2010-12-01 05:53:11 -05:00
< ? php
require 'inc/functions.php' ;
require 'inc/display.php' ;
require 'inc/template.php' ;
2010-12-17 09:18:03 -05:00
require 'inc/database.php' ;
2010-12-01 05:53:11 -05:00
require 'inc/user.php' ;
2011-01-01 10:05:30 -05:00
// Check if banned
checkBan ();
2010-12-02 02:26:09 -05:00
require 'inc/mod.php' ;
2010-12-01 05:53:11 -05:00
2010-12-03 22:58:24 -05:00
// Fix some encoding issues
header ( 'Content-Type: text/html; charset=utf-8' , true );
2011-02-06 08:38:01 -05:00
if ( get_magic_quotes_gpc ()) {
function strip_array ( $var ) {
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
$_SESSION = strip_array ( $_SESSION );
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
2011-02-16 03:59:13 -05:00
$query = isset ( $_SERVER [ 'QUERY_STRING' ]) ? $_SERVER [ 'QUERY_STRING' ] : '' ;
2010-12-01 05:53:11 -05:00
// If not logged in
2010-12-02 02:02:48 -05:00
if ( ! $mod ) {
2010-12-01 05:53:11 -05:00
if ( isset ( $_POST [ 'login' ])) {
// Check if inputs are set and not empty
if ( ! isset ( $_POST [ 'username' ]) ||
! isset ( $_POST [ 'password' ]) ||
empty ( $_POST [ 'username' ]) ||
empty ( $_POST [ 'password' ])
2011-02-16 03:59:13 -05:00
) loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
2010-12-01 05:53:11 -05:00
if ( ! login ( $_POST [ 'username' ], $_POST [ 'password' ]))
2011-02-16 03:59:13 -05:00
loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
2010-12-01 05:53:11 -05:00
2011-02-11 07:02:30 -05:00
modLog ( " Logged in. " );
2010-12-01 05:53:11 -05:00
// Login successful
// Set cookies
setCookies ();
2010-12-02 02:02:48 -05:00
// Redirect
2011-02-16 03:59:13 -05:00
if ( isset ( $_POST [ 'redirect' ]))
header ( 'Location: ' . $_POST [ 'redirect' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?' . $config [ 'mod' ][ 'default' ], true , $config [ 'redirect_http' ]);
2010-12-01 05:53:11 -05:00
} else {
2011-02-16 03:59:13 -05:00
loginForm ( false , false , '?' . $query );
2010-12-01 05:53:11 -05:00
}
} else {
2011-02-22 01:52:26 -05:00
// Redirect (for index pages)
if ( count ( $_GET ) == 2 && isset ( $_GET [ 'status' ]) && isset ( $_GET [ 'r' ]))
header ( 'Location: ' . $_GET [ 'r' ], true , $_GET [ 'status' ]);
2010-12-16 00:36:40 -05:00
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
2010-12-01 09:17:27 -05:00
$regex = Array (
2011-02-12 01:25:15 -05:00
'board' => str_replace ( '%s' , '(\w{1,8})' , preg_quote ( $config [ 'board_path' ], '/' )),
'page' => str_replace ( '%d' , '(\d+)' , preg_quote ( $config [ 'file_page' ], '/' )),
'img' => preg_quote ( $config [ 'dir' ][ 'img' ], '/' ),
'thumb' => preg_quote ( $config [ 'dir' ][ 'thumb' ], '/' ),
'res' => preg_quote ( $config [ 'dir' ][ 'res' ], '/' ),
'index' => preg_quote ( $config [ 'file_index' ], '/' )
2010-12-01 09:17:27 -05:00
);
if ( preg_match ( '/^\/?$/' , $query )) {
2010-12-02 02:02:48 -05:00
// Dashboard
2010-12-16 10:20:16 -05:00
$fieldset = Array (
'Boards' => '' ,
2011-03-30 06:47:06 -04:00
'Noticeboard' => '' ,
2011-03-26 23:48:22 -04:00
'Administration' => '' ,
2011-04-14 03:10:59 -04:00
'Themes' => '' ,
2011-03-29 09:56:38 -04:00
'Search' => '' ,
2011-05-21 01:21:45 -04:00
'Update' => '' ,
2011-03-26 23:48:22 -04:00
'Logout' => ''
2010-12-16 10:20:16 -05:00
);
2010-12-02 02:26:09 -05:00
2010-12-16 10:20:16 -05:00
// Boards
$fieldset [ 'Boards' ] .= ulBoards ();
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'noticeboard' ])) {
2011-10-08 03:26:23 -04:00
$query = prepare ( " SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit " );
2011-03-30 06:57:51 -04:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_dashboard' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$fieldset [ 'Noticeboard' ] .= '<li>' ;
$_body = '' ;
2011-10-08 03:26:23 -04:00
while ( $notice = $query -> fetch ()) {
2011-03-30 06:57:51 -04:00
$_body .= '<li><a href="?/noticeboard#' .
$notice [ 'id' ] .
'">' .
( $notice [ 'subject' ] ?
$notice [ 'subject' ]
:
'<em>no subject</em>'
) .
2011-10-08 02:36:27 -04:00
'</a><span class="unimportant"> — by ' .
2011-10-08 03:26:23 -04:00
( isset ( $notice [ 'username' ]) ?
utf8tohtml ( $notice [ 'username' ])
: '<em>???</em>' ) .
2011-03-30 06:57:51 -04:00
' at ' .
date ( $config [ 'post_date' ], $notice [ 'time' ]) .
'</span></li>' ;
}
if ( ! empty ( $_body )) {
$fieldset [ 'Noticeboard' ] .= '<ul>' . $_body . '</ul></li><li>' ;
}
$fieldset [ 'Noticeboard' ] .= '<a href="?/noticeboard">View all entires</a></li>' ;
2011-04-12 04:02:20 -04:00
$query = prepare ( " SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1 " );
$query -> bindValue ( ':id' , $mod [ 'id' ]);
$query -> execute () or error ( db_error ( $query ));
$count = $query -> fetch ();
$count = $count [ 'count' ];
$fieldset [ 'Noticeboard' ] .= '<li><a href="?/inbox">PM inbox' .
( $count > 0
?
' <strong>(' . $count . ' unread)</strong>'
: '' ) .
'</a></li>' ;
2011-04-13 10:24:49 -04:00
$fieldset [ 'Noticeboard' ] .= '<li><a href="?/news">News</a></li>' ;
2011-03-30 06:47:06 -04:00
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'reports' ])) {
2011-02-20 01:19:57 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/reports">Report queue</a></li>' ;
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'view_banlist' ])) {
2011-02-06 08:38:01 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/bans">Ban list</a></li>' ;
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'manageusers' ])) {
2011-03-02 01:15:37 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/users">Manage users</a></li>' ;
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'modlog' ])) {
2011-03-02 01:51:29 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/log">Moderation log</a></li>' ;
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'rebuild' ])) {
2011-03-26 11:35:54 -04:00
$fieldset [ 'Administration' ] .= '<li><a href="?/rebuild">Rebuild static files</a></li>' ;
}
2011-10-07 01:51:19 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'rebuild' ]) && $config [ 'cache' ][ 'enabled' ]) {
2011-05-21 01:21:45 -04:00
$fieldset [ 'Administration' ] .= '<li><a href="?/flush">Clear cache</a></li>' ;
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'show_config' ])) {
2010-12-16 10:20:16 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/config">Show configuration</a></li>' ;
}
2010-12-02 02:26:09 -05:00
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'themes' ])) {
2011-04-14 03:10:59 -04:00
$fieldset [ 'Themes' ] .= '<li><a href="?/themes">Manage themes</a></li>' ;
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'search' ])) {
2011-03-29 09:56:38 -04:00
$fieldset [ 'Search' ] .= '<li><form style="display:inline" action="?/search" method="post">' .
'<label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" />' .
'<input type="submit" value="Search" />' .
'</form>' .
2011-03-29 10:36:19 -04:00
'<p class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</p>' .
2011-03-29 09:56:38 -04:00
'</li>' ;
}
2011-05-21 01:21:45 -04:00
if ( $mod [ 'type' ] >= ADMIN && $config [ 'check_updates' ]) {
if ( ! $version = @ file_get_contents ( '.installed' ))
error ( 'Could not find current version! (Check .installed)' );
if ( isset ( $_SESSION [ 'update' ]) && time () - $_SESSION [ 'update' ][ 'time' ] < $config [ 'check_updates_time' ]) {
2011-08-14 10:49:52 -04:00
$latest = unserialize ( $_SESSION [ 'update' ][ 'latest' ]);
2011-05-21 01:21:45 -04:00
} else {
$ctx = stream_context_create ( array (
'http' => array (
'timeout' => 3
)
)
);
2011-08-14 10:49:52 -04:00
if ( $code = @ file_get_contents ( 'http://tinyboard.org/version.txt' , 0 , $ctx )) {
eval ( $code );
2011-05-21 01:21:45 -04:00
if ( preg_match ( '/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/' , $version , $m )) {
$current = Array (
'massive' => ( int ) $m [ 1 ],
'major' => ( int ) $m [ 2 ],
'minor' => ( int ) $m [ 3 ]
);
if ( isset ( $m [ 4 ])) {
// Development versions are always ahead in the versioning numbers
$current [ 'minor' ] -- ;
}
}
// Check if it's newer
2011-08-14 10:49:52 -04:00
if ( $latest [ 'massive' ] > $current [ 'massive' ] ||
$latest [ 'major' ] > $current [ 'major' ] ||
( $latest [ 'massive' ] == $current [ 'massive' ] &&
$latest [ 'major' ] == $current [ 'major' ] &&
$latest [ 'minor' ] > $current [ 'minor' ]
2011-05-21 01:21:45 -04:00
)) {
$latest = $latest ;
} else $latest = false ;
2011-08-14 10:49:52 -04:00
} else {
// Couldn't get latest version
// TODO: Display some sort of warning message
$latest = false ;
}
$_SESSION [ 'update' ] = Array ( 'time' => time (), 'latest' => serialize ( $latest ));
2011-05-21 01:21:45 -04:00
}
if ( $latest ) {
2011-08-14 10:49:52 -04:00
$fieldset [ 'Update' ] .=
'<li>A newer version of Tinyboard (<strong>v' .
$latest [ 'massive' ] . '.' .
$latest [ 'major' ] . '.' .
$latest [ 'minor' ] .
'</strong>) is available! See <a href="http://tinyboard.org">http://tinyboard.org/</a> for download instructions.</li>' ;
2011-05-21 01:21:45 -04:00
}
}
2011-03-26 23:48:22 -04:00
$fieldset [ 'Logout' ] .= '<li><a href="?/logout">Logout</a></li>' ;
2010-12-02 04:55:56 -05:00
// TODO: Statistics, etc, in the dashboard.
2010-12-16 10:20:16 -05:00
$body = '' ;
foreach ( $fieldset as $title => $data ) {
if ( $data )
$body .= " <fieldset><legend> { $title } </legend><ul> { $data } </ul></fieldset> " ;
}
2010-12-02 04:55:56 -05:00
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2010-12-02 02:26:09 -05:00
'title' => 'Dashboard' ,
2011-03-28 11:00:17 -04:00
'body' => $body ,
'__mod' => true
2010-12-10 04:57:34 -05:00
)
);
2011-03-26 23:48:22 -04:00
} elseif ( preg_match ( '/^\/logout$/' , $query )) {
destroyCookies ();
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-04-06 04:31:26 -04:00
} elseif ( preg_match ( '/^\/confirm\/(.+)$/' , $query , $matches )) {
2011-05-25 06:15:47 -04:00
$uri = & $matches [ 1 ];
2011-04-06 04:31:26 -04:00
$body = '<p style="text-align:center">' .
'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
'You clicked ' .
2011-08-22 05:00:58 -04:00
'<strong>?/' . utf8tohtml ( $uri ) . '</strong>' .
2011-04-06 04:31:26 -04:00
' but had Javascript disabled, so we weren\'t able to serve the confirmation dialog.' .
'</p>' .
2011-08-22 05:00:58 -04:00
'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . utf8tohtml ( $uri ) . '">Confirm.</a></p>' ;
2011-04-06 04:31:26 -04:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Confirm' ,
'body' => $body ,
'mod' => true
)
);
2011-03-02 01:51:29 -05:00
} elseif ( preg_match ( '/^\/log$/' , $query )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'modlog' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:51:29 -05:00
2011-03-28 02:24:23 -04:00
$boards = Array ();
$_boards = listBoards ();
foreach ( $_boards as & $_b ) {
$boards [ $_b [ 'id' ]] = $_b [ 'uri' ];
}
$body = '<table class="modlog"><tr><th>User</th><th>IP address</th><th>Ago</th><th>Board</th><th>Action</th></tr>' ;
2011-03-02 01:51:29 -05:00
2011-03-28 02:24:23 -04:00
$query = prepare ( " SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :limit " );
2011-03-02 01:51:29 -05:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $log = $query -> fetch ()) {
2011-08-22 05:00:58 -04:00
$log [ 'text' ] = utf8tohtml ( $log [ 'text' ]);
2011-03-02 01:51:29 -05:00
$log [ 'text' ] = preg_replace ( '/(\d+\.\d+\.\d+\.\d+)/' , '<a href="?/IP/$1">$1</a>' , $log [ 'text' ]);
$body .= '<tr>' .
'<td class="minimal"><a href="?/users/' . $log [ 'id' ] . '">' . $log [ 'username' ] . '</a></td>' .
'<td class="minimal"><a href="?/IP/' . $log [ 'ip' ] . '">' . $log [ 'ip' ] . '</a></td>' .
'<td class="minimal">' . ago ( $log [ 'time' ]) . '</td>' .
2011-03-28 02:24:23 -04:00
'<td class="minimal">' .
( $log [ 'board' ] ?
( isset ( $boards [ $log [ 'board' ]]) ?
'<a href="?/' . $boards [ $log [ 'board' ]] . '/' . $config [ 'file_index' ] . '">' . sprintf ( $config [ 'board_abbreviation' ], $boards [ $log [ 'board' ]]) . '</a></td>'
: '<em>deleted?</em>' )
: '-' ) .
2011-03-02 01:51:29 -05:00
'<td>' . $log [ 'text' ] . '</td>' .
'</tr>' ;
}
$body .= '</table>' ;
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-03-02 01:51:29 -05:00
'title' => 'Moderation log' ,
'body' => $body ,
2011-03-30 06:47:06 -04:00
'mod' => true
)
);
2011-04-14 03:10:59 -04:00
} elseif ( preg_match ( '/^\/themes\/none$/' , $query , $match )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-04-14 03:10:59 -04:00
// Clearsettings
query ( " TRUNCATE TABLE `theme_settings` " ) or error ( db_error ());
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'No theme' ,
2011-10-06 08:46:37 -04:00
'body' => '<p style="text-align:center">Successfully uninstalled all themes.</p>' .
'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ,
'mod' => true
)
);
2011-10-08 02:59:50 -04:00
} elseif ( preg_match ( '/^\/themes\/(\w+)\/rebuild$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
rebuildTheme ( $match [ 1 ], 'all' );
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Rebuilt' ,
'body' => '<p style="text-align:center">Successfully rebuilt the <strong>' . $match [ 1 ] . '</strong> theme.</p>' .
'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ,
'mod' => true
)
);
2011-10-06 08:46:37 -04:00
} elseif ( preg_match ( '/^\/themes\/(\w+)\/uninstall$/' , $query , $match )) {
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `theme_settings` WHERE `theme` = :theme " );
$query -> bindValue ( ':theme' , $match [ 1 ]);
$query -> execute () or error ( db_error ( $query ));
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Uninstalled' ,
'body' => '<p style="text-align:center">Successfully uninstalled the <strong>' . $match [ 1 ] . '</strong> theme.</p>' .
'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ,
2011-04-14 03:10:59 -04:00
'mod' => true
)
);
2011-04-13 09:47:47 -04:00
} elseif ( preg_match ( '/^\/themes(\/(\w+))?$/' , $query , $match )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'themes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-04-13 09:47:47 -04:00
2011-05-27 11:47:59 -04:00
if ( ! is_dir ( $config [ 'dir' ][ 'themes' ]))
error ( 'Themes directory doesn\'t exist!' );
if ( ! $dir = opendir ( $config [ 'dir' ][ 'themes' ]))
error ( 'Cannot open themes directory; check permissions.' );
2011-04-13 09:47:47 -04:00
if ( isset ( $match [ 2 ])) {
2011-05-25 06:15:47 -04:00
$_theme = & $match [ 2 ];
2011-04-13 09:47:47 -04:00
2011-04-14 03:10:59 -04:00
if ( ! $theme = loadThemeConfig ( $_theme )) {
error ( $config [ 'error' ][ 'invalidtheme' ]);
}
2011-04-13 09:47:47 -04:00
if ( isset ( $_POST [ 'install' ])) {
// Check if everything is submitted
foreach ( $theme [ 'config' ] as & $c ) {
if ( ! isset ( $_POST [ $c [ 'name' ]]) && $c [ 'type' ] != 'checkbox' )
2011-04-16 11:28:25 -04:00
error ( sprintf ( $config [ 'error' ][ 'required' ], $c [ 'title' ]));
2011-04-13 09:47:47 -04:00
}
// Clear previous settings
2011-05-27 11:43:04 -04:00
$query = prepare ( " DELETE FROM `theme_settings` WHERE `theme` = :theme " );
$query -> bindValue ( ':theme' , $_theme );
$query -> execute () or error ( db_error ( $query ));
2011-04-13 09:47:47 -04:00
foreach ( $theme [ 'config' ] as & $c ) {
2011-05-27 11:43:04 -04:00
$query = prepare ( " INSERT INTO `theme_settings` VALUES(:theme, :name, :value) " );
$query -> bindValue ( ':theme' , $_theme );
2011-04-13 09:47:47 -04:00
$query -> bindValue ( ':name' , $c [ 'name' ]);
$query -> bindValue ( ':value' , $_POST [ $c [ 'name' ]]);
$query -> execute () or error ( db_error ( $query ));
}
2011-05-27 11:43:04 -04:00
$query = prepare ( " INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL) " );
$query -> bindValue ( ':theme' , $_theme );
2011-04-13 09:47:47 -04:00
$query -> execute () or error ( db_error ( $query ));
2011-10-06 09:00:13 -04:00
$result = true ;
2011-06-07 04:52:40 -04:00
$body = '' ;
if ( isset ( $theme [ 'install_callback' ])) {
$ret = $theme [ 'install_callback' ]( $theme [ 'config' ]);
2011-10-06 09:00:13 -04:00
if ( $ret && ! empty ( $ret )) {
if ( is_array ( $ret ) && count ( $ret ) == 2 ) {
$result = $ret [ 0 ];
$ret = $ret [ 1 ];
}
2011-06-07 04:52:40 -04:00
$body .= '<div style="border:1px dashed maroon;padding:20px;margin:auto;max-width:800px">' . $ret . '</div>' ;
2011-10-06 09:00:13 -04:00
}
}
if ( $result ) {
$body .= '<p style="text-align:center">Successfully installed and built theme.</p>' ;
} else {
// install failed
$query = prepare ( " DELETE FROM `theme_settings` WHERE `theme` = :theme " );
$query -> bindValue ( ':theme' , $_theme );
$query -> execute () or error ( db_error ( $query ));
2011-06-07 04:52:40 -04:00
}
2011-10-06 09:00:13 -04:00
$body .= '<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>' ;
2011-06-07 04:52:40 -04:00
2011-05-27 11:43:04 -04:00
// Build themes
rebuildThemes ( 'all' );
2011-04-14 06:43:34 -04:00
echo Element ( 'page.html' , Array (
'config' => $config ,
2011-10-06 09:00:13 -04:00
'title' => ( $result ? 'Installed "' . utf8tohtml ( $theme [ 'name' ]) . '"' : 'Installation failed!' ),
2011-06-07 04:52:40 -04:00
'body' => $body ,
2011-04-14 06:43:34 -04:00
'mod' => true
)
);
2011-04-13 09:47:47 -04:00
} else {
$body = '<form action="" method="post">' ;
if ( ! isset ( $theme [ 'config' ]) || empty ( $theme [ 'config' ])) {
$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>' ;
} else {
2011-10-10 11:37:07 -04:00
$settings = themeSettings ( $_theme );
2011-04-13 09:47:47 -04:00
$body .= '<table>' ;
foreach ( $theme [ 'config' ] as & $c ) {
$body .= '<tr><th>' . $c [ 'title' ] . '</th><td>' ;
switch ( $c [ 'type' ]) {
case 'text' :
default :
2011-08-22 05:00:58 -04:00
$body .= '<input type="text" name="' . utf8tohtml ( $c [ 'name' ]) . '" ' .
2011-10-10 11:37:07 -04:00
( isset ( $settings [ $c [ 'name' ]]) ?
' value="' . utf8tohtml ( $settings [ $c [ 'name' ]]) . '" '
:
( isset ( $c [ 'default' ]) ?
'value="' . utf8tohtml ( $c [ 'default' ]) . '" '
: '' )
) .
2011-06-07 04:52:40 -04:00
( isset ( $c [ 'size' ]) ? 'size="' . ( int ) $c [ 'size' ] . '" ' : '' ) .
'/>' ;
2011-04-13 09:47:47 -04:00
}
2011-04-16 11:28:25 -04:00
if ( isset ( $c [ 'comment' ]))
$body .= ' <span class="unimportant">' . $c [ 'comment' ] . '</span>' ;
2011-04-13 09:47:47 -04:00
$body .= '</td></tr>' ;
}
$body .= '</table>' ;
}
$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>' ;
echo Element ( 'page.html' , Array (
'config' => $config ,
2011-08-22 05:00:58 -04:00
'title' => 'Installing "' . utf8tohtml ( $theme [ 'name' ]) . '"' ,
2011-04-13 09:47:47 -04:00
'body' => $body ,
'mod' => true
)
);
}
} else {
2011-10-06 08:46:37 -04:00
$themes_in_use = Array ();
$query = query ( " SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL " ) or error ( db_error ());
while ( $theme = $query -> fetch ()) {
$themes_in_use [ $theme [ 'theme' ]] = true ;
}
2011-04-13 09:47:47 -04:00
// Scan directory for themes
$themes = Array ();
while ( $file = readdir ( $dir )) {
2011-05-27 11:47:59 -04:00
if ( $file [ 0 ] != '.' && is_dir ( $config [ 'dir' ][ 'themes' ] . '/' . $file )) {
2011-04-13 09:47:47 -04:00
$themes [] = $file ;
}
}
closedir ( $dir );
$body = '' ;
if ( empty ( $themes )) {
$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>' ;
} else {
$body .= '<table class="modlog">' ;
foreach ( $themes as & $_theme ) {
$theme = loadThemeConfig ( $_theme );
markup ( $theme [ 'description' ]);
$body .= '<tr>' .
'<th class="minimal">Name</th>' .
2011-08-22 05:00:58 -04:00
'<td>' . utf8tohtml ( $theme [ 'name' ]) . '</td>' .
2011-04-13 09:47:47 -04:00
'</tr>' .
'<tr>' .
'<th class="minimal">Version</th>' .
2011-08-22 05:00:58 -04:00
'<td>' . utf8tohtml ( $theme [ 'version' ]) . '</td>' .
2011-04-13 09:47:47 -04:00
'</tr>' .
'<tr>' .
'<th class="minimal">Description</th>' .
'<td>' . $theme [ 'description' ] . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Thumbnail</th>' .
2011-10-06 08:46:37 -04:00
'<td><img style="float:none;margin:4px' .
( isset ( $themes_in_use [ $_theme ]) ?
';border:2px solid red;padding:4px'
: '' ) .
'" src="' . $config [ 'dir' ][ 'themes_uri' ] . '/' . $_theme . '/thumb.png" /></td>' .
2011-04-13 09:47:47 -04:00
'</tr>' .
'<tr>' .
'<th class="minimal">Actions</th>' .
'<td><ul style="padding:0 20px">' .
2011-10-06 08:46:37 -04:00
'<li><a title="Use theme" href="?/themes/' . $_theme . '">' .
( isset ( $themes_in_use [ $_theme ]) ? 'Reconfigure' : 'Install' ) .
'</a></li>' .
( isset ( $themes_in_use [ $_theme ]) ?
2011-10-08 02:59:50 -04:00
'<li><a title="Rebuild" href="?/themes/' . $_theme . '/rebuild">Rebuild</a></li>' .
'<li><a title="Use theme" href="?/themes/' . $_theme . '/uninstall">Uninstall</a></li>'
2011-10-06 08:46:37 -04:00
:
'' ) .
2011-04-13 09:47:47 -04:00
'</ul></td>' .
'</tr>' .
2011-04-14 02:58:43 -04:00
'<tr style="height:40px"><td colspan="2"><hr/></td></tr>' ;
2011-04-13 09:47:47 -04:00
}
$body .= '</table>' ;
}
2011-04-14 03:10:59 -04:00
2011-10-06 08:46:37 -04:00
if ( ! empty ( $themes_in_use ))
$body .= '<p style="text-align:center"><a href="?/themes/none">Uninstall all themes.</a></p>' ;
2011-04-14 03:10:59 -04:00
2011-04-13 09:47:47 -04:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Select theme' ,
'body' => $body ,
'mod' => true
)
);
}
2011-03-30 06:47:06 -04:00
} elseif ( preg_match ( '/^\/noticeboard\/delete\/(\d+)$/' , $query , $match )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard_delete' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-30 06:47:06 -04:00
$query = prepare ( " DELETE FROM `noticeboard` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $match [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/noticeboard' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/noticeboard$/' , $query )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-30 06:47:06 -04:00
$body = '' ;
2011-07-30 01:56:57 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'noticeboard_post' ]) && isset ( $_POST [ 'subject' ]) && isset ( $_POST [ 'body' ]) && ! empty ( $_POST [ 'body' ])) {
2011-03-30 06:47:06 -04:00
$query = prepare ( " INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body) " );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindvalue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':subject' , utf8tohtml ( $_POST [ 'subject' ]));
markup ( $_POST [ 'body' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
2011-07-30 01:56:57 -04:00
header ( 'Location: ?/noticeboard' , true , $config [ 'redirect_http' ]);
} else {
if ( hasPermission ( $config [ 'mod' ][ 'noticeboard_post' ])) {
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
'<th><label for="subject">Name</label></th>' .
'<td>' . $mod [ 'username' ] . '</td>' .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to noticeboard" /></td>' .
'</tr></table>' .
'</form></fieldset>' ;
2011-03-30 06:47:06 -04:00
}
2011-10-08 03:26:23 -04:00
$query = prepare ( " SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit " );
2011-07-30 01:56:57 -04:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_display' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $notice = $query -> fetch ()) {
$body .= '<div class="ban">' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'noticeboard_delete' ]) ?
2011-07-30 01:56:57 -04:00
'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice [ 'id' ] . '">[delete]</a></span>'
: '' ) .
'<h2 id="' . $notice [ 'id' ] . '">' .
( $notice [ 'subject' ] ?
$notice [ 'subject' ]
:
'<em>no subject</em>'
) .
2011-10-08 02:36:27 -04:00
'<span class="unimportant"> — by ' .
2011-10-08 03:26:23 -04:00
( isset ( $notice [ 'username' ]) ?
utf8tohtml ( $notice [ 'username' ])
2011-10-03 03:52:16 -04:00
:
'<em>???</em>'
) .
2011-07-30 01:56:57 -04:00
' at ' .
date ( $config [ 'post_date' ], $notice [ 'time' ]) .
'</span></h2><p>' . $notice [ 'body' ] . '</p></div>' ;
2011-03-30 06:47:06 -04:00
}
2011-07-30 01:56:57 -04:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Noticeboard' ,
'body' => $body ,
'mod' => true
)
);
}
2011-04-13 10:24:49 -04:00
} elseif ( preg_match ( '/^\/news\/delete\/(\d+)$/' , $query , $match )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'noticeboard_delete' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-04-13 10:24:49 -04:00
$query = prepare ( " DELETE FROM `news` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $match [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-05-27 11:43:04 -04:00
rebuildThemes ( 'news' );
2011-04-14 03:03:12 -04:00
2011-04-13 10:24:49 -04:00
header ( 'Location: ?/news' , true , $config [ 'redirect_http' ]);
} elseif ( preg_match ( '/^\/news$/' , $query )) {
$body = '' ;
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'news' ])) {
2011-04-13 10:24:49 -04:00
if ( isset ( $_POST [ 'subject' ]) && isset ( $_POST [ 'body' ]) && ! empty ( $_POST [ 'body' ])) {
$query = prepare ( " INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body) " );
2011-08-04 01:47:34 -04:00
if ( isset ( $_POST [ 'name' ]) && hasPermission ( $config [ 'mod' ][ 'news_custom' ]))
2011-05-25 06:15:47 -04:00
$name = & $_POST [ 'name' ];
2011-04-13 10:24:49 -04:00
else
2011-05-25 06:15:47 -04:00
$name = & $mod [ 'username' ];
2011-04-13 10:24:49 -04:00
$query -> bindValue ( ':name' , utf8tohtml ( $name ), PDO :: PARAM_INT );
$query -> bindvalue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':subject' , utf8tohtml ( $_POST [ 'subject' ]));
markup ( $_POST [ 'body' ]);
$query -> bindValue ( ':body' , $_POST [ 'body' ]);
$query -> execute () or error ( db_error ( $query ));
2011-04-14 03:03:12 -04:00
2011-05-27 11:43:04 -04:00
rebuildThemes ( 'news' );
2011-04-13 10:24:49 -04:00
}
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
2011-04-14 03:03:12 -04:00
'<th>Name</th>' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'news_custom' ]) ?
2011-08-22 05:00:58 -04:00
'<td><input type="text" size="55" name="name" id="name" value="' . utf8tohtml ( $mod [ 'username' ]) . '" /></td>'
2011-04-13 10:24:49 -04:00
:
'<td>' . $mod [ 'username' ] . '</td>' ) .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to news" /></td>' .
'</tr></table>' .
'</form></fieldset>' ;
}
$query = prepare ( " SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'noticeboard_display' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $news = $query -> fetch ()) {
$body .= '<div class="ban">' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'news_delete' ]) ?
2011-04-13 10:24:49 -04:00
'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news [ 'id' ] . '">[delete]</a></span>'
: '' ) .
'<h2 id="' . $news [ 'id' ] . '">' .
( $news [ 'subject' ] ?
$news [ 'subject' ]
:
'<em>no subject</em>'
) .
2011-10-08 02:36:27 -04:00
'<span class="unimportant"> — by ' .
2011-04-13 10:24:49 -04:00
$news [ 'name' ] .
' at ' .
date ( $config [ 'post_date' ], $news [ 'time' ]) .
'</span></h2><p>' . $news [ 'body' ] . '</p></div>' ;
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'News' ,
'body' => $body ,
'mod' => true
)
);
2011-04-12 04:02:20 -04:00
} elseif ( preg_match ( '/^\/inbox$/' , $query , $match )) {
$query = prepare ( " SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC " );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () == 0 ) {
$body = '<p style="text-align:center" class="unimportant">(No private messages for you.)</p>' ;
} else {
$unread_pms = 0 ;
$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>' ;
while ( $pm = $query -> fetch ()) {
$body .= '<tr' . ( $pm [ 'unread' ] ? ' style="font-weight:bold"' : '' ) . '>' .
'<td class="minimal"><a href="?/PM/' . $pm [ 'id' ] . '">' . $pm [ 'id' ] . '</a></td>' .
'<td class="minimal"><a href="?/new_PM/' . $pm [ 'sender' ] . '">' . $pm [ 'username' ] . '</a></td>' .
'<td class="minimal">' . date ( $config [ 'post_date' ], $pm [ 'time' ]) . '</td>' .
'<td><a href="?/PM/' . $pm [ 'id' ] . '">' . pm_snippet ( $pm [ 'message' ]) . '</a></td>' .
'</tr>' ;
if ( $pm [ 'unread' ])
$unread_pms ++ ;
}
$body .= '</table>' ;
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'PM Inbox (' . ( $query -> rowCount () == 0 ? 'empty' : $unread_pms . ' unread' ) . ')' ,
'body' => $body ,
'mod' => true
)
);
2011-03-17 01:52:43 -04:00
} elseif ( preg_match ( '/^\/PM\/(\d+)$/' , $query , $match )) {
2011-05-25 06:15:47 -04:00
$id = & $match [ 1 ];
2011-03-17 01:52:43 -04:00
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'master_pm' ])) {
2011-07-26 02:00:20 -04:00
$query = prepare ( " SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id " );
2011-04-10 15:15:15 -04:00
} else {
2011-07-26 02:00:20 -04:00
$query = prepare ( " SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod " );
2011-04-10 15:15:15 -04:00
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
}
2011-03-17 01:52:43 -04:00
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $pm = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'delete' ])) {
$query = prepare ( " DELETE FROM `pms` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 02:24:23 -04:00
modLog ( 'Deleted a PM' );
2011-07-30 01:44:14 -04:00
header ( 'Location: ?/inbox' , true , $config [ 'redirect_http' ]);
2011-03-17 01:52:43 -04:00
} else {
2011-07-26 02:00:20 -04:00
if ( $pm [ 'unread' ]) {
$query = prepare ( " UPDATE `pms` SET `unread` = 0 WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
modLog ( 'Read a PM' );
}
2011-03-17 01:52:43 -04:00
2011-04-10 15:15:15 -04:00
if ( $pm [ 'to' ] != $mod [ 'id' ]) {
$query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $pm [ 'to' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $_mod = $query -> fetch ()) {
2011-05-25 06:15:47 -04:00
$__to = & $_mod [ 'username' ];
2011-04-10 15:15:15 -04:00
} else {
2011-07-26 02:00:20 -04:00
$__to = false ;
2011-04-10 15:15:15 -04:00
}
}
2011-04-12 05:56:37 -04:00
$body = '<form action="" method="post" style="margin:0"><table>' .
2011-04-10 15:15:15 -04:00
'<th>From</th><td>' .
2011-07-26 02:00:20 -04:00
( ! $pm [ 'username' ] ?
2011-10-03 03:53:43 -04:00
'<em>???</em>'
2011-07-26 02:00:20 -04:00
:
2011-08-22 05:00:58 -04:00
'<a href="?/new_PM/' . $pm [ 'sender' ] . '">' . utf8tohtml ( $pm [ 'username' ]) . '</a>'
2011-07-26 02:00:20 -04:00
) .
2011-03-17 01:52:43 -04:00
'</td></tr>' .
2011-04-10 15:15:15 -04:00
( isset ( $__to ) ?
'<th>To</th><td>' .
2011-07-26 02:00:20 -04:00
( $__to === false ?
2011-10-03 03:53:43 -04:00
'<em>???</em>'
2011-07-26 02:00:20 -04:00
:
2011-08-22 05:00:58 -04:00
'<a href="?/new_PM/' . $pm [ 'to' ] . '">' . utf8tohtml ( $__to ) . '</a>'
2011-07-26 02:00:20 -04:00
) .
2011-04-10 15:15:15 -04:00
'</td></tr>'
: '' ) .
2011-03-17 01:52:43 -04:00
'<tr><th>Date</th><td> ' . date ( $config [ 'post_date' ], $pm [ 'time' ]) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm [ 'message' ] . '</td></tr>' .
'</table>' .
'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
2011-04-12 05:56:37 -04:00
'</form>' .
'<p style="text-align:center"><a href="?/new_PM/' . $pm [ 'sender' ] . '/' . $pm [ 'id' ] . '">Reply with quote</a></p>' ;
2011-03-17 01:52:43 -04:00
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-03-17 01:52:43 -04:00
'title' => 'Private message' ,
'body' => $body ,
'mod' => true
)
);
}
2011-04-12 05:56:37 -04:00
} elseif ( preg_match ( '/^\/new_PM\/(\d+)(\/(\d+))?$/' , $query , $match )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'create_pm' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-17 01:52:43 -04:00
2011-05-25 06:15:47 -04:00
$to = & $match [ 1 ];
2011-03-17 01:52:43 -04:00
$query = prepare ( " SELECT `username`,`id` FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $to , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $to = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'message' ])) {
// Post message
2011-05-25 06:15:47 -04:00
$message = & $_POST [ 'message' ];
2011-03-17 01:52:43 -04:00
if ( empty ( $message ))
error ( $config [ 'error' ][ 'tooshort_body' ]);
markup ( $message );
$query = prepare ( " INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1) " );
$query -> bindValue ( ':sender' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':to' , $to [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':message' , $message );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 02:24:23 -04:00
modLog ( 'Sent a PM to ' . $to [ 'username' ]);
2011-03-17 01:52:43 -04:00
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-03-17 01:52:43 -04:00
'title' => 'PM sent' ,
2011-08-22 05:00:58 -04:00
'body' => '<p style="text-align:center">Message sent successfully to ' . utf8tohtml ( $to [ 'username' ]) . '.</p>' ,
2011-03-17 01:52:43 -04:00
'mod' => true
)
);
} else {
2011-04-12 05:56:37 -04:00
$value = '' ;
if ( isset ( $match [ 3 ])) {
2011-05-25 06:15:47 -04:00
$reply = & $match [ 3 ];
2011-04-12 05:56:37 -04:00
$query = prepare ( " SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id " );
$query -> bindValue ( ':sender' , $to [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':id' , $reply , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $pm = $query -> fetch ()) {
$value = quote ( $pm [ 'message' ]);
}
}
2011-03-17 01:52:43 -04:00
$body = '<form action="" method="post">' .
'<table>' .
'<tr><th>To</th><td>' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'editusers' ]) ?
2011-08-22 05:00:58 -04:00
'<a href="?/users/' . $to [ 'id' ] . '">' . utf8tohtml ( $to [ 'username' ]) . '</a>' :
utf8tohtml ( $to [ 'username' ])
2011-03-17 01:52:43 -04:00
) .
'</td>' .
2011-04-12 05:56:37 -04:00
'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40">' . $value . '</textarea></td>' .
2011-03-17 01:52:43 -04:00
'</table>' .
'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
'</form>' ;
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-08-22 05:00:58 -04:00
'title' => 'New PM for ' . utf8tohtml ( $to [ 'username' ]),
2011-03-29 09:56:38 -04:00
'body' => $body ,
'mod' => true
2011-03-17 01:52:43 -04:00
)
);
}
2011-03-29 09:56:38 -04:00
} elseif ( preg_match ( '/^\/search$/' , $query )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'search' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-29 09:56:38 -04:00
$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
'<p><label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" ' .
2011-08-22 05:00:58 -04:00
( isset ( $_POST [ 'search' ]) ? 'value="' . utf8tohtml ( $_POST [ 'search' ]) . '" ' : '' ) .
2011-03-29 09:56:38 -04:00
'/>' .
'<input type="submit" value="Search" />' .
'</p></form>' .
2011-03-29 10:36:19 -04:00
'<p><span class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</span></p>' .
2011-03-29 09:56:38 -04:00
'</div>' ;
if ( isset ( $_POST [ 'search' ]) && ! empty ( $_POST [ 'search' ])) {
2011-05-25 06:15:47 -04:00
$phrase = & $_POST [ 'search' ];
2011-03-29 09:56:38 -04:00
$_body = '' ;
2011-03-30 01:55:43 -04:00
// Escape escape character
$phrase = str_replace ( '!' , '!!' , $phrase );
2011-03-29 10:26:02 -04:00
// Remove SQL wildcard
2011-03-29 10:41:59 -04:00
$phrase = str_replace ( '%' , '!%' , $phrase );
2011-03-29 10:26:02 -04:00
// Use asterisk as wildcard to suit convention
$phrase = str_replace ( '*' , '%' , $phrase );
$like = '' ;
$match = Array ();
// Find exact phrases
if ( preg_match_all ( '/"(.+?)"/' , $phrase , $m )) {
foreach ( $m [ 1 ] as & $quote ) {
$phrase = str_replace ( " \" { $quote } \" " , '' , $phrase );
$match [] = $pdo -> quote ( $quote );
}
}
$words = explode ( ' ' , $phrase );
foreach ( $words as & $word ) {
if ( empty ( $word ))
continue ;
$match [] = $pdo -> quote ( $word );
}
2011-10-08 22:07:09 -04:00
2011-03-29 10:26:02 -04:00
$like = '' ;
foreach ( $match as & $phrase ) {
if ( ! empty ( $like ))
$like .= ' AND ' ;
$phrase = preg_replace ( '/^\'(.+)\'$/' , '\'%$1%\'' , $phrase );
2011-03-29 10:41:59 -04:00
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'' ;
2011-03-29 10:26:02 -04:00
}
$like = str_replace ( '%' , '%%' , $like );
2011-03-29 09:56:38 -04:00
$boards = listBoards ();
foreach ( $boards as & $_b ) {
openBoard ( $_b [ 'uri' ]);
2011-03-29 10:26:02 -04:00
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit " , $board [ 'uri' ]));
2011-03-29 09:56:38 -04:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'search_results' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$temp = '' ;
while ( $post = $query -> fetch ()) {
if ( ! $post [ 'thread' ]) {
2011-10-10 07:37:39 -04:00
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], $post [ 'sage' ], $post [ 'embed' ], '?/' , $mod , false );
2011-03-29 09:56:38 -04:00
} else {
2011-05-18 03:05:48 -04:00
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'embed' ], '?/' , $mod );
2011-03-29 09:56:38 -04:00
}
$temp .= $po -> build ( true ) . '<hr/>' ;
}
if ( ! empty ( $temp ))
$_body .= '<fieldset><legend>' . $query -> rowCount () . ' result' . ( $query -> rowCount () != 1 ? 's' : '' ) . ' on <a href="?/' .
sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'file_index' ] .
'">' .
sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . ' - ' . $board [ 'title' ] .
'</a></legend>' . $temp . '</fieldset>' ;
}
$body .= '<hr/>' ;
if ( ! empty ( $_body ))
$body .= $_body ;
else
$body .= '<p style="text-align:center" class="unimportant">(No results.)</p>' ;
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Search' ,
'body' => $body ,
'mod' => true
)
);
2011-03-02 01:15:37 -05:00
} elseif ( preg_match ( '/^\/users$/' , $query )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'manageusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:51:29 -05:00
2011-10-08 02:36:27 -04:00
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Boards</th><th>Last action</th><th>…</th></tr>' ;
2011-03-02 01:15:37 -05:00
$query = query ( " SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id` " ) or error ( db_error ());
while ( $_mod = $query -> fetch ()) {
$type = $_mod [ 'type' ] == JANITOR ? 'Janitor' : ( $_mod [ 'type' ] == MOD ? 'Mod' : 'Admin' );
$body .= '<tr>' .
'<td>' .
$_mod [ 'id' ] .
'</td>' .
'<td>' .
2011-08-22 05:00:58 -04:00
utf8tohtml ( $_mod [ 'username' ]) .
2011-03-02 01:15:37 -05:00
'</td>' .
'<td>' .
$type .
'</td>' .
'<td>' .
2011-07-03 09:05:14 -04:00
str_replace ( ',' , ', ' , $_mod [ 'boards' ]) .
'</td>' .
'<td>' .
2011-03-02 01:15:37 -05:00
( $_mod [ 'last' ] ?
2011-08-22 05:00:58 -04:00
'<span title="' . utf8tohtml ( $_mod [ 'action' ]) . '">' . ago ( $_mod [ 'last' ]) . '</span>'
2011-03-02 01:15:37 -05:00
: '<em>never</em>' ) .
'</td>' .
'<td style="white-space:nowrap">' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'promoteusers' ]) ?
2011-03-02 01:15:37 -05:00
( $_mod [ 'type' ] != ADMIN ?
'<a style="text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/promote" title="Promote">▲</a>'
: '' ) .
( $_mod [ 'type' ] != JANITOR ?
'<a style="text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/demote" title="Demote">▼</a>'
: '' )
: ''
) .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'editusers' ]) ||
( hasPermission ( $config [ 'mod' ][ 'change_password' ]) && $_mod [ 'id' ] == $mod [ 'id' ]) ?
2011-03-02 01:15:37 -05:00
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod [ 'id' ] . '">[edit]</a>'
2011-03-17 01:52:43 -04:00
: '' ) .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'create_pm' ]) ?
2011-03-17 01:52:43 -04:00
'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod [ 'id' ] . '">[PM]</a>'
: '' ) .
2011-03-02 01:15:37 -05:00
'</td></tr>' ;
}
$body .= '</table>' ;
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'createusers' ])) {
2011-03-02 01:15:37 -05:00
$body .= '<p style="text-align:center"><a href="?/users/new">Create new user</a></p>' ;
}
$body .= '</form>' ;
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-03-02 01:15:37 -05:00
'title' => 'Manage users' ,
'body' => $body
, 'mod' => true
)
);
} elseif ( preg_match ( '/^\/users\/new$/' , $query )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'createusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:15:37 -05:00
if ( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) {
if ( ! isset ( $_POST [ 'type' ])) {
error ( sprintf ( $config [ 'error' ][ 'required' ], 'type' ));
}
if ( $_POST [ 'type' ] != ADMIN && $_POST [ 'type' ] != MOD && $_POST [ 'type' ] != JANITOR ) {
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'type' ));
}
// Check if already exists
$query = prepare ( " SELECT `id` FROM `mods` WHERE `username` = :username " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> execute () or error ( db_error ( $query ));
if ( $_mod = $query -> fetch ()) {
error ( sprintf ( $config [ 'error' ][ 'modexists' ], $_mod [ 'id' ]));
}
2011-07-03 09:05:14 -04:00
$boards = Array ();
foreach ( $_POST as $name => $null ) {
2011-07-08 09:03:12 -04:00
if ( preg_match ( '/^board_(.+)$/' , $name , $m ))
2011-07-03 09:05:14 -04:00
$boards [] = $m [ 1 ];
}
$boards = implode ( ',' , $boards );
$query = prepare ( " INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards) " );
2011-03-02 01:15:37 -05:00
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
$query -> bindValue ( ':type' , $_POST [ 'type' ], PDO :: PARAM_INT );
2011-07-03 09:05:14 -04:00
$query -> bindValue ( ':boards' , $boards );
2011-03-02 01:15:37 -05:00
$query -> execute () or error ( db_error ( $query ));
2011-03-02 01:19:36 -05:00
modLog ( 'Create a new user: "' . $_POST [ 'username' ] . '"' );
2011-07-08 09:03:12 -04:00
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
} else {
2011-03-02 01:15:37 -05:00
2011-07-08 09:03:12 -04:00
$__boards = '<ul style="list-style:none;padding:2px 5px">' ;
$boards = array_merge (
Array ( Array ( 'uri' => '*' , 'title' => 'All' )
), listBoards ());
foreach ( $boards as & $_board ) {
$__boards .= '<li>' .
2011-07-26 23:40:27 -04:00
'<input type="checkbox" name="board_' . $_board [ 'uri' ] . '" id="board_' . $_board [ 'uri' ] . '">' .
2011-07-08 09:04:25 -04:00
'<label style="display:inline" for="board_' . $_board [ 'uri' ] . '"> ' .
2011-07-08 09:03:12 -04:00
( $_board [ 'uri' ] == '*' ?
'<em>"*"</em>'
:
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ])
) .
' - ' . $_board [ 'title' ] .
'</label>' .
'</li>' ;
}
2011-07-03 09:05:14 -04:00
2011-07-08 09:03:12 -04:00
$body = '<fieldset><legend>New user</legend>' .
2011-03-02 01:15:37 -05:00
2011-07-08 09:03:12 -04:00
// Begin form
'<form style="text-align:center" action="" method="post">' .
2011-03-02 01:15:37 -05:00
2011-07-08 09:03:12 -04:00
'<table>' .
2011-03-02 01:15:37 -05:00
2011-07-08 09:03:12 -04:00
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Type</th><td>' .
'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
'</td></tr>' .
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
'</table>' .
2011-03-02 01:15:37 -05:00
2011-07-08 09:03:12 -04:00
'<input style="margin-top:10px" type="submit" value="Create user" />' .
2011-03-02 01:15:37 -05:00
2011-07-08 09:03:12 -04:00
// End form
'</form></fieldset>' ;
2011-03-02 01:15:37 -05:00
2011-07-08 09:03:12 -04:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'New user' ,
'body' => $body
, 'mod' => true
)
);
}
2011-03-02 01:15:37 -05:00
} elseif ( preg_match ( '/^\/users\/(\d+)(\/(promote|demote|delete))?$/' , $query , $matches )) {
2011-05-25 06:15:47 -04:00
$modID = & $matches [ 1 ];
2011-03-02 01:15:37 -05:00
if ( isset ( $matches [ 2 ])) {
if ( $matches [ 3 ] == 'delete' ) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'deleteusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:15:37 -05:00
$query = prepare ( " DELETE FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 02:24:23 -04:00
modLog ( 'Deleted user #' . $modID );
2011-03-02 01:15:37 -05:00
} else {
// Promote/demote
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'promoteusers' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:15:37 -05:00
if ( $matches [ 3 ] == 'promote' ) {
$query = prepare ( " UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id " );
$query -> bindValue ( ':admin' , ADMIN , PDO :: PARAM_INT );
} else {
$query = prepare ( " UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id " );
$query -> bindValue ( ':janitor' , JANITOR , PDO :: PARAM_INT );
}
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
} else {
// Edit user
2011-08-10 01:35:46 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'editusers' ]) && ! hasPermission ( $config [ 'mod' ][ 'change_password' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:15:37 -05:00
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $_mod = $query -> fetch ()) {
error ( $config [ 'error' ][ '404' ]);
}
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'editusers' ]) && ! ( hasPermission ( $config [ 'mod' ][ 'change_password' ]) && $mod [ 'id' ] == $_mod [ 'id' ] && $change_password_only = true ))
2011-03-27 11:41:06 -04:00
error ( $config [ 'error' ][ 'noaccess' ]);
if (( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) || ( isset ( $change_password_only ) && isset ( $_POST [ 'password' ]))) {
if ( ! isset ( $change_password_only )) {
2011-07-03 09:05:14 -04:00
$boards = Array ();
foreach ( $_POST as $name => $null ) {
2011-07-08 09:03:12 -04:00
if ( preg_match ( '/^board_(.+)$/' , $name , $m ))
2011-07-03 09:05:14 -04:00
$boards [] = $m [ 1 ];
}
$boards = implode ( ',' , $boards );
$query = prepare ( " UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id " );
$query -> bindValue ( ':username' , $_POST [ 'username' ], PDO :: PARAM_STR );
$query -> bindValue ( ':boards' , $boards , PDO :: PARAM_STR );
2011-03-27 11:41:06 -04:00
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-28 02:24:23 -04:00
modLog ( 'Edited login details for user "' . $_mod [ 'username' ] . '"' );
} else {
modLog ( 'Changed own password' );
2011-03-27 11:41:06 -04:00
}
2011-03-02 01:15:37 -05:00
if ( ! empty ( $_POST [ 'password' ])) {
$query = prepare ( " UPDATE `mods` SET `password` = :password WHERE `id` = :id " );
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
// Refresh
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-27 11:41:06 -04:00
if ( ! $_mod = $query -> fetch ()) {
error ( $config [ 'error' ][ '404' ]);
}
if ( $_mod [ 'id' ] == $mod [ 'id' ]) {
// Changed own password. Update cookies
setCookies ();
}
2011-03-02 01:15:37 -05:00
}
2011-07-03 09:05:14 -04:00
$__boards = '<ul style="list-style:none;padding:2px 5px">' ;
2011-07-08 09:03:12 -04:00
$boards = array_merge (
Array ( Array ( 'uri' => '*' , 'title' => 'All' )
), listBoards ());
2011-07-03 09:05:14 -04:00
$_mod [ 'boards' ] = explode ( ',' , $_mod [ 'boards' ]);
foreach ( $boards as & $_board ) {
$__boards .= '<li>' .
2011-08-08 04:40:32 -04:00
'<input type="checkbox" name="board_' . $_board [ 'uri' ] . '" id="board_' . $_board [ 'uri' ] . '"' .
2011-07-03 09:05:14 -04:00
( in_array ( $_board [ 'uri' ], $_mod [ 'boards' ]) ?
' checked="checked"'
: '' ) .
'/> ' .
'<label style="display:inline" for="board_' . $_board [ 'uri' ] . '">' .
2011-07-08 09:03:12 -04:00
( $_board [ 'uri' ] == '*' ?
'<em>"*"</em>'
:
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ])
) .
2011-07-03 09:05:14 -04:00
' - ' . $_board [ 'title' ] .
'</label>' .
'</li>' ;
}
$__boards .= '</ul>' ;
2011-03-02 01:15:37 -05:00
$body = '<fieldset><legend>Edit user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
2011-03-27 11:41:06 -04:00
'<tr><th>Username</th><td>' .
( isset ( $change_password_only ) ?
2011-08-22 05:00:58 -04:00
utf8tohtml ( $_mod [ 'username' ])
: '<input size="20" maxlength="30" type="text" name="username" value="' . utf8tohtml ( $_mod [ 'username' ]) . '" autocomplete="off" />' ) .
2011-03-27 11:41:06 -04:00
'</td></tr>' .
2011-03-02 01:15:37 -05:00
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
2011-07-03 09:05:14 -04:00
( isset ( $change_password_only ) ? '' :
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
) .
2011-03-02 01:15:37 -05:00
'</table>' .
'<input type="submit" value="Save changes" />' .
// End form
'</form> ' .
// Delete button
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'deleteusers' ]) ?
2011-03-02 01:15:37 -05:00
'<p style="text-align:center"><a href="?/users/' . $_mod [ 'id' ] . '/delete">Delete user</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-03-02 01:15:37 -05:00
'title' => 'Edit user' ,
'body' => $body
, 'mod' => true
)
);
}
2011-02-20 01:19:57 -05:00
} elseif ( preg_match ( '/^\/reports$/' , $query )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'reports' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:15:37 -05:00
2011-02-20 01:19:57 -05:00
$body = '' ;
2011-02-20 02:28:39 -05:00
$reports = 0 ;
$query = prepare ( " SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'recent_reports' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-02-20 01:19:57 -05:00
2011-02-20 02:42:00 -05:00
while ( $report = $query -> fetch ()) {
$p_query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `id` = :id " , $report [ 'uri' ]));
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
if ( ! $post = $p_query -> fetch ()) {
// Invalid report (post has since been deleted)
$p_query = prepare ( " DELETE FROM `reports` WHERE `post` = :id " );
2011-02-20 01:19:57 -05:00
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
2011-02-20 03:00:02 -05:00
continue ;
2011-02-20 01:19:57 -05:00
}
2011-02-20 02:42:00 -05:00
$reports ++ ;
openBoard ( $report [ 'uri' ]);
if ( ! $post [ 'thread' ]) {
2011-10-10 07:37:39 -04:00
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], $post [ 'sage' ], $post [ 'embed' ], '?/' , $mod , false );
2011-02-20 02:42:00 -05:00
} else {
2011-05-18 03:05:48 -04:00
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'embed' ], '?/' , $mod );
2011-02-20 02:42:00 -05:00
}
2011-06-04 06:18:03 -04:00
$append_html =
2011-02-20 02:42:00 -05:00
'<div class="report">' .
'<hr/>' .
'Board: <a href="?/' . $report [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' . sprintf ( $config [ 'board_abbreviation' ], $report [ 'uri' ]) . '</a><br/>' .
'Reason: ' . $report [ 'reason' ] . '<br/>' .
2011-07-30 01:47:14 -04:00
'Report date: ' . date ( $config [ 'post_date' ], $report [ 'time' ]) . '<br/>' .
2011-02-20 02:42:00 -05:00
'Reported by: <a href="?/IP/' . $report [ 'ip' ] . '">' . $report [ 'ip' ] . '</a><br/>' .
'<hr/>' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'report_dismiss' ]) ?
2011-02-20 02:42:00 -05:00
'<a title="Discard abuse report" href="?/reports/' . $report [ 'id' ] . '/dismiss">Dismiss</a> | ' : '' ) .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'report_dismiss_ip' ]) ?
2011-02-20 02:42:00 -05:00
'<a title="Discard all abuse reports by this user" href="?/reports/' . $report [ 'id' ] . '/dismiss/all">Dismiss+</a>' : '' ) .
'</div>' ;
2011-06-04 06:18:03 -04:00
// Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21
$po -> body = truncate ( $po -> body , $po -> link (), $config [ 'body_truncate' ] - substr_count ( $append_html , '<br/>' ));
if ( strlen ( $po -> body ) + strlen ( $append_html ) > $config [ 'body_truncate_char' ]) {
// still too long. temporarily increase limit in the config
$__old_body_truncate_char = $config [ 'body_truncate_char' ];
$config [ 'body_truncate_char' ] = strlen ( $po -> body ) + strlen ( $append_html );
}
$po -> body .= $append_html ;
2011-02-20 02:42:00 -05:00
$body .= $po -> build ( true ) . '<hr/>' ;
2011-06-04 06:18:03 -04:00
if ( isset ( $__old_body_truncate_char ))
$config [ 'body_truncate_char' ] = $__old_body_truncate_char ;
2011-02-20 01:19:57 -05:00
}
2011-02-20 02:28:39 -05:00
$query = query ( " SELECT COUNT(`id`) AS `count` FROM `reports` " ) or error ( db_error ());
$count = $query -> fetch ();
$body .= '<p class="unimportant" style="text-align:center">Showing ' .
( $reports == $count [ 'count' ] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count [ 'count' ] . ' reports' ) . '.</p>' ;
2011-02-20 01:19:57 -05:00
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-03-28 11:00:17 -04:00
'title' => 'Report queue (' . $count [ 'count' ] . ')' ,
2011-02-20 01:19:57 -05:00
'body' => $body ,
'mod' => true
));
} elseif ( preg_match ( '/^\/reports\/(\d+)\/dismiss(\/all)?$/' , $query , $matches )) {
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/all' ) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'report_dismiss_ip' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-20 01:19:57 -05:00
$query = prepare ( " SELECT `ip` FROM `reports` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
$query = prepare ( " DELETE FROM `reports` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $report [ 'ip' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-02 01:19:36 -05:00
modLog ( 'Dismissed all reports by ' . $report [ 'ip' ]);
2011-02-20 01:19:57 -05:00
}
} else {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'report_dismiss' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-20 01:19:57 -05:00
2011-03-30 01:55:43 -04:00
$query = prepare ( " SELECT `post`, `board` FROM `reports` WHERE `id` = :id " );
2011-02-20 01:19:57 -05:00
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
2011-03-30 01:55:43 -04:00
modLog ( 'Dismissed a report for post #' . $report [ 'post' ], $report [ 'board' ]);
2011-03-02 01:19:36 -05:00
2011-02-20 01:19:57 -05:00
$query = prepare ( " DELETE FROM `reports` WHERE `post` = :post " );
$query -> bindValue ( ':post' , $report [ 'post' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
}
// Redirect
2011-06-18 21:26:26 -04:00
header ( 'Location: ?/reports' , true , $config [ 'redirect_http' ]);
2011-02-22 01:38:38 -05:00
} elseif ( preg_match ( '/^\/board\/(\w+)(\/delete)?$/' , $query , $matches )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'manageboards' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-22 01:38:38 -05:00
if ( ! openBoard ( $matches [ 1 ]))
error ( $config [ 'error' ][ 'noboard' ]);
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/delete' ) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'deleteboard' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-22 01:38:38 -05:00
// Delete board
2011-03-28 02:24:23 -04:00
modLog ( 'Deleted board ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]));
2011-02-22 01:38:38 -05:00
// Delete entire board directory
rrmdir ( $board [ 'uri' ] . '/' );
// Delete posting table
$query = query ( sprintf ( " DROP TABLE IF EXISTS `posts_%s` " , $board [ 'uri' ])) or error ( db_error ());
// Clear reports
$query = prepare ( " DELETE FROM `reports` WHERE `board` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// Delete from table
$query = prepare ( " DELETE FROM `boards` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-10-08 02:46:48 -04:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'board_' . $board [ 'uri' ]);
cache :: delete ( 'all_boards' );
}
2011-05-27 11:43:04 -04:00
rebuildThemes ( 'boards' );
2011-04-14 06:43:34 -04:00
2011-02-22 01:38:38 -05:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-02-22 01:43:42 -05:00
} else {
if ( isset ( $_POST [ 'title' ]) && isset ( $_POST [ 'subtitle' ])) {
$query = prepare ( " UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id " );
$query -> bindValue ( ':title' , utf8tohtml ( $_POST [ 'title' ], true ));
if ( ! empty ( $_POST [ 'subtitle' ]))
$query -> bindValue ( ':subtitle' , utf8tohtml ( $_POST [ 'subtitle' ], true ));
else
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-10-08 02:46:48 -04:00
if ( $config [ 'cache' ][ 'enabled' ]) {
cache :: delete ( 'board_' . $board [ 'uri' ]);
cache :: delete ( 'all_boards' );
}
2011-05-27 11:43:04 -04:00
rebuildThemes ( 'boards' );
2011-04-14 06:43:34 -04:00
2011-02-22 01:43:42 -05:00
openBoard ( $board [ 'uri' ]);
}
2011-02-22 01:38:38 -05:00
2011-02-22 01:43:42 -05:00
$body =
'<fieldset><legend><a href="?/' .
$board [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' .
sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . '</a>' .
' - ' . $board [ 'name' ] . '</legend>' .
2011-02-22 01:38:38 -05:00
2011-02-22 01:43:42 -05:00
// Begin form
'<form style="text-align:center" action="" method="post">' .
2011-02-22 01:38:38 -05:00
2011-02-22 01:43:42 -05:00
'<table>' .
'<tr><th>URI</th><td>' . $board [ 'uri' ] . '</td>' .
'<tr><th>Title</th><td><input size="20" maxlength="20" type="text" name="title" value="' . $board [ 'name' ] . '" /></td></tr>' .
'<tr><th>Subtitle</th><td><input size="20" maxlength="40" type="text" name="subtitle" value="' .
( isset ( $board [ 'title' ]) ? $board [ 'title' ] : '' ) . '" /></td></tr>' .
'</table>' .
'<input type="submit" value="Update" />' .
// End form
'</form> ' .
// Delete button
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'deleteboard' ]) ?
2011-02-22 01:43:42 -05:00
'<p style="text-align:center"><a href="?/board/' . $board [ 'uri' ] . '/delete">Delete board</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-10-08 02:36:27 -04:00
'title' => 'Manage – ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]),
2011-02-22 01:43:42 -05:00
'body' => $body ,
'mod' => true
));
2011-02-22 01:38:38 -05:00
}
2011-02-06 08:38:01 -05:00
} elseif ( preg_match ( '/^\/bans$/' , $query )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'view_banlist' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-06 08:38:01 -05:00
2011-03-26 11:55:11 -04:00
if ( isset ( $_POST [ 'unban' ])) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'unban' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-26 11:55:11 -04:00
foreach ( $_POST as $post => $value ) {
2011-08-04 01:47:34 -04:00
if ( preg_match ( '/^ban_(\d+)$/' , $post , $m )) {
removeBan ( $m [ 1 ]);
2011-03-26 11:55:11 -04:00
}
}
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'view_banexpired' ])) {
2011-10-03 03:59:55 -04:00
$query = prepare ( " SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC " );
2011-02-06 08:38:01 -05:00
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
} else {
// Filter out expired bans
2011-10-03 03:59:55 -04:00
$query = prepare ( " SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC " );
2011-02-06 08:38:01 -05:00
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
if ( $query -> rowCount () < 1 ) {
2011-03-30 09:12:36 -04:00
$body = '<p style="text-align:center" class="unimportant">(There are no active bans.)</p>' ;
2011-02-06 08:38:01 -05:00
} else {
$body = '<form action="" method="post">' ;
2011-07-26 23:40:27 -04:00
$body .= '<table><tr><th>IP address</th><th>Reason</th><th>Board</th><th>Set</th><th>Expires</th><th>Staff</th></tr>' ;
2011-02-06 08:38:01 -05:00
while ( $ban = $query -> fetch ()) {
$body .=
'<tr' .
2011-02-12 01:25:15 -05:00
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
2011-02-06 08:38:01 -05:00
' style="text-decoration:line-through"'
: '' ) .
'>' .
'<td style="white-space: nowrap">' .
// Checkbox
2011-08-04 01:47:34 -04:00
'<input type="checkbox" name="ban_' . $ban [ 'id' ] . '" id="ban_' . $ban [ 'id' ] . '" /> ' .
2011-02-06 08:38:01 -05:00
// IP address
2011-03-30 09:12:36 -04:00
( preg_match ( '/^(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')$/' , $ban [ 'ip' ]) ?
'<a href="?/IP/' .
$ban [ 'ip' ] .
'">' . $ban [ 'ip' ] . '</a>'
2011-08-22 05:00:58 -04:00
: utf8tohtml ( $ban [ 'ip' ])) .
2011-03-30 09:12:36 -04:00
'</td>' .
2011-02-06 08:38:01 -05:00
// Reason
2011-03-26 23:48:22 -04:00
'<td>' . ( $ban [ 'reason' ] ? $ban [ 'reason' ] : '<em>-</em>' ) . '</td>' .
2011-02-06 08:38:01 -05:00
2011-07-26 23:40:27 -04:00
2011-07-26 23:50:29 -04:00
'<td style="white-space: nowrap">' .
2011-07-26 23:40:27 -04:00
( isset ( $ban [ 'uri' ]) ?
sprintf ( $config [ 'board_abbreviation' ], $ban [ 'uri' ])
:
'<em>all boards</em>'
) . '</td>' .
2011-02-06 08:38:01 -05:00
// Set
2011-02-12 01:25:15 -05:00
'<td style="white-space: nowrap">' . date ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td>' .
2011-02-06 08:38:01 -05:00
// Expires
'<td style="white-space: nowrap">' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
:
2011-02-12 01:25:15 -05:00
date ( $config [ 'post_date' ], $ban [ 'expires' ])
2011-02-06 08:38:01 -05:00
) .
'</td>' .
// Staff
'<td>' .
2011-10-03 03:47:59 -04:00
( isset ( $ban [ 'username' ]) ?
( ! hasPermission ( $config [ 'mod' ][ 'view_banstaff' ]) ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
'?'
:
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
'?' )))
)
2011-02-06 08:38:01 -05:00
:
2011-10-03 03:47:59 -04:00
utf8tohtml ( $ban [ 'username' ])
2011-02-06 08:38:01 -05:00
)
:
2011-10-03 03:47:59 -04:00
'<em>deleted?</em>'
2011-02-06 08:38:01 -05:00
) .
'</td>' .
'</tr>' ;
}
2011-03-26 11:55:11 -04:00
$body .= '</table>' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'unban' ]) ?
2011-03-26 11:55:11 -04:00
'<p style="text-align:center"><input name="unban" type="submit" value="Unban selected" /></p>'
: '' ) .
'</form>' ;
2011-02-06 08:38:01 -05:00
}
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-02-06 08:38:01 -05:00
'title' => 'Ban list' ,
'body' => $body ,
'mod' => true
)
);
2011-05-21 01:21:45 -04:00
} elseif ( preg_match ( '/^\/flush$/' , $query )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'rebuild' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-10-07 01:51:19 -04:00
if ( ! $config [ 'cache' ][ 'enabled' ]) error ( 'Cache is not enabled.' );
2011-05-21 01:21:45 -04:00
2011-10-07 01:51:19 -04:00
if ( cache :: flush ()) {
2011-05-21 01:21:45 -04:00
$body = 'Successfully invalidated all items in the cache.' ;
modLog ( 'Cleared cache' );
} else {
2011-10-07 01:51:19 -04:00
$body = 'An error occured while trying to flush cache.' ;
2011-05-21 01:21:45 -04:00
}
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Flushed' ,
'body' => '<p style="text-align:center">' . $body . '</p>' ,
'mod' => true
));
2011-02-17 08:36:50 -05:00
} elseif ( preg_match ( '/^\/rebuild$/' , $query )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'rebuild' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-26 11:35:54 -04:00
set_time_limit ( $config [ 'mod' ][ 'rebuild_timelimit' ]);
2011-10-08 02:36:27 -04:00
$body = '<div class="ban"><h2>Rebuilding…</h2><p>' ;
2011-02-17 08:36:50 -05:00
2011-10-08 02:36:27 -04:00
$body .= 'Clearing template cache…<br/>' ;
2011-10-08 02:34:40 -04:00
$twig = new Twig_Environment ( $loader , Array (
'cache' => " { $config [ 'dir' ][ 'template' ] } /cache "
));
$twig -> clearCacheFiles ();
2011-10-08 02:36:27 -04:00
$body .= 'Regenerating theme files…<br/>' ;
2011-05-27 11:43:04 -04:00
rebuildThemes ( 'all' );
2011-04-14 03:03:12 -04:00
2011-10-08 02:36:27 -04:00
$body .= 'Generating Javascript file…<br/>' ;
2011-03-26 11:35:54 -04:00
buildJavascript ();
2011-02-17 08:36:50 -05:00
$boards = listBoards ();
foreach ( $boards as & $board ) {
2011-03-26 11:35:54 -04:00
$body .= " <strong style= \" display:inline-block;margin: 15px 0 2px 0; \" >Opening board / { $board [ 'uri' ] } /</strong><br/> " ;
2011-02-17 08:36:50 -05:00
openBoard ( $board [ 'uri' ]);
2011-03-26 11:35:54 -04:00
$body .= 'Creating index pages<br/>' ;
2011-02-17 08:36:50 -05:00
buildIndex ();
$query = query ( sprintf ( " SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL " , $board [ 'uri' ])) or error ( db_error ());
while ( $post = $query -> fetch ()) {
2011-03-26 11:35:54 -04:00
$body .= " Rebuilding # { $post [ 'id' ] } <br/> " ;
2011-02-17 08:36:50 -05:00
buildThread ( $post [ 'id' ]);
}
}
2011-03-26 11:35:54 -04:00
$body .= 'Complete!</p></div>' ;
2011-03-28 02:50:59 -04:00
unset ( $board );
2011-03-28 02:24:23 -04:00
modLog ( 'Rebuilt everything' );
2011-03-26 11:35:54 -04:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'Rebuilt' ,
'body' => $body ,
'mod' => true
));
2010-12-10 04:57:34 -05:00
} elseif ( preg_match ( '/^\/config$/' , $query )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'show_config' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-10 04:57:34 -05:00
2011-02-16 03:27:52 -05:00
// Show instance-config.php
2010-12-16 12:41:11 -05:00
$data = '' ;
2011-02-16 03:27:52 -05:00
function do_array_part ( $array , $prefix = '' ) {
global $data , $config ;
foreach ( $array as $name => $value ) {
if ( is_array ( $value )) {
do_array_part ( $value , $prefix . $name . ' → ' );
} else {
if ( $config [ 'mod' ][ 'never_reveal_password' ] && $prefix == 'db → ' && $name == 'password' ) {
$value = '<em>hidden</em>' ;
} elseif ( gettype ( $value ) == 'boolean' ) {
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>' ;
} elseif ( gettype ( $value ) == 'string' ) {
if ( empty ( $value ))
$value = '<em>empty</em>' ;
else
2011-10-08 02:36:27 -04:00
$value = '<span style="color:maroon;">' . utf8tohtml ( substr ( $value , 0 , 110 ) . ( strlen ( $value ) > 110 ? '…' : '' )) . '</span>' ;
2011-02-16 03:27:52 -05:00
} elseif ( gettype ( $value ) == 'integer' ) {
$value = '<span style="color:black;">' . $value . '</span>' ;
}
$data .=
'<tr><th style="text-align:left;">' .
$prefix . ( gettype ( $name ) == 'integer' ? '[]' : $name ) .
'</th><td>' .
$value .
'</td></tr>' ;
2010-12-17 00:25:32 -05:00
}
2010-12-16 12:41:11 -05:00
}
}
2011-02-16 03:27:52 -05:00
do_array_part ( $config );
2010-12-10 04:57:34 -05:00
2010-12-16 12:41:11 -05:00
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>' ;
2010-12-10 04:57:34 -05:00
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2010-12-10 04:57:34 -05:00
'title' => 'Configuration' ,
2010-12-10 04:42:16 -05:00
'body' => $body ,
'mod' => true
2010-12-02 02:26:09 -05:00
)
2010-12-02 04:55:56 -05:00
);
} elseif ( preg_match ( '/^\/new$/' , $query )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'newboard' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-10 04:38:49 -05:00
2010-12-02 04:55:56 -05:00
// New board
$body = '' ;
if ( isset ( $_POST [ 'new_board' ])) {
// Create new board
if ( ! isset ( $_POST [ 'uri' ]) ||
! isset ( $_POST [ 'title' ]) ||
! isset ( $_POST [ 'subtitle' ])
2011-02-12 01:25:15 -05:00
) error ( $config [ 'error' ][ 'missedafield' ]);
2010-12-02 04:55:56 -05:00
$b = Array (
'uri' => $_POST [ 'uri' ],
'title' => $_POST [ 'title' ],
'subtitle' => $_POST [ 'subtitle' ]
);
2011-02-22 01:38:38 -05:00
// HTML characters
$b [ 'title' ] = utf8tohtml ( $b [ 'title' ], true );
$b [ 'subtitle' ] = utf8tohtml ( $b [ 'subtitle' ], true );
2010-12-02 04:55:56 -05:00
// Check required fields
if ( empty ( $b [ 'uri' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'URI' ));
2010-12-02 04:55:56 -05:00
if ( empty ( $b [ 'title' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'title' ));
2010-12-02 04:55:56 -05:00
// Check string lengths
if ( strlen ( $b [ 'uri' ]) > 8 )
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'URI' ));
2010-12-02 04:55:56 -05:00
if ( strlen ( $b [ 'title' ]) > 20 )
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'title' ));
2010-12-02 04:55:56 -05:00
if ( strlen ( $b [ 'subtitle' ]) > 40 )
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subtitle' ));
2010-12-02 04:55:56 -05:00
if ( ! preg_match ( '/^\w+$/' , $b [ 'uri' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'URI' ));
2010-12-02 04:55:56 -05:00
2011-01-03 01:30:17 -05:00
if ( openBoard ( $b [ 'uri' ])) {
unset ( $board );
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'boardexists' ], sprintf ( $config [ 'board_abbreviation' ], $b [ 'uri' ])));
2011-01-03 01:30:17 -05:00
}
2011-01-03 01:28:18 -05:00
2010-12-17 09:18:03 -05:00
$query = prepare ( " INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle) " );
$query -> bindValue ( ':uri' , $b [ 'uri' ]);
$query -> bindValue ( ':title' , $b [ 'title' ]);
if ( ! empty ( $b [ 'subtitle' ])) {
$query -> bindValue ( ':subtitle' , $b [ 'subtitle' ]);
} else {
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
}
$query -> execute () or error ( db_error ( $query ));
2010-12-02 04:55:56 -05:00
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Created a new board: { $b [ 'title' ] } " );
2010-12-02 04:55:56 -05:00
// Open the board
openBoard ( $b [ 'uri' ]) or error ( " Couldn't open board after creation. " );
// Create the posts table
2010-12-17 09:18:03 -05:00
query ( Element ( 'posts.sql' , Array ( 'board' => $board [ 'uri' ]))) or error ( db_error ());
2010-12-02 04:55:56 -05:00
2011-10-10 06:07:59 -04:00
if ( $config [ 'cache' ][ 'enabled' ])
cache :: delete ( 'all_boards' );
2010-12-02 04:55:56 -05:00
// Build the board
buildIndex ();
2011-02-22 01:43:42 -05:00
2011-05-27 11:43:04 -04:00
rebuildThemes ( 'boards' );
2011-04-14 06:43:34 -04:00
2011-02-22 01:43:42 -05:00
header ( 'Location: ?/board/' . $board [ 'uri' ], true , $config [ 'redirect_http' ]);
} else {
$body .= form_newBoard ();
// TODO: Statistics, etc, in the dashboard.
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-02-22 01:43:42 -05:00
'title' => 'New board' ,
'body' => $body ,
'mod' => true
)
);
2010-12-02 04:55:56 -05:00
}
2010-12-16 05:28:03 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(' . $regex [ 'index' ] . '|' . $regex [ 'page' ] . ')?$/' , $query , $matches )) {
2010-12-02 02:02:48 -05:00
// Board index
2010-12-01 09:17:27 -05:00
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
2010-12-16 05:28:03 -05:00
2010-12-02 02:02:48 -05:00
// Open board
2010-12-10 04:45:09 -05:00
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-01 09:17:27 -05:00
2011-02-16 07:32:43 -05:00
$page_no = empty ( $matches [ 2 ]) || $matches [ 2 ] == $config [ 'file_index' ] ? 1 : $matches [ 2 ];
if ( ! $page = index ( $page_no , $mod )) {
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ '404' ]);
2010-12-16 07:09:44 -05:00
}
2011-02-16 07:32:43 -05:00
2010-12-16 05:28:03 -05:00
$page [ 'pages' ] = getPages ( true );
2011-02-16 07:32:43 -05:00
$page [ 'pages' ][ $page_no - 1 ][ 'selected' ] = true ;
2011-02-17 02:37:18 -05:00
$page [ 'btn' ] = getPageButtons ( $page [ 'pages' ], true );
2011-02-17 06:03:52 -05:00
$page [ 'hidden_inputs' ] = createHiddenInputs ();
2010-12-10 05:15:44 -05:00
$page [ 'mod' ] = true ;
echo Element ( 'index.html' , $page );
2010-12-16 00:36:40 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . $regex [ 'res' ] . $regex [ 'page' ] . '$/' , $query , $matches )) {
// View thread
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
$thread = & $matches [ 2 ];
2010-12-16 00:36:40 -05:00
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-16 00:36:40 -05:00
2011-01-01 06:12:31 -05:00
$page = buildThread ( $thread , true , $mod );
2010-12-16 00:36:40 -05:00
echo $page ;
2011-01-01 06:12:31 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletefile\/(\d+)$/' , $query , $matches )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'deletefile' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-01 06:12:31 -05:00
// Delete file from post
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
$post = & $matches [ 2 ];
2011-01-01 06:12:31 -05:00
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-01 06:12:31 -05:00
// Delete post
deleteFile ( $post );
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Removed file from post # { $post } " );
2011-01-01 06:12:31 -05:00
// Rebuild board
buildIndex ();
// Redirect
2011-06-18 21:26:26 -04:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2010-12-16 00:36:40 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'delete\/(\d+)$/' , $query , $matches )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'delete' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-16 00:36:40 -05:00
// Delete post
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
$post = & $matches [ 2 ];
2010-12-16 00:36:40 -05:00
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-16 00:36:40 -05:00
// Delete post
deletePost ( $post );
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Deleted post # { $post } " );
2010-12-16 00:36:40 -05:00
// Rebuild board
buildIndex ();
2010-12-16 03:13:04 -05:00
// Redirect
2011-06-18 21:26:26 -04:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-02 05:27:28 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?sticky\/(\d+)$/' , $query , $matches )) {
2011-08-04 01:47:34 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'sticky' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 10:00:30 -05:00
// Add/remove sticky
2011-01-02 05:27:28 -05:00
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
$post = & $matches [ 3 ];
2011-01-02 05:27:28 -05:00
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-02 05:27:28 -05:00
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Unstickied post # { $post } " );
2011-01-02 05:27:28 -05:00
$query -> bindValue ( ':sticky' , 0 , PDO :: PARAM_INT );
} else {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Stickied post # { $post } " );
2011-01-02 05:27:28 -05:00
$query -> bindValue ( ':sticky' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
2011-06-18 21:26:26 -04:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-02 10:00:30 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?lock\/(\d+)$/' , $query , $matches )) {
// Lock/Unlock
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'lock' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
2011-05-25 06:15:47 -04:00
$post = & $matches [ 3 ];
2011-01-02 10:00:30 -05:00
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-02 10:00:30 -05:00
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Unlocked post # { $post } " );
2011-01-02 10:00:30 -05:00
$query -> bindValue ( ':locked' , 0 , PDO :: PARAM_INT );
} else {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Locked post # { $post } " );
2011-01-02 10:00:30 -05:00
$query -> bindValue ( ':locked' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
2011-06-18 21:26:26 -04:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-10-10 07:37:39 -04:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'bump(un)?lock\/(\d+)$/' , $query , $matches )) {
// Lock/Unlock
$boardName = & $matches [ 1 ];
if ( ! hasPermission ( $config [ 'mod' ][ 'bumplock' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
$post = & $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
error ( $config [ 'error' ][ 'noboard' ]);
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
// Record the action
modLog ( " Unbumplocked post # { $post } " );
$query -> bindValue ( ':bumplocked' , 0 , PDO :: PARAM_INT );
} else {
// Record the action
modLog ( " Bumplocked post # { $post } " );
$query -> bindValue ( ':bumplocked' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-20 03:25:11 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletebyip\/(\d+)$/' , $query , $matches )) {
// Delete all posts by an IP
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
$post = & $matches [ 2 ];
2011-01-20 03:25:11 -05:00
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-20 03:25:11 -05:00
2011-02-11 07:02:30 -05:00
$query = prepare ( sprintf ( " SELECT `ip` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
2011-02-04 23:43:42 -05:00
$query -> bindValue ( ':id' , $post );
2011-01-20 03:25:11 -05:00
$query -> execute () or error ( db_error ( $query ));
2011-02-11 07:02:30 -05:00
if ( ! $post = $query -> fetch ())
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-02-11 07:02:30 -05:00
$ip = $post [ 'ip' ];
2011-10-10 06:07:59 -04:00
$boards = listBoards ();
$query = '' ;
foreach ( $boards as & $_board ) {
$query .= sprintf ( " SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL " , $_board [ 'uri' ], $_board [ 'uri' ]);
}
$query = preg_replace ( '/UNION ALL $/' , '' , $query );
2011-02-11 07:02:30 -05:00
2011-10-10 06:07:59 -04:00
$query = prepare ( $query );
2011-02-11 07:02:30 -05:00
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
2011-02-04 23:43:42 -05:00
if ( $query -> rowCount () < 1 )
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-02-04 23:43:42 -05:00
2011-10-10 06:07:59 -04:00
$boards = Array ();
2011-02-04 23:43:42 -05:00
while ( $post = $query -> fetch ()) {
2011-10-10 06:07:59 -04:00
openBoard ( $post [ 'board' ]);
$boards [] = $post [ 'board' ];
2011-02-04 23:43:42 -05:00
deletePost ( $post [ 'id' ], false );
}
2011-10-10 06:07:59 -04:00
foreach ( $boards as & $_board ) {
openBoard ( $_board );
buildIndex ();
}
// Record the action
modLog ( " Deleted all posts by IP address: { $ip } " );
2011-03-28 01:51:29 -04:00
2011-06-18 21:26:26 -04:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-14 23:37:39 -05:00
} elseif ( preg_match ( '/^\/ban$/' , $query )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'ban' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-14 23:37:39 -05:00
// Ban page
2011-01-01 08:27:30 -05:00
if ( isset ( $_POST [ 'new_ban' ])) {
if ( ! isset ( $_POST [ 'ip' ]) ||
! isset ( $_POST [ 'reason' ]) ||
2011-07-26 23:40:27 -04:00
! isset ( $_POST [ 'length' ]) ||
! isset ( $_POST [ 'board_id' ])
2011-02-12 01:25:15 -05:00
) error ( $config [ 'error' ][ 'missedafield' ]);
2011-01-01 08:27:30 -05:00
// Check required fields
if ( empty ( $_POST [ 'ip' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'IP address' ));
2011-01-01 08:27:30 -05:00
2011-08-04 01:47:34 -04:00
$query = prepare ( " INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board) " );
2011-01-01 08:27:30 -05:00
// 1yr2hrs30mins
// 1y2h30m
2011-01-02 05:34:04 -05:00
$expire = 0 ;
2011-02-27 01:30:33 -05:00
if ( preg_match ( '/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/' , $_POST [ 'length' ], $m )) {
2011-01-01 08:27:30 -05:00
if ( isset ( $m [ 2 ])) {
// Years
2011-01-02 10:04:32 -05:00
$expire += $m [ 2 ] * 60 * 60 * 24 * 365 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 4 ])) {
2011-02-27 01:30:33 -05:00
// Months
$expire += $m [ 4 ] * 60 * 60 * 24 * 30 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 6 ])) {
2011-02-27 01:30:33 -05:00
// Weeks
$expire += $m [ 6 ] * 60 * 60 * 24 * 7 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 8 ])) {
2011-02-27 01:30:33 -05:00
// Days
$expire += $m [ 8 ] * 60 * 60 * 24 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 10 ])) {
2011-02-27 01:30:33 -05:00
// Hours
$expire += $m [ 10 ] * 60 * 60 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 12 ])) {
2011-02-27 01:30:33 -05:00
// Minutes
$expire += $m [ 12 ] * 60 ;
}
if ( isset ( $m [ 14 ])) {
2011-01-01 08:27:30 -05:00
// Seconds
2011-02-27 01:30:33 -05:00
$expire += $m [ 14 ];
2011-01-01 08:27:30 -05:00
}
2011-01-02 05:34:04 -05:00
}
if ( $expire ) {
2011-01-01 08:27:30 -05:00
$query -> bindValue ( ':expires' , time () + $expire , PDO :: PARAM_INT );
} else {
// Never expire
$query -> bindValue ( ':expires' , null , PDO :: PARAM_NULL );
}
$query -> bindValue ( ':ip' , $_POST [ 'ip' ], PDO :: PARAM_STR );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
2011-01-01 10:05:30 -05:00
$query -> bindValue ( ':set' , time (), PDO :: PARAM_INT );
2011-07-26 23:40:27 -04:00
2011-07-26 23:45:59 -04:00
if ( ! empty ( $_POST [ 'reason' ])) {
$reason = $_POST [ 'reason' ];
markup ( $reason );
$query -> bindValue ( ':reason' , $reason , PDO :: PARAM_STR );
2011-01-01 08:27:30 -05:00
} else {
$query -> bindValue ( ':reason' , null , PDO :: PARAM_NULL );
}
2011-02-11 07:02:30 -05:00
2011-07-26 23:40:27 -04:00
if ( $_POST [ 'board_id' ] < 0 ) {
$query -> bindValue ( ':board' , null , PDO :: PARAM_NULL );
} else {
$query -> bindValue ( ':board' , ( int ) $_POST [ 'board_id' ], PDO :: PARAM_INT );
}
2011-02-11 07:02:30 -05:00
// Record the action
2011-07-26 23:45:59 -04:00
modLog ( 'Created a ' . ( $expire ? $expire . ' second' : 'permanent' ) . " ban for { $_POST [ 'ip' ] } with " . ( ! empty ( $_POST [ 'reason' ]) ? " reason \" ${ reason } \" " : 'no reason' ));
2011-02-11 07:02:30 -05:00
2011-04-03 04:25:01 -04:00
$query -> execute () or error ( db_error ( $query ));
2011-01-01 08:27:30 -05:00
2011-01-14 23:05:58 -05:00
// Delete too
2011-07-03 09:05:14 -04:00
if ( isset ( $_POST [ 'delete' ]) && isset ( $_POST [ 'board' ]) && hasPermission ( $config [ 'mod' ][ 'delete' ], $_POST [ 'board' ])) {
2011-01-14 23:37:39 -05:00
openBoard ( $_POST [ 'board' ]);
2011-03-15 08:20:37 -04:00
$post = round ( $_POST [ 'delete' ]);
deletePost ( $post );
2011-03-14 00:57:12 -04:00
// Record the action
modLog ( " Deleted post # { $post } " );
// Rebuild board
buildIndex ();
2011-01-14 23:37:39 -05:00
}
2011-01-14 23:05:58 -05:00
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'public_ban' ]) && isset ( $_POST [ 'post' ]) && isset ( $_POST [ 'board' ]) && isset ( $_POST [ 'public_message' ]) && isset ( $_POST [ 'message' ])) {
2011-04-03 04:20:55 -04:00
openBoard ( $_POST [ 'board' ]);
$post = round ( $_POST [ 'post' ]);
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
2011-08-22 04:44:30 -04:00
$query -> bindValue ( ':body' , sprintf ( $config [ 'mod' ][ 'ban_message' ], utf8tohtml ( $_POST [ 'message' ])));
2011-04-03 04:20:55 -04:00
$query -> execute () or error ( db_error ( $query ));
2011-05-27 08:41:33 -04:00
// Rebuild thread
$query = prepare ( sprintf ( " SELECT `thread` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$thread = $query -> fetch ();
if ( $thread [ 'thread' ])
buildThread ( $thread [ 'thread' ]);
else
buildThread ( $post );
// Rebuild board
buildIndex ();
2011-04-03 04:20:55 -04:00
// Record the action
modLog ( " Attached a public ban message for post # { $post } : " . $_POST [ 'message' ]);
}
2011-01-01 08:27:30 -05:00
// Redirect
if ( isset ( $_POST [ 'continue' ]))
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $_POST [ 'continue' ], true , $config [ 'redirect_http' ]);
2011-02-17 08:36:50 -05:00
elseif ( isset ( $board ))
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-01 08:27:30 -05:00
else
2011-02-17 08:36:50 -05:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-01-01 08:27:30 -05:00
}
2011-01-14 23:37:39 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'ban(&delete)?\/(\d+)$/' , $query , $matches )) {
2011-07-03 09:05:14 -04:00
2011-01-14 23:37:39 -05:00
// Ban by post
2011-05-25 06:15:47 -04:00
$boardName = & $matches [ 1 ];
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'ban' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-14 23:37:39 -05:00
$delete = isset ( $matches [ 2 ]) && $matches [ 2 ] == '&delete' ;
2011-07-03 09:05:14 -04:00
if ( $delete && ! hasPermission ( $config [ 'mod' ][ 'delete' ], $boardName )) error ( $config [ 'error' ][ 'noaccess' ]);
2011-04-13 05:39:21 -04:00
2011-01-14 23:37:39 -05:00
$post = $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-14 23:37:39 -05:00
$query = prepare ( sprintf ( " SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1 " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () < 1 ) {
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-01-14 23:37:39 -05:00
}
$post = $query -> fetch ();
2011-01-01 08:27:30 -05:00
2011-06-18 21:26:26 -04:00
$body = form_newBan ( $post [ 'ip' ], null , '?/' . sprintf ( $config [ 'board_path' ], $board [ 'uri' ]) . $config [ 'file_index' ], $post [ 'id' ], $boardName , ! $delete );
2011-01-01 08:27:30 -05:00
echo Element ( 'page.html' , Array (
2011-03-26 03:23:15 -04:00
'config' => $config ,
2011-01-01 08:27:30 -05:00
'title' => 'New ban' ,
'body' => $body ,
'mod' => true
)
);
2011-04-05 03:36:00 -04:00
} elseif ( preg_match ( '/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')\/deletenote\/(?P<id>\d+)$/' , $query , $matches )) {
2011-07-03 09:05:14 -04:00
if ( ! hasPermission ( $config [ 'mod' ][ 'remove_notes' ])) error ( $config [ 'error' ][ 'noaccess' ]);
2011-04-05 03:36:00 -04:00
$ip = $matches [ 1 ];
2011-06-18 21:26:26 -04:00
$id = $matches [ 'id' ];
2011-04-05 03:36:00 -04:00
$query = prepare ( " DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id " );
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':id' , $id );
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/IP/' . $ip , true , $config [ 'redirect_http' ]);
2011-02-17 04:41:00 -05:00
} elseif ( preg_match ( '/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')$/' , $query , $matches )) {
2011-01-14 23:29:05 -05:00
// View information on an IP address
$ip = $matches [ 1 ];
2011-02-12 01:25:15 -05:00
$host = $config [ 'mod' ][ 'dns_lookup' ] ? gethostbyaddr ( $ip ) : false ;
2011-01-14 23:29:05 -05:00
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'unban' ]) && isset ( $_POST [ 'unban' ]) && isset ( $_POST [ 'ban_id' ])) {
removeBan ( $_POST [ 'ban_id' ]);
header ( 'Location: ?/IP/' . $ip , true , $config [ 'redirect_http' ]);
} elseif ( hasPermission ( $config [ 'mod' ][ 'create_notes' ]) && isset ( $_POST [ 'note' ])) {
2011-04-05 03:36:00 -04:00
$query = prepare ( " INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body) " );
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
markup ( $_POST [ 'note' ]);
$query -> bindValue ( ':body' , $_POST [ 'note' ]);
$query -> execute () or error ( db_error ( $query ));
2011-01-14 23:29:05 -05:00
2011-07-30 01:42:28 -04:00
header ( 'Location: ?/IP/' . $ip , true , $config [ 'redirect_http' ]);
} else {
$body = '' ;
$boards = listBoards ();
foreach ( $boards as & $_board ) {
openBoard ( $_board [ 'uri' ]);
2011-01-14 23:29:05 -05:00
2011-07-30 01:42:28 -04:00
$temp = '' ;
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit " , $_board [ 'uri' ]));
$query -> bindValue ( ':ip' , $ip );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'ip_recentposts' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $post = $query -> fetch ()) {
if ( ! $post [ 'thread' ]) {
2011-10-10 07:37:39 -04:00
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], $post [ 'sage' ], $post [ 'embed' ], '?/' , $mod , false );
2011-07-30 01:42:28 -04:00
} else {
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'capcode' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'embed' ], '?/' , $mod );
}
$temp .= $po -> build ( true ) . '<hr/>' ;
2011-02-17 08:44:01 -05:00
}
2011-07-30 01:42:28 -04:00
if ( ! empty ( $temp ))
$body .= '<fieldset><legend>Last ' . $query -> rowCount () . ' posts on <a href="?/' .
sprintf ( $config [ 'board_path' ], $_board [ 'uri' ]) . $config [ 'file_index' ] .
'">' .
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ]) . ' - ' . $_board [ 'title' ] .
'</a></legend>' . $temp . '</fieldset>' ;
}
2011-01-14 23:29:05 -05:00
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'view_notes' ])) {
2011-07-30 01:42:28 -04:00
$query = prepare ( " SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
2011-04-05 03:36:00 -04:00
2011-08-04 01:47:34 -04:00
if ( $query -> rowCount () > 0 || hasPermission ( $config [ 'mod' ][ 'create_notes' ])) {
2011-07-30 01:42:28 -04:00
$body .= '<fieldset><legend>' .
$query -> rowCount () . ' note' . ( $query -> rowCount () == 1 ? '' : 's' ) . ' on record' .
'</legend>' ;
if ( $query -> rowCount () > 0 ) {
$body .= '<table class="modlog">' .
'<tr><th>Staff</th><th>Note</th><th>Date</th>' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'remove_notes' ]) ? '<th>Actions</th>' : '' ) .
2011-07-30 01:42:28 -04:00
'</td>' ;
while ( $note = $query -> fetch ()) {
2011-04-05 03:36:00 -04:00
2011-07-30 01:42:28 -04:00
if ( $note [ 'mod' ]) {
$_query = prepare ( " SELECT `username` FROM `mods` WHERE `id` = :id " );
$_query -> bindValue ( ':id' , $note [ 'mod' ]);
$_query -> execute () or error ( db_error ( $_query ));
if ( $_mod = $_query -> fetch ()) {
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'editusers' ]))
2011-08-22 05:00:58 -04:00
$staff = '<a href="?/users/' . $note [ 'mod' ] . '">' . utf8tohtml ( $_mod [ 'username' ]) . '</a>' ;
2011-07-30 01:42:28 -04:00
else
2011-08-22 05:00:58 -04:00
$staff = utf8tohtml ( $_mod [ 'username' ]);
2011-07-30 01:42:28 -04:00
} else {
2011-10-03 03:53:43 -04:00
$staff = '<em>???</em>' ;
2011-07-30 01:42:28 -04:00
}
2011-04-05 03:36:00 -04:00
} else {
2011-07-30 01:42:28 -04:00
$staff = '<em>system</em>' ;
2011-04-05 03:36:00 -04:00
}
2011-07-30 01:42:28 -04:00
$body .= '<tr>' .
'<td class="minimal">' .
$staff .
'</td><td>' .
$note [ 'body' ] .
'</td><td class="minimal">' .
date ( $config [ 'post_date' ], $note [ 'time' ]) .
'</td>' .
2011-08-04 01:47:34 -04:00
( hasPermission ( $config [ 'mod' ][ 'remove_notes' ]) ?
2011-07-30 01:42:28 -04:00
'<td class="minimal"><a class="unimportant" href="?/IP/' . $ip . '/deletenote/' . $note [ 'id' ] . '">[delete]</a></td>'
: '' ) .
'</tr>' ;
2011-04-05 03:36:00 -04:00
}
2011-07-30 01:42:28 -04:00
$body .= '</table>' ;
2011-04-05 03:36:00 -04:00
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'create_notes' ])) {
2011-07-30 01:42:28 -04:00
$body .= '<form action="" method="post" style="text-align:center;margin:0">' .
'<table>' .
'<tr>' .
'<th>Staff</th>' .
'<td>' . $mod [ 'username' ] . '</td>' .
'</tr>' .
'<tr>' .
'<th><label for="note">Note</label></th>' .
'<td><textarea id="note" name="note" rows="5" cols="30"></textarea></td>' .
'</tr>' .
'<tr>' .
'<td></td>' .
'<td><input type="submit" value="New note" /></td>' .
'</tr>' .
'</table>' .
'</form>' ;
}
2011-04-05 03:36:00 -04:00
2011-07-30 01:42:28 -04:00
$body .= '</fieldset>' ;
}
2011-04-05 03:36:00 -04:00
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'view_ban' ])) {
2011-10-03 03:47:59 -04:00
$query = prepare ( " SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip " );
2011-07-30 01:42:28 -04:00
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
2011-02-17 08:36:50 -05:00
2011-07-30 01:42:28 -04:00
if ( $query -> rowCount () > 0 ) {
2011-08-04 01:47:34 -04:00
$body .= '<fieldset><legend>Ban' . ( $query -> rowCount () == 1 ? '' : 's' ) . ' on record</legend>' ;
2011-02-17 08:36:50 -05:00
2011-07-30 01:42:28 -04:00
while ( $ban = $query -> fetch ()) {
2011-08-04 01:47:34 -04:00
$body .= '<form action="" method="post" style="text-align:center">' .
'<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' .
2011-07-30 01:42:28 -04:00
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
'Expired'
: 'Active' ) .
'</td></tr>' .
2011-02-17 08:36:50 -05:00
2011-07-30 01:42:28 -04:00
// IP
'<tr><th>IP</th><td>' . $ban [ 'ip' ] . '</td></tr>' .
2011-02-17 08:36:50 -05:00
2011-07-30 01:42:28 -04:00
// Reason
'<tr><th>Reason</th><td>' . $ban [ 'reason' ] . '</td></tr>' .
2011-02-17 08:36:50 -05:00
2011-07-30 01:42:28 -04:00
// Board
'<tr><th>Board</th><td>' .
2011-10-03 03:47:59 -04:00
( isset ( $ban [ 'board' ]) ?
( isset ( $ban [ 'uri' ]) ?
sprintf ( $config [ 'board_abbreviation' ], $ban [ 'uri' ])
:
'<em>deleted?</em>'
)
2011-07-30 01:42:28 -04:00
:
'<em>all boards</em>'
2011-10-03 03:47:59 -04:00
) .
'</td></tr>' .
2011-07-26 23:40:27 -04:00
2011-07-30 01:42:28 -04:00
// Set
'<tr><th>Set</th><td>' . date ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td></tr>' .
2011-02-17 08:36:50 -05:00
2011-07-30 01:42:28 -04:00
// Expires
'<tr><th>Expires</th><td>' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
:
date ( $config [ 'post_date' ], $ban [ 'expires' ])
) .
'</td></tr>' .
2011-02-17 08:36:50 -05:00
2011-07-30 01:42:28 -04:00
// Staff
'<tr><th>Staff</th><td>' .
2011-10-03 03:47:59 -04:00
( isset ( $ban [ 'username' ]) ?
( ! hasPermission ( $config [ 'mod' ][ 'view_banstaff' ]) ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
'?'
:
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
'?' )))
)
2011-07-30 01:42:28 -04:00
:
2011-10-03 03:47:59 -04:00
utf8tohtml ( $ban [ 'username' ])
2011-07-30 01:42:28 -04:00
)
2011-10-03 03:47:59 -04:00
: '<em>deleted?</em>'
2011-07-30 01:42:28 -04:00
) .
2011-08-04 01:47:34 -04:00
'</td></tr></table>' .
'<input type="hidden" name="ban_id" value="' . $ban [ 'id' ] . '" />' .
2011-08-18 03:55:36 -04:00
'<input type="submit" name="unban" value="Remove ban" ' .
2011-08-04 01:47:34 -04:00
( ! hasPermission ( $config [ 'mod' ][ 'unban' ]) ? 'disabled' : '' ) .
'/></form>' ;
2011-07-30 01:42:28 -04:00
}
2011-08-04 01:47:34 -04:00
$body .= '</fieldset>' ;
2011-07-30 01:42:28 -04:00
}
2011-02-17 08:36:50 -05:00
}
2011-08-04 01:47:34 -04:00
if ( hasPermission ( $config [ 'mod' ][ 'ip_banform' ]))
2011-07-30 01:42:28 -04:00
$body .= form_newBan ( $ip , null , '?/IP/' . $ip );
2011-01-14 23:29:05 -05:00
2011-07-30 01:42:28 -04:00
echo Element ( 'page.html' , Array (
'config' => $config ,
'title' => 'IP: ' . $ip ,
'subtitle' => $host ,
'body' => $body ,
'mod' => true
)
);
}
2010-12-01 09:17:27 -05:00
} else {
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ '404' ]);
2010-12-01 09:17:27 -05:00
}
2010-12-01 05:53:11 -05:00
}
?>