lainchan/mod.php

174 lines
4.4 KiB
PHP
Raw Normal View History

2010-12-01 05:53:11 -05:00
<?php
require 'inc/functions.php';
require 'inc/display.php';
if (file_exists('inc/instance-config.php')) {
require 'inc/instance-config.php';
}
require 'inc/config.php';
require 'inc/template.php';
require 'inc/user.php';
2010-12-02 02:26:09 -05:00
require 'inc/mod.php';
2010-12-01 05:53:11 -05:00
2010-12-03 22:58:24 -05:00
// Fix some encoding issues
header('Content-Type: text/html; charset=utf-8', true);
2010-12-01 05:53:11 -05:00
// If not logged in
2010-12-02 02:02:48 -05:00
if(!$mod) {
2010-12-01 05:53:11 -05:00
if(isset($_POST['login'])) {
// Check if inputs are set and not empty
if( !isset($_POST['username']) ||
!isset($_POST['password']) ||
empty($_POST['username']) ||
empty($_POST['password'])
) loginForm(ERROR_INVALID, $_POST['username']);
// Open connection
sql_open();
if(!login($_POST['username'], $_POST['password']))
loginForm(ERROR_INVALID, $_POST['username']);
// Login successful
// Set cookies
setCookies();
2010-12-02 02:02:48 -05:00
// Redirect
2010-12-02 02:07:24 -05:00
header('Location: ?' . MOD_DEFAULT, true, REDIRECT_HTTP);
2010-12-02 02:02:48 -05:00
2010-12-01 05:53:11 -05:00
// Close connection
sql_close();
} else {
loginForm();
}
} else {
2010-12-02 04:55:56 -05:00
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
2010-12-01 09:17:27 -05:00
$regex = Array(
2010-12-02 02:02:48 -05:00
'board' => str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/'))
2010-12-01 09:17:27 -05:00
);
if(preg_match('/^\/?$/', $query)) {
2010-12-02 02:02:48 -05:00
// Dashboard
2010-12-02 02:26:09 -05:00
$body = '';
$body .= '<fieldset><legend>Boards</legend>' .
ulBoards() .
'</fieldset>';
2010-12-02 04:55:56 -05:00
// TODO: Statistics, etc, in the dashboard.
echo Element('page.html', Array(
2010-12-02 02:26:09 -05:00
'index'=>ROOT,
'title'=>'Dashboard',
2010-12-10 04:57:34 -05:00
'body'=>$body
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
)
);
} elseif(preg_match('/^\/config$/', $query)) {
if($mod['type'] != MOD_ADMIN) error(ERROR_NOACCESS);
// Show instance-config.php
$data = highlight_file('inc/instance-config.php', true);
if(MOD_NEVER_REAL_PASSWORD) {
// Rough and dirty removal of password
$data = str_replace(MY_PASSWORD, '*******', $data);
}
$body = '<fieldset><legend>Configuration</legend>' . $data . '</fieldset>';
echo Element('page.html', Array(
'index'=>ROOT,
'title'=>'Configuration',
2010-12-10 04:42:16 -05:00
'body'=>$body,
'mod'=>true
2010-12-02 02:26:09 -05:00
)
2010-12-02 04:55:56 -05:00
);
} elseif(preg_match('/^\/new$/', $query)) {
2010-12-10 04:38:49 -05:00
if($mod['type'] != MOD_ADMIN) error(ERROR_NOACCESS);
2010-12-02 04:55:56 -05:00
// New board
$body = '';
if(isset($_POST['new_board'])) {
// Create new board
if( !isset($_POST['uri']) ||
!isset($_POST['title']) ||
!isset($_POST['subtitle'])
) error(ERROR_MISSEDAFIELD);
$b = Array(
'uri' => $_POST['uri'],
'title' => $_POST['title'],
'subtitle' => $_POST['subtitle']
);
// Check required fields
if(empty($b['uri']))
error(sprintf(ERROR_REQUIRED, 'URI'));
if(empty($b['title']))
error(sprintf(ERROR_REQUIRED, 'title'));
// Check string lengths
if(strlen($b['uri']) > 8)
error(sprintf(ERROR_TOOLONG, 'URI'));
if(strlen($b['title']) > 20)
error(sprintf(ERROR_TOOLONG, 'title'));
if(strlen($b['subtitle']) > 40)
error(sprintf(ERROR_TOOLONG, 'subtitle'));
if(!preg_match('/^\w+$/', $b['uri']))
error(sprintf(ERROR_INVALIDFIELD, 'URI'));
mysql_query(sprintf(
"INSERT INTO `boards` VALUES (NULL, '%s', '%s', " .
(empty($b['subtitle']) ? 'NULL' : "'%s'" ) .
")",
mysql_real_escape_string($b['uri']),
mysql_real_escape_string($b['title']),
mysql_real_escape_string($b['subtitle'])
), $sql) or error(mysql_error($sql));
// Open the board
openBoard($b['uri']) or error("Couldn't open board after creation.");
// Create the posts table
mysql_query(Element('posts.sql', Array('board' => $board['uri'])), $sql) or error(mysql_error($sql));
// Build the board
buildIndex();
}
$body .= form_newBoard();
// TODO: Statistics, etc, in the dashboard.
echo Element('page.html', Array(
'index'=>ROOT,
'title'=>'New board',
2010-12-10 04:42:16 -05:00
'body'=>$body,
'mod'=>true
2010-12-02 04:55:56 -05:00
)
);
2010-12-02 02:02:48 -05:00
} elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query, $matches)) {
// Board index
2010-12-01 09:17:27 -05:00
2010-12-02 02:02:48 -05:00
$boardName = $matches[1];
// Open board
2010-12-10 04:45:09 -05:00
if(!openBoard($boardName))
error(ERROR_NOBOARD);
2010-12-01 09:17:27 -05:00
2010-12-10 05:15:44 -05:00
$page = index(1);
$page['mod'] = true;
echo Element('index.html', $page);
2010-12-01 09:17:27 -05:00
} else {
2010-12-02 02:02:48 -05:00
error("Page not found.");
2010-12-01 09:17:27 -05:00
}
2010-12-01 05:53:11 -05:00
}
2010-12-02 02:26:09 -05:00
// Close the connection in-case it's still open
sql_close();
2010-12-01 05:53:11 -05:00
?>