1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-27 17:00:52 +01:00

begin implementation of in-built ban appealing

This commit is contained in:
Michael Foster 2013-09-21 12:51:23 +10:00
parent df143c6b50
commit a9b7f9b1bc
9 changed files with 324 additions and 66 deletions

View File

@ -523,9 +523,31 @@
// pure-PHP geolocation library.
$config['country_flags'] = false;
/*
* ====================
* Ban settings
* ====================
*/
// Require users to see the ban page at least once for a ban even if it has since expired.
$config['require_ban_view'] = true;
// Show the post the user was banned for on the "You are banned" page.
$config['ban_show_post'] = false;
// Optional HTML to append to "You are banned" pages. For example, you could include instructions and/or
// a link to an email address or IRC chat room to appeal the ban.
$config['ban_page_extra'] = '';
// Allow users to appeal bans through Tinyboard.
$config['ban_appeals'] = false;
// Do not allow users to appeal bans that are shorter than this length (in seconds).
$config['ban_appeals_min_length'] = 60 * 60 * 6; // 6 hours
// How many ban appeals can be made for a single ban?
$config['ban_appeals_max'] = 1;
/*
* ====================
* Markup settings
@ -821,13 +843,6 @@
// Automatically remove unnecessary whitespace when compiling HTML files from templates.
$config['minify_html'] = true;
// Show the post the user was banned for on the "You are banned" page.
$config['ban_show_post'] = false;
// Optional HTML to append to "You are banned" pages. For example, you could include instructions and/or
// a link to an email address or IRC chat room to appeal the ban.
$config['ban_page_extra'] = '';
// Display flags (when available). This config option has no effect unless poster flags are enabled (see
// $config['country_flags']). Disable this if you want all previously-assigned flags to be hidden.
$config['display_flags'] = true;
@ -1322,6 +1337,10 @@
$config['mod']['debug_sql'] = DISABLED;
// Edit the current configuration (via web interface)
$config['mod']['edit_config'] = ADMIN;
// View ban appeals
$config['mod']['view_ban_appeals'] = MOD;
// Accept and deny ban appeals
$config['mod']['ban_appeals'] = MOD;
// Config editor permissions
$config['mod']['config'] = array();

View File

@ -625,15 +625,20 @@ function displayBan($ban) {
$ban['ip'] = $_SERVER['REMOTE_ADDR'];
if ($ban['post'] && isset($ban['post']['board'], $ban['post']['id'])) {
openBoard($ban['post']['board']);
if (openBoard($ban['post']['board'])) {
$query = query(sprintf("SELECT `thumb`, `file` FROM ``posts_%s`` WHERE `id` = " . (int)$ban['post']['id'], $board['uri']));
$query = query(sprintf("SELECT `thumb`, `file` FROM ``posts_%s`` WHERE `id` = " .
(int)$ban['post']['id'], $board['uri']));
if ($_post = $query->fetch(PDO::FETCH_ASSOC)) {
$ban['post'] = array_merge($ban['post'], $_post);
} else {
$ban['post']['file'] = 'deleted';
$ban['post']['thumb'] = false;
}
} else {
$ban['post']['file'] = 'deleted';
$ban['post']['thumb'] = false;
}
if ($ban['post']['thread']) {
$post = new Post($ban['post']);
@ -641,6 +646,21 @@ function displayBan($ban) {
$post = new Thread($ban['post'], null, false, false);
}
}
$denied_appeals = array();
$pending_appeal = false;
if ($config['ban_appeals']) {
$query = query("SELECT `time`, `denied` FROM `ban_appeals` WHERE `ban_id` = " . (int)$ban['id']) or error(db_error());
while ($ban_appeal = $query->fetch(PDO::FETCH_ASSOC)) {
if ($ban_appeal['denied']) {
$denied_appeals[] = $ban_appeal['time'];
} else {
$pending_appeal = $ban_appeal['time'];
}
}
}
// Show banned page and exit
die(
Element('page.html', array(
@ -651,7 +671,9 @@ function displayBan($ban) {
'config' => $config,
'ban' => $ban,
'board' => $board,
'post' => isset($post) ? $post->build(true) : false
'post' => isset($post) ? $post->build(true) : false,
'denied_appeals' => $denied_appeals,
'pending_appeal' => $pending_appeal
)
))
));

View File

@ -197,36 +197,6 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
// Form a series of LIKE clauses for the query.
// This gets a little complicated.
// Escape "escape" character
$query = str_replace('!', '!!', $query);
// Escape SQL wildcard
$query = str_replace('%', '!%', $query);
// Use asterisk as wildcard instead
$query = str_replace('*', '%', $query);
$query = str_replace('`', '!`', $query);
// Array of phrases to match
$match = array();
// Exact phrases ("like this")
if (preg_match_all('/"(.+?)"/', $query, $exact_phrases)) {
$exact_phrases = $exact_phrases[1];
foreach ($exact_phrases as $phrase) {
$query = str_replace("\"{$phrase}\"", '', $query);
$match[] = $pdo->quote($phrase);
}
}
// Non-exact phrases (ie. plain keywords)
$keywords = explode(' ', $query);
foreach ($keywords as $word) {
if (empty($word))
continue;
$match[] = $pdo->quote($word);
}
// Which `field` to search?
if ($type == 'posts')
@ -238,22 +208,6 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
if ($type == 'log')
$sql_field = 'text';
// Build the "LIKE 'this' AND LIKE 'that'" etc. part of the SQL query
$sql_like = '';
foreach ($match as $phrase) {
if (!empty($sql_like))
$sql_like .= ' AND ';
$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
if (is_array($sql_field)) {
foreach ($sql_field as $field) {
$sql_like .= '`' . $field . '` LIKE ' . $phrase . ' ESCAPE \'!\' OR';
}
$sql_like = preg_replace('/ OR$/', '', $sql_like);
} else {
$sql_like .= '`' . $sql_field . '` LIKE ' . $phrase . ' ESCAPE \'!\'';
}
}
// Compile SQL query
@ -884,6 +838,68 @@ function mod_bans($page_no = 1) {
mod_page(_('Ban list'), 'mod/ban_list.html', array('bans' => $bans, 'count' => Bans::count()));
}
function mod_ban_appeals() {
global $config, $board;
if (!hasPermission($config['mod']['view_ban_appeals']))
error($config['error']['noaccess']);
// Remove stale ban appeals
query("DELETE FROM ``ban_appeals`` WHERE NOT EXISTS (SELECT 1 FROM ``bans`` WHERE `ban_id` = ``bans``.`id`)")
or error(db_error());
if (isset($_POST['appeal_id']) && (isset($_POST['unban']) || isset($_POST['deny']))) {
if (!hasPermission($config['mod']['ban_appeals']))
error($config['error']['noaccess']);
if (isset($_POST['unban'])) {
$query = query("SELECT `ban_id` FROM ``ban_appeals`` WHERE `id` = " .
(int)$_POST['appeal_id']) or error(db_error());
if ($ban_id = $query->fetchColumn()) {
Bans::delete($ban_id);
query("DELETE FROM ``ban_appeals`` WHERE `id` = " . (int)$_POST['appeal_id']) or error(db_error());
}
} else {
query("UPDATE ``ban_appeals`` SET `denied` = 1 WHERE `id` = " . (int)$_POST['appeal_id']) or error(db_error());
}
header('Location: ?/ban-appeals', true, $config['redirect_http']);
return;
}
$query = query("SELECT *, ``ban_appeals``.`id` AS `id` FROM ``ban_appeals``
LEFT JOIN ``bans`` ON `ban_id` = ``bans``.`id`
WHERE `denied` != 1 ORDER BY `time`") or error(db_error());
$ban_appeals = $query->fetchAll(PDO::FETCH_ASSOC);
foreach ($ban_appeals as &$ban) {
if ($ban['post'])
$ban['post'] = json_decode($ban['post'], true);
$ban['mask'] = Bans::range_to_string(array($ban['ipstart'], $ban['ipend']));
if ($ban['post'] && isset($ban['post']['board'], $ban['post']['id'])) {
if (openBoard($ban['post']['board'])) {
$query = query(sprintf("SELECT `thumb`, `file` FROM ``posts_%s`` WHERE `id` = " .
(int)$ban['post']['id'], $board['uri']));
if ($_post = $query->fetch(PDO::FETCH_ASSOC)) {
$ban['post'] = array_merge($ban['post'], $_post);
} else {
$ban['post']['file'] = 'deleted';
$ban['post']['thumb'] = false;
}
} else {
$ban['post']['file'] = 'deleted';
$ban['post']['thumb'] = false;
}
if ($ban['post']['thread']) {
$ban['post'] = new Post($ban['post']);
} else {
$ban['post'] = new Thread($ban['post'], null, false, false);
}
}
}
mod_page(_('Ban appeals'), 'mod/ban_appeals.html', array('ban_appeals' => $ban_appeals));
}
function mod_lock($board, $unlock, $post) {
global $config;

View File

@ -59,6 +59,7 @@ $pages = array(
'/IP/([\w.:]+)/remove_note/(\d+)' => 'ip_remove_note', // remove note from ip address
'/bans' => 'bans', // ban list
'/bans/(\d+)' => 'bans', // ban list
'/ban-appeals' => 'ban_appeals', // view ban appeals
'/search' => 'search_redirect', // search
'/search/(posts|IP_notes|bans|log)/(.+)/(\d+)' => 'search', // search

View File

@ -763,6 +763,47 @@ if (isset($_POST['delete'])) {
'id' => $id
));
}
} elseif (isset($_POST['appeal'])) {
if (!isset($_POST['ban_id']))
error($config['error']['bot']);
$ban_id = (int)$_POST['ban_id'];
$bans = Bans::find($_SERVER['REMOTE_ADDR']);
foreach ($bans as $_ban) {
if ($_ban['id'] == $ban_id) {
$ban = $_ban;
break;
}
}
if (!isset($ban)) {
error(_("That ban doesn't exist or is not for you."));
}
if ($ban['expires'] && $ban['expires'] - $ban['created'] <= $config['ban_appeals_min_length']) {
error(_("You cannot appeal a ban of this length."));
}
$query = query("SELECT `denied` FROM ``ban_appeals`` WHERE `ban_id` = $ban_id") or error(db_error());
$ban_appeals = $query->fetchAll(PDO::FETCH_COLUMN);
if (count($ban_appeals) >= $config['ban_appeals_max']) {
error(_("You cannot appeal this ban again."));
}
foreach ($ban_appeals as $is_denied) {
if (!$is_denied)
error(_("There is already a pending appeal for this ban."));
}
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)");
$query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':message', $_POST['appeal']);
$query->execute() or error(db_error($query));
displayBan($ban);
} else {
if (!file_exists($config['has_installed'])) {
header('Location: install.php', true, $config['redirect_http']);

View File

@ -425,3 +425,9 @@ p.intro.thread-hidden {
margin: 0px;
padding: 0px;
}
form.ban-appeal {
margin: 9px 20px;
}
form.ban-appeal textarea {
display: block;
}

View File

@ -77,16 +77,60 @@
</p>
<p>{% trans %}Your IP address is{% endtrans %} <strong>{{ ban.ip }}</strong>.</p>
{% if post %}
{% if config.ban_page_extra %}
<p>{{ config.ban_page_extra }}</p>
{% endif %}
{% if post and config.ban_show_post %}
<hr>
<p>You were banned for the following post on {{ board.url }}:</p>
<p>{% trans %}You were banned for the following post on {% endtrans %}{{ board.url }}:</p>
{{ post }}
<br>
{% endif %}
{% if config.ban_page_extra %}
<p>{{ config.ban_page_extra }}</p>
{% if config.ban_appeals %}
<hr>
{% if pending_appeal %}
<p>
{% trans %}You submitted an appeal for this ban on{% endtrans %}
<strong>{{ pending_appeal|date(config.ban_date) }}</strong>. {% trans %}It is still pending{% endtrans %}.
</p>
{% elseif denied_appeals|length >= config.ban_appeals_max %}
{% if denied_appeals|length == 1 %}
<p>
{% trans %}You appealed this ban on{% endtrans %}
<strong>{{ denied_appeals[0]|date(config.ban_date) }}</strong>
{% trans %}and it was denied. You may not appeal this ban again.{% endtrans %}
</p>
{% else %}
<p>{% trans %}You have submitted the maximum number of ban appeals allowed. You may not appeal this ban again.{% endtrans %}</p>
{% endif %}
{% else %}
{% if denied_appeals|length %}
{% if denied_appeals|length == 1 %}
<p>
{% trans %}You appealed this ban on{% endtrans %}
<strong>{{ denied_appeals[0]|date(config.ban_date) }}</strong>
{% trans %}and it was denied.{% endtrans %}
</p>
<p>{% trans %}You may appeal this ban again. Please enter your reasoning below.{% endtrans %}</p>
{% else %}
<p>
{% trans %}You last appealed this ban on{% endtrans %}
<strong>{{ denied_appeals[denied_appeals|length - 1]|date(config.ban_date) }}</strong>
{% trans %}and it was denied.{% endtrans %}
</p>
<p>{% trans %}You may appeal this ban again. Please enter your reasoning below.{% endtrans %}</p>
{% endif %}
{% else %}
<p>{% trans %}You may appeal this ban. Please enter your reasoning below.{% endtrans %}</p>
{% endif %}
<form class="ban-appeal" action="" method="post">
<input type="hidden" name="ban_id" value="{{ ban.id }}">
<textarea name="appeal" rows="4" cols="40"></textarea>
<input type="submit" value="Submit">
</form>
{% endif %}
{% endif %}
</div>
{% endfilter %}

View File

@ -0,0 +1,106 @@
{% for ban in ban_appeals %}
<form action="" method="post" style="margin: 10px 0">
<table style="margin: 5px 0">
<tr>
<th>{% trans 'Status' %}</th>
<td>
{% if config.mod.view_banexpired and ban.expires != 0 and ban.expires < time() %}
{% trans 'Expired' %}
{% else %}
{% trans 'Active' %}
{% endif %}
</td>
</tr>
{% if mod|hasPermission(config.mod.show_ip, board.uri) %}
<tr>
<th>{% trans 'IP' %}</th>
<td>{{ ban.mask }}</td>
</tr>
{% endif %}
<tr>
<th>{% trans 'Reason' %}</th>
<td>
{% if ban.reason %}
{{ ban.reason }}
{% else %}
<em>{% trans 'no reason' %}</em>
{% endif %}
</td>
</tr>
<tr>
<th>{% trans 'Board' %}</th>
<td>
{% if ban.board %}
{{ config.board_abbreviation|sprintf(ban.board) }}
{% else %}
<em>{% trans 'all boards' %}</em>
{% endif %}
</td>
</tr>
<tr>
<th>{% trans 'Set' %}</th>
<td>{{ ban.created|date(config.post_date) }}</td>
</tr>
<tr>
<th>{% trans 'Expires' %}</th>
<td>
{% if ban.expires %}
{{ ban.expires|date(config.post_date) }}
{% else %}
<em>{% trans 'never' %}</em>
{% endif %}
</td>
</tr>
<tr>
<th>{% trans 'Seen' %}</th>
<td>
{% if ban.seen %}
{% trans 'Yes' %}
{% else %}
{% trans 'No' %}
{% endif %}
</td>
</tr>
<tr>
<th>{% trans 'Staff' %}</th>
<td>
{% if ban.username %}
{{ ban.username|e }}
{% else %}
<em>{% trans 'deleted?' %}</em>
{% endif %}
</td>
</tr>
</table>
<table style="margin: 10px 0">
<tr>
<th>{% trans 'Appeal time' %}</th>
<td>{{ ban.time|date(config.post_date) }}</td>
</tr>
<tr>
<th>{% trans 'Appeal reason' %}</th>
<td>{{ ban.message|e }}</td>
</tr>
{% if mod|hasPermission(config.mod.ban_appeals, board.uri) %}
<tr>
<th>{% trans 'Action' %}</th>
<td>
<input type="hidden" name="appeal_id" value="{{ ban.id }}">
<input type="submit" name="unban" value="Unban">
<input type="submit" name="deny" value="Deny appeal">
</td>
</tr>
{% endif %}
</table>
{% if ban.post %}
<div style="">
{{ ban.post.build(true) }}
</div>
{% endif %}
</form>
<hr>
{% endfor %}

View File

@ -86,6 +86,9 @@
{% if mod|hasPermission(config.mod.view_banlist) %}
<li><a href="?/bans">{% trans 'Ban list' %}</a></li>
{% endif %}
{% if config.ban_appeals and mod|hasPermission(config.mod.view_ban_appeals) %}
<li><a href="?/ban-appeals">{% trans 'Ban appeals' %}</a></li>
{% endif %}
{% if mod|hasPermission(config.mod.manageusers) %}
<li><a href="?/users">{% trans 'Manage users' %}</a></li>
{% elseif mod|hasPermission(config.mod.change_password) %}