2012-04-12 18:11:41 +02:00
< ? php
/*
2013-01-20 11:23:46 +01:00
* Copyright ( c ) 2010 - 2013 Tinyboard Development Group
2012-04-12 18:11:41 +02:00
*/
2013-09-06 12:12:04 +02:00
defined ( 'TINYBOARD' ) or exit ;
2012-04-12 18:11:41 +02:00
2012-05-05 17:33:10 +02:00
function mod_page ( $title , $template , $args , $subtitle = false ) {
2012-04-12 18:11:41 +02:00
global $config , $mod ;
echo Element ( 'page.html' , array (
'config' => $config ,
'mod' => $mod ,
2012-04-16 12:11:10 +02:00
'hide_dashboard_link' => $template == 'mod/dashboard.html' ,
2012-04-12 18:11:41 +02:00
'title' => $title ,
2012-05-05 17:33:10 +02:00
'subtitle' => $subtitle ,
2013-09-15 22:37:14 +02:00
'nojavascript' => true ,
2012-04-12 18:11:41 +02:00
'body' => Element ( $template ,
array_merge (
array ( 'config' => $config , 'mod' => $mod ),
$args
)
)
)
);
}
2013-01-29 12:11:33 +01:00
function mod_login ( $redirect = false ) {
2012-05-05 17:33:10 +02:00
global $config ;
2012-04-12 18:11:41 +02:00
$args = array ();
if ( isset ( $_POST [ 'login' ])) {
// Check if inputs are set and not empty
if ( ! isset ( $_POST [ 'username' ], $_POST [ 'password' ]) || $_POST [ 'username' ] == '' || $_POST [ 'password' ] == '' ) {
$args [ 'error' ] = $config [ 'error' ][ 'invalid' ];
} elseif ( ! login ( $_POST [ 'username' ], $_POST [ 'password' ])) {
if ( $config [ 'syslog' ])
_syslog ( LOG_WARNING , 'Unauthorized login attempt!' );
$args [ 'error' ] = $config [ 'error' ][ 'invalid' ];
} else {
2012-04-16 08:40:24 +02:00
modLog ( 'Logged in' );
2012-04-12 18:11:41 +02:00
// Login successful
// Set cookies
setCookies ();
2013-01-29 12:11:33 +01:00
if ( $redirect )
header ( 'Location: ?' . $redirect , true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2012-04-12 18:11:41 +02:00
}
}
if ( isset ( $_POST [ 'username' ]))
$args [ 'username' ] = $_POST [ 'username' ];
2012-05-25 13:40:01 +02:00
mod_page ( _ ( 'Login' ), 'mod/login.html' , $args );
2012-04-13 02:41:30 +02:00
}
function mod_confirm ( $request ) {
2012-08-27 07:19:05 +02:00
mod_page ( _ ( 'Confirm action' ), 'mod/confirm.html' , array ( 'request' => $request , 'token' => make_secure_link_token ( $request )));
2012-04-12 18:11:41 +02:00
}
2012-05-05 17:33:10 +02:00
function mod_logout () {
2013-01-19 06:16:42 +01:00
global $config ;
2012-05-05 17:33:10 +02:00
destroyCookies ();
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
}
2012-04-12 18:11:41 +02:00
function mod_dashboard () {
2012-05-05 17:33:10 +02:00
global $config , $mod ;
2012-04-20 13:54:30 +02:00
2012-04-12 18:11:41 +02:00
$args = array ();
$args [ 'boards' ] = listBoards ();
2012-04-21 07:15:32 +02:00
if ( hasPermission ( $config [ 'mod' ][ 'noticeboard' ])) {
if ( ! $config [ 'cache' ][ 'enabled' ] || ! $args [ 'noticeboard' ] = cache :: get ( 'noticeboard_preview' )) {
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT ``noticeboard``.*, `username` FROM ``noticeboard`` LEFT JOIN ``mods`` ON ``mods``.`id` = `mod` ORDER BY `id` DESC LIMIT :limit " );
2012-04-20 13:54:30 +02:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_dashboard' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$args [ 'noticeboard' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2012-04-21 07:15:32 +02:00
if ( $config [ 'cache' ][ 'enabled' ])
2012-04-20 13:54:30 +02:00
cache :: set ( 'noticeboard_preview' , $args [ 'noticeboard' ]);
}
}
2013-08-30 00:38:14 +02:00
if ( ! $config [ 'cache' ][ 'enabled' ] || ( $args [ 'unread_pms' ] = cache :: get ( 'pm_unreadcount_' . $mod [ 'id' ])) === false ) {
2013-08-01 04:14:26 +02:00
$query = prepare ( 'SELECT COUNT(*) FROM ``pms`` WHERE `to` = :id AND `unread` = 1' );
2012-05-20 11:06:27 +02:00
$query -> bindValue ( ':id' , $mod [ 'id' ]);
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
$args [ 'unread_pms' ] = $query -> fetchColumn ();
2012-05-20 11:06:27 +02:00
if ( $config [ 'cache' ][ 'enabled' ])
cache :: set ( 'pm_unreadcount_' . $mod [ 'id' ], $args [ 'unread_pms' ]);
}
2012-05-05 17:33:10 +02:00
2015-03-30 01:13:57 +02:00
$query = prepare ( 'SELECT COUNT(*) AS `total_reports` FROM ``reports``' . (( $mod [ " type " ] < GLOBALVOLUNTEER ) ? " WHERE board = :board " : " " ));
2013-10-23 12:39:30 +02:00
2015-03-30 01:13:57 +02:00
if ( $mod [ 'type' ] < GLOBALVOLUNTEER ) {
2013-10-23 12:39:30 +02:00
$query -> bindValue ( ':board' , $mod [ 'boards' ][ 0 ]);
2014-02-16 21:18:15 +01:00
} else {
$query = prepare ( 'SELECT (SELECT COUNT(id) FROM reports WHERE global = 0) AS total_reports, (SELECT COUNT(id) FROM reports WHERE global = 1) AS global_reports' );
}
2013-10-23 12:39:30 +02:00
$query -> execute () or error ( db_error ( $query ));
2014-02-16 21:18:15 +01:00
$row = $query -> fetch ();
$args [ 'reports' ] = $row [ 'total_reports' ];
$args [ 'global_reports' ] = isset ( $row [ 'global_reports' ]) ? $row [ 'global_reports' ] : false ;
2012-05-25 13:40:01 +02:00
2013-09-23 08:48:56 +02:00
$args [ 'logout_token' ] = make_secure_link_token ( 'logout' );
2013-10-26 13:26:08 +02:00
modLog ( 'Looked at dashboard' , false );
2013-09-23 08:48:56 +02:00
2012-05-25 13:40:01 +02:00
mod_page ( _ ( 'Dashboard' ), 'mod/dashboard.html' , $args );
2012-04-12 18:11:41 +02:00
}
2013-07-20 13:50:33 +02:00
function mod_search_redirect () {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'search' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-07-20 18:05:42 +02:00
if ( isset ( $_POST [ 'query' ], $_POST [ 'type' ]) && in_array ( $_POST [ 'type' ], array ( 'posts' , 'IP_notes' , 'bans' , 'log' ))) {
2013-07-20 13:50:33 +02:00
$query = $_POST [ 'query' ];
$query = urlencode ( $query );
$query = str_replace ( '_' , '%5F' , $query );
$query = str_replace ( '+' , '_' , $query );
2013-07-30 02:20:07 +02:00
if ( $query === '' ) {
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
return ;
}
2013-07-20 13:50:33 +02:00
header ( 'Location: ?/search/' . $_POST [ 'type' ] . '/' . $query , true , $config [ 'redirect_http' ]);
} else {
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
}
}
2013-07-20 18:05:42 +02:00
function mod_search ( $type , $search_query_escaped , $page_no = 1 ) {
2013-07-20 13:50:33 +02:00
global $pdo , $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'search' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
// Unescape query
2013-07-20 18:05:42 +02:00
$query = str_replace ( '_' , ' ' , $search_query_escaped );
2013-07-20 13:50:33 +02:00
$query = urldecode ( $query );
$search_query = $query ;
// Form a series of LIKE clauses for the query.
// This gets a little complicated.
2013-09-30 04:18:56 +02:00
// Escape "escape" character
$query = str_replace ( '!' , '!!' , $query );
// Escape SQL wildcard
$query = str_replace ( '%' , '!%' , $query );
// Use asterisk as wildcard instead
$query = str_replace ( '*' , '%' , $query );
$query = str_replace ( '`' , '!`' , $query );
// Array of phrases to match
$match = array ();
// Exact phrases ("like this")
if ( preg_match_all ( '/"(.+?)"/' , $query , $exact_phrases )) {
$exact_phrases = $exact_phrases [ 1 ];
foreach ( $exact_phrases as $phrase ) {
$query = str_replace ( " \" { $phrase } \" " , '' , $query );
$match [] = $pdo -> quote ( $phrase );
}
}
// Non-exact phrases (ie. plain keywords)
$keywords = explode ( ' ' , $query );
foreach ( $keywords as $word ) {
if ( empty ( $word ))
continue ;
$match [] = $pdo -> quote ( $word );
}
2013-07-20 13:50:33 +02:00
// Which `field` to search?
if ( $type == 'posts' )
2014-07-08 09:43:04 +02:00
$sql_field = array ( 'body_nomarkup' , 'files' , 'subject' , 'filehash' , 'ip' , 'name' , 'trip' );
2013-07-20 13:50:33 +02:00
if ( $type == 'IP_notes' )
$sql_field = 'body' ;
if ( $type == 'bans' )
$sql_field = 'reason' ;
2013-07-20 18:05:42 +02:00
if ( $type == 'log' )
$sql_field = 'text' ;
2013-09-30 04:18:56 +02:00
// Build the "LIKE 'this' AND LIKE 'that'" etc. part of the SQL query
$sql_like = '' ;
foreach ( $match as $phrase ) {
if ( ! empty ( $sql_like ))
$sql_like .= ' AND ' ;
$phrase = preg_replace ( '/^\'(.+)\'$/' , '\'%$1%\'' , $phrase );
if ( is_array ( $sql_field )) {
foreach ( $sql_field as $field ) {
$sql_like .= '`' . $field . '` LIKE ' . $phrase . ' ESCAPE \'!\' OR' ;
}
$sql_like = preg_replace ( '/ OR$/' , '' , $sql_like );
} else {
$sql_like .= '`' . $sql_field . '` LIKE ' . $phrase . ' ESCAPE \'!\'' ;
}
}
2013-07-20 18:05:42 +02:00
// Compile SQL query
2013-07-20 13:50:33 +02:00
if ( $type == 'posts' ) {
2013-07-29 22:18:06 +02:00
$query = '' ;
$boards = listBoards ();
if ( empty ( $boards ))
error ( _ ( 'There are no boards to search!' ));
2013-09-30 04:18:56 +02:00
2013-07-29 22:18:06 +02:00
foreach ( $boards as $board ) {
openBoard ( $board [ 'uri' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'search_posts' ], $board [ 'uri' ]))
continue ;
if ( ! empty ( $query ))
$query .= ' UNION ALL ' ;
2013-08-01 04:14:26 +02:00
$query .= sprintf ( " SELECT *, '%s' AS `board` FROM ``posts_%s`` WHERE %s " , $board [ 'uri' ], $board [ 'uri' ], $sql_like );
2013-07-29 22:18:06 +02:00
}
// You weren't allowed to search any boards
if ( empty ( $query ))
error ( $config [ 'error' ][ 'noaccess' ]);
$query .= ' ORDER BY `sticky` DESC, `id` DESC' ;
2013-07-20 13:50:33 +02:00
}
if ( $type == 'IP_notes' ) {
2013-08-01 04:14:26 +02:00
$query = 'SELECT * FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC' ;
2013-07-20 18:05:42 +02:00
$sql_table = 'ip_notes' ;
2013-07-20 19:15:44 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'view_notes' ]) || ! hasPermission ( $config [ 'mod' ][ 'show_ip' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-07-20 13:50:33 +02:00
}
if ( $type == 'bans' ) {
2013-09-17 01:35:13 +02:00
$query = 'SELECT ``bans``.*, `username` FROM ``bans`` LEFT JOIN ``mods`` ON `creator` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY (`expires` IS NOT NULL AND `expires` < UNIX_TIMESTAMP()), `created` DESC' ;
2013-07-20 18:05:42 +02:00
$sql_table = 'bans' ;
2013-07-20 19:15:44 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'view_banlist' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-07-20 18:05:42 +02:00
}
if ( $type == 'log' ) {
2013-08-01 04:14:26 +02:00
$query = 'SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC' ;
2013-07-20 18:05:42 +02:00
$sql_table = 'modlogs' ;
2013-07-20 19:15:44 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'modlog' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-07-20 18:05:42 +02:00
}
2013-07-20 13:50:33 +02:00
2013-07-20 18:05:42 +02:00
// Execute SQL query (with pages)
$q = query ( $query . ' LIMIT ' . (( $page_no - 1 ) * $config [ 'mod' ][ 'search_page' ]) . ', ' . $config [ 'mod' ][ 'search_page' ]) or error ( db_error ());
$results = $q -> fetchAll ( PDO :: FETCH_ASSOC );
2013-07-29 22:18:06 +02:00
2013-07-20 18:05:42 +02:00
// Get total result count
2013-07-29 22:18:06 +02:00
if ( $type == 'posts' ) {
$q = query ( " SELECT COUNT(*) FROM ( $query ) AS `tmp_table` " ) or error ( db_error ());
$result_count = $q -> fetchColumn ();
} else {
$q = query ( 'SELECT COUNT(*) FROM `' . $sql_table . '` WHERE ' . $sql_like ) or error ( db_error ());
$result_count = $q -> fetchColumn ();
}
2013-07-20 18:05:42 +02:00
if ( $type == 'bans' ) {
2013-07-20 13:50:33 +02:00
foreach ( $results as & $ban ) {
2013-09-17 01:35:13 +02:00
$ban [ 'mask' ] = Bans :: range_to_string ( array ( $ban [ 'ipstart' ], $ban [ 'ipend' ]));
if ( filter_var ( $ban [ 'mask' ], FILTER_VALIDATE_IP ) !== false )
$ban [ 'single_addr' ] = true ;
2013-07-20 13:50:33 +02:00
}
}
2013-07-29 22:18:06 +02:00
if ( $type == 'posts' ) {
foreach ( $results as & $post ) {
$post [ 'snippet' ] = pm_snippet ( $post [ 'body' ]);
}
}
2013-07-20 13:50:33 +02:00
// $results now contains the search results
2013-07-20 18:05:42 +02:00
2013-07-20 13:50:33 +02:00
mod_page ( _ ( 'Search results' ), 'mod/search_results.html' , array (
'search_type' => $type ,
'search_query' => $search_query ,
2013-07-20 18:05:42 +02:00
'search_query_escaped' => $search_query_escaped ,
'result_count' => $result_count ,
2013-07-20 13:50:33 +02:00
'results' => $results
));
}
2012-05-05 17:33:10 +02:00
function mod_edit_board ( $boardName ) {
global $board , $config ;
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'manageboards' ], $board [ 'uri' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'title' ], $_POST [ 'subtitle' ])) {
if ( isset ( $_POST [ 'delete' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'manageboards' ], $board [ 'uri' ]))
error ( $config [ 'error' ][ 'deleteboard' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``boards`` WHERE `uri` = :uri' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':uri' , $board [ 'uri' ]);
$query -> execute () or error ( db_error ( $query ));
2013-08-19 12:00:16 +02:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'board_' . $board [ 'uri' ]);
cache :: delete ( 'all_boards' );
2014-05-05 17:05:32 +02:00
cache :: delete ( 'all_boards_uri' );
2013-08-19 12:00:16 +02:00
}
2012-05-05 17:33:10 +02:00
2013-08-19 12:00:16 +02:00
modLog ( 'Deleted board: ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]), false );
2012-05-05 17:33:10 +02:00
// Delete posting table
2013-08-01 04:14:26 +02:00
$query = query ( sprintf ( 'DROP TABLE IF EXISTS ``posts_%s``' , $board [ 'uri' ])) or error ( db_error ());
2012-05-05 17:33:10 +02:00
// Clear reports
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``reports`` WHERE `board` = :id' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':id' , $board [ 'uri' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// Delete from table
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``boards`` WHERE `uri` = :uri' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':uri' , $board [ 'uri' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2013-08-21 13:34:18 +02:00
$query = prepare ( " SELECT `board`, `post` FROM ``cites`` WHERE `target_board` = :board ORDER BY `board` " );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> execute () or error ( db_error ( $query ));
while ( $cite = $query -> fetch ( PDO :: FETCH_ASSOC )) {
if ( $board [ 'uri' ] != $cite [ 'board' ]) {
if ( ! isset ( $tmp_board ))
$tmp_board = $board ;
openBoard ( $cite [ 'board' ]);
rebuildPost ( $cite [ 'post' ]);
}
}
2013-08-21 13:34:18 +02:00
if ( isset ( $tmp_board ))
$board = $tmp_board ;
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``cites`` WHERE `board` = :board OR `target_board` = :board' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> execute () or error ( db_error ( $query ));
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``antispam`` WHERE `board` = :board' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':board' , $board [ 'uri' ]);
$query -> execute () or error ( db_error ( $query ));
2013-07-16 08:27:20 +02:00
// Remove board from users/permissions table
2013-08-01 04:14:26 +02:00
$query = query ( 'SELECT `id`,`boards` FROM ``mods``' ) or error ( db_error ());
2013-07-16 08:27:20 +02:00
while ( $user = $query -> fetch ( PDO :: FETCH_ASSOC )) {
$user_boards = explode ( ',' , $user [ 'boards' ]);
if ( in_array ( $board [ 'uri' ], $user_boards )) {
unset ( $user_boards [ array_search ( $board [ 'uri' ], $user_boards )]);
2013-08-01 04:14:26 +02:00
$_query = prepare ( 'UPDATE ``mods`` SET `boards` = :boards WHERE `id` = :id' );
2013-07-16 08:27:20 +02:00
$_query -> bindValue ( ':boards' , implode ( ',' , $user_boards ));
$_query -> bindValue ( ':id' , $user [ 'id' ]);
$_query -> execute () or error ( db_error ( $_query ));
}
}
2013-08-19 12:00:16 +02:00
// Delete entire board directory
rrmdir ( $board [ 'uri' ] . '/' );
2014-09-26 00:53:56 +02:00
// To reiterate: HAAAAAX
if ( $config [ 'dir' ][ 'img_root' ] != '' )
rrmdir ( $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]);
2012-05-05 17:33:10 +02:00
} else {
2013-08-01 04:14:26 +02:00
$query = prepare ( 'UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':uri' , $board [ 'uri' ]);
$query -> bindValue ( ':title' , $_POST [ 'title' ]);
$query -> bindValue ( ':subtitle' , $_POST [ 'subtitle' ]);
$query -> execute () or error ( db_error ( $query ));
2013-01-27 09:02:47 +01:00
modLog ( 'Edited board information for ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]), false );
2012-05-05 17:33:10 +02:00
}
2012-05-19 12:52:45 +02:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'board_' . $board [ 'uri' ]);
cache :: delete ( 'all_boards' );
2014-05-29 16:41:20 +02:00
cache :: delete ( 'all_boards_uri' );
2012-05-19 12:52:45 +02:00
}
2012-05-05 17:33:10 +02:00
rebuildThemes ( 'boards' );
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
} else {
2013-09-23 08:48:56 +02:00
mod_page ( sprintf ( '%s: ' . $config [ 'board_abbreviation' ], _ ( 'Edit board' ), $board [ 'uri' ]), 'mod/board.html' , array (
'board' => $board ,
'token' => make_secure_link_token ( 'edit/' . $board [ 'uri' ])
));
2012-05-05 17:33:10 +02:00
}
}
function mod_new_board () {
global $config , $board ;
if ( ! hasPermission ( $config [ 'mod' ][ 'newboard' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'uri' ], $_POST [ 'title' ], $_POST [ 'subtitle' ])) {
if ( $_POST [ 'uri' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'URI' ));
if ( $_POST [ 'title' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'title' ));
2013-07-31 08:08:55 +02:00
if ( ! preg_match ( '/^' . $config [ 'board_regex' ] . '$/u' , $_POST [ 'uri' ]))
2012-05-05 17:33:10 +02:00
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'URI' ));
2013-07-31 12:40:57 +02:00
$bytes = 0 ;
$chars = preg_split ( '//u' , $_POST [ 'uri' ], - 1 , PREG_SPLIT_NO_EMPTY );
foreach ( $chars as $char ) {
$o = 0 ;
$ord = ordutf8 ( $char , $o );
if ( $ord > 0x0080 )
$bytes += 5 ; // @01ff
else
$bytes ++ ;
}
$bytes + strlen ( 'posts_.frm' );
if ( $bytes > 255 ) {
error ( 'Your filesystem cannot handle a board URI of that length (' . $bytes . '/255 bytes)' );
exit ;
}
2012-05-05 17:33:10 +02:00
if ( openBoard ( $_POST [ 'uri' ])) {
error ( sprintf ( $config [ 'error' ][ 'boardexists' ], $board [ 'url' ]));
}
2014-11-10 11:49:26 +01:00
foreach ( $config [ 'banned_boards' ] as $i => $w ) {
if ( $w [ 0 ] !== '/' ) {
if ( strpos ( $_POST [ 'uri' ], $w ) !== false )
error ( _ ( " Cannot create board with banned word $w " ));
} else {
if ( preg_match ( $w , $_POST [ 'uri' ]))
error ( _ ( " Cannot create board matching banned pattern $w " ));
}
}
2014-10-17 09:32:39 +02:00
$query = prepare ( 'INSERT INTO ``boards`` (``uri``, ``title``, ``subtitle``) VALUES (:uri, :title, :subtitle)' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':uri' , $_POST [ 'uri' ]);
$query -> bindValue ( ':title' , $_POST [ 'title' ]);
$query -> bindValue ( ':subtitle' , $_POST [ 'subtitle' ]);
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Created a new board: ' . sprintf ( $config [ 'board_abbreviation' ], $_POST [ 'uri' ]));
if ( ! openBoard ( $_POST [ 'uri' ]))
error ( _ ( " Couldn't open board after creation. " ));
2013-08-04 21:23:26 +02:00
$query = Element ( 'posts.sql' , array ( 'board' => $board [ 'uri' ]));
if ( mysql_version () < 50503 )
$query = preg_replace ( '/(CHARSET=|CHARACTER SET )utf8mb4/' , '$1utf8' , $query );
query ( $query ) or error ( db_error ());
2012-05-05 17:33:10 +02:00
if ( $config [ 'cache' ][ 'enabled' ])
2012-05-19 12:52:45 +02:00
cache :: delete ( 'all_boards' );
2012-05-05 17:33:10 +02:00
// Build the board
buildIndex ();
rebuildThemes ( 'boards' );
header ( 'Location: ?/' . $board [ 'uri' ] . '/' . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2013-09-23 08:48:56 +02:00
mod_page ( _ ( 'New board' ), 'mod/board.html' , array ( 'new' => true , 'token' => make_secure_link_token ( 'new-board' )));
2012-05-05 17:33:10 +02:00
}
2012-04-21 07:15:32 +02:00
function mod_noticeboard ( $page_no = 1 ) {
global $config , $pdo , $mod ;
2012-04-21 07:29:57 +02:00
if ( $page_no < 1 )
error ( $config [ 'error' ][ '404' ]);
2012-04-21 07:15:32 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'subject' ], $_POST [ 'body' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard_post' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 00:59:54 +02:00
$_POST [ 'body' ] = escape_markup_modifiers ( $_POST [ 'body' ]);
2012-04-21 07:15:32 +02:00
markup ( $_POST [ 'body' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( 'INSERT INTO ``noticeboard`` VALUES (NULL, :mod, :time, :subject, :body)' );
2012-04-21 07:15:32 +02:00
$query -> bindValue ( ':mod' , $mod [ 'id' ]);
$query -> bindvalue ( ':time' , time ());
$query -> bindValue ( ':subject' , $_POST [ 'subject' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
if ( $config [ 'cache' ][ 'enabled' ])
2012-04-21 07:15:32 +02:00
cache :: delete ( 'noticeboard_preview' );
2012-05-05 17:33:10 +02:00
modLog ( 'Posted a noticeboard entry' );
2012-04-21 07:15:32 +02:00
header ( 'Location: ?/noticeboard#' . $pdo -> lastInsertId (), true , $config [ 'redirect_http' ]);
}
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT ``noticeboard``.*, `username` FROM ``noticeboard`` LEFT JOIN ``mods`` ON ``mods``.`id` = `mod` ORDER BY `id` DESC LIMIT :offset, :limit " );
2012-04-21 07:15:32 +02:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_page' ], PDO :: PARAM_INT );
$query -> bindValue ( ':offset' , ( $page_no - 1 ) * $config [ 'mod' ][ 'noticeboard_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$noticeboard = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2012-04-21 07:29:57 +02:00
if ( empty ( $noticeboard ) && $page_no > 1 )
2012-04-21 07:15:32 +02:00
error ( $config [ 'error' ][ '404' ]);
2013-09-23 08:48:56 +02:00
foreach ( $noticeboard as & $entry ) {
$entry [ 'delete_token' ] = make_secure_link_token ( 'noticeboard/delete/' . $entry [ 'id' ]);
}
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT COUNT(*) FROM ``noticeboard`` " );
2012-04-21 07:15:32 +02:00
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
$count = $query -> fetchColumn ();
2012-04-21 07:15:32 +02:00
2013-09-23 08:48:56 +02:00
mod_page ( _ ( 'Noticeboard' ), 'mod/noticeboard.html' , array (
'noticeboard' => $noticeboard ,
'count' => $count ,
'token' => make_secure_link_token ( 'noticeboard' )
));
2012-04-21 07:15:32 +02:00
}
2012-05-05 17:33:10 +02:00
function mod_noticeboard_delete ( $id ) {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard_delete' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``noticeboard`` WHERE `id` = :id' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Deleted a noticeboard entry' );
2012-08-27 18:24:29 +02:00
if ( $config [ 'cache' ][ 'enabled' ])
cache :: delete ( 'noticeboard_preview' );
2012-05-05 17:33:10 +02:00
header ( 'Location: ?/noticeboard' , true , $config [ 'redirect_http' ]);
}
function mod_news ( $page_no = 1 ) {
global $config , $pdo , $mod ;
if ( $page_no < 1 )
error ( $config [ 'error' ][ '404' ]);
if ( isset ( $_POST [ 'subject' ], $_POST [ 'body' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'news' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 00:59:54 +02:00
$_POST [ 'body' ] = escape_markup_modifiers ( $_POST [ 'body' ]);
2012-05-05 17:33:10 +02:00
markup ( $_POST [ 'body' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( 'INSERT INTO ``news`` VALUES (NULL, :name, :time, :subject, :body)' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':name' , isset ( $_POST [ 'name' ]) && hasPermission ( $config [ 'mod' ][ 'news_custom' ]) ? $_POST [ 'name' ] : $mod [ 'username' ]);
$query -> bindvalue ( ':time' , time ());
$query -> bindValue ( ':subject' , $_POST [ 'subject' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Posted a news entry' );
rebuildThemes ( 'news' );
2014-12-14 12:27:26 +01:00
header ( 'Location: ?/edit_news#' . $pdo -> lastInsertId (), true , $config [ 'redirect_http' ]);
2012-05-05 17:33:10 +02:00
}
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT * FROM ``news`` ORDER BY `id` DESC LIMIT :offset, :limit " );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'news_page' ], PDO :: PARAM_INT );
$query -> bindValue ( ':offset' , ( $page_no - 1 ) * $config [ 'mod' ][ 'news_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$news = $query -> fetchAll ( PDO :: FETCH_ASSOC );
if ( empty ( $news ) && $page_no > 1 )
error ( $config [ 'error' ][ '404' ]);
2013-09-23 08:48:56 +02:00
foreach ( $news as & $entry ) {
2014-12-14 12:27:26 +01:00
$entry [ 'delete_token' ] = make_secure_link_token ( 'edit_news/delete/' . $entry [ 'id' ]);
2013-09-23 08:48:56 +02:00
}
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT COUNT(*) FROM ``news`` " );
2012-05-05 17:33:10 +02:00
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
$count = $query -> fetchColumn ();
2012-05-05 17:33:10 +02:00
2014-12-14 12:27:26 +01:00
mod_page ( _ ( 'News' ), 'mod/news.html' , array ( 'news' => $news , 'count' => $count , 'token' => make_secure_link_token ( 'edit_news' )));
2012-05-05 17:33:10 +02:00
}
function mod_news_delete ( $id ) {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'news_delete' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``news`` WHERE `id` = :id' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Deleted a news entry' );
2014-12-14 12:27:26 +01:00
header ( 'Location: ?/edit_news' , true , $config [ 'redirect_http' ]);
2012-05-05 17:33:10 +02:00
}
2012-04-13 02:41:30 +02:00
function mod_log ( $page_no = 1 ) {
global $config ;
2012-04-21 07:29:57 +02:00
if ( $page_no < 1 )
error ( $config [ 'error' ][ '404' ]);
2012-04-13 02:41:30 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'modlog' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` ORDER BY `time` DESC LIMIT :offset, :limit " );
2012-04-13 02:41:30 +02:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> bindValue ( ':offset' , ( $page_no - 1 ) * $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$logs = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2012-04-21 07:29:57 +02:00
if ( empty ( $logs ) && $page_no > 1 )
2012-04-21 07:15:32 +02:00
error ( $config [ 'error' ][ '404' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT COUNT(*) FROM ``modlogs`` " );
2012-04-13 12:57:59 +02:00
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
$count = $query -> fetchColumn ();
2012-04-13 12:57:59 +02:00
2015-02-20 07:58:30 +01:00
mod_page ( _ ( 'Board log' ), 'mod/log.html' , array ( 'logs' => $logs , 'count' => $count ));
2012-04-13 02:41:30 +02:00
}
2012-08-27 14:13:47 +02:00
function mod_user_log ( $username , $page_no = 1 ) {
global $config ;
if ( $page_no < 1 )
error ( $config [ 'error' ][ '404' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'modlog' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `username` = :username ORDER BY `time` DESC LIMIT :offset, :limit " );
2012-08-27 14:13:47 +02:00
$query -> bindValue ( ':username' , $username );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> bindValue ( ':offset' , ( $page_no - 1 ) * $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$logs = $query -> fetchAll ( PDO :: FETCH_ASSOC );
if ( empty ( $logs ) && $page_no > 1 )
error ( $config [ 'error' ][ '404' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT COUNT(*) FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `username` = :username " );
2012-08-27 14:15:58 +02:00
$query -> bindValue ( ':username' , $username );
2012-08-27 14:13:47 +02:00
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
$count = $query -> fetchColumn ();
2012-08-27 14:13:47 +02:00
2015-02-20 07:58:30 +01:00
mod_page ( _ ( 'Board log' ), 'mod/log.html' , array ( 'logs' => $logs , 'count' => $count , 'username' => $username ));
2012-08-27 14:13:47 +02:00
}
2015-02-26 02:21:49 +01:00
function mod_board_log ( $board , $page_no = 1 , $hide_names = false , $public = false ) {
2015-02-17 01:28:22 +01:00
global $config ;
if ( $page_no < 1 )
error ( $config [ 'error' ][ '404' ]);
2015-02-26 02:21:49 +01:00
if ( ! hasPermission ( $config [ 'mod' ][ 'mod_board_log' ], $board ) && ! $public )
2015-02-17 01:28:22 +01:00
error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `board` = :board ORDER BY `time` DESC LIMIT :offset, :limit " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> bindValue ( ':offset' , ( $page_no - 1 ) * $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$logs = $query -> fetchAll ( PDO :: FETCH_ASSOC );
if ( empty ( $logs ) && $page_no > 1 )
error ( $config [ 'error' ][ '404' ]);
2015-02-20 07:58:30 +01:00
if ( ! hasPermission ( $config [ 'mod' ][ 'show_ip' ])) {
// Supports ipv4 only!
foreach ( $logs as $i => & $log ) {
$log [ 'text' ] = preg_replace_callback ( '/(?:<a href="\?\/IP\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}">)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:<\/a>)?/' , function ( $matches ) {
2015-03-06 11:00:03 +01:00
global $board ;
return less_ip ( $matches [ 1 ], $board [ 'uri' ]);
2015-02-20 07:58:30 +01:00
}, $log [ 'text' ]);
}
}
2015-02-17 01:28:22 +01:00
$query = prepare ( " SELECT COUNT(*) FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `board` = :board " );
$query -> bindValue ( ':board' , $board );
$query -> execute () or error ( db_error ( $query ));
$count = $query -> fetchColumn ();
2015-02-26 02:21:49 +01:00
mod_page ( _ ( 'Board log' ), 'mod/log.html' , array ( 'logs' => $logs , 'count' => $count , 'board' => $board , 'hide_names' => $hide_names , 'public' => $public ));
2015-02-17 01:28:22 +01:00
}
2012-04-12 18:11:41 +02:00
function mod_view_board ( $boardName , $page_no = 1 ) {
global $config , $mod ;
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! $page = index ( $page_no , $mod )) {
error ( $config [ 'error' ][ '404' ]);
}
$page [ 'pages' ] = getPages ( true );
$page [ 'pages' ][ $page_no - 1 ][ 'selected' ] = true ;
$page [ 'btn' ] = getPageButtons ( $page [ 'pages' ], true );
$page [ 'mod' ] = true ;
$page [ 'config' ] = $config ;
2012-04-16 08:40:24 +02:00
2012-04-12 18:11:41 +02:00
echo Element ( 'index.html' , $page );
}
function mod_view_thread ( $boardName , $thread ) {
global $config , $mod ;
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
$page = buildThread ( $thread , true , $mod );
echo $page ;
}
2013-08-10 23:16:30 +02:00
function mod_view_thread50 ( $boardName , $thread ) {
global $config , $mod ;
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
$page = buildThread50 ( $thread , true , $mod );
echo $page ;
}
2012-04-13 02:41:30 +02:00
function mod_ip_remove_note ( $ip , $id ) {
global $config , $mod ;
2012-04-14 14:58:36 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'remove_notes' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2012-04-13 02:41:30 +02:00
if ( filter_var ( $ip , FILTER_VALIDATE_IP ) === false )
error ( " Invalid IP address. " );
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``ip_notes`` WHERE `ip` = :ip AND `id` = :id' );
2012-04-13 02:41:30 +02:00
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
2012-04-16 08:40:24 +02:00
modLog ( " Removed a note for <a href= \" ?/IP/ { $ip } \" > { $ip } </a> " );
2012-05-05 17:33:10 +02:00
header ( 'Location: ?/IP/' . $ip . '#notes' , true , $config [ 'redirect_http' ]);
2012-04-13 02:41:30 +02:00
}
2012-04-12 18:11:41 +02:00
function mod_page_ip ( $ip ) {
global $config , $mod ;
2014-10-10 03:39:37 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'show_ip' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2012-04-12 18:11:41 +02:00
2012-04-13 01:47:27 +02:00
if ( filter_var ( $ip , FILTER_VALIDATE_IP ) === false )
2012-04-13 01:29:08 +02:00
error ( " Invalid IP address. " );
2012-04-13 01:47:27 +02:00
if ( isset ( $_POST [ 'ban_id' ], $_POST [ 'unban' ])) {
2012-04-14 14:58:36 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'unban' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2014-10-08 23:23:59 +02:00
Bans :: delete ( $_POST [ 'ban_id' ], true , $mod [ 'boards' ]);
2012-05-05 17:33:10 +02:00
header ( 'Location: ?/IP/' . $ip . '#bans' , true , $config [ 'redirect_http' ]);
2012-04-13 01:47:27 +02:00
return ;
}
2012-04-13 02:41:30 +02:00
if ( isset ( $_POST [ 'note' ])) {
2012-04-14 14:58:36 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'create_notes' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2012-04-13 02:41:30 +02:00
2013-08-01 00:59:54 +02:00
$_POST [ 'note' ] = escape_markup_modifiers ( $_POST [ 'note' ]);
2012-04-13 02:41:30 +02:00
markup ( $_POST [ 'note' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( 'INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)' );
2012-04-13 02:41:30 +02:00
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':mod' , $mod [ 'id' ]);
$query -> bindValue ( ':time' , time ());
$query -> bindValue ( ':body' , $_POST [ 'note' ]);
$query -> execute () or error ( db_error ( $query ));
2012-04-16 08:40:24 +02:00
modLog ( " Added a note for <a href= \" ?/IP/ { $ip } \" > { $ip } </a> " );
2012-05-05 17:33:10 +02:00
header ( 'Location: ?/IP/' . $ip . '#notes' , true , $config [ 'redirect_http' ]);
2012-04-13 02:41:30 +02:00
return ;
}
2012-04-12 18:11:41 +02:00
$args = array ();
$args [ 'ip' ] = $ip ;
$args [ 'posts' ] = array ();
2012-05-05 17:33:10 +02:00
if ( $config [ 'mod' ][ 'dns_lookup' ])
$args [ 'hostname' ] = rDNS ( $ip );
2012-04-12 18:11:41 +02:00
$boards = listBoards ();
foreach ( $boards as $board ) {
2012-04-13 01:29:08 +02:00
openBoard ( $board [ 'uri' ]);
2013-07-31 05:30:49 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'show_ip' ], $board [ 'uri' ]))
continue ;
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit' , $board [ 'uri' ]));
2012-04-12 18:11:41 +02:00
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'ip_recentposts' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2012-04-16 08:40:24 +02:00
while ( $post = $query -> fetch ( PDO :: FETCH_ASSOC )) {
2012-04-12 18:11:41 +02:00
if ( ! $post [ 'thread' ]) {
2013-08-16 13:08:01 +02:00
$po = new Thread ( $post , '?/' , $mod , false );
2012-04-12 18:11:41 +02:00
} else {
2013-08-16 13:08:01 +02:00
$po = new Post ( $post , '?/' , $mod );
2012-04-12 18:11:41 +02:00
}
if ( ! isset ( $args [ 'posts' ][ $board [ 'uri' ]]))
2012-04-13 01:29:08 +02:00
$args [ 'posts' ][ $board [ 'uri' ]] = array ( 'board' => $board , 'posts' => array ());
$args [ 'posts' ][ $board [ 'uri' ]][ 'posts' ][] = $po -> build ( true );
2012-04-12 18:11:41 +02:00
}
}
2012-04-13 01:29:08 +02:00
$args [ 'boards' ] = $boards ;
2012-08-27 18:24:29 +02:00
$args [ 'token' ] = make_secure_link_token ( 'ban' );
2012-04-13 02:41:30 +02:00
2012-04-14 14:28:21 +02:00
if ( hasPermission ( $config [ 'mod' ][ 'view_ban' ])) {
2013-09-17 01:15:24 +02:00
$args [ 'bans' ] = Bans :: find ( $ip , false , true );
2012-04-14 14:28:21 +02:00
}
if ( hasPermission ( $config [ 'mod' ][ 'view_notes' ])) {
2013-08-03 08:06:58 +02:00
$query = prepare ( " SELECT ``ip_notes``.*, `username` FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `ip` = :ip ORDER BY `time` DESC " );
2012-04-14 14:28:21 +02:00
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
$args [ 'notes' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
}
2012-04-13 01:47:27 +02:00
2013-03-16 08:27:24 +01:00
if ( hasPermission ( $config [ 'mod' ][ 'modlog_ip' ])) {
2013-08-03 08:06:58 +02:00
$query = prepare ( " SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 50 " );
2013-03-16 08:27:24 +01:00
$query -> bindValue ( ':search' , '%' . $ip . '%' );
$query -> execute () or error ( db_error ( $query ));
$args [ 'logs' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
} else {
$args [ 'logs' ] = array ();
}
2013-09-23 08:48:56 +02:00
$args [ 'security_token' ] = make_secure_link_token ( 'IP/' . $ip );
2012-05-25 13:40:01 +02:00
mod_page ( sprintf ( '%s: %s' , _ ( 'IP' ), $ip ), 'mod/view_ip.html' , $args , $args [ 'hostname' ]);
2012-04-12 18:11:41 +02:00
}
2014-10-10 03:39:37 +02:00
function mod_page_ip_less ( $b , $id ) {
global $config , $mod ;
2015-03-06 11:00:03 +01:00
if ( ! openBoard ( $b ))
error ( 'No board.' );
2014-10-10 03:39:37 +02:00
$query = prepare ( sprintf ( 'SELECT `ip` FROM ``posts_%s`` WHERE `id` = :id' , $b ));
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
$result = $query -> fetch ( PDO :: FETCH_ASSOC );
if ( $result ) {
$ip = $result [ 'ip' ];
} else {
error ( _ ( 'Could not find that post.' ));
}
if ( filter_var ( $ip , FILTER_VALIDATE_IP ) === false )
error ( " Invalid IP address. " );
if ( isset ( $_POST [ 'ban_id' ], $_POST [ 'unban' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'unban' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
Bans :: delete ( $_POST [ 'ban_id' ], true );
2014-10-13 01:34:34 +02:00
header ( 'Location: ?/IP_less/' . $b . '/' . $id . '#bans' , true , $config [ 'redirect_http' ]);
2014-10-10 03:39:37 +02:00
return ;
}
if ( isset ( $_POST [ 'note' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'create_notes' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
$_POST [ 'note' ] = escape_markup_modifiers ( $_POST [ 'note' ]);
markup ( $_POST [ 'note' ]);
$query = prepare ( 'INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)' );
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':mod' , $mod [ 'id' ]);
$query -> bindValue ( ':time' , time ());
$query -> bindValue ( ':body' , $_POST [ 'note' ]);
$query -> execute () or error ( db_error ( $query ));
modLog ( " Added a note for <a href= \" ?/IP/ { $ip } \" > { $ip } </a> " );
2014-10-13 01:34:34 +02:00
header ( 'Location: ?/IP_less/' . $b . '/' . $id . '#notes' , true , $config [ 'redirect_http' ]);
2014-10-10 03:39:37 +02:00
return ;
}
$args = array ();
$args [ 'ip' ] = $ip ;
$args [ 'posts' ] = array ();
if ( $config [ 'mod' ][ 'dns_lookup' ])
$args [ 'hostname' ] = rDNS ( $ip );
$query = prepare ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit' , $b ));
$query -> bindValue ( ':ip' , $ip );
2014-10-13 01:34:34 +02:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'ip_less_recentposts' ], PDO :: PARAM_INT );
2014-10-10 03:39:37 +02:00
$query -> execute () or error ( db_error ( $query ));
while ( $post = $query -> fetch ( PDO :: FETCH_ASSOC )) {
if ( ! $post [ 'thread' ]) {
$po = new Thread ( $post , '?/' , $mod , false );
} else {
$po = new Post ( $post , '?/' , $mod );
}
if ( ! isset ( $args [ 'posts' ][ $b ]))
$args [ 'posts' ][ $b ] = array ( 'board' => $b , 'posts' => array ());
$args [ 'posts' ][ $b ][ 'posts' ][] = $po -> build ( true );
}
$args [ 'boards' ] = listBoards ();
$args [ 'token' ] = make_secure_link_token ( 'ban' );
if ( hasPermission ( $config [ 'mod' ][ 'view_ban' ])) {
$args [ 'bans' ] = Bans :: find ( $ip , false , true );
}
if ( hasPermission ( $config [ 'mod' ][ 'view_notes' ])) {
$query = prepare ( " SELECT ``ip_notes``.*, `username` FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `ip` = :ip ORDER BY `time` DESC " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
$args [ 'notes' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
}
if ( hasPermission ( $config [ 'mod' ][ 'modlog_ip' ])) {
$query = prepare ( " SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 50 " );
$query -> bindValue ( ':search' , '%' . $ip . '%' );
$query -> execute () or error ( db_error ( $query ));
$args [ 'logs' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
} else {
$args [ 'logs' ] = array ();
}
$args [ 'security_token' ] = make_secure_link_token ( 'IP_less/' . $b . '/' . $id );
2015-03-06 11:00:03 +01:00
mod_page ( sprintf ( '%s: %s' , _ ( 'IP' ), less_ip ( $ip , $b )), 'mod/view_ip_less.html' , $args );
2014-10-10 03:39:37 +02:00
}
2012-04-13 02:41:30 +02:00
function mod_ban () {
2013-10-23 12:28:47 +02:00
global $config , $mod ;
2012-04-14 14:28:21 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'ban' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-10-23 12:28:47 +02:00
2012-04-13 02:41:30 +02:00
if ( ! isset ( $_POST [ 'ip' ], $_POST [ 'reason' ], $_POST [ 'length' ], $_POST [ 'board' ])) {
2012-08-27 07:19:05 +02:00
mod_page ( _ ( 'New ban' ), 'mod/ban_form.html' , array ( 'token' => make_secure_link_token ( 'ban' )));
2012-04-13 02:41:30 +02:00
return ;
}
2013-10-23 12:28:47 +02:00
2012-04-13 01:29:08 +02:00
require_once 'inc/mod/ban.php' ;
2013-09-17 01:15:24 +02:00
Bans :: new_ban ( $_POST [ 'ip' ], $_POST [ 'reason' ], $_POST [ 'length' ], $_POST [ 'board' ] == '*' ? false : $_POST [ 'board' ]);
2014-10-08 23:23:59 +02:00
2012-04-13 01:47:27 +02:00
if ( isset ( $_POST [ 'redirect' ]))
2012-04-13 01:29:08 +02:00
header ( 'Location: ' . $_POST [ 'redirect' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
}
2014-10-08 23:23:59 +02:00
function mod_bans () {
2012-04-16 08:40:24 +02:00
global $config ;
2014-10-08 23:23:59 +02:00
global $mod ;
2012-04-21 07:29:57 +02:00
2012-04-16 08:40:24 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'view_banlist' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'unban' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'unban' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
$unban = array ();
foreach ( $_POST as $name => $unused ) {
if ( preg_match ( '/^ban_(\d+)$/' , $name , $match ))
$unban [] = $match [ 1 ];
}
2013-09-17 01:15:24 +02:00
if ( isset ( $config [ 'mod' ][ 'unban_limit' ]) && $config [ 'mod' ][ 'unban_limit' ] && count ( $unban ) > $config [ 'mod' ][ 'unban_limit' ])
error ( sprintf ( $config [ 'error' ][ 'toomanyunban' ], $config [ 'mod' ][ 'unban_limit' ], count ( $unban )));
2012-04-16 08:40:24 +02:00
2013-09-17 01:15:24 +02:00
foreach ( $unban as $id ) {
2014-10-08 23:23:59 +02:00
Bans :: delete ( $id , true , $mod [ 'boards' ], true );
2012-04-16 08:40:24 +02:00
}
2014-10-08 23:23:59 +02:00
rebuildThemes ( 'bans' );
2012-04-16 08:40:24 +02:00
header ( 'Location: ?/bans' , true , $config [ 'redirect_http' ]);
2013-09-17 01:15:24 +02:00
return ;
2012-04-16 08:40:24 +02:00
}
2013-09-23 08:48:56 +02:00
mod_page ( _ ( 'Ban list' ), 'mod/ban_list.html' , array (
2014-10-08 23:23:59 +02:00
'mod' => $mod ,
'boards' => json_encode ( $mod [ 'boards' ]),
'token' => make_secure_link_token ( 'bans' ),
'token_json' => make_secure_link_token ( 'bans.json' )
2013-09-23 08:48:56 +02:00
));
2012-04-16 08:40:24 +02:00
}
2014-10-08 23:23:59 +02:00
function mod_bans_json () {
global $config , $mod ;
if ( ! hasPermission ( $config [ 'mod' ][ 'ban' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
// Compress the json for faster loads
2014-10-23 04:17:18 +02:00
if ( isset ( $_SERVER [ 'HTTP_ACCEPT_ENCODING' ]) && substr_count ( $_SERVER [ 'HTTP_ACCEPT_ENCODING' ], 'gzip' )) ob_start ( " ob_gzhandler " );
2014-10-08 23:23:59 +02:00
2014-10-10 18:52:23 +02:00
Bans :: stream_json ( false , ! hasPermission ( $config [ 'mod' ][ 'show_ip' ]), ! hasPermission ( $config [ 'mod' ][ 'view_banstaff' ]), $mod [ 'boards' ]);
2014-10-08 23:23:59 +02:00
}
2013-09-21 04:51:23 +02:00
function mod_ban_appeals () {
2015-01-06 10:34:27 +01:00
global $config , $board , $mod ;
2013-09-21 04:51:23 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'view_ban_appeals' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
// Remove stale ban appeals
query ( " DELETE FROM ``ban_appeals`` WHERE NOT EXISTS (SELECT 1 FROM ``bans`` WHERE `ban_id` = ``bans``.`id`) " )
or error ( db_error ());
if ( isset ( $_POST [ 'appeal_id' ]) && ( isset ( $_POST [ 'unban' ]) || isset ( $_POST [ 'deny' ]))) {
if ( ! hasPermission ( $config [ 'mod' ][ 'ban_appeals' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-09-23 08:48:56 +02:00
$query = query ( " SELECT *, ``ban_appeals``.`id` AS `id` FROM ``ban_appeals``
LEFT JOIN `` bans `` ON `ban_id` = `` bans `` . `id`
WHERE `` ban_appeals `` . `id` = " . (int) $_POST['appeal_id'] ) or error(db_error());
if ( ! $ban = $query -> fetch ( PDO :: FETCH_ASSOC )) {
error ( _ ( 'Ban appeal not found!' ));
}
2015-01-06 10:34:27 +01:00
2015-01-22 08:52:50 +01:00
if ( ! in_array ( $ban [ 'board' ], $mod [ 'boards' ]) && $mod [ 'boards' ][ 0 ] != '*' )
2015-01-06 10:34:27 +01:00
error ( $config [ 'error' ][ 'noaccess' ]);
2013-09-23 08:48:56 +02:00
$ban [ 'mask' ] = Bans :: range_to_string ( array ( $ban [ 'ipstart' ], $ban [ 'ipend' ]));
2013-09-21 04:51:23 +02:00
if ( isset ( $_POST [ 'unban' ])) {
2013-09-23 08:48:56 +02:00
modLog ( 'Accepted ban appeal #' . $ban [ 'id' ] . ' for ' . $ban [ 'mask' ]);
Bans :: delete ( $ban [ 'ban_id' ], true );
query ( " DELETE FROM ``ban_appeals`` WHERE `id` = " . $ban [ 'id' ]) or error ( db_error ());
2013-09-21 04:51:23 +02:00
} else {
2013-09-23 08:48:56 +02:00
modLog ( 'Denied ban appeal #' . $ban [ 'id' ] . ' for ' . $ban [ 'mask' ]);
query ( " UPDATE ``ban_appeals`` SET `denied` = 1 WHERE `id` = " . $ban [ 'id' ]) or error ( db_error ());
2013-09-21 04:51:23 +02:00
}
header ( 'Location: ?/ban-appeals' , true , $config [ 'redirect_http' ]);
return ;
}
2015-01-06 10:34:27 +01:00
2015-03-30 01:13:57 +02:00
$local = ( $mod [ 'type' ] < GLOBALVOLUNTEER );
2013-09-21 04:51:23 +02:00
2015-01-06 10:34:27 +01:00
$query = prepare ( " SELECT *, ``ban_appeals``.`id` AS `id` FROM ``ban_appeals``
2013-09-21 04:51:23 +02:00
LEFT JOIN `` bans `` ON `ban_id` = `` bans `` . `id`
2014-09-01 00:30:33 +02:00
LEFT JOIN `` mods `` ON `` bans `` . `creator` = `` mods `` . `id`
2015-01-06 10:34:27 +01:00
WHERE `denied` != 1 " .( $local ? " AND `` bans `` . `board` = : board " : " " ). " ORDER BY `time` " );
if ( $local ) {
$query -> bindValue ( ':board' , $mod [ 'boards' ][ 0 ]);
}
$query -> execute () or error ( db_error ());
2013-09-21 04:51:23 +02:00
$ban_appeals = $query -> fetchAll ( PDO :: FETCH_ASSOC );
foreach ( $ban_appeals as & $ban ) {
if ( $ban [ 'post' ])
$ban [ 'post' ] = json_decode ( $ban [ 'post' ], true );
$ban [ 'mask' ] = Bans :: range_to_string ( array ( $ban [ 'ipstart' ], $ban [ 'ipend' ]));
if ( $ban [ 'post' ] && isset ( $ban [ 'post' ][ 'board' ], $ban [ 'post' ][ 'id' ])) {
2015-01-06 10:34:27 +01:00
openBoard ( $ban [ 'post' ][ 'board' ]);
2013-09-21 04:51:23 +02:00
if ( $ban [ 'post' ][ 'thread' ]) {
2015-01-06 10:34:27 +01:00
$po = new Post ( $ban [ 'post' ]);
$ban [ 'post' ] = $po -> build ( true );
2013-09-21 04:51:23 +02:00
} else {
2015-01-06 10:34:27 +01:00
$po = new Thread ( $ban [ 'post' ], null , false , false );
$ban [ 'post' ] = $po -> build ( true );
2013-09-21 04:51:23 +02:00
}
}
}
2013-09-23 08:48:56 +02:00
mod_page ( _ ( 'Ban appeals' ), 'mod/ban_appeals.html' , array (
'ban_appeals' => $ban_appeals ,
'token' => make_secure_link_token ( 'ban-appeals' )
));
2013-09-21 04:51:23 +02:00
}
2012-04-16 12:11:10 +02:00
function mod_lock ( $board , $unlock , $post ) {
global $config ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'lock' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL' , $board ));
2012-04-16 12:11:10 +02:00
$query -> bindValue ( ':id' , $post );
$query -> bindValue ( ':locked' , $unlock ? 0 : 1 );
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
if ( $query -> rowCount ()) {
2012-04-16 15:18:07 +02:00
modLog (( $unlock ? 'Unlocked' : 'Locked' ) . " thread # { $post } " );
2012-04-16 12:14:57 +02:00
buildThread ( $post );
buildIndex ();
}
2012-04-16 12:11:10 +02:00
2013-07-16 08:32:44 +02:00
if ( $config [ 'mod' ][ 'dismiss_reports_on_lock' ]) {
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``reports`` WHERE `board` = :board AND `post` = :id' );
2013-07-16 08:32:44 +02:00
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':id' , $post );
$query -> execute () or error ( db_error ( $query ));
}
2012-04-16 12:11:10 +02:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2012-11-19 00:28:23 +01:00
if ( $unlock )
event ( 'unlock' , $post );
else
event ( 'lock' , $post );
2012-04-16 12:11:10 +02:00
}
function mod_sticky ( $board , $unsticky , $post ) {
global $config ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'sticky' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL' , $board ));
2012-04-16 12:11:10 +02:00
$query -> bindValue ( ':id' , $post );
$query -> bindValue ( ':sticky' , $unsticky ? 0 : 1 );
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
if ( $query -> rowCount ()) {
2012-07-12 15:43:43 +02:00
modLog (( $unsticky ? 'Unstickied' : 'Stickied' ) . " thread # { $post } " );
2012-04-16 12:14:57 +02:00
buildThread ( $post );
buildIndex ();
}
2012-04-16 12:11:10 +02:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2015-04-03 08:56:28 +02:00
function mod_cycle ( $board , $uncycle , $post ) {
global $config ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'cycle' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `cycle` = :cycle WHERE `id` = :id AND `thread` IS NULL' , $board ));
$query -> bindValue ( ':id' , $post );
$query -> bindValue ( ':cycle' , $uncycle ? 0 : 1 );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount ()) {
modLog (( $uncycle ? 'Made not cyclical' : 'Made cyclical' ) . " thread # { $post } " );
buildThread ( $post );
buildIndex ();
}
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2012-04-16 12:11:10 +02:00
function mod_bumplock ( $board , $unbumplock , $post ) {
global $config ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'bumplock' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `sage` = :bumplock WHERE `id` = :id AND `thread` IS NULL' , $board ));
2012-04-16 12:11:10 +02:00
$query -> bindValue ( ':id' , $post );
$query -> bindValue ( ':bumplock' , $unbumplock ? 0 : 1 );
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
if ( $query -> rowCount ()) {
2012-07-12 15:43:43 +02:00
modLog (( $unbumplock ? 'Unbumplocked' : 'Bumplocked' ) . " thread # { $post } " );
2012-04-16 12:14:57 +02:00
buildThread ( $post );
buildIndex ();
}
2012-04-16 12:11:10 +02:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2013-08-08 23:08:01 +02:00
function mod_move_reply ( $originBoard , $postID ) {
global $board , $config , $mod ;
if ( ! openBoard ( $originBoard ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'move' ], $originBoard ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-09 23:42:19 +02:00
$query = prepare ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `id` = :id' , $originBoard ));
2013-08-08 23:08:01 +02:00
$query -> bindValue ( ':id' , $postID );
$query -> execute () or error ( db_error ( $query ));
if ( ! $post = $query -> fetch ( PDO :: FETCH_ASSOC ))
error ( $config [ 'error' ][ '404' ]);
if ( isset ( $_POST [ 'board' ])) {
$targetBoard = $_POST [ 'board' ];
if ( $_POST [ 'target_thread' ]) {
2013-08-09 23:42:19 +02:00
$query = prepare ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `id` = :id' , $targetBoard ));
2013-08-08 23:08:01 +02:00
$query -> bindValue ( ':id' , $_POST [ 'target_thread' ]);
$query -> execute () or error ( db_error ( $query )); // If it fails, thread probably does not exist
$post [ 'op' ] = false ;
$post [ 'thread' ] = $_POST [ 'target_thread' ];
}
else {
$post [ 'op' ] = true ;
}
2014-04-30 01:14:10 +02:00
if ( $post [ 'files' ]) {
$post [ 'files' ] = json_decode ( $post [ 'files' ], TRUE );
2013-08-08 23:08:01 +02:00
$post [ 'has_file' ] = true ;
2014-04-30 01:14:10 +02:00
foreach ( $post [ 'files' ] as $i => & $file ) {
2014-09-26 00:53:56 +02:00
$file [ 'file_path' ] = sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $file [ 'file' ];
$file [ 'thumb_path' ] = sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $file [ 'thumb' ];
2014-04-30 01:14:10 +02:00
}
2013-08-08 23:08:01 +02:00
} else {
$post [ 'has_file' ] = false ;
}
// allow thread to keep its same traits (stickied, locked, etc.)
$post [ 'mod' ] = true ;
if ( ! openBoard ( $targetBoard ))
error ( $config [ 'error' ][ 'noboard' ]);
// create the new post
$newID = post ( $post );
if ( $post [ 'has_file' ]) {
2014-04-30 01:14:10 +02:00
foreach ( $post [ 'files' ] as $i => & $file ) {
// move the image
2014-09-26 00:53:56 +02:00
rename ( $file [ 'file_path' ], sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $file [ 'file' ]);
2014-04-30 01:14:10 +02:00
if ( $file [ 'thumb' ] != 'spoiler' ) { //trying to move/copy the spoiler thumb raises an error
2014-09-26 00:53:56 +02:00
rename ( $file [ 'thumb_path' ], sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $file [ 'thumb' ]);
2014-04-30 01:14:10 +02:00
}
2013-08-09 21:40:49 +02:00
}
2013-08-08 23:08:01 +02:00
}
2013-08-19 15:20:10 +02:00
// build index
2013-08-08 23:08:01 +02:00
buildIndex ();
2013-08-19 15:20:10 +02:00
// build new thread
buildThread ( $newID );
2013-08-08 23:08:01 +02:00
// trigger themes
2013-08-29 02:38:39 +02:00
rebuildThemes ( 'post' , $targetBoard );
2013-08-08 23:08:01 +02:00
// mod log
modLog ( " Moved post # ${ postID } to " . sprintf ( $config [ 'board_abbreviation' ], $targetBoard ) . " (# ${ newID } ) " , $originBoard );
// return to original board
openBoard ( $originBoard );
// delete original post
deletePost ( $postID );
buildIndex ();
// open target board for redirect
openBoard ( $targetBoard );
// Find new thread on our target board
2013-08-09 23:42:19 +02:00
$query = prepare ( sprintf ( 'SELECT thread FROM ``posts_%s`` WHERE `id` = :id' , $targetBoard ));
2013-08-08 23:08:01 +02:00
$query -> bindValue ( ':id' , $newID );
$query -> execute () or error ( db_error ( $query ));
$post = $query -> fetch ( PDO :: FETCH_ASSOC );
// redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $post [ 'thread' ] ? $post [ 'thread' ] : $newID ) . '#' . $newID , true , $config [ 'redirect_http' ]);
}
else {
$boards = listBoards ();
$security_token = make_secure_link_token ( $originBoard . '/move_reply/' . $postID );
mod_page ( _ ( 'Move reply' ), 'mod/move_reply.html' , array ( 'post' => $postID , 'board' => $originBoard , 'boards' => $boards , 'token' => $security_token ));
}
}
2012-05-19 10:27:45 +02:00
function mod_move ( $originBoard , $postID ) {
2013-08-30 07:00:33 +02:00
global $board , $config , $mod , $pdo ;
2012-05-19 10:27:45 +02:00
if ( ! openBoard ( $originBoard ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'move' ], $originBoard ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL' , $originBoard ));
2012-05-19 10:27:45 +02:00
$query -> bindValue ( ':id' , $postID );
$query -> execute () or error ( db_error ( $query ));
if ( ! $post = $query -> fetch ( PDO :: FETCH_ASSOC ))
error ( $config [ 'error' ][ '404' ]);
if ( isset ( $_POST [ 'board' ])) {
$targetBoard = $_POST [ 'board' ];
$shadow = isset ( $_POST [ 'shadow' ]);
if ( $targetBoard === $originBoard )
error ( _ ( 'Target and source board are the same.' ));
// copy() if leaving a shadow thread behind; else, rename().
$clone = $shadow ? 'copy' : 'rename' ;
// indicate that the post is a thread
$post [ 'op' ] = true ;
2014-04-30 01:07:13 +02:00
if ( $post [ 'files' ]) {
$post [ 'files' ] = json_decode ( $post [ 'files' ], TRUE );
2012-05-19 10:27:45 +02:00
$post [ 'has_file' ] = true ;
2014-04-30 01:07:13 +02:00
foreach ( $post [ 'files' ] as $i => & $file ) {
2014-05-19 20:00:16 +02:00
if ( $file [ 'file' ] === 'deleted' )
continue ;
2014-09-26 00:53:56 +02:00
$file [ 'file_path' ] = sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $file [ 'file' ];
$file [ 'thumb_path' ] = sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $file [ 'thumb' ];
2014-04-30 01:07:13 +02:00
}
2012-05-19 10:27:45 +02:00
} else {
$post [ 'has_file' ] = false ;
}
// allow thread to keep its same traits (stickied, locked, etc.)
$post [ 'mod' ] = true ;
if ( ! openBoard ( $targetBoard ))
error ( $config [ 'error' ][ 'noboard' ]);
// create the new thread
$newID = post ( $post );
2012-05-19 12:46:05 +02:00
if ( $post [ 'has_file' ]) {
2012-05-19 10:27:45 +02:00
// copy image
2014-04-30 01:07:13 +02:00
foreach ( $post [ 'files' ] as $i => & $file ) {
2014-05-19 20:00:16 +02:00
if ( $file [ 'file' ] !== 'deleted' )
2014-09-26 00:53:56 +02:00
$clone ( $file [ 'file_path' ], sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $file [ 'file' ]);
2014-05-19 20:00:16 +02:00
if ( isset ( $file [ 'thumb' ]) && ! in_array ( $file [ 'thumb' ], array ( 'spoiler' , 'deleted' , 'file' )))
2014-09-26 00:53:56 +02:00
$clone ( $file [ 'thumb_path' ], sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $file [ 'thumb' ]);
2014-04-30 01:07:13 +02:00
}
2012-05-19 10:27:45 +02:00
}
// go back to the original board to fetch replies
openBoard ( $originBoard );
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id`' , $originBoard ));
2012-05-19 10:27:45 +02:00
$query -> bindValue ( ':id' , $postID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$replies = array ();
2013-08-01 02:51:43 +02:00
while ( $post = $query -> fetch ( PDO :: FETCH_ASSOC )) {
2012-05-19 10:27:45 +02:00
$post [ 'mod' ] = true ;
$post [ 'thread' ] = $newID ;
2014-04-30 01:07:13 +02:00
if ( $post [ 'files' ]) {
$post [ 'files' ] = json_decode ( $post [ 'files' ], TRUE );
2012-05-19 10:27:45 +02:00
$post [ 'has_file' ] = true ;
2014-04-30 01:07:13 +02:00
foreach ( $post [ 'files' ] as $i => & $file ) {
2014-09-26 00:53:56 +02:00
$file [ 'file_path' ] = sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $file [ 'file' ];
$file [ 'thumb_path' ] = sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $file [ 'thumb' ];
2014-04-30 01:07:13 +02:00
}
2012-05-19 10:27:45 +02:00
} else {
$post [ 'has_file' ] = false ;
}
$replies [] = $post ;
}
$newIDs = array ( $postID => $newID );
openBoard ( $targetBoard );
2012-05-19 12:46:05 +02:00
foreach ( $replies as & $post ) {
2013-08-01 04:14:26 +02:00
$query = prepare ( 'SELECT `target` FROM ``cites`` WHERE `target_board` = :board AND `board` = :board AND `post` = :post' );
2012-05-19 10:27:45 +02:00
$query -> bindValue ( ':board' , $originBoard );
$query -> bindValue ( ':post' , $post [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $qurey ));
// correct >>X links
2012-05-19 12:46:05 +02:00
while ( $cite = $query -> fetch ( PDO :: FETCH_ASSOC )) {
if ( isset ( $newIDs [ $cite [ 'target' ]])) {
2012-05-19 10:27:45 +02:00
$post [ 'body_nomarkup' ] = preg_replace (
'/(>>(>\/' . preg_quote ( $originBoard , '/' ) . '\/)?)' . preg_quote ( $cite [ 'target' ], '/' ) . '/' ,
'>>' . $newIDs [ $cite [ 'target' ]],
$post [ 'body_nomarkup' ]);
$post [ 'body' ] = $post [ 'body_nomarkup' ];
}
}
$post [ 'body' ] = $post [ 'body_nomarkup' ];
$post [ 'op' ] = false ;
$post [ 'tracked_cites' ] = markup ( $post [ 'body' ], true );
2012-05-19 12:46:05 +02:00
if ( $post [ 'has_file' ]) {
2012-05-19 10:27:45 +02:00
// copy image
2014-04-30 01:07:13 +02:00
foreach ( $post [ 'files' ] as $i => & $file ) {
2015-02-17 01:35:15 +01:00
if ( $file [ 'file' ] !== 'deleted' )
$clone ( $file [ 'file_path' ], sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'img' ] . $file [ 'file' ]);
if ( isset ( $file [ 'thumb' ]) && ! in_array ( $file [ 'thumb' ], array ( 'spoiler' , 'deleted' , 'file' )))
$clone ( $file [ 'thumb_path' ], sprintf ( $config [ 'board_path' ], $config [ 'dir' ][ 'img_root' ] . $board [ 'uri' ]) . $config [ 'dir' ][ 'thumb' ] . $file [ 'thumb' ]);
2014-04-30 01:07:13 +02:00
}
2012-05-19 10:27:45 +02:00
}
2014-04-30 01:07:13 +02:00
// insert reply
$newIDs [ $post [ 'id' ]] = $newPostID = post ( $post );
2012-05-19 10:27:45 +02:00
2013-08-30 07:00:33 +02:00
if ( ! empty ( $post [ 'tracked_cites' ])) {
$insert_rows = array ();
foreach ( $post [ 'tracked_cites' ] as $cite ) {
$insert_rows [] = '(' .
$pdo -> quote ( $board [ 'uri' ]) . ', ' . $newPostID . ', ' .
$pdo -> quote ( $cite [ 0 ]) . ', ' . ( int ) $cite [ 1 ] . ')' ;
}
2013-08-31 05:33:26 +02:00
query ( 'INSERT INTO ``cites`` VALUES ' . implode ( ', ' , $insert_rows )) or error ( db_error ());
2012-05-19 10:27:45 +02:00
}
}
2013-01-27 09:02:47 +01:00
modLog ( " Moved thread # ${ postID } to " . sprintf ( $config [ 'board_abbreviation' ], $targetBoard ) . " (# ${ newID } ) " , $originBoard );
2013-07-16 07:38:24 +02:00
// build new thread
2012-05-19 10:27:45 +02:00
buildThread ( $newID );
2013-07-16 07:38:24 +02:00
clean ();
2012-05-19 10:27:45 +02:00
buildIndex ();
// trigger themes
2013-08-29 02:38:39 +02:00
rebuildThemes ( 'post' , $targetBoard );
2012-05-19 10:27:45 +02:00
// return to original board
openBoard ( $originBoard );
2012-05-19 12:46:05 +02:00
if ( $shadow ) {
2012-05-19 10:27:45 +02:00
// lock old thread
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `locked` = 1 WHERE `id` = :id' , $originBoard ));
2012-05-19 10:27:45 +02:00
$query -> bindValue ( ':id' , $postID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// leave a reply, linking to the new thread
$post = array (
'mod' => true ,
'subject' => '' ,
'email' => '' ,
2013-03-20 12:46:48 +01:00
'name' => ( ! $config [ 'mod' ][ 'shadow_name' ] ? $config [ 'anonymous' ] : $config [ 'mod' ][ 'shadow_name' ]),
2012-05-19 10:27:45 +02:00
'capcode' => $config [ 'mod' ][ 'shadow_capcode' ],
'trip' => '' ,
'password' => '' ,
'has_file' => false ,
// attach to original thread
'thread' => $postID ,
'op' => false
);
2012-11-19 00:28:23 +01:00
2012-05-19 10:27:45 +02:00
$post [ 'body' ] = $post [ 'body_nomarkup' ] = sprintf ( $config [ 'mod' ][ 'shadow_mesage' ], '>>>/' . $targetBoard . '/' . $newID );
markup ( $post [ 'body' ]);
$botID = post ( $post );
buildThread ( $postID );
2012-05-22 07:25:22 +02:00
buildIndex ();
2012-05-19 10:27:45 +02:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $originBoard ) . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $postID ) .
'#' . $botID , true , $config [ 'redirect_http' ]);
} else {
deletePost ( $postID );
buildIndex ();
openBoard ( $targetBoard );
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $newID ), true , $config [ 'redirect_http' ]);
}
}
$boards = listBoards ();
if ( count ( $boards ) <= 1 )
error ( _ ( 'Impossible to move thread; there is only one board.' ));
2012-08-27 07:19:05 +02:00
$security_token = make_secure_link_token ( $originBoard . '/move/' . $postID );
mod_page ( _ ( 'Move thread' ), 'mod/move.html' , array ( 'post' => $postID , 'board' => $originBoard , 'boards' => $boards , 'token' => $security_token ));
2012-05-19 10:27:45 +02:00
}
2012-08-27 07:19:05 +02:00
function mod_ban_post ( $board , $delete , $post , $token = false ) {
2012-04-20 11:47:55 +02:00
global $config , $mod ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'delete' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-10-23 12:28:47 +02:00
2012-09-27 19:54:32 +02:00
$security_token = make_secure_link_token ( $board . '/ban/' . $post );
2012-08-27 07:19:05 +02:00
2013-09-18 00:47:34 +02:00
$query = prepare ( sprintf ( 'SELECT ' . ( $config [ 'ban_show_post' ] ? '*' : '`ip`, `thread`' ) .
' FROM ``posts_%s`` WHERE `id` = :id' , $board ));
2012-04-20 11:47:55 +02:00
$query -> bindValue ( ':id' , $post );
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
if ( ! $_post = $query -> fetch ( PDO :: FETCH_ASSOC ))
2012-04-20 11:47:55 +02:00
error ( $config [ 'error' ][ '404' ]);
2012-04-20 13:37:48 +02:00
$thread = $_post [ 'thread' ];
$ip = $_post [ 'ip' ];
2015-02-17 01:35:15 +01:00
$tor = checkDNSBL ( $ip );
2012-08-27 07:19:05 +02:00
2012-04-20 13:37:48 +02:00
if ( isset ( $_POST [ 'new_ban' ], $_POST [ 'reason' ], $_POST [ 'length' ], $_POST [ 'board' ])) {
require_once 'inc/mod/ban.php' ;
if ( isset ( $_POST [ 'ip' ]))
$ip = $_POST [ 'ip' ];
2014-10-10 03:39:37 +02:00
if ( isset ( $_POST [ 'range' ]))
$ip = $ip . $_POST [ 'range' ];
2012-04-20 13:37:48 +02:00
2014-10-10 03:39:37 +02:00
Bans :: new_ban ( $ip , $_POST [ 'reason' ], $_POST [ 'length' ], $_POST [ 'board' ] == '*' ? false : $_POST [ 'board' ],
2013-09-18 00:47:34 +02:00
false , $config [ 'ban_show_post' ] ? $_post : false );
2012-04-20 13:37:48 +02:00
if ( isset ( $_POST [ 'public_message' ], $_POST [ 'message' ])) {
// public ban message
2013-09-18 00:47:34 +02:00
$length_english = Bans :: parse_time ( $_POST [ 'length' ]) ? 'for ' . until ( Bans :: parse_time ( $_POST [ 'length' ])) : 'permanently' ;
2013-08-01 00:59:54 +02:00
$_POST [ 'message' ] = preg_replace ( '/[\r\n]/' , '' , $_POST [ 'message' ]);
2013-07-24 17:30:01 +02:00
$_POST [ 'message' ] = str_replace ( '%length%' , $length_english , $_POST [ 'message' ]);
$_POST [ 'message' ] = str_replace ( '%LENGTH%' , strtoupper ( $length_english ), $_POST [ 'message' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id' , $board ));
2012-04-20 13:37:48 +02:00
$query -> bindValue ( ':id' , $post );
2013-08-01 03:24:17 +02:00
$query -> bindValue ( ':body_nomarkup' , sprintf ( " \n <tinyboard ban message>%s</tinyboard> " , utf8tohtml ( $_POST [ 'message' ])));
2012-04-20 13:37:48 +02:00
$query -> execute () or error ( db_error ( $query ));
2013-08-01 00:59:54 +02:00
rebuildPost ( $post );
2012-04-20 13:37:48 +02:00
modLog ( " Attached a public ban message to post # { $post } : " . utf8tohtml ( $_POST [ 'message' ]));
buildThread ( $thread ? $thread : $post );
buildIndex ();
2012-05-07 16:49:48 +02:00
} elseif ( isset ( $_POST [ 'delete' ]) && ( int ) $_POST [ 'delete' ]) {
2012-04-20 13:37:48 +02:00
// Delete post
deletePost ( $post );
modLog ( " Deleted post # { $post } " );
// Rebuild board
buildIndex ();
2013-08-26 05:50:29 +02:00
// Rebuild themes
2013-08-28 23:31:10 +02:00
rebuildThemes ( 'post-delete' , $board );
2012-04-20 13:37:48 +02:00
}
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
$args = array (
'ip' => $ip ,
'hide_ip' => ! hasPermission ( $config [ 'mod' ][ 'show_ip' ], $board ),
'post' => $post ,
'board' => $board ,
2015-02-17 01:35:15 +01:00
'tor' => $tor ,
2012-04-20 13:37:48 +02:00
'delete' => ( bool ) $delete ,
2012-08-27 07:19:05 +02:00
'boards' => listBoards (),
'token' => $security_token
2012-04-20 13:37:48 +02:00
);
2012-05-25 13:40:01 +02:00
mod_page ( _ ( 'New ban' ), 'mod/ban_form.html' , $args );
2012-04-20 11:47:55 +02:00
}
2013-01-24 09:16:25 +01:00
function mod_edit_post ( $board , $edit_raw_html , $postID ) {
2013-01-08 04:31:09 +01:00
global $config , $mod ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'editpost' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-01-24 09:16:25 +01:00
if ( $edit_raw_html && ! hasPermission ( $config [ 'mod' ][ 'rawhtml' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-01-08 04:31:09 +01:00
2013-01-24 09:16:25 +01:00
$security_token = make_secure_link_token ( $board . '/edit' . ( $edit_raw_html ? '_raw' : '' ) . '/' . $postID );
2013-01-08 07:52:13 +01:00
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `id` = :id' , $board ));
2013-01-23 18:16:09 +01:00
$query -> bindValue ( ':id' , $postID );
2013-01-08 07:52:13 +01:00
$query -> execute () or error ( db_error ( $query ));
2013-01-23 18:16:09 +01:00
if ( ! $post = $query -> fetch ( PDO :: FETCH_ASSOC ))
2013-01-08 07:52:13 +01:00
error ( $config [ 'error' ][ '404' ]);
2013-01-23 18:16:09 +01:00
if ( isset ( $_POST [ 'name' ], $_POST [ 'email' ], $_POST [ 'subject' ], $_POST [ 'body' ])) {
2014-12-15 05:46:11 +01:00
$trip = isset ( $_POST [ 'remove_trip' ]) ? ' `trip` = NULL,' : '' ;
2014-12-24 15:19:35 +01:00
2014-12-24 15:08:19 +01:00
// Remove any modifiers they may have put in
$_POST [ 'body' ] = remove_modifiers ( $_POST [ 'body' ]);
// Add back modifiers in the original post
$modifiers = extract_modifiers ( $post [ 'body_nomarkup' ]);
foreach ( $modifiers as $key => $value ) {
$_POST [ 'body' ] .= " <tinyboard $key > $value </tinyboard> " ;
}
2015-04-03 09:37:55 +02:00
// Handle embed edits...
foreach ( $config [ 'embedding' ] as & $embed ) {
if ( preg_match ( $embed [ 0 ], $_POST [ 'embed' ])) {
$embed_link = $_POST [ 'embed' ];
}
}
2013-01-24 09:16:25 +01:00
if ( $edit_raw_html )
2015-04-03 09:37:55 +02:00
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `name` = :name,' . $trip . ' `email` = :email, `subject` = :subject, `body` = :body, `body_nomarkup` = :body_nomarkup, `embed` = :embed `edited_at` = UNIX_TIMESTAMP(NOW()) WHERE `id` = :id' , $board ));
2013-01-24 09:16:25 +01:00
else
2015-04-03 09:37:55 +02:00
$query = prepare ( sprintf ( 'UPDATE ``posts_%s`` SET `name` = :name,' . $trip . ' `email` = :email, `subject` = :subject, `body_nomarkup` = :body, `embed` = :embed, `edited_at` = UNIX_TIMESTAMP(NOW()) WHERE `id` = :id' , $board ));
2013-01-23 18:16:09 +01:00
$query -> bindValue ( ':id' , $postID );
2014-12-15 05:46:11 +01:00
$query -> bindValue ( ':name' , $_POST [ 'name' ] ? $_POST [ 'name' ] : $config [ 'anonymous' ]);
2013-01-08 07:52:13 +01:00
$query -> bindValue ( ':email' , $_POST [ 'email' ]);
$query -> bindValue ( ':subject' , $_POST [ 'subject' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
2013-08-01 01:50:25 +02:00
if ( $edit_raw_html ) {
2013-08-16 19:39:58 +02:00
$body_nomarkup = $_POST [ 'body' ] . " \n <tinyboard raw html>1</tinyboard> " ;
2013-08-01 01:50:25 +02:00
$query -> bindValue ( ':body_nomarkup' , $body_nomarkup );
}
2015-04-03 09:37:55 +02:00
if ( isset ( $embed_link )) {
$query -> bindValue ( ':embed' , $embed_link );
} else {
$query -> bindValue ( ':embed' , NULL , PDO :: PARAM_NULL );
}
2013-01-08 07:52:13 +01:00
$query -> execute () or error ( db_error ( $query ));
2013-01-23 18:16:09 +01:00
2014-10-21 15:10:07 +02:00
if ( $config [ 'clean' ][ 'edits_remove_local' ] || $config [ 'clean' ][ 'edits_remove_global' ] ) {
$query_global = " `clean_global` = :clean " ;
$query_global_mod = " `clean_global_mod_id` = :mod " ;
$query_local = " `clean_local` = :clean " ;
$query_local_mod = " `clean_local_mod_id` = :mod " ;
if ( $config [ 'clean' ][ 'edits_remove_local' ] && $config [ 'clean' ][ 'edits_remove_global' ] ) {
$query = prepare ( " UPDATE `post_clean` SET { $query_global } , { $query_global_mod } , { $query_local } , { $query_local_mod } WHERE `board_id` = :board AND `post_id` = :post " );
}
else if ( $config [ 'clean' ][ 'edits_remove_global' ] ) {
$query = prepare ( " UPDATE `post_clean` SET { $query_global } , { $query_global_mod } WHERE `board_id` = :board AND `post_id` = :post " );
}
else {
$query = prepare ( " UPDATE `post_clean` SET { $query_local } , { $query_local_mod } WHERE `board_id` = :board AND `post_id` = :post " );
}
$query -> bindValue ( ':clean' , false );
$query -> bindValue ( ':mod' , NULL );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $postID );
$query -> execute () or error ( db_error ( $query ));
// Finally, run a query to tidy up our records.
$cleanup = prepare ( " DELETE FROM `post_clean` WHERE `clean_local` = FALSE AND `clean_global` = FALSE " );
$query -> execute () or error ( db_error ( $query ));
}
2013-01-27 09:02:47 +01:00
if ( $edit_raw_html ) {
modLog ( " Edited raw HTML of post # { $postID } " );
} else {
modLog ( " Edited post # { $postID } " );
2013-01-24 09:16:25 +01:00
rebuildPost ( $postID );
2013-01-27 09:02:47 +01:00
}
2013-01-24 09:16:25 +01:00
2013-01-23 18:16:09 +01:00
buildIndex ();
2014-10-21 14:50:25 +02:00
2013-08-27 09:27:17 +02:00
rebuildThemes ( 'post' , $board );
2013-01-23 18:16:09 +01:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $post [ 'thread' ] ? $post [ 'thread' ] : $postID ) . '#' . $postID , true , $config [ 'redirect_http' ]);
2013-01-08 07:52:13 +01:00
} else {
2014-12-24 15:08:19 +01:00
// Remove modifiers
$post [ 'body_nomarkup' ] = remove_modifiers ( $post [ 'body_nomarkup' ]);
$post [ 'body_nomarkup' ] = utf8tohtml ( $post [ 'body_nomarkup' ]);
$post [ 'body' ] = utf8tohtml ( $post [ 'body' ]);
2013-01-24 09:16:25 +01:00
if ( $config [ 'minify_html' ]) {
2014-12-24 15:08:19 +01:00
$post [ 'body_nomarkup' ] = str_replace ( " \n " , '
' , $post [ 'body_nomarkup' ]);
$post [ 'body' ] = str_replace ( " \n " , '
' , $post [ 'body' ]);
2013-08-01 23:18:10 +02:00
$post [ 'body_nomarkup' ] = str_replace ( " \r " , '' , $post [ 'body_nomarkup' ]);
$post [ 'body' ] = str_replace ( " \r " , '' , $post [ 'body' ]);
2013-08-31 05:23:29 +02:00
$post [ 'body_nomarkup' ] = str_replace ( " \t " , '	' , $post [ 'body_nomarkup' ]);
$post [ 'body' ] = str_replace ( " \t " , '	' , $post [ 'body' ]);
2013-01-24 09:16:25 +01:00
}
2014-12-24 15:08:19 +01:00
2015-04-03 09:37:55 +02:00
$preview = new Post ( $post );
$html = $preview -> build ( true );
mod_page ( _ ( 'Edit post' ), 'mod/edit_post_form.html' , array ( 'token' => $security_token , 'board' => $board , 'raw' => $edit_raw_html , 'post' => $post , 'preview' => $html ));
2013-01-08 07:52:13 +01:00
}
2013-01-08 04:31:09 +01:00
}
2012-04-13 02:41:30 +02:00
function mod_delete ( $board , $post ) {
global $config , $mod ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'delete' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
// Delete post
deletePost ( $post );
// Record the action
modLog ( " Deleted post # { $post } " );
// Rebuild board
buildIndex ();
2013-08-26 05:50:29 +02:00
// Rebuild themes
2013-08-28 23:31:10 +02:00
rebuildThemes ( 'post-delete' , $board );
2012-04-13 02:41:30 +02:00
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2014-04-30 23:18:35 +02:00
function mod_deletefile ( $board , $post , $file ) {
2012-04-21 07:29:57 +02:00
global $config , $mod ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'deletefile' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
// Delete file
2014-04-30 23:18:35 +02:00
deleteFile ( $post , TRUE , $file );
2012-04-21 07:29:57 +02:00
// Record the action
modLog ( " Deleted file from post # { $post } " );
2012-09-27 20:00:13 +02:00
2012-04-21 07:29:57 +02:00
// Rebuild board
buildIndex ();
2013-08-26 05:50:29 +02:00
// Rebuild themes
2013-08-28 23:31:10 +02:00
rebuildThemes ( 'post-delete' , $board );
2012-04-21 07:29:57 +02:00
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2014-04-30 23:18:35 +02:00
function mod_spoiler_image ( $board , $post , $file ) {
2013-08-08 21:41:21 +02:00
global $config , $mod ;
2014-04-27 15:48:47 +02:00
2013-08-08 21:41:21 +02:00
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
2014-04-27 15:48:47 +02:00
2013-08-08 21:41:21 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'spoilerimage' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
2014-04-30 23:18:35 +02:00
// Delete file thumbnail
$query = prepare ( sprintf ( " SELECT `files`, `thread` FROM ``posts_%s`` WHERE id = :id " , $board ));
2013-08-11 15:54:11 +02:00
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$result = $query -> fetch ( PDO :: FETCH_ASSOC );
2014-04-30 23:18:35 +02:00
$files = json_decode ( $result [ 'files' ]);
2013-08-11 15:54:11 +02:00
2014-09-27 18:21:54 +02:00
$size_spoiler_image = @ getimagesize ( $config [ 'spoiler_image' ]);
2014-10-05 18:16:18 +02:00
file_unlink ( $config [ 'dir' ][ 'img_root' ] . $board . '/' . $config [ 'dir' ][ 'thumb' ] . $files [ $file ] -> thumb );
2014-04-30 23:18:35 +02:00
$files [ $file ] -> thumb = 'spoiler' ;
2014-10-07 03:02:50 +02:00
$files [ $file ] -> thumbwidth = $size_spoiler_image [ 0 ];
2014-09-27 18:21:54 +02:00
$files [ $file ] -> thumbheight = $size_spoiler_image [ 1 ];
2014-04-30 23:18:35 +02:00
2013-08-11 15:54:11 +02:00
// Make thumbnail spoiler
2014-04-30 23:18:35 +02:00
$query = prepare ( sprintf ( " UPDATE ``posts_%s`` SET `files` = :files WHERE `id` = :id " , $board ));
2014-12-19 13:42:14 +01:00
$query -> bindValue ( ':files' , json_encode ( $files ));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// Record the action
modLog ( " Spoilered file from post # { $post } " );
// Rebuild thread
buildThread ( $result [ 'thread' ] ? $result [ 'thread' ] : $post );
// Rebuild board
buildIndex ();
// Rebuild themes
rebuildThemes ( 'post-delete' , $board );
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
function mod_spoiler_images ( $board , $post ) {
global $config , $mod ;
if ( ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'spoilerimage' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
// Delete file thumbnails
$query = prepare ( sprintf ( " SELECT `files`, `thread` FROM ``posts_%s`` WHERE id = :id " , $board ));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$result = $query -> fetch ( PDO :: FETCH_ASSOC );
$files = json_decode ( $result [ 'files' ]);
foreach ( $files as $file => $name ) {
$size_spoiler_image = @ getimagesize ( $config [ 'spoiler_image' ]);
file_unlink ( $config [ 'dir' ][ 'img_root' ] . $board . '/' . $config [ 'dir' ][ 'thumb' ] . $files [ $file ] -> thumb );
$files [ $file ] -> thumb = 'spoiler' ;
$files [ $file ] -> thumbwidth = $size_spoiler_image [ 0 ];
$files [ $file ] -> thumbheight = $size_spoiler_image [ 1 ];
};
// Make thumbnail spoiler
$query = prepare ( sprintf ( " UPDATE ``posts_%s`` SET `files` = :files WHERE `id` = :id " , $board ));
2014-04-30 23:18:35 +02:00
$query -> bindValue ( ':files' , json_encode ( $files ));
2013-08-08 21:41:21 +02:00
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// Record the action
modLog ( " Spoilered file from post # { $post } " );
2013-08-11 15:54:11 +02:00
// Rebuild thread
buildThread ( $result [ 'thread' ] ? $result [ 'thread' ] : $post );
2013-08-08 21:41:21 +02:00
// Rebuild board
buildIndex ();
2013-08-26 05:50:29 +02:00
// Rebuild themes
2013-08-28 23:31:10 +02:00
rebuildThemes ( 'post-delete' , $board );
2014-04-27 15:48:47 +02:00
2013-08-08 21:41:21 +02:00
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $board ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2012-04-21 07:42:33 +02:00
function mod_deletebyip ( $boardName , $post , $global = false ) {
global $config , $mod , $board ;
$global = ( bool ) $global ;
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( ! $global && ! hasPermission ( $config [ 'mod' ][ 'deletebyip' ], $boardName ))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( $global && ! hasPermission ( $config [ 'mod' ][ 'deletebyip_global' ], $boardName ))
error ( $config [ 'error' ][ 'noaccess' ]);
// Find IP address
2013-08-01 04:14:26 +02:00
$query = prepare ( sprintf ( 'SELECT `ip` FROM ``posts_%s`` WHERE `id` = :id' , $boardName ));
2012-04-21 07:42:33 +02:00
$query -> bindValue ( ':id' , $post );
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
if ( ! $ip = $query -> fetchColumn ())
2012-04-21 07:42:33 +02:00
error ( $config [ 'error' ][ 'invalidpost' ]);
$boards = $global ? listBoards () : array ( array ( 'uri' => $boardName ));
$query = '' ;
foreach ( $boards as $_board ) {
2013-08-01 04:14:26 +02:00
$query .= sprintf ( " SELECT `thread`, `id`, '%s' AS `board` FROM ``posts_%s`` WHERE `ip` = :ip UNION ALL " , $_board [ 'uri' ], $_board [ 'uri' ]);
2012-04-21 07:42:33 +02:00
}
$query = preg_replace ( '/UNION ALL $/' , '' , $query );
$query = prepare ( $query );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () < 1 )
error ( $config [ 'error' ][ 'invalidpost' ]);
2013-09-01 17:20:57 +02:00
@ set_time_limit ( $config [ 'mod' ][ 'rebuild_timelimit' ]);
2012-09-04 08:21:04 +02:00
$threads_to_rebuild = array ();
$threads_deleted = array ();
2013-08-01 02:51:43 +02:00
while ( $post = $query -> fetch ( PDO :: FETCH_ASSOC )) {
2012-04-21 07:42:33 +02:00
openBoard ( $post [ 'board' ]);
2012-09-04 08:21:04 +02:00
deletePost ( $post [ 'id' ], false , false );
2013-08-26 05:50:29 +02:00
rebuildThemes ( 'post-delete' , $board [ 'uri' ]);
2012-09-04 08:21:04 +02:00
if ( $post [ 'thread' ])
$threads_to_rebuild [ $post [ 'board' ]][ $post [ 'thread' ]] = true ;
else
$threads_deleted [ $post [ 'board' ]][ $post [ 'id' ]] = true ;
2012-04-21 07:42:33 +02:00
}
2012-09-04 08:21:04 +02:00
foreach ( $threads_to_rebuild as $_board => $_threads ) {
2012-04-21 07:42:33 +02:00
openBoard ( $_board );
2012-09-04 08:21:04 +02:00
foreach ( $_threads as $_thread => $_dummy ) {
if ( $_dummy && ! isset ( $threads_deleted [ $_board ][ $_thread ]))
buildThread ( $_thread );
}
2012-04-21 07:42:33 +02:00
buildIndex ();
}
if ( $global ) {
$board = false ;
}
// Record the action
modLog ( " Deleted all posts by IP address: <a href= \" ?/IP/ $ip\ " > $ip </ a > " );
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
}
2012-04-16 15:18:07 +02:00
function mod_user ( $uid ) {
global $config , $mod ;
2015-05-06 13:27:27 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'editusers' ]) && ! ( hasPermission ( $config [ 'mod' ][ 'edit_profile' ]) && $uid == $mod [ 'id' ]))
2012-04-16 15:18:07 +02:00
error ( $config [ 'error' ][ 'noaccess' ]);
2015-02-21 02:16:06 +01:00
if ( in_array ( $mod [ 'boards' ][ 0 ], array ( 'infinity' , 'z' )))
2015-05-06 13:27:27 +02:00
error ( 'This board has profile changing disabled.' );
2012-04-16 15:18:07 +02:00
2013-08-01 04:14:26 +02:00
$query = prepare ( 'SELECT * FROM ``mods`` WHERE `id` = :id' );
2012-04-16 15:18:07 +02:00
$query -> bindValue ( ':id' , $uid );
$query -> execute () or error ( db_error ( $query ));
if ( ! $user = $query -> fetch ( PDO :: FETCH_ASSOC ))
error ( $config [ 'error' ][ '404' ]);
if ( hasPermission ( $config [ 'mod' ][ 'editusers' ]) && isset ( $_POST [ 'username' ], $_POST [ 'password' ])) {
if ( isset ( $_POST [ 'allboards' ])) {
$boards = array ( '*' );
} else {
$_boards = listBoards ();
foreach ( $_boards as & $board ) {
$board = $board [ 'uri' ];
}
$boards = array ();
foreach ( $_POST as $name => $value ) {
2013-07-31 08:08:55 +02:00
if ( preg_match ( '/^board_(' . $config [ 'board_regex' ] . ')$/u' , $name , $matches ) && in_array ( $matches [ 1 ], $_boards ))
2012-04-16 15:18:07 +02:00
$boards [] = $matches [ 1 ];
}
}
2012-05-05 17:33:10 +02:00
if ( isset ( $_POST [ 'delete' ])) {
if ( ! hasPermission ( $config [ 'mod' ][ 'deleteusers' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( 'DELETE FROM ``mods`` WHERE `id` = :id' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':id' , $uid );
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Deleted user ' . utf8tohtml ( $user [ 'username' ]) . ' <small>(#' . $user [ 'id' ] . ')</small>' );
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
return ;
}
if ( $_POST [ 'username' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'username' ));
2013-08-01 04:14:26 +02:00
$query = prepare ( 'UPDATE ``mods`` SET `username` = :username, `boards` = :boards WHERE `id` = :id' );
2012-04-16 15:18:07 +02:00
$query -> bindValue ( ':id' , $uid );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':boards' , implode ( ',' , $boards ));
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
if ( $user [ 'username' ] !== $_POST [ 'username' ]) {
// account was renamed
modLog ( 'Renamed user "' . utf8tohtml ( $user [ 'username' ]) . '" <small>(#' . $user [ 'id' ] . ')</small> to "' . utf8tohtml ( $_POST [ 'username' ]) . '"' );
}
2012-04-16 15:18:07 +02:00
if ( $_POST [ 'password' ] != '' ) {
2013-07-24 17:15:55 +02:00
$salt = generate_salt ();
$password = hash ( 'sha256' , $salt . sha1 ( $_POST [ 'password' ]));
2013-08-01 04:14:26 +02:00
$query = prepare ( 'UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id' );
2012-04-16 15:18:07 +02:00
$query -> bindValue ( ':id' , $uid );
2013-07-24 17:15:55 +02:00
$query -> bindValue ( ':password' , $password );
$query -> bindValue ( ':salt' , $salt );
2012-04-16 15:18:07 +02:00
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
modLog ( 'Changed password for ' . utf8tohtml ( $_POST [ 'username' ]) . ' <small>(#' . $user [ 'id' ] . ')</small>' );
2012-04-16 15:18:07 +02:00
if ( $uid == $mod [ 'id' ]) {
login ( $_POST [ 'username' ], $_POST [ 'password' ]);
setCookies ();
}
}
2012-05-05 17:33:10 +02:00
if ( hasPermission ( $config [ 'mod' ][ 'manageusers' ]))
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2012-04-16 15:18:07 +02:00
return ;
}
2015-05-06 13:27:27 +02:00
if ( hasPermission ( $config [ 'mod' ][ 'edit_profile' ]) && $uid == $mod [ 'id' ]) {
if ( isset ( $_POST [ 'password' ]) && $_POST [ 'password' ] != '' ) {
2013-07-24 17:15:55 +02:00
$salt = generate_salt ();
$password = hash ( 'sha256' , $salt . sha1 ( $_POST [ 'password' ]));
2013-08-01 04:14:26 +02:00
$query = prepare ( 'UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id' );
2012-04-16 15:18:07 +02:00
$query -> bindValue ( ':id' , $uid );
2013-07-24 17:15:55 +02:00
$query -> bindValue ( ':password' , $password );
$query -> bindValue ( ':salt' , $salt );
2012-04-16 15:18:07 +02:00
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
modLog ( 'Changed own password' );
login ( $user [ 'username' ], $_POST [ 'password' ]);
2012-04-16 15:18:07 +02:00
setCookies ();
}
2015-05-06 13:27:27 +02:00
if ( isset ( $_POST [ 'username' ]) && $user [ 'username' ] !== $_POST [ 'username' ]) {
if ( $_POST [ 'username' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'username' ));
if ( ! preg_match ( '/^[a-zA-Z0-9._]{1,30}$/' , $_POST [ 'username' ]))
error ( _ ( 'Invalid username' ));
$query = prepare ( 'SELECT `username` FROM ``mods``' );
$query -> execute () or error ( db_error ( $query ));
$users = $query -> fetchAll ( PDO :: FETCH_ASSOC );
foreach ( $users as $i => $v ) {
if ( strtolower ( $_POST [ 'username' ]) == strtolower ( $v [ 'username' ])) {
error ( _ ( 'Refusing to change your username because another user is already using it.' ));
}
}
$query = prepare ( 'UPDATE ``mods`` SET `username` = :username WHERE `id` = :id' );
$query -> bindValue ( ':id' , $uid );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> execute () or error ( db_error ( $query ));
2012-04-16 15:18:07 +02:00
2015-05-06 13:27:27 +02:00
modLog ( 'Renamed user "' . utf8tohtml ( $user [ 'username' ]) . '" <small>(#' . $user [ 'id' ] . ')</small> to "' . utf8tohtml ( $_POST [ 'username' ]) . '"' );
}
if ( isset ( $_POST [ 'email' ]) && $user [ 'email' ] !== $_POST [ 'email' ] && ( empty ( $_POST [ 'email' ]) || filter_var ( $_POST [ 'email' ], FILTER_VALIDATE_EMAIL ))) {
// account was renamed
$query = prepare ( 'UPDATE ``mods`` SET `email` = :email WHERE `id` = :id' );
$query -> bindValue ( ':id' , $uid );
$query -> bindValue ( ':email' , $_POST [ 'email' ]);
$query -> execute () or error ( db_error ( $query ));
2012-05-05 17:33:10 +02:00
2015-05-06 13:27:27 +02:00
modLog ( 'Changed user\'s email "' . utf8tohtml ( $user [ 'email' ]) . '" <small>(#' . $user [ 'id' ] . ')</small> to "' . utf8tohtml ( $_POST [ 'email' ]) . '"' );
}
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'POST' ) {
if ( hasPermission ( $config [ 'mod' ][ 'manageusers' ]))
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
return ;
}
2012-04-16 15:18:07 +02:00
}
if ( hasPermission ( $config [ 'mod' ][ 'modlog' ])) {
2013-08-01 04:14:26 +02:00
$query = prepare ( 'SELECT * FROM ``modlogs`` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5' );
2012-04-16 15:18:07 +02:00
$query -> bindValue ( ':id' , $uid );
$query -> execute () or error ( db_error ( $query ));
$log = $query -> fetchAll ( PDO :: FETCH_ASSOC );
} else {
$log = array ();
}
2014-09-26 00:53:56 +02:00
if ( $mod [ 'type' ] >= ADMIN ){
2015-05-06 13:27:27 +02:00
$boards = listBoards ();
2014-09-26 00:53:56 +02:00
} else {
2015-05-06 13:27:27 +02:00
$boards2 = explode ( ',' , $user [ 'boards' ]);
2014-09-26 00:53:56 +02:00
2015-05-06 13:27:27 +02:00
foreach ( $boards2 as $string ){
$boards [] = array ( " uri " => $string , " title " => _ ( " My board " ));
}
2014-09-26 00:53:56 +02:00
}
2015-05-06 13:27:27 +02:00
2012-04-16 15:18:07 +02:00
$user [ 'boards' ] = explode ( ',' , $user [ 'boards' ]);
2015-05-06 13:27:27 +02:00
mod_page ( _ ( 'Edit user profile' ), 'mod/user.html' , array (
2013-09-23 08:48:56 +02:00
'user' => $user ,
'logs' => $log ,
2014-09-26 00:53:56 +02:00
'boards' => $boards ,
2013-09-23 08:48:56 +02:00
'token' => make_secure_link_token ( 'users/' . $user [ 'id' ])
));
2012-04-16 15:18:07 +02:00
}
2012-05-05 17:33:10 +02:00
function mod_user_new () {
2012-05-18 12:30:55 +02:00
global $pdo , $config ;
2012-05-07 06:08:40 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'createusers' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2012-05-05 17:33:10 +02:00
if ( isset ( $_POST [ 'username' ], $_POST [ 'password' ], $_POST [ 'type' ])) {
if ( $_POST [ 'username' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'username' ));
if ( $_POST [ 'password' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'password' ));
if ( isset ( $_POST [ 'allboards' ])) {
$boards = array ( '*' );
} else {
$_boards = listBoards ();
foreach ( $_boards as & $board ) {
$board = $board [ 'uri' ];
}
$boards = array ();
foreach ( $_POST as $name => $value ) {
2013-07-31 08:08:55 +02:00
if ( preg_match ( '/^board_(' . $config [ 'board_regex' ] . ')$/u' , $name , $matches ) && in_array ( $matches [ 1 ], $_boards ))
2012-05-05 17:33:10 +02:00
$boards [] = $matches [ 1 ];
}
}
2013-09-08 17:38:32 +02:00
$type = ( int ) $_POST [ 'type' ];
if ( ! isset ( $config [ 'mod' ][ 'groups' ][ $type ]) || $type == DISABLED )
2012-05-05 17:33:10 +02:00
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'type' ));
2013-07-24 17:15:55 +02:00
$salt = generate_salt ();
$password = hash ( 'sha256' , $salt . sha1 ( $_POST [ 'password' ]));
2013-08-01 04:14:26 +02:00
$query = prepare ( 'INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
2013-07-24 17:15:55 +02:00
$query -> bindValue ( ':password' , $password );
$query -> bindValue ( ':salt' , $salt );
2013-09-08 17:38:32 +02:00
$query -> bindValue ( ':type' , $type );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':boards' , implode ( ',' , $boards ));
$query -> execute () or error ( db_error ( $query ));
2012-05-19 12:52:45 +02:00
$userID = $pdo -> lastInsertId ();
2012-05-07 06:08:40 +02:00
modLog ( 'Created a new user: ' . utf8tohtml ( $_POST [ 'username' ]) . ' <small>(#' . $userID . ')</small>' );
2012-05-05 17:33:10 +02:00
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
return ;
}
2013-09-23 08:48:56 +02:00
mod_page ( _ ( 'New user' ), 'mod/user.html' , array ( 'new' => true , 'boards' => listBoards (), 'token' => make_secure_link_token ( 'users/new' )));
2012-05-05 17:33:10 +02:00
}
2012-04-13 13:43:01 +02:00
function mod_users () {
global $config ;
2012-04-13 14:00:40 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'manageusers' ]))
2012-04-13 13:43:01 +02:00
error ( $config [ 'error' ][ 'noaccess' ]);
2015-05-06 13:27:27 +02:00
$query = query ( " SELECT ``m``.`id`, ``m``.`username`, ``m``.`boards`, ``m``.`type`, ``m``.`email`,
2014-05-16 21:44:01 +02:00
`` ml `` . `time` last , `` ml `` . `text` action
FROM `` mods `` AS m
LEFT JOIN (
SELECT ml1 .*
FROM `` modlogs `` AS ml1
JOIN (
SELECT `mod` , MAX ( time ) AS time
FROM `` modlogs ``
GROUP BY `mod`
) AS ml2 USING ( `mod` , time )
2015-05-06 13:27:27 +02:00
) AS ml ON m . id = ml . `mod` GROUP BY `` m `` . `id` ORDER BY `` m `` . `type` DESC ; " ) or error(db_error());
2012-05-28 09:08:29 +02:00
$users = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2012-04-13 13:43:01 +02:00
2013-09-23 08:48:56 +02:00
foreach ( $users as & $user ) {
$user [ 'promote_token' ] = make_secure_link_token ( " users/ { $user [ 'id' ] } /promote " );
$user [ 'demote_token' ] = make_secure_link_token ( " users/ { $user [ 'id' ] } /demote " );
}
2012-05-28 09:08:29 +02:00
mod_page ( sprintf ( '%s (%d)' , _ ( 'Manage users' ), count ( $users )), 'mod/users.html' , array ( 'users' => $users ));
2012-04-13 14:00:40 +02:00
}
2012-04-14 14:28:21 +02:00
function mod_user_promote ( $uid , $action ) {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'promoteusers' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-09-08 17:33:51 +02:00
$query = prepare ( " SELECT `type`, `username` FROM ``mods`` WHERE `id` = :id " );
2012-04-14 14:28:21 +02:00
$query -> bindValue ( ':id' , $uid );
$query -> execute () or error ( db_error ( $query ));
2013-09-08 17:33:51 +02:00
if ( ! $mod = $query -> fetch ( PDO :: FETCH_ASSOC ))
error ( $config [ 'error' ][ '404' ]);
$new_group = false ;
$groups = $config [ 'mod' ][ 'groups' ];
if ( $action == 'demote' )
$groups = array_reverse ( $groups , true );
foreach ( $groups as $group_value => $group_name ) {
if ( $action == 'promote' && $group_value > $mod [ 'type' ]) {
$new_group = $group_value ;
break ;
} elseif ( $action == 'demote' && $group_value < $mod [ 'type' ]) {
$new_group = $group_value ;
break ;
}
}
if ( $new_group === false || $new_group == DISABLED )
error ( _ ( 'Impossible to promote/demote user.' ));
$query = prepare ( " UPDATE ``mods`` SET `type` = :group_value WHERE `id` = :id " );
$query -> bindValue ( ':id' , $uid );
$query -> bindValue ( ':group_value' , $new_group );
$query -> execute () or error ( db_error ( $query ));
modLog (( $action == 'promote' ? 'Promoted' : 'Demoted' ) . ' user "' .
utf8tohtml ( $mod [ 'username' ]) . '" to ' . $config [ 'mod' ][ 'groups' ][ $new_group ]);
2012-04-16 08:40:24 +02:00
2012-04-14 14:28:21 +02:00
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
}
2012-04-16 08:40:24 +02:00
function mod_pm ( $id , $reply = false ) {
global $mod , $config ;
2012-05-07 06:08:40 +02:00
if ( $reply && ! hasPermission ( $config [ 'mod' ][ 'create_pm' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT ``mods``.`username`, `mods_to`.`username` AS `to_username`, ``pms``.* FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` LEFT JOIN ``mods`` AS `mods_to` ON `mods_to`.`id` = `to` WHERE ``pms``.`id` = :id " );
2012-04-16 08:40:24 +02:00
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
if (( ! $pm = $query -> fetch ( PDO :: FETCH_ASSOC )) || ( $pm [ 'to' ] != $mod [ 'id' ] && ! hasPermission ( $config [ 'mod' ][ 'master_pm' ])))
error ( $config [ 'error' ][ '404' ]);
if ( isset ( $_POST [ 'delete' ])) {
2013-08-01 04:14:26 +02:00
$query = prepare ( " DELETE FROM ``pms`` WHERE `id` = :id " );
2012-04-16 08:40:24 +02:00
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
2012-05-20 11:06:27 +02:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'pm_unread_' . $mod [ 'id' ]);
cache :: delete ( 'pm_unreadcount_' . $mod [ 'id' ]);
}
2012-04-16 08:40:24 +02:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
return ;
}
if ( $pm [ 'unread' ] && $pm [ 'to' ] == $mod [ 'id' ]) {
2013-08-01 04:14:26 +02:00
$query = prepare ( " UPDATE ``pms`` SET `unread` = 0 WHERE `id` = :id " );
2012-04-16 08:40:24 +02:00
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
2012-05-20 11:06:27 +02:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'pm_unread_' . $mod [ 'id' ]);
cache :: delete ( 'pm_unreadcount_' . $mod [ 'id' ]);
}
2012-04-16 08:40:24 +02:00
modLog ( 'Read a PM' );
}
if ( $reply ) {
if ( ! $pm [ 'to_username' ])
error ( $config [ 'error' ][ '404' ]); // deleted?
2012-05-25 13:40:01 +02:00
mod_page ( sprintf ( '%s %s' , _ ( 'New PM for' ), $pm [ 'to_username' ]), 'mod/new_pm.html' , array (
2013-09-23 08:48:56 +02:00
'username' => $pm [ 'username' ],
'id' => $pm [ 'sender' ],
'message' => quote ( $pm [ 'message' ]),
'token' => make_secure_link_token ( 'new_PM/' . $pm [ 'username' ])
2012-05-05 17:33:10 +02:00
));
2012-04-16 08:40:24 +02:00
} else {
2012-05-25 13:40:01 +02:00
mod_page ( sprintf ( '%s – #%d' , _ ( 'Private message' ), $id ), 'mod/pm.html' , $pm );
2012-04-16 08:40:24 +02:00
}
}
2012-05-05 17:33:10 +02:00
function mod_inbox () {
global $config , $mod ;
2013-08-01 04:14:26 +02:00
$query = prepare ( 'SELECT `unread`,``pms``.`id`, `time`, `sender`, `to`, `message`, `username` FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':mod' , $mod [ 'id' ]);
$query -> execute () or error ( db_error ( $query ));
$messages = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2013-08-01 04:14:26 +02:00
$query = prepare ( 'SELECT COUNT(*) FROM ``pms`` WHERE `to` = :mod AND `unread` = 1' );
2012-05-05 17:33:10 +02:00
$query -> bindValue ( ':mod' , $mod [ 'id' ]);
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
$unread = $query -> fetchColumn ();
2012-05-05 17:33:10 +02:00
foreach ( $messages as & $message ) {
$message [ 'snippet' ] = pm_snippet ( $message [ 'message' ]);
}
2012-05-25 13:40:01 +02:00
mod_page ( sprintf ( '%s (%s)' , _ ( 'PM inbox' ), count ( $messages ) > 0 ? $unread . ' unread' : 'empty' ), 'mod/inbox.html' , array (
2012-05-05 17:33:10 +02:00
'messages' => $messages ,
'unread' => $unread
));
}
2012-04-13 14:00:40 +02:00
function mod_new_pm ( $username ) {
global $config , $mod ;
if ( ! hasPermission ( $config [ 'mod' ][ 'create_pm' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT `id` FROM ``mods`` WHERE `username` = :username " );
2012-04-13 14:00:40 +02:00
$query -> bindValue ( ':username' , $username );
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
if ( ! $id = $query -> fetchColumn ()) {
2012-04-14 14:28:21 +02:00
// Old style ?/PM: by user ID
2013-08-01 04:14:26 +02:00
$query = prepare ( " SELECT `username` FROM ``mods`` WHERE `id` = :username " );
2012-04-14 14:28:21 +02:00
$query -> bindValue ( ':username' , $username );
$query -> execute () or error ( db_error ( $query ));
2013-08-01 02:51:43 +02:00
if ( $username = $query -> fetchColumn ())
2012-04-14 14:28:21 +02:00
header ( 'Location: ?/new_PM/' . $username , true , $config [ 'redirect_http' ]);
else
error ( $config [ 'error' ][ '404' ]);
}
2012-04-13 14:00:40 +02:00
if ( isset ( $_POST [ 'message' ])) {
2013-08-01 00:59:54 +02:00
$_POST [ 'message' ] = escape_markup_modifiers ( $_POST [ 'message' ]);
2012-04-13 14:00:40 +02:00
markup ( $_POST [ 'message' ]);
2013-08-01 04:14:26 +02:00
$query = prepare ( " INSERT INTO ``pms`` VALUES (NULL, :me, :id, :message, :time, 1) " );
2012-04-13 14:00:40 +02:00
$query -> bindValue ( ':me' , $mod [ 'id' ]);
$query -> bindValue ( ':id' , $id );
$query -> bindValue ( ':message' , $_POST [ 'message' ]);
$query -> bindValue ( ':time' , time ());
$query -> execute () or error ( db_error ( $query ));
2012-05-20 11:06:27 +02:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'pm_unread_' . $id );
cache :: delete ( 'pm_unreadcount_' . $id );
}
2012-04-16 08:40:24 +02:00
modLog ( 'Sent a PM to ' . utf8tohtml ( $username ));
2012-04-13 14:00:40 +02:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
}
2013-09-23 08:48:56 +02:00
mod_page ( sprintf ( '%s %s' , _ ( 'New PM for' ), $username ), 'mod/new_pm.html' , array (
'username' => $username ,
'id' => $id ,
'token' => make_secure_link_token ( 'new_PM/' . $username )
));
2012-04-13 13:43:01 +02:00
}
2012-04-14 14:28:21 +02:00
function mod_rebuild () {
2012-04-14 14:58:36 +02:00
global $config , $twig ;
2012-04-14 14:28:21 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'rebuild' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2012-04-14 14:58:36 +02:00
if ( isset ( $_POST [ 'rebuild' ])) {
2013-09-01 17:20:57 +02:00
@ set_time_limit ( $config [ 'mod' ][ 'rebuild_timelimit' ]);
2013-09-14 20:23:47 +02:00
2012-04-14 14:58:36 +02:00
$log = array ();
$boards = listBoards ();
$rebuilt_scripts = array ();
if ( isset ( $_POST [ 'rebuild_cache' ])) {
2012-04-21 07:29:57 +02:00
if ( $config [ 'cache' ][ 'enabled' ]) {
$log [] = 'Flushing cache' ;
Cache :: flush ();
}
2012-04-14 14:58:36 +02:00
$log [] = 'Clearing template cache' ;
load_twig ();
$twig -> clearCacheFiles ();
}
if ( isset ( $_POST [ 'rebuild_themes' ])) {
$log [] = 'Regenerating theme files' ;
rebuildThemes ( 'all' );
}
if ( isset ( $_POST [ 'rebuild_javascript' ])) {
$log [] = 'Rebuilding <strong>' . $config [ 'file_script' ] . '</strong>' ;
buildJavascript ();
$rebuilt_scripts [] = $config [ 'file_script' ];
}
foreach ( $boards as $board ) {
2012-04-15 12:04:26 +02:00
if ( ! ( isset ( $_POST [ 'boards_all' ]) || isset ( $_POST [ 'board_' . $board [ 'uri' ]])))
2012-04-14 14:58:36 +02:00
continue ;
openBoard ( $board [ 'uri' ]);
2013-09-14 20:22:27 +02:00
$config [ 'try_smarter' ] = false ;
2012-04-14 14:58:36 +02:00
2012-04-16 09:33:13 +02:00
if ( isset ( $_POST [ 'rebuild_index' ])) {
buildIndex ();
$log [] = '<strong>' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . '</strong>: Creating index pages' ;
}
if ( isset ( $_POST [ 'rebuild_javascript' ]) && ! in_array ( $config [ 'file_script' ], $rebuilt_scripts )) {
2012-04-14 14:58:36 +02:00
$log [] = '<strong>' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . '</strong>: Rebuilding <strong>' . $config [ 'file_script' ] . '</strong>' ;
buildJavascript ();
$rebuilt_scripts [] = $config [ 'file_script' ];
}
2012-04-16 09:33:13 +02:00
if ( isset ( $_POST [ 'rebuild_thread' ])) {
2013-08-01 04:14:26 +02:00
$query = query ( sprintf ( " SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL " , $board [ 'uri' ])) or error ( db_error ());
2012-04-16 09:33:13 +02:00
while ( $post = $query -> fetch ( PDO :: FETCH_ASSOC )) {
$log [] = '<strong>' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . '</strong>: Rebuilding thread #' . $post [ 'id' ];
buildThread ( $post [ 'id' ]);
}
2012-04-14 14:58:36 +02:00
}
}
2012-05-25 13:40:01 +02:00
mod_page ( _ ( 'Rebuild' ), 'mod/rebuilt.html' , array ( 'logs' => $log ));
2012-04-14 14:58:36 +02:00
return ;
}
2013-09-23 08:48:56 +02:00
mod_page ( _ ( 'Rebuild' ), 'mod/rebuild.html' , array (
'boards' => listBoards (),
'token' => make_secure_link_token ( 'rebuild' )
));
2012-04-14 14:28:21 +02:00
}
2014-10-20 17:17:19 +02:00
2014-10-19 18:07:07 +02:00
function mod_reports () {
2012-04-16 09:28:57 +02:00
global $config , $mod ;
2014-10-19 18:07:07 +02:00
// Parse arguments.
$urlArgs = func_get_args ();
$global = in_array ( " global " , $urlArgs );
2015-03-30 01:13:57 +02:00
$json = in_array ( " json " , $urlArgs );
2012-04-16 09:28:57 +02:00
2014-10-19 18:07:07 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'reports' ]) ) {
2012-04-16 09:28:57 +02:00
error ( $config [ 'error' ][ 'noaccess' ]);
2014-10-19 18:07:07 +02:00
}
2012-04-16 09:28:57 +02:00
2015-03-30 01:13:57 +02:00
if ( ( $mod [ 'type' ] < GLOBALVOLUNTEER ) and $global ) {
2014-02-16 21:18:15 +01:00
error ( $config [ 'error' ][ 'noaccess' ]);
2014-10-19 18:07:07 +02:00
}
2013-10-23 12:39:30 +02:00
2014-10-19 07:00:58 +02:00
// Limit reports to ONLY those in our scope.
$report_scope = $global ? " global " : " local " ;
2014-10-19 03:07:04 +02:00
// Get REPORTS.
2015-03-30 01:13:57 +02:00
$query = prepare ( " SELECT * FROM ``reports`` WHERE " . (( $mod [ " type " ] < GLOBALVOLUNTEER ) ? " board = :board AND " : " " ) . " `` " . ( $global ? " global " : " local " ) . " `` = TRUE LIMIT :limit " );
2014-10-19 07:07:16 +02:00
// Limit reports by board if the moderator is local.
2015-03-30 01:13:57 +02:00
if ( $mod [ 'type' ] < GLOBALVOLUNTEER ) {
2013-10-23 12:39:30 +02:00
$query -> bindValue ( ':board' , $mod [ 'boards' ][ 0 ]);
2014-02-16 21:18:15 +01:00
}
2014-10-19 07:07:16 +02:00
// Limit by config ceiling.
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'recent_reports' ], PDO :: PARAM_INT );
2014-02-16 21:18:15 +01:00
2012-04-16 09:28:57 +02:00
$query -> execute () or error ( db_error ( $query ));
$reports = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2014-10-19 03:07:04 +02:00
// Cut off here if we don't have any reports.
$reportCount = 0 ;
$reportHTML = '' ;
if ( count ( $reports ) > 0 ) {
// Build queries to fetch content.
$report_queries = array ();
foreach ( $reports as $report ) {
if ( ! isset ( $report_queries [ $report [ 'board' ]]))
$report_queries [ $report [ 'board' ]] = array ();
$report_queries [ $report [ 'board' ]][] = $report [ 'post' ];
2012-04-16 09:28:57 +02:00
}
2014-10-19 03:07:04 +02:00
// Get reported CONTENT.
$report_posts = array ();
foreach ( $report_queries as $board => $posts ) {
$report_posts [ $board ] = array ();
$query = query ( sprintf ( 'SELECT * FROM ``posts_%s`` WHERE `id` = ' . implode ( ' OR `id` = ' , $posts ), $board )) or error ( db_error ());
while ( $post = $query -> fetch ( PDO :: FETCH_ASSOC )) {
$report_posts [ $board ][ $post [ 'id' ]] = $post ;
}
2012-04-16 09:28:57 +02:00
}
2014-10-19 03:07:04 +02:00
// Develop an associative array of posts to reports.
$report_index = array ();
foreach ( $reports as & $report ) {
// Delete reports which are for removed content.
if ( ! isset ( $report_posts [ $report [ 'board' ] ][ $report [ 'post' ] ] ) ) {
// Invalid report (post has since been deleted)
$query = prepare ( " DELETE FROM ``reports`` WHERE `post` = :id AND `board` = :board " );
$query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$query -> bindValue ( ':board' , $report [ 'board' ]);
$query -> execute () or error ( db_error ( $query ));
continue ;
}
// Build a unique ID.
$content_key = " { $report [ 'board' ] } . { $report [ 'post' ] } " ;
// Create a dummy array if it doesn't already exist.
if ( ! isset ( $report_index [ $content_key ] ) ) {
$report_index [ $content_key ] = array (
" board_id " => $report [ 'board' ],
" post_id " => $report [ 'post' ],
2014-10-20 17:17:19 +02:00
" content " => $report_posts [ $report [ 'board' ] ][ $report [ 'post' ] ],
2014-10-19 03:07:04 +02:00
" reports " => array (),
);
}
// Add the report to the list of reports.
2014-10-20 17:17:19 +02:00
$report_index [ $content_key ][ 'reports' ][ $report [ 'id' ] ] = $report ;
2014-10-19 03:07:04 +02:00
// Increment the total report count.
++ $reportCount ;
2012-04-16 09:28:57 +02:00
}
2014-10-19 03:07:04 +02:00
// Only continue if we have something to do.
// If there are no valid reports left, we're done.
2015-03-30 01:13:57 +02:00
if ( $reportCount > 0 && ! $json ) {
2014-10-19 03:07:04 +02:00
// Sort this report index by number of reports, desc.
usort ( $report_index , function ( $a , $b ) {
2014-10-20 17:17:19 +02:00
$ra = count ( $a [ 'reports' ] );
$rb = count ( $b [ 'reports' ] );
2014-10-19 03:07:04 +02:00
if ( $ra < $rb ) {
return 1 ;
}
else if ( $rb > $ra ) {
return - 1 ;
}
else {
return 0 ;
}
} );
// Loop through the custom index.
foreach ( $report_index as & $report_item ) {
$content = $report_item [ 'content' ];
// Load board content.
openBoard ( $report_item [ 'board_id' ]);
// Load the reported content.
if ( ! $content [ 'thread' ] ) {
// Still need to fix this:
$po = new Thread ( $content , '?/' , $mod , false );
}
else {
$po = new Post ( $content , '?/' , $mod );
}
2014-10-21 14:50:25 +02:00
// Fetch clean status.
2015-04-07 05:12:37 +02:00
$po -> getClean ( true );
2014-10-21 14:50:25 +02:00
$clean = $po -> clean ;
2014-10-19 03:07:04 +02:00
// Add each report's template to this container.
$report_html = " " ;
2014-10-19 18:07:07 +02:00
$reports_can_demote = false ;
$reports_can_promote = false ;
2014-10-19 03:07:04 +02:00
$content_reports = 0 ;
foreach ( $report_item [ 'reports' ] as $report ) {
2014-10-19 18:07:07 +02:00
$uri_report_base = " reports/ " . ( $global ? " global/ " : " " ) . $report [ 'id' ];
2014-10-19 03:07:04 +02:00
$report_html .= Element ( 'mod/report.html' , array (
2014-10-19 07:07:16 +02:00
'report' => $report ,
'config' => $config ,
'mod' => $mod ,
'global' => $global ,
2014-10-21 14:50:25 +02:00
'clean' => $clean ,
2014-10-19 18:07:07 +02:00
'uri_dismiss' => " ?/ { $uri_report_base } /dismiss " ,
'uri_ip' => " ?/ { $uri_report_base } /dismissall " ,
'uri_demote' => " ?/ { $uri_report_base } /demote " ,
'uri_promote' => " ?/ { $uri_report_base } /promote " ,
'token_dismiss' => make_secure_link_token ( $uri_report_base . '/dismiss' ),
'token_ip' => make_secure_link_token ( $uri_report_base . '/dismissall' ),
'token_demote' => make_secure_link_token ( $uri_report_base . '/demote' ),
2014-10-20 17:17:19 +02:00
'token_promote' => make_secure_link_token ( $uri_report_base . '/promote' ),
2014-10-19 03:07:04 +02:00
));
2014-10-19 18:07:07 +02:00
// Determines if we can "Demote All" / "Promote All"
// This logic only needs one instance of a demotable or promotable report to work.
// DEMOTE can occur when we're global and the report has a 1 for local (meaning locally, it's not dismissed)
// PROMOTE can occur when we're local and the report has a 0 for global (meaning it's not global).
if ( $global && $report [ 'local' ] == " 1 " ) {
$reports_can_demote = true ;
}
else if ( ! $global && $report [ 'global' ] != " 1 " ) {
$reports_can_promote = true ;
}
2014-10-19 03:07:04 +02:00
++ $content_reports ;
}
// Build the ">>>/b/ thread reported 3 times" title.
$report_title = sprintf (
_ ( '<a href="%s" title="View content" target="_new">>>>/%s/</a> %s reported %d time(s).' ),
" ?/ { $report_item [ 'board_id' ] } /res/ " . ( $content [ 'thread' ] ? : $content [ 'id' ] ) . " .html# { $content [ 'thread' ] } " ,
$report_item [ 'board_id' ],
_ ( $content [ 'thread' ] ? " reply " : " thread " ),
$content_reports
);
2014-10-21 14:50:25 +02:00
// Figure out some stuff we need for the page.
$reports_can_demote = ( $clean [ 'clean_local' ] ? false : $reports_can_demote );
$reports_can_promote = ( $clean [ 'clean_global' ] ? false : $reports_can_promote );
$uri_content_base = " reports/ " . ( $global ? " global/ " : " " ) . " content/ " ;
$uri_clean_base = " reports/ " . ( $global ? " global/ " : " " ) . " { $report_item [ 'board_id' ] } /clean/ { $content [ 'id' ] } " ;
// Build the actions page.
2014-10-19 03:07:04 +02:00
$content_html = Element ( 'mod/report_content.html' , array (
2014-10-19 18:07:07 +02:00
'reports_html' => $report_html ,
'reports_can_demote' => $reports_can_demote ,
'reports_can_promote' => $reports_can_promote ,
'report_count' => $content_reports ,
'report_title' => $report_title ,
'content_html' => $po -> build ( true ),
'content_board' => $report_item [ 'board_id' ],
2014-10-21 14:50:25 +02:00
'content' => ( array ) $content ,
'clean' => $clean ,
2014-10-19 03:07:04 +02:00
2014-10-19 18:07:07 +02:00
'uri_content_demote' => " ?/ { $uri_content_base } { $report_item [ 'board_id' ] } / { $content [ 'id' ] } /demote " ,
'uri_content_promote' => " ?/ { $uri_content_base } { $report_item [ 'board_id' ] } / { $content [ 'id' ] } /promote " ,
'uri_content_dismiss' => " ?/ { $uri_content_base } { $report_item [ 'board_id' ] } / { $content [ 'id' ] } /dismiss " ,
'token_content_demote' => make_secure_link_token ( " { $uri_content_base } { $report_item [ 'board_id' ] } / { $content [ 'id' ] } /demote " ),
'token_content_promote' => make_secure_link_token ( " { $uri_content_base } { $report_item [ 'board_id' ] } / { $content [ 'id' ] } /promote " ),
'token_content_dismiss' => make_secure_link_token ( " { $uri_content_base } { $report_item [ 'board_id' ] } / { $content [ 'id' ] } /dismiss " ),
2014-10-19 03:07:04 +02:00
2014-10-20 17:17:19 +02:00
'uri_clean' => " ?/ { $uri_clean_base } /local " ,
'uri_clean_global' => " ?/ { $uri_clean_base } /global " ,
'uri_clean_both' => " ?/ { $uri_clean_base } /global+local " ,
'token_clean' => make_secure_link_token ( $uri_clean_base . '/local' ),
'token_clean_global' => make_secure_link_token ( $uri_clean_base . '/global' ),
'token_clean_both' => make_secure_link_token ( $uri_clean_base . '/global+local' ),
2014-10-19 18:07:07 +02:00
'global' => $global ,
'config' => $config ,
'mod' => $mod ,
2014-10-19 03:07:04 +02:00
));
$reportHTML .= $content_html ;
}
}
2015-03-30 01:13:57 +02:00
if ( $reportCount > 0 && $json ) {
2015-03-30 04:42:25 +02:00
array_walk ( $reports , function ( & $v , $k , $ud ) {
$global = $ud [ 'global' ];
$report_posts = $ud [ 'report_posts' ];
$board = ( $v [ 'board' ] ? $v [ 'board' ] : NULL );
2015-03-30 01:13:57 +02:00
if ( isset ( $v [ 'ip' ]) && ! $global ) {
2015-03-30 04:42:25 +02:00
$v [ 'ip' ] = less_ip ( $v [ 'ip' ], ( $board ? $board : '' ));
}
if ( isset ( $report_posts [ $v [ 'board' ] ][ $v [ 'post' ] ])) {
$post_content = $report_posts [ $v [ 'board' ] ][ $v [ 'post' ] ];
unset ( $post_content [ 'password' ]);
if ( ! $global ) {
$post_content [ 'ip' ] = less_ip ( $post_content [ 'ip' ], ( $board ? $board : '' ));
}
$v [ 'post_content' ] = $post_content ;
2015-03-30 01:13:57 +02:00
}
2015-03-30 04:42:25 +02:00
}, array ( 'global' => $global , 'report_posts' => $report_posts ));
2015-03-30 01:13:57 +02:00
}
2012-04-16 09:28:57 +02:00
}
2014-10-19 03:07:04 +02:00
$pageArgs = array (
'count' => $reportCount ,
'reports' => $reportHTML ,
'global' => $global ,
);
2015-03-30 01:13:57 +02:00
if ( $json ) {
header ( 'Content-Type: application/json' );
echo json_encode ( $reports );
} else {
mod_page ( sprintf ( '%s (%d)' , _ ( ( $global ? 'Global report queue' : 'Report queue' ) ), $reportCount ), 'mod/reports.html' , $pageArgs );
}
2012-04-16 09:28:57 +02:00
}
2014-10-19 18:07:07 +02:00
function mod_report_dismiss () {
global $config , $mod ;
2012-04-16 09:28:57 +02:00
2014-10-19 18:07:07 +02:00
// Parse arguments.
$arguments = func_get_args ();
$global = in_array ( " global " , $arguments );
$content = in_array ( " content " , $arguments );
2012-04-16 09:28:57 +02:00
2015-03-30 01:13:57 +02:00
if ( ( $mod [ 'type' ] < GLOBALVOLUNTEER ) and $global ) {
2012-04-16 09:28:57 +02:00
error ( $config [ 'error' ][ 'noaccess' ]);
}
2014-10-19 18:07:07 +02:00
if ( $content ) {
$board = @ $arguments [ 2 ];
$post = @ $arguments [ 3 ];
2012-04-16 09:28:57 +02:00
2014-10-19 18:07:07 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'report_dismiss_content' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
2012-04-16 09:28:57 +02:00
2014-10-19 18:07:07 +02:00
if ( $board != " " && $post != " " ) {
$query = prepare ( " SELECT `id` FROM `reports` WHERE `board` = :board AND `post` = :post " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
if ( count ( $reports = $query -> fetchAll ( PDO :: FETCH_ASSOC ) ) > 0 ) {
$report_ids = array ();
foreach ( $reports as $report ) {
$report_ids [ $report [ 'id' ] ] = $report [ 'id' ];
}
if ( $global ) {
$scope = " ``global`` = FALSE AND ``local`` = FALSE " ;
}
else {
$scope = " ``local`` = FALSE " ;
}
$query = prepare ( " UPDATE ``reports`` SET { $scope } WHERE `id` IN ( " . implode ( ',' , array_map ( 'intval' , $report_ids )) . " ) " );
$query -> execute () or error ( db_error ( $query ));
2015-04-02 01:35:14 +02:00
// Cleanup - Remove reports that have been completely dismissed.
$query = prepare ( " DELETE FROM `reports` WHERE `local` = FALSE AND `global` = FALSE " );
$query -> execute () or error ( db_error ( $query ));
modLog ( " Dismissed " . count ( $report_ids ) . " local report(s) for post # { $post } " , $board );
2014-10-19 18:07:07 +02:00
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
$report = @ $arguments [ 1 ];
$all = in_array ( " all " , $arguments );
2012-05-25 13:40:01 +02:00
2014-10-19 18:07:07 +02:00
if ( $report != " " ) {
$query = prepare ( " SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $report );
$query -> execute () or error ( db_error ( $query ));
if ( $reportobj = $query -> fetch ( PDO :: FETCH_ASSOC )) {
$ip = $reportobj [ 'ip' ];
$board = $reportobj [ 'board' ];
$post = $reportobj [ 'post' ];
if ( ! $all && ! hasPermission ( $config [ 'mod' ][ 'report_dismiss' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
if ( $all && ! hasPermission ( $config [ 'mod' ][ 'report_dismiss_ip' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
// Determine scope (local and global or just local) based on /global/ being in URI.
if ( $global ) {
$scope = " `global` = FALSE " ;
$boards = " " ;
}
else {
$scope = " `local` = FALSE " ;
$boards = " AND `board` = ' { $board } ' " ;
}
// Prepare query.
// We don't delete reports, only modify scope.
if ( $all ) {
$query = prepare ( " UPDATE ``reports`` SET { $scope } WHERE `ip` = :ip { $boards } " );
$query -> bindValue ( ':ip' , $ip );
}
else {
$query = prepare ( " UPDATE ``reports`` SET { $scope } WHERE `id` = :id { $boards } " );
$query -> bindValue ( ':id' , $report );
}
$query -> execute () or error ( db_error ( $query ));
2014-10-20 17:17:19 +02:00
// Cleanup - Remove reports that have been completely dismissed.
$query = prepare ( " DELETE FROM `reports` WHERE `local` = FALSE AND `global` = FALSE " );
$query -> execute () or error ( db_error ( $query ));
2014-10-19 18:07:07 +02:00
if ( $all ) {
modLog ( " Dismissed all reports by <a href= \" ?/IP/ { $ip } \" > { $ip } </a> " );
}
else {
modLog ( " Dismissed a report for post # { $post } " , $board );
}
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
error ( $config [ 'error' ][ '404' ]);
}
2012-04-16 09:28:57 +02:00
}
2014-10-19 18:07:07 +02:00
if ( $global ) {
header ( 'Location: ?/reports/global' , true , $config [ 'redirect_http' ]);
2014-10-19 07:07:16 +02:00
}
else {
2014-10-19 18:07:07 +02:00
header ( 'Location: ?/reports' , true , $config [ 'redirect_http' ]);
2014-10-19 07:07:16 +02:00
}
2012-04-16 09:28:57 +02:00
}
2014-10-19 18:07:07 +02:00
function mod_report_demote () {
global $config , $mod ;
2012-04-16 09:28:57 +02:00
2015-03-30 01:13:57 +02:00
if ( $mod [ 'type' ] < GLOBALVOLUNTEER ) {
2012-04-16 09:28:57 +02:00
error ( $config [ 'error' ][ 'noaccess' ]);
2014-10-19 07:07:16 +02:00
}
2012-04-16 09:28:57 +02:00
2014-10-19 18:07:07 +02:00
// Parse arguments.
$arguments = func_get_args ();
$content = in_array ( " content " , $arguments );
2012-04-16 09:28:57 +02:00
2014-10-19 18:07:07 +02:00
if ( $content ) {
$board = @ $arguments [ 2 ];
$post = @ $arguments [ 3 ];
if ( ! hasPermission ( $config [ 'mod' ][ 'report_demote' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
if ( $board != " " && $post != " " ) {
$query = prepare ( " SELECT `id` FROM `reports` WHERE `global` = TRUE AND `board` = :board AND `post` = :post " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
if ( count ( $reports = $query -> fetchAll ( PDO :: FETCH_ASSOC ) ) > 0 ) {
$report_ids = array ();
foreach ( $reports as $report ) {
$report_ids [ $report [ 'id' ] ] = $report [ 'id' ];
}
$query = prepare ( " UPDATE ``reports`` SET ``global`` = FALSE WHERE `id` IN ( " . implode ( ',' , array_map ( 'intval' , $report_ids )) . " ) " );
$query -> execute () or error ( db_error ( $query ));
modLog ( " Demoted " . count ( $report_ids ) . " global report(s) for post # { $post } " , $board );
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
$report = @ $arguments [ 1 ];
if ( $report != " " ) {
$query = prepare ( " SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id AND ``global`` = TRUE " );
$query -> bindValue ( ':id' , $report );
$query -> execute () or error ( db_error ( $query ));
if ( $reportobj = $query -> fetch ( PDO :: FETCH_ASSOC ) ) {
$ip = $reportobj [ 'ip' ];
$board = $reportobj [ 'board' ];
$post = $reportobj [ 'post' ];
if ( ! hasPermission ( $config [ 'mod' ][ 'report_demote' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
$query = prepare ( " UPDATE ``reports`` SET ``global`` = FALSE WHERE `id` = :id " );
$query -> bindValue ( ':id' , $report );
$query -> execute () or error ( db_error ( $query ));
modLog ( " Demoted a global report for post # { $report } " , $board );
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
error ( $config [ 'error' ][ '404' ]);
}
2012-04-16 09:28:57 +02:00
}
2014-10-19 18:07:07 +02:00
header ( 'Location: ?/reports/global' , true , $config [ 'redirect_http' ]);
2014-10-19 07:07:16 +02:00
}
2014-10-19 18:07:07 +02:00
function mod_report_promote () {
global $config , $mod ;
2012-04-16 09:28:57 +02:00
2014-10-19 18:07:07 +02:00
// Parse arguments.
$arguments = func_get_args ();
$content = in_array ( " content " , $arguments );
if ( $content ) {
$board = @ $arguments [ 2 ];
$post = @ $arguments [ 3 ];
if ( ! hasPermission ( $config [ 'mod' ][ 'report_promote' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
if ( $board != " " && $post != " " ) {
$query = prepare ( " SELECT `id` FROM `reports` WHERE `global` = FALSE AND `board` = :board AND `post` = :post " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
if ( count ( $reports = $query -> fetchAll ( PDO :: FETCH_ASSOC ) ) > 0 ) {
$report_ids = array ();
foreach ( $reports as $report ) {
$report_ids [ $report [ 'id' ] ] = $report [ 'id' ];
}
$query = prepare ( " UPDATE ``reports`` SET ``global`` = TRUE WHERE `id` IN ( " . implode ( ',' , array_map ( 'intval' , $report_ids )) . " ) " );
$query -> execute () or error ( db_error ( $query ));
modLog ( " Promoted " . count ( $report_ids ) . " local report(s) for post # { $post } " , $board );
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
error ( $config [ 'error' ][ '404' ]);
}
2014-10-19 07:07:16 +02:00
}
else {
2014-10-19 18:07:07 +02:00
$report = @ $arguments [ 1 ];
if ( $report != " " ) {
$query = prepare ( " SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id AND ``global`` = FALSE " );
$query -> bindValue ( ':id' , $report );
$query -> execute () or error ( db_error ( $query ));
if ( $reportobj = $query -> fetch ( PDO :: FETCH_ASSOC )) {
$ip = $reportobj [ 'ip' ];
$board = $reportobj [ 'board' ];
$post = $reportobj [ 'post' ];
if ( ! hasPermission ( $config [ 'mod' ][ 'report_promote' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
$query = prepare ( " UPDATE ``reports`` SET ``global`` = TRUE WHERE `id` = :id " );
$query -> bindValue ( ':id' , $report );
$query -> execute () or error ( db_error ( $query ));
modLog ( " Promoted a local report for post # { $report } " , $board );
}
else {
error ( $config [ 'error' ][ '404' ]);
}
}
else {
error ( $config [ 'error' ][ '404' ]);
}
2014-10-19 07:07:16 +02:00
}
2012-04-16 09:28:57 +02:00
header ( 'Location: ?/reports' , true , $config [ 'redirect_http' ]);
}
2014-03-17 23:11:16 +01:00
function mod_recent_posts ( $lim ) {
global $config , $mod , $pdo ;
if ( ! hasPermission ( $config [ 'mod' ][ 'recent' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
$limit = ( is_numeric ( $lim )) ? $lim : 25 ;
2014-07-19 20:41:48 +02:00
$last_time = ( isset ( $_GET [ 'last' ]) && is_numeric ( $_GET [ 'last' ])) ? $_GET [ 'last' ] : 0 ;
2015-01-30 04:01:11 +01:00
if ( $limit > 100 ) $limit = 100 ;
2014-03-17 23:11:16 +01:00
$mod_boards = array ();
$boards = listBoards ();
//if not all boards
if ( $mod [ 'boards' ][ 0 ] != '*' ) {
foreach ( $boards as $board ) {
if ( in_array ( $board [ 'uri' ], $mod [ 'boards' ]))
$mod_boards [] = $board ;
}
} else {
$mod_boards = $boards ;
}
// Manually build an SQL query
$query = 'SELECT * FROM (' ;
foreach ( $mod_boards as $board ) {
$query .= sprintf ( 'SELECT *, %s AS `board` FROM ``posts_%s`` UNION ALL ' , $pdo -> quote ( $board [ 'uri' ]), $board [ 'uri' ]);
}
// Remove the last "UNION ALL" seperator and complete the query
2014-07-19 20:41:48 +02:00
$query = preg_replace ( '/UNION ALL $/' , ') AS `all_posts` WHERE (`time` < :last_time OR NOT :last_time) ORDER BY `time` DESC LIMIT ' . $limit , $query );
$query = prepare ( $query );
$query -> bindValue ( ':last_time' , $last_time );
$query -> execute () or error ( db_error ( $query ));
2014-03-17 23:11:16 +01:00
$posts = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2014-07-19 20:41:48 +02:00
foreach ( $posts as & $post ) {
2014-03-17 23:11:16 +01:00
openBoard ( $post [ 'board' ]);
if ( ! $post [ 'thread' ]) {
// Still need to fix this:
$po = new Thread ( $post , '?/' , $mod , false );
2014-07-19 20:41:48 +02:00
$post [ 'built' ] = $po -> build ( true );
2014-03-17 23:11:16 +01:00
} else {
$po = new Post ( $post , '?/' , $mod );
2014-07-19 20:41:48 +02:00
$post [ 'built' ] = $po -> build ( true );
2014-03-17 23:11:16 +01:00
}
2014-07-19 20:41:48 +02:00
$last_time = $post [ 'time' ];
2014-03-17 23:11:16 +01:00
}
2014-07-19 20:41:48 +02:00
echo mod_page ( _ ( 'Recent posts' ), 'mod/recent_posts.html' , array (
'posts' => $posts ,
'limit' => $limit ,
'last_time' => $last_time
2014-03-17 23:11:16 +01:00
)
);
}
2012-05-20 12:20:50 +02:00
2014-10-21 14:50:25 +02:00
function mod_report_clean ( $global_reports , $board , $unclean , $post , $global , $local ) {
2014-10-20 17:17:19 +02:00
global $config , $mod ;
if ( ! openBoard ( $board ) ) {
error ( $config [ 'error' ][ 'noboard' ]);
}
$query_global = " " ;
$query_global_mod = " " ;
if ( $global ) {
if ( ! hasPermission ( $config [ 'mod' ][ 'clean_global' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
$query_global = " `clean_global` = :clean " ;
$query_global_mod = " `clean_global_mod_id` = :mod " ;
}
$query_local = " " ;
$query_local_mod = " " ;
if ( $local ) {
if ( ! hasPermission ( $config [ 'mod' ][ 'clean' ], $board ) ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
$query_local = " `clean_local` = :clean " ;
$query_local_mod = " `clean_local_mod_id` = :mod " ;
}
// Marking this post as "Clean" (report immune?)
if ( ! $unclean ) {
// Attempt to find a `post_clean` row for this content.
$query = prepare ( " SELECT * FROM `post_clean` WHERE `board_id` = :board AND `post_id` = :post " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
// If the $clean object doesn't exist we need to insert a row for this post.
2014-10-21 14:50:25 +02:00
if ( ! ( $cleanRecord = $query -> fetch ( PDO :: FETCH_ASSOC )) ) {
2014-10-20 17:17:19 +02:00
$query = prepare ( " INSERT INTO `post_clean` (`post_id`, `board_id`) VALUES ( :post, :board ) " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () == 0 ) {
error ( " The database failed to create a record for this content in `post_clean` to record clean status. " );
}
2014-10-21 14:50:25 +02:00
$cleanRecord = true ;
2014-10-20 17:17:19 +02:00
}
}
// Revoking clean status (open it to reports?)
else {
// Attempt to find a `post_clean` row for this content.
$query = prepare ( " SELECT * FROM `post_clean` WHERE `board_id` = :board AND `post_id` = :post " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
2014-10-21 14:50:25 +02:00
if ( ! ( $cleanRecord = $query -> fetch ( PDO :: FETCH_ASSOC )) ) {
2014-10-20 17:17:19 +02:00
error ( $config [ 'error' ][ '404' ]);
}
}
// Update the `post_clean` row represented by $clean.
2014-10-21 14:50:25 +02:00
if ( $cleanRecord ) {
2014-10-20 17:17:19 +02:00
// Build our query based on the URI arguments.
if ( $global && $local ) {
$query = prepare ( " UPDATE `post_clean` SET { $query_global } , { $query_global_mod } , { $query_local } , { $query_local_mod } WHERE `board_id` = :board AND `post_id` = :post " );
}
else if ( $global ) {
$query = prepare ( " UPDATE `post_clean` SET { $query_global } , { $query_global_mod } WHERE `board_id` = :board AND `post_id` = :post " );
}
else {
$query = prepare ( " UPDATE `post_clean` SET { $query_local } , { $query_local_mod } WHERE `board_id` = :board AND `post_id` = :post " );
}
$query -> bindValue ( ':clean' , ! $unclean );
2014-10-21 14:50:25 +02:00
$query -> bindValue ( ':mod' , $unclean ? NULL : $mod [ 'id' ] );
2014-10-20 17:17:19 +02:00
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
2014-10-21 14:50:25 +02:00
// Finally, run a query to tidy up our records.
if ( $unclean ) {
// Query is removing clean status from content.
// Remove any clean records that are now null.
$cleanup = prepare ( " DELETE FROM `post_clean` WHERE `clean_local` = FALSE AND `clean_global` = FALSE " );
$query -> execute () or error ( db_error ( $query ));
}
else {
// Content is clean, auto-handle all reports.
// If this is a total clean, we don't need to update records first.
if ( ! ( $global && $local ) ) {
$query = prepare ( " UPDATE `reports` SET ` " . ( $local ? " local " : " global " ) . " ` = FALSE WHERE `board` = :board AND `post` = :post " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
// If we didn't hit anything, this content doesn't have reports, so don't run the delete query.
$require_delete = ( $query -> rowCount () > 0 );
if ( $require_delete ) {
$query = prepare ( " DELETE FROM `reports` WHERE `local` = FALSE and `global` = FALSE " );
$query -> execute () or error ( db_error ( $query ));
}
}
// This is a total clean, so delete content by ID rather than via cleanup.
else {
$query = prepare ( " DELETE FROM `reports` WHERE `board` = :board AND `post` = :post " );
$query -> bindValue ( ':board' , $board );
$query -> bindValue ( ':post' , $post );
$query -> execute () or error ( db_error ( $query ));
}
}
2014-10-20 17:17:19 +02:00
// Log the action.
2014-10-21 14:50:25 +02:00
// Having clear wording of ths log is very important because of the nature of clean status.
2014-10-20 17:17:19 +02:00
$log_action = ( $unclean ? " Closed " : " Re-opened " );
$log_scope = ( $local && $global ? " local and global " : ( $local ? " local " : " global " ) );
modLog ( " { $log_action } reports for post # { $post } in { $log_scope } . " , $board );
2014-11-21 13:05:20 +01:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( " post_clean_ { $board } _ { $post } " );
}
2014-10-21 15:10:07 +02:00
rebuildPost ( $post );
2014-10-20 17:17:19 +02:00
}
// Redirect
2014-10-21 14:50:25 +02:00
if ( $global_reports ) {
header ( 'Location: ?/reports/global' , true , $config [ 'redirect_http' ]);
}
else {
header ( 'Location: ?/reports' , true , $config [ 'redirect_http' ]);
}
2014-10-20 17:17:19 +02:00
}
2013-08-03 12:26:17 +02:00
function mod_config ( $board_config = false ) {
global $config , $mod , $board ;
if ( $board_config && ! openBoard ( $board_config ))
error ( $config [ 'error' ][ 'noboard' ]);
2012-05-20 12:20:50 +02:00
2013-08-03 12:26:17 +02:00
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_config' ], $board_config ))
2012-05-20 12:20:50 +02:00
error ( $config [ 'error' ][ 'noaccess' ]);
2013-08-03 12:26:17 +02:00
$config_file = $board_config ? $board [ 'dir' ] . 'config.php' : 'inc/instance-config.php' ;
2013-08-01 23:18:10 +02:00
if ( $config [ 'mod' ][ 'config_editor_php' ]) {
2013-08-03 12:26:17 +02:00
$readonly = ! ( is_file ( $config_file ) ? is_writable ( $config_file ) : is_writable ( dirname ( $config_file )));
2013-08-01 23:18:10 +02:00
if ( ! $readonly && isset ( $_POST [ 'code' ])) {
$code = $_POST [ 'code' ];
2013-09-21 04:21:05 +02:00
// Save previous instance_config if php_check_syntax fails
$old_code = file_get_contents ( $config_file );
2013-08-03 12:26:17 +02:00
file_put_contents ( $config_file , $code );
2013-09-21 04:21:05 +02:00
$resp = shell_exec_error ( 'php -l ' . $config_file );
if ( preg_match ( '/No syntax errors detected/' , $resp )) {
header ( 'Location: ?/config' . ( $board_config ? '/' . $board_config : '' ), true , $config [ 'redirect_http' ]);
return ;
}
else {
file_put_contents ( $config_file , $old_code );
error ( $config [ 'error' ][ 'badsyntax' ] . $resp );
}
2013-08-01 23:18:10 +02:00
}
2013-08-03 12:26:17 +02:00
$instance_config = @ file_get_contents ( $config_file );
if ( $instance_config === false ) {
$instance_config = " <?php \n \n // This file does not exist yet. You are creating it. " ;
}
2013-08-01 23:18:10 +02:00
$instance_config = str_replace ( " \n " , '
' , utf8tohtml ( $instance_config ));
2013-08-03 12:26:17 +02:00
mod_page ( _ ( 'Config editor' ), 'mod/config-editor-php.html' , array (
'php' => $instance_config ,
'readonly' => $readonly ,
'boards' => listBoards (),
'board' => $board_config ,
2013-09-23 08:48:56 +02:00
'file' => $config_file ,
'token' => make_secure_link_token ( 'config' . ( $board_config ? '/' . $board_config : '' ))
2013-08-03 12:26:17 +02:00
));
2013-08-01 23:18:10 +02:00
return ;
}
2012-05-20 12:20:50 +02:00
require_once 'inc/mod/config-editor.php' ;
$conf = config_vars ();
foreach ( $conf as & $var ) {
if ( is_array ( $var [ 'name' ])) {
$c = & $config ;
foreach ( $var [ 'name' ] as $n )
$c = & $c [ $n ];
} else {
2013-08-03 11:21:02 +02:00
$c = @ $config [ $var [ 'name' ]];
2012-05-20 12:20:50 +02:00
}
$var [ 'value' ] = $c ;
}
unset ( $var );
if ( isset ( $_POST [ 'save' ])) {
$config_append = '' ;
foreach ( $conf as $var ) {
$field_name = 'cf_' . ( is_array ( $var [ 'name' ]) ? implode ( '/' , $var [ 'name' ]) : $var [ 'name' ]);
if ( $var [ 'type' ] == 'boolean' )
$value = isset ( $_POST [ $field_name ]);
elseif ( isset ( $_POST [ $field_name ]))
$value = $_POST [ $field_name ];
else
continue ; // ???
if ( ! settype ( $value , $var [ 'type' ]))
continue ; // invalid
if ( $value != $var [ 'value' ]) {
// This value has been changed.
$config_append .= '$config' ;
if ( is_array ( $var [ 'name' ])) {
foreach ( $var [ 'name' ] as $name )
$config_append .= '[' . var_export ( $name , true ) . ']' ;
} else {
$config_append .= '[' . var_export ( $var [ 'name' ], true ) . ']' ;
}
2013-08-03 11:41:01 +02:00
$config_append .= ' = ' ;
2013-09-08 17:33:51 +02:00
if ( @ $var [ 'permissions' ] && isset ( $config [ 'mod' ][ 'groups' ][ $value ])) {
$config_append .= $config [ 'mod' ][ 'groups' ][ $value ];
2013-08-03 11:41:01 +02:00
} else {
$config_append .= var_export ( $value , true );
}
$config_append .= " ; \n " ;
2012-05-20 12:20:50 +02:00
}
}
2012-05-20 12:22:19 +02:00
if ( ! empty ( $config_append )) {
2012-05-20 12:20:50 +02:00
$config_append = " \n // Changes made via web editor by \" " . $mod [ 'username' ] . " \" @ " . date ( 'r' ) . " : \n " . $config_append . " \n " ;
2013-08-03 12:26:17 +02:00
if ( ! is_file ( $config_file ))
$config_append = " <?php \n \n $config_append " ;
if ( !@ file_put_contents ( $config_file , $config_append , FILE_APPEND )) {
2012-05-20 12:20:50 +02:00
$config_append = htmlentities ( $config_append );
2012-05-20 12:22:19 +02:00
if ( $config [ 'minify_html' ])
2012-05-20 12:20:50 +02:00
$config_append = str_replace ( " \n " , '
' , $config_append );
$page = array ();
$page [ 'title' ] = 'Cannot write to file!' ;
$page [ 'config' ] = $config ;
$page [ 'body' ] = '
2013-08-03 12:26:17 +02:00
< p style = " text-align:center " > Tinyboard could not write to < strong > ' . $config_file . ' </ strong > with the ammended configuration , probably due to a permissions error .</ p >
< p style = " text-align:center " > You may proceed with these changes manually by copying and pasting the following code to the end of < strong > ' . $config_file . ' </ strong >:</ p >
2012-05-20 12:20:50 +02:00
< textarea style = " width:700px;height:370px;margin:auto;display:block;background:white;color:black " readonly > ' . $config_append . ' </ textarea >
' ;
echo Element ( 'page.html' , $page );
exit ;
}
}
2013-09-23 08:48:56 +02:00
header ( 'Location: ?/config' . ( $board_config ? '/' . $board_config : '' ), true , $config [ 'redirect_http' ]);
2012-05-20 12:20:50 +02:00
exit ;
}
2013-09-23 08:48:56 +02:00
2013-08-03 12:26:17 +02:00
mod_page ( _ ( 'Config editor' ) . ( $board_config ? ': ' . sprintf ( $config [ 'board_abbreviation' ], $board_config ) : '' ),
'mod/config-editor.html' , array (
'boards' => listBoards (),
'board' => $board_config ,
'conf' => $conf ,
2013-09-23 08:48:56 +02:00
'file' => $config_file ,
'token' => make_secure_link_token ( 'config' . ( $board_config ? '/' . $board_config : '' ))
2013-08-03 12:26:17 +02:00
));
2012-05-20 12:20:50 +02:00
}
2012-08-12 16:18:13 +02:00
function mod_themes_list () {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2012-08-27 13:50:15 +02:00
if ( ! is_dir ( $config [ 'dir' ][ 'themes' ]))
2012-08-12 16:18:13 +02:00
error ( _ ( 'Themes directory doesn\'t exist!' ));
2012-08-27 13:50:15 +02:00
if ( ! $dir = opendir ( $config [ 'dir' ][ 'themes' ]))
2012-08-12 16:18:13 +02:00
error ( _ ( 'Cannot open themes directory; check permissions.' ));
2013-08-01 04:14:26 +02:00
$query = query ( 'SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL' ) or error ( db_error ());
2012-08-12 16:18:13 +02:00
$themes_in_use = $query -> fetchAll ( PDO :: FETCH_COLUMN );
// Scan directory for themes
$themes = array ();
while ( $file = readdir ( $dir )) {
if ( $file [ 0 ] != '.' && is_dir ( $config [ 'dir' ][ 'themes' ] . '/' . $file )) {
$themes [ $file ] = loadThemeConfig ( $file );
}
}
closedir ( $dir );
2013-09-23 08:48:56 +02:00
foreach ( $themes as $theme_name => & $theme ) {
$theme [ 'rebuild_token' ] = make_secure_link_token ( 'themes/' . $theme_name . '/rebuild' );
$theme [ 'uninstall_token' ] = make_secure_link_token ( 'themes/' . $theme_name . '/uninstall' );
}
2012-08-12 16:18:13 +02:00
mod_page ( _ ( 'Manage themes' ), 'mod/themes.html' , array (
'themes' => $themes ,
'themes_in_use' => $themes_in_use ,
));
}
function mod_theme_configure ( $theme_name ) {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2012-08-27 13:50:15 +02:00
if ( ! $theme = loadThemeConfig ( $theme_name )) {
2012-08-12 16:18:13 +02:00
error ( $config [ 'error' ][ 'invalidtheme' ]);
}
2012-08-27 13:50:15 +02:00
if ( isset ( $_POST [ 'install' ])) {
2012-08-12 16:18:13 +02:00
// Check if everything is submitted
2012-08-27 13:50:15 +02:00
foreach ( $theme [ 'config' ] as & $conf ) {
if ( ! isset ( $_POST [ $conf [ 'name' ]]) && $conf [ 'type' ] != 'checkbox' )
2012-08-12 16:18:13 +02:00
error ( sprintf ( $config [ 'error' ][ 'required' ], $c [ 'title' ]));
}
// Clear previous settings
2013-08-01 04:14:26 +02:00
$query = prepare ( " DELETE FROM ``theme_settings`` WHERE `theme` = :theme " );
2012-08-12 16:18:13 +02:00
$query -> bindValue ( ':theme' , $theme_name );
$query -> execute () or error ( db_error ( $query ));
2012-08-27 13:50:15 +02:00
foreach ( $theme [ 'config' ] as & $conf ) {
2013-08-01 04:14:26 +02:00
$query = prepare ( " INSERT INTO ``theme_settings`` VALUES(:theme, :name, :value) " );
2012-08-12 16:18:13 +02:00
$query -> bindValue ( ':theme' , $theme_name );
$query -> bindValue ( ':name' , $conf [ 'name' ]);
2013-08-18 18:03:54 +02:00
if ( $conf [ 'type' ] == 'checkbox' )
$query -> bindValue ( ':value' , isset ( $_POST [ $conf [ 'name' ]]) ? 1 : 0 );
else
$query -> bindValue ( ':value' , $_POST [ $conf [ 'name' ]]);
2012-08-12 16:18:13 +02:00
$query -> execute () or error ( db_error ( $query ));
}
2015-04-05 16:59:04 +02:00
2013-08-01 04:14:26 +02:00
$query = prepare ( " INSERT INTO ``theme_settings`` VALUES(:theme, NULL, NULL) " );
2012-08-12 16:18:13 +02:00
$query -> bindValue ( ':theme' , $theme_name );
$query -> execute () or error ( db_error ( $query ));
2015-04-05 16:59:04 +02:00
// Clean cache
Cache :: delete ( " themes " );
2015-04-23 07:57:52 +02:00
Cache :: delete ( " theme_settings_ " . $theme_name );
2012-08-12 16:18:13 +02:00
$result = true ;
$message = false ;
2012-08-27 13:50:15 +02:00
if ( isset ( $theme [ 'install_callback' ])) {
2012-08-12 16:18:13 +02:00
$ret = $theme [ 'install_callback' ]( themeSettings ( $theme_name ));
2012-08-27 13:50:15 +02:00
if ( $ret && ! empty ( $ret )) {
if ( is_array ( $ret ) && count ( $ret ) == 2 ) {
2012-08-12 16:18:13 +02:00
$result = $ret [ 0 ];
$message = $ret [ 1 ];
}
}
}
2012-08-27 13:50:15 +02:00
if ( ! $result ) {
2012-08-12 16:18:13 +02:00
// Install failed
2013-08-01 04:14:26 +02:00
$query = prepare ( " DELETE FROM ``theme_settings`` WHERE `theme` = :theme " );
2012-08-12 16:18:13 +02:00
$query -> bindValue ( ':theme' , $theme_name );
$query -> execute () or error ( db_error ( $query ));
}
// Build themes
rebuildThemes ( 'all' );
mod_page ( sprintf ( _ ( $result ? 'Installed theme: %s' : 'Installation failed: %s' ), $theme [ 'name' ]), 'mod/theme_installed.html' , array (
'theme_name' => $theme_name ,
'theme' => $theme ,
'result' => $result ,
2013-09-23 08:48:56 +02:00
'message' => $message
2012-08-12 16:18:13 +02:00
));
2013-02-28 22:56:44 +01:00
return ;
2012-08-12 16:18:13 +02:00
}
$settings = themeSettings ( $theme_name );
mod_page ( sprintf ( _ ( 'Configuring theme: %s' ), $theme [ 'name' ]), 'mod/theme_config.html' , array (
'theme_name' => $theme_name ,
'theme' => $theme ,
'settings' => $settings ,
2013-09-23 08:48:56 +02:00
'token' => make_secure_link_token ( 'themes/' . $theme_name )
2012-08-12 16:18:13 +02:00
));
}
function mod_theme_uninstall ( $theme_name ) {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2015-04-05 16:59:04 +02:00
2013-08-01 04:14:26 +02:00
$query = prepare ( " DELETE FROM ``theme_settings`` WHERE `theme` = :theme " );
2012-08-12 16:18:13 +02:00
$query -> bindValue ( ':theme' , $theme_name );
$query -> execute () or error ( db_error ( $query ));
2015-04-05 16:59:04 +02:00
// Clean cache
Cache :: delete ( " themes " );
Cache :: delete ( " theme_settings_ " . $theme );
2012-08-12 16:18:13 +02:00
header ( 'Location: ?/themes' , true , $config [ 'redirect_http' ]);
}
function mod_theme_rebuild ( $theme_name ) {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
rebuildTheme ( $theme_name , 'all' );
mod_page ( sprintf ( _ ( 'Rebuilt theme: %s' ), $theme_name ), 'mod/theme_rebuilt.html' , array (
'theme_name' => $theme_name ,
));
}
2013-01-25 12:18:03 +01:00
2015-03-29 03:18:14 +02:00
// This needs to be done for `secure` CSRF prevention compatibility, otherwise the $board will be read in as the token if editing global pages.
function delete_page_base ( $page = '' , $board = false ) {
global $config , $mod ;
if ( empty ( $board ))
$board = false ;
if ( ! $board && $mod [ 'boards' ][ 0 ] !== '*' )
error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_pages' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( $board !== FALSE && ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
2015-03-29 04:34:01 +02:00
if ( preg_match ( '/^[a-z0-9]{1,255}$/' , $page ) && ! preg_match ( '/^(index|catalog|index\+50)|(\d+)$/' , $page )) {
if ( $board ) {
$query = prepare ( 'DELETE FROM ``pages`` WHERE `board` = :board AND `name` = :name' );
$query -> bindValue ( ':board' , ( $board ? $board : NULL ));
} else {
$query = prepare ( 'DELETE FROM ``pages`` WHERE `board` IS NULL AND `name` = :name' );
}
$query -> bindValue ( ':name' , $page );
$query -> execute () or error ( db_error ( $query ));
@ file_unlink (( $board ? ( $board . '/' ) : '' ) . $page . '.html' );
2015-03-29 03:18:14 +02:00
}
header ( 'Location: ?/edit_pages' . ( $board ? ( '/' . $board ) : '' ), true , $config [ 'redirect_http' ]);
}
function mod_delete_page ( $page = '' ) {
delete_page_base ( $page );
}
function mod_delete_page_board ( $page = '' , $board = false ) {
delete_page_base ( $page , $board );
}
function mod_edit_page ( $id ) {
global $config , $mod , $board ;
$query = prepare ( 'SELECT * FROM ``pages`` WHERE `id` = :id' );
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
$page = $query -> fetch ();
if ( ! $page )
error ( _ ( 'Could not find the page you are trying to edit.' ));
if ( ! $page [ 'board' ] && $mod [ 'boards' ][ 0 ] !== '*' )
error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_pages' ], $page [ 'board' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( $page [ 'board' ] && ! openBoard ( $page [ 'board' ]))
error ( $config [ 'error' ][ 'noboard' ]);
if ( isset ( $_POST [ 'method' ], $_POST [ 'content' ])) {
$content = $_POST [ 'content' ];
$method = $_POST [ 'method' ];
$page [ 'type' ] = $method ;
if ( ! in_array ( $method , array ( 'markdown' , 'html' , 'infinity' )))
error ( _ ( 'Unrecognized page markup method.' ));
switch ( $method ) {
case 'markdown' :
2015-03-30 00:32:14 +02:00
$write = purify_html ( markdown ( $content ));
2015-03-29 03:18:14 +02:00
break ;
case 'html' :
if ( hasPermission ( $config [ 'mod' ][ 'rawhtml' ])) {
$write = $content ;
} else {
$write = purify_html ( $content );
}
break ;
case 'infinity' :
$c = $content ;
markup ( $content );
$write = $content ;
$content = $c ;
}
if ( ! isset ( $write ) or ! $write )
error ( _ ( 'Failed to mark up your input for some reason...' ));
$query = prepare ( 'UPDATE ``pages`` SET `type` = :method, `content` = :content WHERE `id` = :id' );
$query -> bindValue ( ':method' , $method );
$query -> bindValue ( ':content' , $content );
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
$fn = ( $board [ 'uri' ] ? ( $board [ 'uri' ] . '/' ) : '' ) . $page [ 'name' ] . '.html' ;
$body = " <div class='ban'> $write </div> " ;
$html = Element ( 'page.html' , array ( 'config' => $config , 'body' => $body , 'title' => utf8tohtml ( $page [ 'title' ])));
file_write ( $fn , $html );
2015-04-03 12:04:03 +02:00
modLog ( " Edited page { $page [ 'name' ] } <span class='unimportant'>(# { $page [ 'id' ] } )</span> " );
2015-03-29 03:18:14 +02:00
}
if ( ! isset ( $content )) {
$query = prepare ( 'SELECT `content` FROM ``pages`` WHERE `id` = :id' );
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
$content = $query -> fetchColumn ();
}
mod_page ( sprintf ( _ ( 'Editing static page: %s' ), $page [ 'name' ]), 'mod/edit_page.html' , array ( 'page' => $page , 'token' => make_secure_link_token ( " edit_page/ $id " ), 'content' => prettify_textarea ( $content ), 'board' => $board ));
}
function mod_pages ( $board = false ) {
global $config , $mod , $pdo ;
if ( empty ( $board ))
$board = false ;
if ( ! $board && $mod [ 'boards' ][ 0 ] !== '*' )
error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_pages' ], $board ))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( $board !== FALSE && ! openBoard ( $board ))
error ( $config [ 'error' ][ 'noboard' ]);
if ( $board ) {
$query = prepare ( 'SELECT * FROM ``pages`` WHERE `board` = :board' );
$query -> bindValue ( ':board' , $board );
} else {
$query = query ( 'SELECT * FROM ``pages`` WHERE `board` IS NULL' );
}
$query -> execute () or error ( db_error ( $query ));
$pages = $query -> fetchAll ( PDO :: FETCH_ASSOC );
if ( isset ( $_POST [ 'page' ])) {
if ( $board and sizeof ( $pages ) > $config [ 'pages_max' ])
error ( sprintf ( _ ( 'Sorry, this site only allows %d pages per board.' ), $config [ 'pages_max' ]));
if ( ! preg_match ( '/^[a-z0-9]{1,255}$/' , $_POST [ 'page' ]))
error ( _ ( 'Page names must be < 255 chars and may only contain lowercase letters A-Z and digits 1-9.' ));
2015-03-29 04:34:01 +02:00
if ( preg_match ( '/^(index|catalog|index\+50)|(\d+)$/' , $_POST [ 'page' ]))
error ( _ ( 'Nope.' ));
2015-03-29 03:18:14 +02:00
foreach ( $pages as $i => $p ) {
if ( $_POST [ 'page' ] === $p [ 'name' ])
error ( _ ( 'Refusing to create a new page with the same name as an existing one.' ));
}
$title = ( $_POST [ 'title' ] ? $_POST [ 'title' ] : NULL );
$query = prepare ( 'INSERT INTO ``pages``(board, title, name) VALUES(:board, :title, :name)' );
$query -> bindValue ( ':board' , ( $board ? $board : NULL ));
$query -> bindValue ( ':title' , $title );
$query -> bindValue ( ':name' , $_POST [ 'page' ]);
$query -> execute () or error ( db_error ( $query ));
$pages [] = array ( 'id' => $pdo -> lastInsertId (), 'name' => $_POST [ 'page' ], 'board' => $board , 'title' => $title );
}
foreach ( $pages as $i => & $p ) {
$p [ 'delete_token' ] = make_secure_link_token ( 'edit_pages/delete/' . $p [ 'name' ] . ( $board ? ( '/' . $board ) : '' ));
}
mod_page ( _ ( 'Pages' ), 'mod/pages.html' , array ( 'pages' => $pages , 'token' => make_secure_link_token ( 'edit_pages' . ( $board ? ( '/' . $board ) : '' )), 'board' => $board ));
}
2013-01-25 12:18:03 +01:00
function mod_debug_antispam () {
global $pdo , $config ;
2013-10-31 23:14:19 +01:00
if ( ! hasPermission ( $config [ 'mod' ][ 'debug_antispam' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-01-25 12:18:03 +01:00
$args = array ();
if ( isset ( $_POST [ 'board' ], $_POST [ 'thread' ])) {
$where = '`board` = ' . $pdo -> quote ( $_POST [ 'board' ]);
if ( $_POST [ 'thread' ] != '' )
$where .= ' AND `thread` = ' . $pdo -> quote ( $_POST [ 'thread' ]);
if ( isset ( $_POST [ 'purge' ])) {
2013-08-01 04:14:26 +02:00
$query = prepare ( ', DATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where );
2013-01-25 12:18:03 +01:00
$query -> bindValue ( ':expires' , $config [ 'spam' ][ 'hidden_inputs_expire' ]);
$query -> execute () or error ( db_error ());
}
$args [ 'board' ] = $_POST [ 'board' ];
$args [ 'thread' ] = $_POST [ 'thread' ];
} else {
$where = '' ;
}
2013-08-01 04:14:26 +02:00
$query = query ( 'SELECT COUNT(*) FROM ``antispam``' . ( $where ? " WHERE $where " : '' )) or error ( db_error ());
2013-08-01 02:51:43 +02:00
$args [ 'total' ] = number_format ( $query -> fetchColumn ());
2013-01-25 12:18:03 +01:00
2013-08-01 04:14:26 +02:00
$query = query ( 'SELECT COUNT(*) FROM ``antispam`` WHERE `expires` IS NOT NULL' . ( $where ? " AND $where " : '' )) or error ( db_error ());
2013-08-01 02:51:43 +02:00
$args [ 'expiring' ] = number_format ( $query -> fetchColumn ());
2013-01-25 12:18:03 +01:00
2013-08-01 04:14:26 +02:00
$query = query ( 'SELECT * FROM ``antispam`` ' . ( $where ? " WHERE $where " : '' ) . ' ORDER BY `passed` DESC LIMIT 40' ) or error ( db_error ());
2013-01-25 12:18:03 +01:00
$args [ 'top' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2013-08-01 04:14:26 +02:00
$query = query ( 'SELECT * FROM ``antispam`` ' . ( $where ? " WHERE $where " : '' ) . ' ORDER BY `created` DESC LIMIT 20' ) or error ( db_error ());
2013-01-25 12:18:03 +01:00
$args [ 'recent' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
mod_page ( _ ( 'Debug: Anti-spam' ), 'mod/debug/antispam.html' , $args );
}
function mod_debug_recent_posts () {
global $pdo , $config ;
2013-10-31 23:14:19 +01:00
if ( ! hasPermission ( $config [ 'mod' ][ 'debug_recent' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
2013-01-25 12:18:03 +01:00
2013-01-25 12:23:26 +01:00
$limit = 500 ;
2013-01-25 12:18:03 +01:00
$boards = listBoards ();
// Manually build an SQL query
$query = 'SELECT * FROM (' ;
foreach ( $boards as $board ) {
2013-08-01 04:14:26 +02:00
$query .= sprintf ( 'SELECT *, %s AS `board` FROM ``posts_%s`` UNION ALL ' , $pdo -> quote ( $board [ 'uri' ]), $board [ 'uri' ]);
2013-01-25 12:18:03 +01:00
}
// Remove the last "UNION ALL" seperator and complete the query
$query = preg_replace ( '/UNION ALL $/' , ') AS `all_posts` ORDER BY `time` DESC LIMIT ' . $limit , $query );
$query = query ( $query ) or error ( db_error ());
$posts = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2013-09-09 12:16:13 +02:00
// Fetch recent posts from flood prevention cache
$query = query ( " SELECT * FROM ``flood`` ORDER BY `time` DESC " ) or error ( db_error ());
$flood_posts = $query -> fetchAll ( PDO :: FETCH_ASSOC );
2013-01-25 12:18:03 +01:00
foreach ( $posts as & $post ) {
$post [ 'snippet' ] = pm_snippet ( $post [ 'body' ]);
2013-09-09 12:16:13 +02:00
foreach ( $flood_posts as $flood_post ) {
if ( $flood_post [ 'time' ] == $post [ 'time' ] &&
$flood_post [ 'posthash' ] == make_comment_hex ( $post [ 'body_nomarkup' ]) &&
$flood_post [ 'filehash' ] == $post [ 'filehash' ])
$post [ 'in_flood_table' ] = true ;
}
2013-01-25 12:18:03 +01:00
}
2013-09-09 12:16:13 +02:00
mod_page ( _ ( 'Debug: Recent posts' ), 'mod/debug/recent_posts.html' , array ( 'posts' => $posts , 'flood_posts' => $flood_posts ));
2013-01-25 12:18:03 +01:00
}
2013-01-25 13:56:55 +01:00
function mod_debug_sql () {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'debug_sql' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
$args [ 'security_token' ] = make_secure_link_token ( 'debug/sql' );
if ( isset ( $_POST [ 'query' ])) {
$args [ 'query' ] = $_POST [ 'query' ];
if ( $query = query ( $_POST [ 'query' ])) {
$args [ 'result' ] = $query -> fetchAll ( PDO :: FETCH_ASSOC );
if ( ! empty ( $args [ 'result' ]))
$args [ 'keys' ] = array_keys ( $args [ 'result' ][ 0 ]);
else
$args [ 'result' ] = 'empty' ;
} else {
$args [ 'error' ] = db_error ();
}
}
mod_page ( _ ( 'Debug: SQL' ), 'mod/debug/sql.html' , $args );
}
2013-09-23 02:11:16 +02:00
function mod_debug_apc () {
global $config ;
if ( ! hasPermission ( $config [ 'mod' ][ 'debug_apc' ]))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( $config [ 'cache' ][ 'enabled' ] != 'apc' )
error ( 'APC is not enabled.' );
2013-09-23 02:21:18 +02:00
$cache_info = apc_cache_info ( 'user' );
2013-09-23 02:11:16 +02:00
2013-09-23 02:21:18 +02:00
// $cached_vars = new APCIterator('user', '/^' . $config['cache']['prefix'] . '/');
$cached_vars = array ();
foreach ( $cache_info [ 'cache_list' ] as $var ) {
2013-09-23 02:41:47 +02:00
if ( $config [ 'cache' ][ 'prefix' ] != '' && strpos ( isset ( $var [ 'key' ]) ? $var [ 'key' ] : $var [ 'info' ], $config [ 'cache' ][ 'prefix' ]) !== 0 )
continue ;
2013-09-23 02:21:18 +02:00
$cached_vars [] = $var ;
}
2013-09-23 02:41:47 +02:00
2013-09-23 02:11:16 +02:00
mod_page ( _ ( 'Debug: APC' ), 'mod/debug/apc.html' , array ( 'cached_vars' => $cached_vars ));
}
2015-03-29 03:18:14 +02:00