1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2025-01-18 09:04:44 +01:00
This commit is contained in:
Michael Save 2012-04-13 10:41:30 +10:00
parent 2843ddc482
commit 7f6f836bf8
6 changed files with 191 additions and 16 deletions

View File

@ -55,6 +55,8 @@ function parse_time($str) {
function ban($mask, $reason, $length, $board) {
global $mod;
// TODO: permissions
$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board)");
$query->bindValue(':ip', $mask);
$query->bindValue(':mod', $mod['id']);
@ -79,6 +81,8 @@ function ban($mask, $reason, $length, $board) {
}
function unban($id) {
// TODO: permissions
$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));

View File

@ -52,7 +52,11 @@ function mod_login() {
if (isset($_POST['username']))
$args['username'] = $_POST['username'];
mod_page('Dashboard', 'mod/login.html', $args);
mod_page('Login', 'mod/login.html', $args);
}
function mod_confirm($request) {
mod_page('Confirm action', 'mod/confirm.html', array('request' => $request));
}
function mod_dashboard() {
@ -63,6 +67,21 @@ function mod_dashboard() {
mod_page('Dashboard', 'mod/dashboard.html', $args);
}
function mod_log($page_no = 1) {
global $config;
if (!hasPermission($config['mod']['modlog']))
error($config['error']['noaccess']);
$query = prepare("SELECT `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$logs = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page('Moderation log', 'mod/log.html', array('logs' => $logs));
}
function mod_view_board($boardName, $page_no = 1) {
global $config, $mod;
@ -91,6 +110,20 @@ function mod_view_thread($boardName, $thread) {
echo $page;
}
function mod_ip_remove_note($ip, $id) {
global $config, $mod;
if (filter_var($ip, FILTER_VALIDATE_IP) === false)
error("Invalid IP address.");
$query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id');
$query->bindValue(':ip', $ip);
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
}
function mod_page_ip($ip) {
global $config, $mod;
@ -105,6 +138,21 @@ function mod_page_ip($ip) {
return;
}
if (isset($_POST['note'])) {
// TODO: permissions
markup($_POST['note']);
$query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)');
$query->bindValue(':ip', $ip);
$query->bindValue(':mod', $mod['id']);
$query->bindValue(':time', time());
$query->bindValue(':body', $_POST['note']);
$query->execute() or error(db_error($query));
header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
return;
}
$args = array();
$args['ip'] = $ip;
$args['posts'] = array();
@ -145,14 +193,26 @@ function mod_page_ip($ip) {
$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
$query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
$args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page("IP: $ip", 'mod/view_ip.html', $args);
}
function mod_page_ban() {
if(!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board']))
error($config['error']['missedafield']);
function mod_ban() {
if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
mod_page("New ban", 'mod/ban_form.html', array());
return;
}
$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
$ip = $_POST['ip'];
@ -166,3 +226,23 @@ function mod_page_ban() {
header('Location: ?/', true, $config['redirect_http']);
}
function mod_delete($board, $post) {
global $config, $mod;
if (!openBoard($board))
error($config['error']['noboard']);
if (!hasPermission($config['mod']['delete'], $board))
error($config['error']['noaccess']);
// Delete post
deletePost($post);
// Record the action
modLog("Deleted post #{$post}");
// Rebuild board
buildIndex();
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
}

15
mod.php
View File

@ -21,11 +21,18 @@ if (get_magic_quotes_gpc()) {
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
$pages = array(
'!^$!' => ':?/', // redirect to dashboard
'!^/$!' => 'dashboard', // dashboard
'!^$!' => ':?/', // redirect to dashboard
'!^/$!' => 'dashboard', // dashboard
'!^/log$!' => 'log', // modlog
'!^/log/(\d+)/$!' => 'log', // modlog
'!^/IP/(.+)$!' => 'ip', // view ip address
'!^/ban$!' => 'ban', // new ban
'!^/confirm/(.+)$!' => 'confirm', // confirm action (if javascript didn't work)
'!^/ban$!' => 'ban', // new ban
'!^/IP/([\w.:]+)$!' => 'ip', // view ip address
'!^/IP/([\w.:]+)/remove_note/(\d+)$!' => 'ip_remove_note', // remove note from ip address
'!^/(\w+)/delete/(\d+)$!' => 'delete', // delete post
// This should always be at the end:
'!^/(\w+)/' . preg_quote($config['file_index'], '!') . '?$!' => 'view_board',

View File

@ -0,0 +1,7 @@
<p style="text-align:center;font-size:1.1em">
Are you sure you want to do that? <a href="?/{{ request }}">Click to proceed to ?/{{ request }}</a>.
</p>
<p class="unimportant" style="text-align:center">
You are seeing this message because we were unable to serve a confirmation dialog, probably due to Javascript being disabled.
</p>

11
templates/mod/log.html Normal file
View File

@ -0,0 +1,11 @@
<table class="modlog">
<tr>
<th>
</th>
</tr>
{% for log in logs %}
{% endfor %}
</table>

View File

@ -9,9 +9,73 @@
</fieldset>
{% endfor %}
{% set redirect = '?/IP/' ~ ip %}
{% if mod|hasPermission(config.mod.view_notes) %}
<fieldset>
<legend>
{{ notes|count }} note{% if notes|count != 1 %}s{% endif %} on record
</legend>
{% if notes|count > 0 %}
<table class="modlog">
<tr>
<th>Staff</th>
<th>Note</th>
<th>Date</th>
{% if mod|hasPermission(config.mod.remove_notes) %}
<th>Actions</th>
{% endif %}
</tr>
{% for note in notes %}
<tr>
<td class="minimal">
{% if note.username %}
<a href="?/new_PM/{{ note.username }}">{{ note.username }}</a>
{% else %}
<em>deleted?</em>
{% endif %}
</td>
<td>
{{ note.body }}
</td>
<td class="minimal">
{{ note.time|date(config.post_date) }}
</td>
{% if mod|hasPermission(config.mod.remove_notes) %}
<td class="minimal">
<a href="?/IP/{{ ip }}/remove_note/{{ note.id }}"><small>[remove]</small></a>
</td>
{% endif %}
</tr>
{% endfor %}
</table>
{% endif %}
{% if mod|hasPermission(config.mod.create_notes) %}
<form action="" method="post" style="margin:0">
<table>
<tr>
<th>Staff</th>
<td>{{ mod.username }}</td>
</tr>
<tr>
<th>
<label for="note">Note</label>
</th>
<td>
<textarea id="note" name="note" rows="5" cols="30"></textarea>
</td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="New note"></td>
</tr>
</table>
</form>
{% endif %}
</fieldset>
{% endif %}
{% if bans|count > 0 %}
{% if bans|count > 0 and mod|hasPermission(config.mod.view_ban) %}
<fieldset>
<legend>Ban{% if bans|count != 1 %}s{% endif %} on record</legend>
@ -84,8 +148,10 @@
</fieldset>
{% endif %}
<fieldset>
<legend>New ban</legend>
{% include 'mod/ban_form.html' %}
</fieldset>
{% if mod|hasPermission(config.mod.ban) %}
<fieldset>
<legend>New ban</legend>
{% set redirect = '?/IP/' ~ ip %}
{% include 'mod/ban_form.html' %}
</fieldset>
{% endif %}