
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
'Expired'
: 'Active' ) .
'</td></tr>' .
2011-02-18 00:36:50 +11:00
2012-04-12 02:49:22 +10:00
// IP
'<tr><th>IP</th><td>' . $ban [ 'ip' ] . '</td></tr>' .
// Reason
'<tr><th>Reason</th><td>' . $ban [ 'reason' ] . '</td></tr>' .
// Board
'<tr><th>Board</th><td>' .
( isset ( $ban [ 'board' ]) ?
( isset ( $ban [ 'uri' ]) ?
sprintf ( $config [ 'board_abbreviation' ], $ban [ 'uri' ])
:
'<em>deleted?</em>'
)
:
'<em>' . _ ( 'all boards' ) . '</em>'
) .
'</td></tr>' .
// Set
'<tr><th>Set</th><td>' . strftime ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td></tr>' .
// Expires
'<tr><th>Expires</th><td>' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
2011-07-30 15:42:28 +10:00
:
2012-04-12 02:49:22 +10:00
strftime ( $config [ 'post_date' ], $ban [ 'expires' ])
2011-10-03 18:47:59 +11:00
) .
2012-04-12 02:49:22 +10:00
'</td></tr>' .
// Staff
'<tr><th>Staff</th><td>' .
( isset ( $ban [ 'username' ]) ?
( ! hasPermission ( $config [ 'mod' ][ 'view_banstaff' ]) ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
'?'
2011-07-30 15:42:28 +10:00
:
2012-04-12 02:49:22 +10:00
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
'?' )))
2011-07-30 15:42:28 +10:00
)
2012-04-12 02:49:22 +10:00
:
utf8tohtml ( $ban [ 'username' ])
)
: '<em>deleted?</em>'
) .
'</td></tr></table>' .
2011-08-04 15:47:34 +10:00
2012-04-12 02:49:22 +10:00
'<input type="hidden" name="ban_id" value="' . $ban [ 'id' ] . '" />' .
2011-08-04 15:47:34 +10:00
2012-04-12 02:49:22 +10:00
'<input type="submit" name="unban" value="Remove ban" ' .
( ! hasPermission ( $config [ 'mod' ][ 'unban' ]) ? 'disabled' : '' ) .
'/></form>' ;
2011-07-30 15:42:28 +10:00
}
2012-04-12 02:49:22 +10:00
$body .= '</fieldset>' ;
2011-02-18 00:36:50 +11:00
}
2011-07-30 15:42:28 +10:00
}
2012-04-12 02:49:22 +10:00
if ( hasPermission ( $config [ 'mod' ][ 'ip_banform' ]))
$body .= form_newBan ( $ip , null , '?/IP/' . $ip );
echo Element ( 'page.html' , array (
'config' => $config ,
'title' => 'IP: ' . $ip ,
'subtitle' => $host ,
'body' => $body ,
'mod' => true
)
);
2010-12-02 01:17:27 +11:00
}
2012-04-12 02:49:22 +10:00
} else {
error ( $config [ 'error' ][ '404' ]);
2010-12-01 21:53:11 +11:00
}
2012-04-12 02:49:22 +10:00
}
2011-11-16 18:53:37 +11:00