lainchan/mod.php

658 lines
20 KiB
PHP
Raw Normal View History

2010-12-01 05:53:11 -05:00
<?php
require 'inc/functions.php';
require 'inc/display.php';
require 'inc/template.php';
2010-12-17 09:18:03 -05:00
require 'inc/database.php';
2010-12-01 05:53:11 -05:00
require 'inc/user.php';
sql_open();
// Check if banned
checkBan();
2010-12-02 02:26:09 -05:00
require 'inc/mod.php';
2010-12-01 05:53:11 -05:00
2010-12-03 22:58:24 -05:00
// Fix some encoding issues
header('Content-Type: text/html; charset=utf-8', true);
2011-02-06 08:38:01 -05:00
if (get_magic_quotes_gpc()) {
function strip_array($var) {
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
}
$_SESSION = strip_array($_SESSION);
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
2010-12-01 05:53:11 -05:00
// If not logged in
2010-12-02 02:02:48 -05:00
if(!$mod) {
2010-12-01 05:53:11 -05:00
if(isset($_POST['login'])) {
// Check if inputs are set and not empty
if( !isset($_POST['username']) ||
!isset($_POST['password']) ||
empty($_POST['username']) ||
empty($_POST['password'])
2011-02-12 01:25:15 -05:00
) loginForm($config['error']['invalid'], $_POST['username']);
2010-12-01 05:53:11 -05:00
if(!login($_POST['username'], $_POST['password']))
2011-02-12 01:25:15 -05:00
loginForm($config['error']['invalid'], $_POST['username']);
2010-12-01 05:53:11 -05:00
modLog("Logged in.");
2010-12-01 05:53:11 -05:00
// Login successful
// Set cookies
setCookies();
2010-12-02 02:02:48 -05:00
// Redirect
2011-02-12 01:25:15 -05:00
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
2010-12-02 02:02:48 -05:00
2010-12-01 05:53:11 -05:00
// Close connection
sql_close();
} else {
loginForm();
}
} else {
2010-12-02 04:55:56 -05:00
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
2010-12-16 00:36:40 -05:00
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
2010-12-01 09:17:27 -05:00
$regex = Array(
2011-02-12 01:25:15 -05:00
'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
'img' => preg_quote($config['dir']['img'], '/'),
'thumb' => preg_quote($config['dir']['thumb'], '/'),
'res' => preg_quote($config['dir']['res'], '/'),
'index' => preg_quote($config['file_index'], '/')
2010-12-01 09:17:27 -05:00
);
if(preg_match('/^\/?$/', $query)) {
2010-12-02 02:02:48 -05:00
// Dashboard
2010-12-16 10:20:16 -05:00
$fieldset = Array(
'Boards' => '',
'Administration' => ''
);
2010-12-02 02:26:09 -05:00
2010-12-16 10:20:16 -05:00
// Boards
$fieldset['Boards'] .= ulBoards();
2011-02-12 01:25:15 -05:00
if($mod['type'] >= $config['mod']['view_banlist']) {
2011-02-06 08:38:01 -05:00
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>';
}
2011-02-12 01:25:15 -05:00
if($mod['type'] >= $config['mod']['show_config']) {
2010-12-16 10:20:16 -05:00
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>';
}
2010-12-02 02:26:09 -05:00
2010-12-02 04:55:56 -05:00
// TODO: Statistics, etc, in the dashboard.
2010-12-16 10:20:16 -05:00
$body = '';
foreach($fieldset as $title => $data) {
if($data)
$body .= "<fieldset><legend>{$title}</legend><ul>{$data}</ul></fieldset>";
}
2010-12-02 04:55:56 -05:00
echo Element('page.html', Array(
2011-02-12 01:25:15 -05:00
'index'=>$config['root'],
2010-12-02 02:26:09 -05:00
'title'=>'Dashboard',
2010-12-10 04:57:34 -05:00
'body'=>$body
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
)
);
2011-02-06 08:38:01 -05:00
} elseif(preg_match('/^\/bans$/', $query)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']);
2011-02-06 08:38:01 -05:00
2011-02-12 01:25:15 -05:00
if($config['mod']['view_banexpired']) {
2011-02-06 08:38:01 -05:00
$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
} else {
// Filter out expired bans
$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
if($query->rowCount() < 1) {
$body = '(There are no active bans.)';
} else {
$body = '<form action="" method="post">';
$body .= '<table><tr><th>IP address</th><th>Reason</th><th>Set</th><th>Expires</th><th>Staff</th><th>Actions</th></tr>';
while($ban = $query->fetch()) {
$body .=
'<tr' .
2011-02-12 01:25:15 -05:00
($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
2011-02-06 08:38:01 -05:00
' style="text-decoration:line-through"'
:'') .
'>' .
'<td style="white-space: nowrap">' .
// Checkbox
'<input type="checkbox" name="ban_' . $ban['ip'] . '" id="ban_' . $ban['ip'] . '" /> ' .
// IP address
'<a href="?/IP/' .
$ban['ip'] .
'">'. $ban['ip'] . '</a></td>' .
// Reason
'<td>' . $ban['reason'] . '</td>' .
// Set
2011-02-12 01:25:15 -05:00
'<td style="white-space: nowrap">' . date($config['post_date'], $ban['set']) . '</td>' .
2011-02-06 08:38:01 -05:00
// Expires
'<td style="white-space: nowrap">' .
($ban['expires'] == 0 ?
'<em>Never</em>'
:
2011-02-12 01:25:15 -05:00
date($config['post_date'], $ban['expires'])
2011-02-06 08:38:01 -05:00
) .
'</td>' .
// Staff
'<td>' .
2011-02-12 01:25:15 -05:00
($mod['type'] < $config['mod']['view_banstaff'] ?
($config['mod']['view_banquestionmark'] ?
2011-02-06 08:38:01 -05:00
'?'
:
2011-02-12 01:25:15 -05:00
($ban['type'] == JANITOR ? 'Janitor' :
($ban['type'] == MOD ? 'Mod' :
($ban['type'] == ADMIN ? 'Admin' :
2011-02-06 08:38:01 -05:00
'?')))
)
:
$ban['username']
) .
'</td>' .
'<td></td>' .
'</tr>';
}
$body .= '</table></form>';
}
echo Element('page.html', Array(
2011-02-12 01:25:15 -05:00
'index'=>$config['root'],
2011-02-06 08:38:01 -05:00
'title'=>'Ban list',
'body'=>$body,
'mod'=>true
)
);
2010-12-10 04:57:34 -05:00
} elseif(preg_match('/^\/config$/', $query)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']);
2010-12-10 04:57:34 -05:00
// Show instance-config.php
2010-12-16 12:41:11 -05:00
//$data = highlight_file('inc/instance-config.php', true);
//if(MOD_NEVER_REAL_PASSWORD) {
// // Rough and dirty removal of password
// $data = str_replace(MY_PASSWORD, '*******', $data);
//}
$constants = get_defined_constants(true);
$constants = $constants['user'];
$data = '';
foreach($constants as $name => $value) {
2010-12-17 10:12:32 -05:00
if(MOD_NEVER_REAL_PASSWORD && $name == 'DB_PASSWORD')
2010-12-17 00:25:32 -05:00
$value = '<em>hidden</em>';
2010-12-16 12:41:11 -05:00
else {
// For some reason PHP is only giving me the first defined value (the default), so use constant()
$value = constant($name);
if(gettype($value) == 'boolean') {
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>';
} elseif(gettype($value) == 'string') {
2010-12-17 11:15:12 -05:00
if(empty($value))
$value = '<em>empty</em>';
else
$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . '</span>';
2010-12-16 12:41:11 -05:00
} elseif(gettype($value) == 'integer') {
2010-12-17 00:25:32 -05:00
// Show permissions in a cleaner way
if(preg_match('/^MOD_/', $name) && $name != 'MOD_JANITOR' && $name != 'MOD_MOD' && $name != 'MOD_ADMIN') {
if($value == MOD_JANITOR)
$value = 'Janitor';
elseif($value == MOD_MOD)
$value = 'Mod';
elseif($value == MOD_ADMIN)
$value = 'Admin';
}
2010-12-16 12:41:11 -05:00
$value = '<span style="color:black;">' . $value . '</span>';
}
}
$data .=
'<tr><th style="text-align:left;">' .
$name .
'</th><td>' .
2010-12-17 00:25:32 -05:00
$value .
2010-12-16 12:41:11 -05:00
'</td></tr>';
2010-12-10 04:57:34 -05:00
}
2010-12-16 12:41:11 -05:00
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>';
2010-12-10 04:57:34 -05:00
echo Element('page.html', Array(
2011-02-12 01:25:15 -05:00
'index'=>$config['root'],
2010-12-10 04:57:34 -05:00
'title'=>'Configuration',
2010-12-10 04:42:16 -05:00
'body'=>$body,
'mod'=>true
2010-12-02 02:26:09 -05:00
)
2010-12-02 04:55:56 -05:00
);
} elseif(preg_match('/^\/new$/', $query)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']);
2010-12-10 04:38:49 -05:00
2010-12-02 04:55:56 -05:00
// New board
$body = '';
if(isset($_POST['new_board'])) {
// Create new board
if( !isset($_POST['uri']) ||
!isset($_POST['title']) ||
!isset($_POST['subtitle'])
2011-02-12 01:25:15 -05:00
) error($config['error']['missedafield']);
2010-12-02 04:55:56 -05:00
$b = Array(
'uri' => $_POST['uri'],
'title' => $_POST['title'],
'subtitle' => $_POST['subtitle']
);
// Check required fields
if(empty($b['uri']))
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['required'], 'URI'));
2010-12-02 04:55:56 -05:00
if(empty($b['title']))
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['required'], 'title'));
2010-12-02 04:55:56 -05:00
// Check string lengths
if(strlen($b['uri']) > 8)
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['toolong'], 'URI'));
2010-12-02 04:55:56 -05:00
if(strlen($b['title']) > 20)
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['toolong'], 'title'));
2010-12-02 04:55:56 -05:00
if(strlen($b['subtitle']) > 40)
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['toolong'], 'subtitle'));
2010-12-02 04:55:56 -05:00
if(!preg_match('/^\w+$/', $b['uri']))
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['invalidfield'], 'URI'));
2010-12-02 04:55:56 -05:00
if(openBoard($b['uri'])) {
unset($board);
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
}
2010-12-17 09:18:03 -05:00
$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
$query->bindValue(':uri', $b['uri']);
$query->bindValue(':title', $b['title']);
if(!empty($b['subtitle'])) {
$query->bindValue(':subtitle', $b['subtitle']);
} else {
$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
2010-12-02 04:55:56 -05:00
// Record the action
modLog("Created a new board: {$b['title']}");
2010-12-02 04:55:56 -05:00
// Open the board
openBoard($b['uri']) or error("Couldn't open board after creation.");
// Create the posts table
2010-12-17 09:18:03 -05:00
query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
2010-12-02 04:55:56 -05:00
// Build the board
buildIndex();
}
$body .= form_newBoard();
// TODO: Statistics, etc, in the dashboard.
echo Element('page.html', Array(
2011-02-12 01:25:15 -05:00
'index'=>$config['root'],
2010-12-02 04:55:56 -05:00
'title'=>'New board',
2010-12-10 04:42:16 -05:00
'body'=>$body,
'mod'=>true
2010-12-02 04:55:56 -05:00
)
);
2010-12-16 05:28:03 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
2010-12-02 02:02:48 -05:00
// Board index
2010-12-01 09:17:27 -05:00
2010-12-02 02:02:48 -05:00
$boardName = $matches[1];
2010-12-16 05:28:03 -05:00
2010-12-02 02:02:48 -05:00
// Open board
2010-12-10 04:45:09 -05:00
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
2010-12-01 09:17:27 -05:00
2011-02-12 01:25:15 -05:00
if(!$page = index(empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2], $mod)) {
error($config['error']['404']);
2010-12-16 07:09:44 -05:00
}
2010-12-16 05:28:03 -05:00
$page['pages'] = getPages(true);
2010-12-10 05:15:44 -05:00
$page['mod'] = true;
echo Element('index.html', $page);
2010-12-16 00:36:40 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
// View thread
$boardName = $matches[1];
$thread = $matches[2];
// Open board
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
2010-12-16 00:36:40 -05:00
$page = buildThread($thread, true, $mod);
2010-12-16 00:36:40 -05:00
echo $page;
} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']);
// Delete file from post
$boardName = $matches[1];
$post = $matches[2];
// Open board
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
// Delete post
deleteFile($post);
// Record the action
modLog("Removed file from post #{$post}");
// Rebuild board
buildIndex();
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
2011-02-12 01:25:15 -05:00
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
else
2011-02-12 01:25:15 -05:00
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
2010-12-16 00:36:40 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
2010-12-16 00:36:40 -05:00
// Delete post
$boardName = $matches[1];
$post = $matches[2];
// Open board
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
2010-12-16 00:36:40 -05:00
// Delete post
deletePost($post);
// Record the action
modLog("Deleted post #{$post}");
2010-12-16 00:36:40 -05:00
// Rebuild board
buildIndex();
2010-12-16 03:13:04 -05:00
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
2011-02-12 01:25:15 -05:00
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
2010-12-16 03:13:04 -05:00
else
2011-02-12 01:25:15 -05:00
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
2011-01-02 05:27:28 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']);
2011-01-02 10:00:30 -05:00
// Add/remove sticky
2011-01-02 05:27:28 -05:00
$boardName = $matches[1];
$post = $matches[3];
// Open board
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
2011-01-02 05:27:28 -05:00
$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unstickied post #{$post}");
2011-01-02 05:27:28 -05:00
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Stickied post #{$post}");
2011-01-02 05:27:28 -05:00
$query->bindValue(':sticky', 1, PDO::PARAM_INT);
}
$query->execute() or error(db_error($query));
buildIndex();
buildThread($post);
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
2011-02-12 01:25:15 -05:00
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
2011-01-02 10:00:30 -05:00
else
2011-02-12 01:25:15 -05:00
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
2011-01-02 10:00:30 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']);
2011-01-02 10:00:30 -05:00
// Lock/Unlock
$boardName = $matches[1];
$post = $matches[3];
// Open board
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
2011-01-02 10:00:30 -05:00
$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unlocked post #{$post}");
2011-01-02 10:00:30 -05:00
$query->bindValue(':locked', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Locked post #{$post}");
2011-01-02 10:00:30 -05:00
$query->bindValue(':locked', 1, PDO::PARAM_INT);
}
$query->execute() or error(db_error($query));
buildIndex();
buildThread($post);
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
2011-02-12 01:25:15 -05:00
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
2011-01-02 05:27:28 -05:00
else
2011-02-12 01:25:15 -05:00
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
2011-01-20 03:25:11 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) {
// Delete all posts by an IP
$boardName = $matches[1];
$post = $matches[2];
// Open board
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
2011-01-20 03:25:11 -05:00
$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
2011-02-04 23:43:42 -05:00
$query->bindValue(':id', $post);
2011-01-20 03:25:11 -05:00
$query->execute() or error(db_error($query));
if(!$post = $query->fetch())
2011-02-12 01:25:15 -05:00
error($config['error']['invalidpost']);
$ip = $post['ip'];
// Record the action
modLog("Deleted all posts by IP address: #{$ip}");
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri']));
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
2011-02-04 23:43:42 -05:00
if($query->rowCount() < 1)
2011-02-12 01:25:15 -05:00
error($config['error']['invalidpost']);
2011-02-04 23:43:42 -05:00
while($post = $query->fetch()) {
deletePost($post['id'], false);
}
if(isset($_SERVER['HTTP_REFERER']))
2011-02-12 01:25:15 -05:00
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
2011-02-04 23:43:42 -05:00
else
2011-02-12 01:25:15 -05:00
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
2011-01-14 23:37:39 -05:00
} elseif(preg_match('/^\/ban$/', $query)) {
// Ban page
2011-01-01 08:27:30 -05:00
if(isset($_POST['new_ban'])) {
if( !isset($_POST['ip']) ||
!isset($_POST['reason']) ||
!isset($_POST['length'])
2011-02-12 01:25:15 -05:00
) error($config['error']['missedafield']);
2011-01-01 08:27:30 -05:00
// Check required fields
if(empty($_POST['ip']))
2011-02-12 01:25:15 -05:00
error(sprintf($config['error']['required'], 'IP address'));
2011-01-01 08:27:30 -05:00
$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)");
2011-01-01 08:27:30 -05:00
// 1yr2hrs30mins
// 1y2h30m
2011-01-02 05:34:04 -05:00
$expire = 0;
if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
2011-01-01 08:27:30 -05:00
if(isset($m[2])) {
// Years
$expire += $m[2]*60*60*24*365;
2011-01-01 08:27:30 -05:00
}
if(isset($m[4])) {
// Weeks
$expire += $m[4]*60*60*24*7;
}
if(isset($m[6])) {
// Days
$expire += $m[6]*60*60*24;
}
if(isset($m[8])) {
// Hours
$expire += $m[8]*60*60;
}
if(isset($m[10])) {
// Minutes
$expire += $m[10]*60;
}
if(isset($m[12])) {
// Seconds
$expire += $m[12];
}
2011-01-02 05:34:04 -05:00
}
if($expire) {
2011-01-01 08:27:30 -05:00
$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
} else {
// Never expire
$query->bindValue(':expires', null, PDO::PARAM_NULL);
}
$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':set', time(), PDO::PARAM_INT);
2011-01-01 08:27:30 -05:00
if(isset($_POST['reason'])) {
$query->bindValue(':reason', $_POST['reason'], PDO::PARAM_STR);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
// Record the action
modLog("Created a ban for {$_POST['ip']} with reason {$_POST['reason']}");
2011-01-01 08:27:30 -05:00
$query->execute() or error(db_error($query));
2011-01-14 23:05:58 -05:00
// Delete too
2011-02-12 01:25:15 -05:00
if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) {
2011-01-14 23:37:39 -05:00
openBoard($_POST['board']);
deletePost(round($_POST['delete']));
}
2011-01-14 23:05:58 -05:00
2011-01-01 08:27:30 -05:00
// Redirect
if(isset($_POST['continue']))
2011-02-12 01:25:15 -05:00
header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
2011-01-01 08:27:30 -05:00
else
2011-02-12 01:25:15 -05:00
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
2011-01-01 08:27:30 -05:00
}
2011-01-14 23:37:39 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
2011-02-12 01:25:15 -05:00
if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
2011-01-14 23:37:39 -05:00
// Ban by post
$boardName = $matches[1];
$delete = isset($matches[2]) && $matches[2] == '&delete';
$post = $matches[3];
// Open board
if(!openBoard($boardName))
2011-02-12 01:25:15 -05:00
error($config['error']['noboard']);
2011-01-14 23:37:39 -05:00
$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
2011-02-12 01:25:15 -05:00
error($config['error']['invalidpost']);
2011-01-14 23:37:39 -05:00
}
$post = $query->fetch();
2011-01-01 08:27:30 -05:00
2011-01-14 23:37:39 -05:00
$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false);
2011-01-01 08:27:30 -05:00
echo Element('page.html', Array(
2011-02-12 01:25:15 -05:00
'index'=>$config['root'],
2011-01-01 08:27:30 -05:00
'title'=>'New ban',
'body'=>$body,
'mod'=>true
)
);
2011-01-14 23:29:05 -05:00
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+)$/', $query, $matches)) {
// View information on an IP address
$ip = $matches[1];
2011-02-12 01:25:15 -05:00
$host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false;
2011-01-14 23:29:05 -05:00
$body = '';
$boards = listBoards();
foreach($boards as &$_board) {
openBoard($_board['uri']);
$temp = '';
2011-01-18 20:37:31 -05:00
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
2011-01-14 23:29:05 -05:00
$query->bindValue(':ip', $ip);
2011-02-12 01:25:15 -05:00
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
2011-01-14 23:29:05 -05:00
$query->execute() or error(db_error($query));
while($post = $query->fetch()) {
2011-02-12 01:25:15 -05:00
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : $config['root'], $mod);
2011-01-14 23:29:05 -05:00
$temp .= $po->build();
}
if(!empty($temp))
$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' .
2011-02-12 01:25:15 -05:00
sprintf($config['board_path'], $_board['uri']) . $config['file_index'] .
2011-01-14 23:29:05 -05:00
'">' .
2011-02-12 01:25:15 -05:00
sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
2011-01-14 23:29:05 -05:00
'</a></legend>' . $temp . '</fieldset>';
}
2011-02-12 01:25:15 -05:00
if($config['mod']['ip_banform'])
2011-01-14 23:29:05 -05:00
$body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false);
echo Element('page.html', Array(
2011-02-12 01:25:15 -05:00
'index'=>$config['root'],
2011-01-14 23:29:05 -05:00
'title'=>'IP: ' . $ip,
'subtitle' => $host,
'body'=>$body,
'mod'=>true
)
);
2010-12-01 09:17:27 -05:00
} else {
2011-02-12 01:25:15 -05:00
error($config['error']['404']);
2010-12-01 09:17:27 -05:00
}
2010-12-01 05:53:11 -05:00
}
2010-12-02 02:26:09 -05:00
// Close the connection in-case it's still open
sql_close();
2010-12-01 05:53:11 -05:00
?>