Public action logs commit (log.php)

Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

boards.php

@@ -1,7 +1,6 @@
 <?php
 
 include "inc/functions.php";
-include "inc/mod/auth.php";
 include "inc/countries.php";
 
 $admin = isset($mod["type"]) && $mod["type"]<=30;

create.php

@@ -2,7 +2,6 @@
 
 include "inc/functions.php";
 include "inc/lib/ayah/ayah.php";
-include "inc/mod/auth.php";
 $cbRecaptcha = false;
 //don't load recaptcha LIB unless its enabled!
 if ($config['cbRecaptcha']){

inc/8chan-mod-pages.php

@@ -528,12 +528,13 @@ OEKAKI;
 			if (!(strlen($subtitle) < 200))
 				error('Invalid subtitle');
 
-			$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle, `indexed` = :indexed, `public_bans` = :public_bans, `8archive` = :8archive WHERE `uri` = :uri');
+			$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle, `indexed` = :indexed, `public_bans` = :public_bans, `public_logs` = :public_logs, `8archive` = :8archive WHERE `uri` = :uri');
 			$query->bindValue(':title', $title);
 			$query->bindValue(':subtitle', $subtitle);
 			$query->bindValue(':uri', $b);
 			$query->bindValue(':indexed', !isset($_POST['meta_noindex']));
 			$query->bindValue(':public_bans', isset($_POST['public_bans']));
+			$query->bindValue(':public_logs', (int)$_POST['public_logs']);
 			$query->bindValue(':8archive', isset($_POST['8archive']));
 			$query->execute() or error(db_error($query));
 

inc/functions.php

@@ -20,6 +20,7 @@ require_once 'inc/events.php';
 require_once 'inc/api.php';
 require_once 'inc/bans.php';
 require_once 'inc/lib/gettext/gettext.inc';
+require_once 'inc/mod/auth.php';
 
 // the user is not currently logged in as a moderator
 $mod = false;
@@ -433,7 +434,8 @@ function setupBoard($array) {
 		'uri' => $array['uri'],
 		'title' => $array['title'],
 		'subtitle' => $array['subtitle'],
-		'indexed' => $array['indexed']
+		'indexed' => $array['indexed'],
+		'public_logs' => $array['public_logs']
 	);
 
 	// older versions
@@ -1152,7 +1154,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
 	return true;
 }
 
-function clean() {
+function clean($pid = false) {
 	global $board, $config;
 	$offset = round($config['max_pages']*$config['threads_per_page']);
 
@@ -1163,6 +1165,7 @@ function clean() {
 
 	while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 		deletePost($post['id'], false, false);
+		if ($pid) modLog("Automatically deleting thread #{$post['id']} due to new thread #{$pid}");
 	}
 
 	// Bump off threads with X replies earlier, spam prevention method
@@ -1175,6 +1178,7 @@ function clean() {
 		while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 			if ($post['reply_count'] < $config['early_404_replies']) {
 				deletePost($post['thread_id'], false, false);
+				if ($pid) modLog("Automatically deleting thread #{$post['thread_id']} due to new thread #{$pid} (early 404 is set, #{$post['thread_id']} had {$post['reply_count']} replies)");
 			}
 		}
 	}

inc/mod/auth.php

@@ -81,7 +81,7 @@ function destroyCookies() {
 function modLog($action, $_board=null) {
 	global $mod, $board, $config;
 	$query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)");
-	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+	$query->bindValue(':id', (isset($mod['id']) ? $mod['id'] : -1), PDO::PARAM_INT);
 	$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
 	$query->bindValue(':time', time(), PDO::PARAM_INT);
 	$query->bindValue(':text', $action);

inc/mod/pages.php

@@ -669,13 +669,13 @@ function mod_user_log($username, $page_no = 1) {
 	mod_page(_('Board log'), 'mod/log.html', array('logs' => $logs, 'count' => $count, 'username' => $username));
 }
 
-function mod_board_log($board, $page_no = 1) {
+function mod_board_log($board, $page_no = 1, $hide_names = false, $public = false) {
 	global $config;
 	
 	if ($page_no < 1)
 		error($config['error']['404']);
 	
-	if (!hasPermission($config['mod']['mod_board_log'], $board))
+	if (!hasPermission($config['mod']['mod_board_log'], $board) && !$public)
 		error($config['error']['noaccess']);
 	
 	$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `board` = :board ORDER BY `time` DESC LIMIT :offset, :limit");
@@ -702,7 +702,7 @@ function mod_board_log($board, $page_no = 1) {
 	$query->execute() or error(db_error($query));
 	$count = $query->fetchColumn();
 	
-	mod_page(_('Board log'), 'mod/log.html', array('logs' => $logs, 'count' => $count, 'board' => $board));
+	mod_page(_('Board log'), 'mod/log.html', array('logs' => $logs, 'count' => $count, 'board' => $board, 'hide_names' => $hide_names, 'public' => $public));
 }
 
 function mod_view_board($boardName, $page_no = 1) {

install.sql

@@ -67,6 +67,7 @@ CREATE TABLE IF NOT EXISTS `boards` (
   `subtitle` tinytext,
   `indexed` boolean default true,
   `public_bans` boolean default true,
+  `public_logs` tinyint(1) default 0,
   `8archive` boolean default false,
   `sfw` boolean default false,
   PRIMARY KEY (`uri`)

log.php

@@ -0,0 +1,24 @@
+<?php
+include 'inc/functions.php';
+include 'inc/mod/pages.php';
+
+if (!isset($_GET['board']) || !preg_match("/{$config['board_regex']}/u", $_GET['board'])) {
+	http_response_code(400);
+	error('Bad board.');
+}
+if (!openBoard($_GET['board'])) {
+	http_response_code(404);
+	error('No board.');
+}
+
+if ($board['public_logs'] == 0) error('This board has public logs disabled. Ask the board owner to enable it.');
+if ($board['public_logs'] == 1) $hide_names = false;
+if ($board['public_logs'] == 2) $hide_names = true;
+
+if (!isset($_GET['page'])) {
+	$page = 1;
+} else {
+	$page = (int)$_GET['page'];
+};
+
+mod_board_log($board['uri'], $page, $hide_names, true);

mod.php

@@ -6,7 +6,6 @@
 
 require 'inc/functions.php';
 require 'inc/mod/pages.php';
-require 'inc/mod/auth.php';
 
 check_login(true);
 

post.php

@@ -79,9 +79,11 @@ if (isset($_POST['delete'])) {
 			if (isset($_POST['file'])) {
 				// Delete just the file
 				deleteFile($id);
+				modLog("User deleted file from his own post #$id");
 			} else {
 				// Delete entire post
 				deletePost($id);
+				modLog("User deleted his own post #$id");
 			}
 			
 			_syslog(LOG_INFO, 'Deleted post: ' .
@@ -263,7 +265,6 @@ elseif (isset($_POST['post'])) {
 	}	
 
 	if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
-		require 'inc/mod/auth.php';
 		check_login(false);
 		if (!$mod) {
 			// Liar. You're not a mod.
@@ -617,6 +618,7 @@ elseif (isset($_POST['post'])) {
 	
 	if ($post['has_file']) {
 		$allhashes = '';
+
 		foreach ($post['files'] as $key => &$file) {
 			if (!in_array($file['extension'], $config['allowed_ext']) && !in_array($file['extension'], $config['allowed_ext_files']))
 				error($config['error']['unknownext']);
@@ -883,7 +885,7 @@ elseif (isset($_POST['post'])) {
 		$build_pages = range(1, $config['max_pages']);
 	
 	if ($post['op'])
-		clean();
+		clean($pid);
 	
 	event('post-after', $post);
 	

templates/mod/log.html

@@ -10,10 +10,14 @@
 		<tr>
 			<td class="minimal">
 				{% if log.username %}
-					{% if not mod|hasPermission(config.mod.modlog) %}
-						<a href="?/new_PM/{{ log.username|e }}">{{ log.username|e }}</a>
+					{% if hide_names %}
+						<em>hidden</em>
 					{% else %}
-						<a href="?/log:{{ log.username|e }}">{{ log.username|e }}</a>
+						{% if not mod|hasPermission(config.mod.modlog) %}
+							<a href="?/new_PM/{{ log.username|e }}">{{ log.username|e }}</a>
+						{% else %}
+							<a href="?/log:{{ log.username|e }}">{{ log.username|e }}</a>
+						{% endif %}
 					{% endif %}
 				{% elseif log.mod == -1 %}
 					<em>system</em>
@@ -48,7 +52,11 @@
 {% if count > logs|count %}
 	<p class="unimportant" style="text-align:center;word-wrap:break-word">
 		{% for i in range(0, (count - 1) / config.mod.modlog_page) %}
-			<a href="?/log{% if username %}:{{ username }}{% elseif board %}:b:{{ board }}{% endif %}/{{ i + 1 }}">[{{ i + 1 }}]</a> 
+			{% if public %}
+				<a href="?page={{ i + 1 }}&amp;board={{ board|url_encode }}">[{{ i + 1 }}]</a> 
+			{% else %}
+				<a href="?/log{% if username %}:{{ username }}{% elseif board %}:b:{{ board }}{% endif %}/{{ i + 1 }}">[{{ i + 1 }}]</a> 
+			{% endif %}
 		{% endfor %}
 	</p>
 {% endif %}

templates/mod/settings.html

@@ -36,7 +36,6 @@
 		<tr><th>{% trans %}Automatically convert ... to …{% endtrans %}</th><td><input type="checkbox" name="auto_unicode" {% if config.auto_unicode %}checked{% endif %}></td></tr>
 		<tr><th>{% trans %}No index{% endtrans %}<br><span class="unimportant">{% trans %}Hide from boards index<br/>and do not index in search engines{% endtrans %}</span></th><td><input type="checkbox" name="meta_noindex" {% if not board.indexed %}checked{% endif %}></td></tr>
 		<tr><th>{% trans %}Archive my board on 8archive.moe{% endtrans %}<br><span class="unimportant">{% trans %}This archives your board on 8archive.moe if you opt in{% endtrans %}</span></th><td><input type="checkbox" name="8archive" {% if board['8archive'] %}checked{% endif %}></td></tr>
-		<tr><th>{% trans %}Public bans{% endtrans %}<br><span class="unimportant">{% trans %}Displays your bans for the public{% endtrans %}</span></th><td><input type="checkbox" name="public_bans" {% if board.public_bans %}checked{% endif %}></td></tr>
 		<tr><th>{% trans %}[code] tags{% endtrans %}</th><td><input type="checkbox" name="code_tags" {% if 'js/code_tags/run_prettify.js' in config.additional_javascript %}checked{% endif %}></td></tr>
 		<tr><th>{% trans %}Oekaki{% endtrans %}</th><td><input type="checkbox" name="oekaki" {% if 'js/wpaint.js' in config.additional_javascript %}checked{% endif %}></td></tr>
 		<tr><th>{% trans %}Format math between [tex]{% endtrans %}</th><td><input type="checkbox" name="katex" {% if config.katex %}checked{% endif %}></td></tr>
@@ -48,6 +47,8 @@
 		<tr><th>{% trans %}Allow posters to post via the Tor onion router{% endtrans %}<br/><span class="unimportant">Disabling this is evil, but if you really care about "ban evasion", here you go.</span></th><td><input type="checkbox" name="tor_posting" {% if config.tor_posting %}checked{% endif %}></td></tr>
 		<tr><th>{% trans %}Enable CAPTCHA{% endtrans %}<br/><span class="unimportant">Users must solve a CAPTCHA in order to post.<br> This is not ReCAPTCHA, it is custom to 8chan.</span></th><td><input type="checkbox" name="captcha" {% if config.captcha.enabled %}checked{% endif %}></td></tr>
 		<tr><th>{% trans %}Enable CAPTCHA for thread creation only{% endtrans %}<br/><span class="unimportant">Users must solve a CAPTCHA in order to create new threads,<br>but do not have to solve a CAPTCHA in order to post replies.</span></th><td><input type="checkbox" name="new_thread_capt" {% if config.new_thread_capt %}checked{% endif %}></td></tr>
+		<tr><th>{% trans %}Public bans{% endtrans %}<br><span class="unimportant">{% trans %}Displays your bans for the public{% endtrans %}</span></th><td><input type="checkbox" name="public_bans" {% if board.public_bans %}checked{% endif %}></td></tr>
+		<tr><th>{% trans %}Public action log{% endtrans %}<br><span class="unimportant">{% trans %}Displays all actions to the public{% endtrans %}</span></th><td><select name="public_logs"><option value="0" {% if board.public_logs == 0 %}selected{% endif %}>None</option><option value="1" {% if board.public_logs == 1 %}selected{% endif %}>Full log of all actions</option><option value="2" {% if board.public_logs == 2 %}selected{% endif %}>Full log of all actions, no usernames</option></td></tr>
 		<tr><th>{% trans %}Language{% endtrans %}<br/><span class="unimportant">{% trans %}To contribute translations, register at <a href="https://www.transifex.com/projects/p/tinyboard-vichan-devel/">Transifex</a>{% endtrans %}</span></th><td>
 		<select name="locale">
 			<option value="en" {% if "en" == config.locale %}selected{% endif %}>en</option>

tools/inc/cli.php

@@ -39,7 +39,6 @@ if(!getenv('TINYBOARD_PATH')) {
 putenv('TINYBOARD_PATH=' . getcwd());
 
 require 'inc/functions.php';
-require 'inc/mod/auth.php';
 
 $mod = Array(
 	'id' => -1,