2010-12-01 05:53:11 -05:00
< ? php
require 'inc/functions.php' ;
require 'inc/display.php' ;
require 'inc/template.php' ;
2010-12-17 09:18:03 -05:00
require 'inc/database.php' ;
2010-12-01 05:53:11 -05:00
require 'inc/user.php' ;
2011-01-01 10:05:30 -05:00
sql_open ();
// Check if banned
checkBan ();
2010-12-02 02:26:09 -05:00
require 'inc/mod.php' ;
2010-12-01 05:53:11 -05:00
2010-12-03 22:58:24 -05:00
// Fix some encoding issues
header ( 'Content-Type: text/html; charset=utf-8' , true );
2011-02-06 08:38:01 -05:00
if ( get_magic_quotes_gpc ()) {
function strip_array ( $var ) {
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
$_SESSION = strip_array ( $_SESSION );
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
2011-02-16 03:59:13 -05:00
$query = isset ( $_SERVER [ 'QUERY_STRING' ]) ? $_SERVER [ 'QUERY_STRING' ] : '' ;
2010-12-01 05:53:11 -05:00
// If not logged in
2010-12-02 02:02:48 -05:00
if ( ! $mod ) {
2010-12-01 05:53:11 -05:00
if ( isset ( $_POST [ 'login' ])) {
// Check if inputs are set and not empty
if ( ! isset ( $_POST [ 'username' ]) ||
! isset ( $_POST [ 'password' ]) ||
empty ( $_POST [ 'username' ]) ||
empty ( $_POST [ 'password' ])
2011-02-16 03:59:13 -05:00
) loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
2010-12-01 05:53:11 -05:00
if ( ! login ( $_POST [ 'username' ], $_POST [ 'password' ]))
2011-02-16 03:59:13 -05:00
loginForm ( $config [ 'error' ][ 'invalid' ], $_POST [ 'username' ], '?' . $query );
2010-12-01 05:53:11 -05:00
2011-02-11 07:02:30 -05:00
modLog ( " Logged in. " );
2010-12-01 05:53:11 -05:00
// Login successful
// Set cookies
setCookies ();
2010-12-02 02:02:48 -05:00
// Redirect
2011-02-16 03:59:13 -05:00
if ( isset ( $_POST [ 'redirect' ]))
header ( 'Location: ' . $_POST [ 'redirect' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?' . $config [ 'mod' ][ 'default' ], true , $config [ 'redirect_http' ]);
2010-12-02 02:02:48 -05:00
2010-12-01 05:53:11 -05:00
// Close connection
sql_close ();
} else {
2011-02-16 03:59:13 -05:00
loginForm ( false , false , '?' . $query );
2010-12-01 05:53:11 -05:00
}
} else {
2011-02-22 01:52:26 -05:00
// Redirect (for index pages)
if ( count ( $_GET ) == 2 && isset ( $_GET [ 'status' ]) && isset ( $_GET [ 'r' ]))
header ( 'Location: ' . $_GET [ 'r' ], true , $_GET [ 'status' ]);
2010-12-16 00:36:40 -05:00
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
2010-12-01 09:17:27 -05:00
$regex = Array (
2011-02-12 01:25:15 -05:00
'board' => str_replace ( '%s' , '(\w{1,8})' , preg_quote ( $config [ 'board_path' ], '/' )),
'page' => str_replace ( '%d' , '(\d+)' , preg_quote ( $config [ 'file_page' ], '/' )),
'img' => preg_quote ( $config [ 'dir' ][ 'img' ], '/' ),
'thumb' => preg_quote ( $config [ 'dir' ][ 'thumb' ], '/' ),
'res' => preg_quote ( $config [ 'dir' ][ 'res' ], '/' ),
'index' => preg_quote ( $config [ 'file_index' ], '/' )
2010-12-01 09:17:27 -05:00
);
if ( preg_match ( '/^\/?$/' , $query )) {
2010-12-02 02:02:48 -05:00
// Dashboard
2010-12-16 10:20:16 -05:00
$fieldset = Array (
'Boards' => '' ,
'Administration' => ''
);
2010-12-02 02:26:09 -05:00
2010-12-16 10:20:16 -05:00
// Boards
$fieldset [ 'Boards' ] .= ulBoards ();
2011-02-20 01:19:57 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'reports' ]) {
$fieldset [ 'Administration' ] .= '<li><a href="?/reports">Report queue</a></li>' ;
}
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'view_banlist' ]) {
2011-02-06 08:38:01 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/bans">Ban list</a></li>' ;
}
2011-03-02 01:51:29 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'manageusers' ]) {
2011-03-02 01:15:37 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/users">Manage users</a></li>' ;
}
2011-03-02 01:51:29 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'modlog' ]) {
$fieldset [ 'Administration' ] .= '<li><a href="?/log">Moderation log</a></li>' ;
}
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'show_config' ]) {
2010-12-16 10:20:16 -05:00
$fieldset [ 'Administration' ] .= '<li><a href="?/config">Show configuration</a></li>' ;
}
2010-12-02 02:26:09 -05:00
2010-12-02 04:55:56 -05:00
// TODO: Statistics, etc, in the dashboard.
2010-12-16 10:20:16 -05:00
$body = '' ;
foreach ( $fieldset as $title => $data ) {
if ( $data )
$body .= " <fieldset><legend> { $title } </legend><ul> { $data } </ul></fieldset> " ;
}
2010-12-02 04:55:56 -05:00
echo Element ( 'page.html' , Array (
2011-02-12 01:25:15 -05:00
'index' => $config [ 'root' ],
2010-12-02 02:26:09 -05:00
'title' => 'Dashboard' ,
2010-12-10 04:57:34 -05:00
'body' => $body
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
)
);
2011-03-02 01:51:29 -05:00
} elseif ( preg_match ( '/^\/log$/' , $query )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'modlog' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$body = '<table class="modlog"><tr><th>User</th><th>IP address</th><th>Ago</th><th>Action</th></tr>' ;
$query = prepare ( " SELECT `id`,`username`,`ip`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `id` ORDER BY `time` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'modlog_page' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
while ( $log = $query -> fetch ()) {
$log [ 'text' ] = htmlentities ( $log [ 'text' ]);
$log [ 'text' ] = preg_replace ( '/(\d+\.\d+\.\d+\.\d+)/' , '<a href="?/IP/$1">$1</a>' , $log [ 'text' ]);
$body .= '<tr>' .
'<td class="minimal"><a href="?/users/' . $log [ 'id' ] . '">' . $log [ 'username' ] . '</a></td>' .
'<td class="minimal"><a href="?/IP/' . $log [ 'ip' ] . '">' . $log [ 'ip' ] . '</a></td>' .
'<td class="minimal">' . ago ( $log [ 'time' ]) . '</td>' .
'<td>' . $log [ 'text' ] . '</td>' .
'</tr>' ;
}
$body .= '</table>' ;
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'Moderation log' ,
'body' => $body ,
'mod' => true
)
);
2011-03-17 01:52:43 -04:00
} elseif ( preg_match ( '/^\/PM\/(\d+)$/' , $query , $match )) {
$id = $match [ 1 ];
$query = prepare ( " SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $pm = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'delete' ])) {
$query = prepare ( " DELETE FROM `pms` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
} else {
$query = prepare ( " UPDATE `pms` SET `unread` = 0 WHERE `id` = :id " );
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$body = '<form action="" method="post"><table><th>From</th><td>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'editusers' ] ?
'<a href="?/users/' . $pm [ 'sender' ] . '">' . htmlentities ( $pm [ 'username' ]) . '</a>' :
htmlentities ( $pm [ 'username' ])
) .
'</td></tr>' .
'<tr><th>Date</th><td> ' . date ( $config [ 'post_date' ], $pm [ 'time' ]) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm [ 'message' ] . '</td></tr>' .
'</table>' .
'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
'</form>' ;
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'Private message' ,
'body' => $body ,
'mod' => true
)
);
}
} elseif ( preg_match ( '/^\/new_PM\/(\d+)$/' , $query , $match )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'create_pm' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$to = $match [ 1 ];
$query = prepare ( " SELECT `username`,`id` FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $to , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $to = $query -> fetch ()) {
// Mod doesn't exist
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'message' ])) {
// Post message
$message = $_POST [ 'message' ];
if ( empty ( $message ))
error ( $config [ 'error' ][ 'tooshort_body' ]);
markup ( $message );
$query = prepare ( " INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1) " );
$query -> bindValue ( ':sender' , $mod [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':to' , $to [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':message' , $message );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'PM sent' ,
'body' => '<p style="text-align:center">Message sent successfully to ' . htmlentities ( $to [ 'username' ]) . '.</p>' ,
'mod' => true
)
);
} else {
$body = '<form action="" method="post">' .
'<table>' .
'<tr><th>To</th><td>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'editusers' ] ?
'<a href="?/users/' . $to [ 'id' ] . '">' . htmlentities ( $to [ 'username' ]) . '</a>' :
htmlentities ( $to [ 'username' ])
) .
'</td>' .
'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40"></textarea></td>' .
'</table>' .
'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
'</form>' ;
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'New PM for ' . htmlentities ( $to [ 'username' ]),
'body' => $body
, 'mod' => true
)
);
}
2011-03-02 01:15:37 -05:00
} elseif ( preg_match ( '/^\/users$/' , $query )) {
2011-03-02 01:51:29 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'manageusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-03-02 01:15:37 -05:00
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Last action</th><th>…</th></tr>' ;
$query = query ( " SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id` " ) or error ( db_error ());
while ( $_mod = $query -> fetch ()) {
$type = $_mod [ 'type' ] == JANITOR ? 'Janitor' : ( $_mod [ 'type' ] == MOD ? 'Mod' : 'Admin' );
$body .= '<tr>' .
'<td>' .
$_mod [ 'id' ] .
'</td>' .
'<td>' .
$_mod [ 'username' ] .
'</td>' .
'<td>' .
$type .
'</td>' .
'<td>' .
( $_mod [ 'last' ] ?
'<span title="' . htmlentities ( $_mod [ 'action' ]) . '">' . ago ( $_mod [ 'last' ]) . '</span>'
: '<em>never</em>' ) .
'</td>' .
'<td style="white-space:nowrap">' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'promoteusers' ] ?
( $_mod [ 'type' ] != ADMIN ?
'<a style="text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/promote" title="Promote">▲</a>'
: '' ) .
( $_mod [ 'type' ] != JANITOR ?
'<a style="text-decoration:none" href="?/users/' . $_mod [ 'id' ] . '/demote" title="Demote">▼</a>'
: '' )
: ''
) .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'editusers' ] ?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod [ 'id' ] . '">[edit]</a>'
2011-03-17 01:52:43 -04:00
: '' ) .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'create_pm' ] ?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod [ 'id' ] . '">[PM]</a>'
: '' ) .
2011-03-02 01:15:37 -05:00
'</td></tr>' ;
}
$body .= '</table>' ;
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'createusers' ]) {
$body .= '<p style="text-align:center"><a href="?/users/new">Create new user</a></p>' ;
}
$body .= '</form>' ;
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'Manage users' ,
'body' => $body
, 'mod' => true
)
);
} elseif ( preg_match ( '/^\/users\/new$/' , $query )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'createusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) {
if ( ! isset ( $_POST [ 'type' ])) {
error ( sprintf ( $config [ 'error' ][ 'required' ], 'type' ));
}
if ( $_POST [ 'type' ] != ADMIN && $_POST [ 'type' ] != MOD && $_POST [ 'type' ] != JANITOR ) {
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'type' ));
}
// Check if already exists
$query = prepare ( " SELECT `id` FROM `mods` WHERE `username` = :username " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> execute () or error ( db_error ( $query ));
if ( $_mod = $query -> fetch ()) {
error ( sprintf ( $config [ 'error' ][ 'modexists' ], $_mod [ 'id' ]));
}
$query = prepare ( " INSERT INTO `mods` VALUES (NULL, :username, :password, :type) " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
$query -> bindValue ( ':type' , $_POST [ 'type' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-02 01:19:36 -05:00
modLog ( 'Create a new user: "' . $_POST [ 'username' ] . '"' );
2011-03-02 01:15:37 -05:00
}
$body = '<fieldset><legend>New user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Type</th><td>' .
'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
'</td></tr>' .
'</table>' .
'<input style="margin-top:10px" type="submit" value="Create user" />' .
// End form
'</form></fieldset>' ;
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'New user' ,
'body' => $body
, 'mod' => true
)
);
} elseif ( preg_match ( '/^\/users\/(\d+)(\/(promote|demote|delete))?$/' , $query , $matches )) {
$modID = $matches [ 1 ];
if ( isset ( $matches [ 2 ])) {
if ( $matches [ 3 ] == 'delete' ) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'deleteusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " DELETE FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
} else {
// Promote/demote
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'promoteusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $matches [ 3 ] == 'promote' ) {
$query = prepare ( " UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id " );
$query -> bindValue ( ':admin' , ADMIN , PDO :: PARAM_INT );
} else {
$query = prepare ( " UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id " );
$query -> bindValue ( ':janitor' , JANITOR , PDO :: PARAM_INT );
}
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
header ( 'Location: ?/users' , true , $config [ 'redirect_http' ]);
} else {
// Edit user
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'editusers' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! $_mod = $query -> fetch ()) {
error ( $config [ 'error' ][ '404' ]);
}
if ( isset ( $_POST [ 'username' ]) && isset ( $_POST [ 'password' ])) {
$query = prepare ( " UPDATE `mods` SET `username` = :username WHERE `id` = :id " );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( ! empty ( $_POST [ 'password' ])) {
$query = prepare ( " UPDATE `mods` SET `password` = :password WHERE `id` = :id " );
$query -> bindValue ( ':password' , sha1 ( $_POST [ 'password' ]));
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
// Refresh
$query = prepare ( " SELECT * FROM `mods` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $modID , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
$_mod = $query -> fetch ();
}
$body = '<fieldset><legend>Edit user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="' . $_mod [ 'username' ] . '" autocomplete="off" /></td></tr>' .
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'</table>' .
'<input type="submit" value="Save changes" />' .
// End form
'</form> ' .
// Delete button
( $mod [ 'type' ] >= $config [ 'mod' ][ 'deleteusers' ] ?
'<p style="text-align:center"><a href="?/users/' . $_mod [ 'id' ] . '/delete">Delete user</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'Edit user' ,
'body' => $body
, 'mod' => true
)
);
}
2011-02-20 01:19:57 -05:00
} elseif ( preg_match ( '/^\/reports$/' , $query )) {
2011-03-02 01:15:37 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'reports' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-20 01:19:57 -05:00
$body = '' ;
2011-02-20 02:28:39 -05:00
$reports = 0 ;
$query = prepare ( " SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit " );
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'recent_reports' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-02-20 01:19:57 -05:00
2011-02-20 02:42:00 -05:00
while ( $report = $query -> fetch ()) {
$p_query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `id` = :id " , $report [ 'uri' ]));
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
if ( ! $post = $p_query -> fetch ()) {
// Invalid report (post has since been deleted)
$p_query = prepare ( " DELETE FROM `reports` WHERE `post` = :id " );
2011-02-20 01:19:57 -05:00
$p_query -> bindValue ( ':id' , $report [ 'post' ], PDO :: PARAM_INT );
$p_query -> execute () or error ( db_error ( $query ));
2011-02-20 03:00:02 -05:00
continue ;
2011-02-20 01:19:57 -05:00
}
2011-02-20 02:42:00 -05:00
$reports ++ ;
openBoard ( $report [ 'uri' ]);
if ( ! $post [ 'thread' ]) {
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], '?/' , $mod , false );
} else {
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], '?/' , $mod );
}
$po -> body .=
'<div class="report">' .
'<hr/>' .
'Board: <a href="?/' . $report [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' . sprintf ( $config [ 'board_abbreviation' ], $report [ 'uri' ]) . '</a><br/>' .
'Reason: ' . $report [ 'reason' ] . '<br/>' .
'Reported by: <a href="?/IP/' . $report [ 'ip' ] . '">' . $report [ 'ip' ] . '</a><br/>' .
'<hr/>' .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'report_dismiss' ] ?
'<a title="Discard abuse report" href="?/reports/' . $report [ 'id' ] . '/dismiss">Dismiss</a> | ' : '' ) .
( $mod [ 'type' ] >= $config [ 'mod' ][ 'report_dismiss_ip' ] ?
'<a title="Discard all abuse reports by this user" href="?/reports/' . $report [ 'id' ] . '/dismiss/all">Dismiss+</a>' : '' ) .
'</div>' ;
$body .= $po -> build ( true ) . '<hr/>' ;
2011-02-20 01:19:57 -05:00
}
2011-02-20 02:28:39 -05:00
$query = query ( " SELECT COUNT(`id`) AS `count` FROM `reports` " ) or error ( db_error ());
$count = $query -> fetch ();
$body .= '<p class="unimportant" style="text-align:center">Showing ' .
( $reports == $count [ 'count' ] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count [ 'count' ] . ' reports' ) . '.</p>' ;
2011-02-20 01:19:57 -05:00
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'Report queue' ,
'body' => $body ,
'mod' => true
));
} elseif ( preg_match ( '/^\/reports\/(\d+)\/dismiss(\/all)?$/' , $query , $matches )) {
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/all' ) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'report_dismiss_ip' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " SELECT `ip` FROM `reports` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
$query = prepare ( " DELETE FROM `reports` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $report [ 'ip' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
2011-03-02 01:19:36 -05:00
modLog ( 'Dismissed all reports by ' . $report [ 'ip' ]);
2011-02-20 01:19:57 -05:00
}
} else {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'report_dismiss' ]) error ( $config [ 'error' ][ 'noaccess' ]);
$query = prepare ( " SELECT `post` FROM `reports` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $matches [ 1 ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $report = $query -> fetch ()) {
2011-03-02 01:19:36 -05:00
modLog ( 'Dismissed a report for post #' . $report [ 'post' ]);
2011-02-20 01:19:57 -05:00
$query = prepare ( " DELETE FROM `reports` WHERE `post` = :post " );
$query -> bindValue ( ':post' , $report [ 'post' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
}
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
else
header ( 'Location: ?/reports' , true , $config [ 'redirect_http' ]);
2011-02-22 01:38:38 -05:00
} elseif ( preg_match ( '/^\/board\/(\w+)(\/delete)?$/' , $query , $matches )) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'manageboards' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! openBoard ( $matches [ 1 ]))
error ( $config [ 'error' ][ 'noboard' ]);
if ( isset ( $matches [ 2 ]) && $matches [ 2 ] == '/delete' ) {
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'deleteboard' ]) error ( $config [ 'error' ][ 'noaccess' ]);
// Delete board
// Delete entire board directory
rrmdir ( $board [ 'uri' ] . '/' );
// Delete posting table
$query = query ( sprintf ( " DROP TABLE IF EXISTS `posts_%s` " , $board [ 'uri' ])) or error ( db_error ());
// Clear reports
$query = prepare ( " DELETE FROM `reports` WHERE `board` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
// Delete from table
$query = prepare ( " DELETE FROM `boards` WHERE `id` = :id " );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-02-22 01:43:42 -05:00
} else {
if ( isset ( $_POST [ 'title' ]) && isset ( $_POST [ 'subtitle' ])) {
$query = prepare ( " UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id " );
$query -> bindValue ( ':title' , utf8tohtml ( $_POST [ 'title' ], true ));
if ( ! empty ( $_POST [ 'subtitle' ]))
$query -> bindValue ( ':subtitle' , utf8tohtml ( $_POST [ 'subtitle' ], true ));
else
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
$query -> bindValue ( ':id' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
openBoard ( $board [ 'uri' ]);
}
2011-02-22 01:38:38 -05:00
2011-02-22 01:43:42 -05:00
$body =
'<fieldset><legend><a href="?/' .
$board [ 'uri' ] . '/' . $config [ 'file_index' ] . '">' .
sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]) . '</a>' .
' - ' . $board [ 'name' ] . '</legend>' .
2011-02-22 01:38:38 -05:00
2011-02-22 01:43:42 -05:00
// Begin form
'<form style="text-align:center" action="" method="post">' .
2011-02-22 01:38:38 -05:00
2011-02-22 01:43:42 -05:00
'<table>' .
'<tr><th>URI</th><td>' . $board [ 'uri' ] . '</td>' .
'<tr><th>Title</th><td><input size="20" maxlength="20" type="text" name="title" value="' . $board [ 'name' ] . '" /></td></tr>' .
'<tr><th>Subtitle</th><td><input size="20" maxlength="40" type="text" name="subtitle" value="' .
( isset ( $board [ 'title' ]) ? $board [ 'title' ] : '' ) . '" /></td></tr>' .
'</table>' .
'<input type="submit" value="Update" />' .
// End form
'</form> ' .
// Delete button
( $mod [ 'type' ] >= $config [ 'mod' ][ 'deleteboard' ] ?
'<p style="text-align:center"><a href="?/board/' . $board [ 'uri' ] . '/delete">Delete board</a></p>'
: '' ) .
'</fieldset>' ;
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'Manage – ' . sprintf ( $config [ 'board_abbreviation' ], $board [ 'uri' ]),
'body' => $body ,
'mod' => true
));
2011-02-22 01:38:38 -05:00
}
2011-02-06 08:38:01 -05:00
} elseif ( preg_match ( '/^\/bans$/' , $query )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'view_banlist' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-02-06 08:38:01 -05:00
2011-02-17 08:36:50 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'view_banexpired' ]) {
2011-02-06 08:38:01 -05:00
$query = prepare ( " SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
} else {
// Filter out expired bans
$query = prepare ( " SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
}
if ( $query -> rowCount () < 1 ) {
$body = '(There are no active bans.)' ;
} else {
$body = '<form action="" method="post">' ;
$body .= '<table><tr><th>IP address</th><th>Reason</th><th>Set</th><th>Expires</th><th>Staff</th><th>Actions</th></tr>' ;
while ( $ban = $query -> fetch ()) {
$body .=
'<tr' .
2011-02-12 01:25:15 -05:00
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
2011-02-06 08:38:01 -05:00
' style="text-decoration:line-through"'
: '' ) .
'>' .
'<td style="white-space: nowrap">' .
// Checkbox
'<input type="checkbox" name="ban_' . $ban [ 'ip' ] . '" id="ban_' . $ban [ 'ip' ] . '" /> ' .
// IP address
'<a href="?/IP/' .
$ban [ 'ip' ] .
'">' . $ban [ 'ip' ] . '</a></td>' .
// Reason
'<td>' . $ban [ 'reason' ] . '</td>' .
// Set
2011-02-12 01:25:15 -05:00
'<td style="white-space: nowrap">' . date ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td>' .
2011-02-06 08:38:01 -05:00
// Expires
'<td style="white-space: nowrap">' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
:
2011-02-12 01:25:15 -05:00
date ( $config [ 'post_date' ], $ban [ 'expires' ])
2011-02-06 08:38:01 -05:00
) .
'</td>' .
// Staff
'<td>' .
2011-02-12 01:25:15 -05:00
( $mod [ 'type' ] < $config [ 'mod' ][ 'view_banstaff' ] ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
2011-02-06 08:38:01 -05:00
'?'
:
2011-02-12 01:25:15 -05:00
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
2011-02-06 08:38:01 -05:00
'?' )))
)
:
$ban [ 'username' ]
) .
'</td>' .
'<td></td>' .
'</tr>' ;
}
$body .= '</table></form>' ;
}
echo Element ( 'page.html' , Array (
2011-02-12 01:25:15 -05:00
'index' => $config [ 'root' ],
2011-02-06 08:38:01 -05:00
'title' => 'Ban list' ,
'body' => $body ,
'mod' => true
)
);
2011-02-17 08:36:50 -05:00
} elseif ( preg_match ( '/^\/rebuild$/' , $query )) {
// For debugging
set_time_limit ( 0 );
header ( 'Content-Type: text/plain' );
if ( $mod [ 'type' ] != ADMIN ) die ( 'Admins only!' );
$boards = listBoards ();
foreach ( $boards as & $board ) {
echo " Opening board / { $board [ 'uri' ] } / \n " ;
openBoard ( $board [ 'uri' ]);
echo " Creating index pages \n " ;
buildIndex ();
$query = query ( sprintf ( " SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL " , $board [ 'uri' ])) or error ( db_error ());
while ( $post = $query -> fetch ()) {
echo " Rebuilding # { $post [ 'id' ] } \n " ;
buildThread ( $post [ 'id' ]);
}
}
echo " Complete! \n " ;
2010-12-10 04:57:34 -05:00
} elseif ( preg_match ( '/^\/config$/' , $query )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'show_config' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-10 04:57:34 -05:00
2011-02-16 03:27:52 -05:00
// Show instance-config.php
2010-12-16 12:41:11 -05:00
$data = '' ;
2011-02-16 03:27:52 -05:00
function do_array_part ( $array , $prefix = '' ) {
global $data , $config ;
foreach ( $array as $name => $value ) {
if ( is_array ( $value )) {
do_array_part ( $value , $prefix . $name . ' → ' );
} else {
if ( $config [ 'mod' ][ 'never_reveal_password' ] && $prefix == 'db → ' && $name == 'password' ) {
$value = '<em>hidden</em>' ;
} elseif ( gettype ( $value ) == 'boolean' ) {
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>' ;
} elseif ( gettype ( $value ) == 'string' ) {
if ( empty ( $value ))
$value = '<em>empty</em>' ;
else
$value = '<span style="color:maroon;">' . utf8tohtml ( substr ( $value , 0 , 110 ) . ( strlen ( $value ) > 110 ? '…' : '' )) . '</span>' ;
} elseif ( gettype ( $value ) == 'integer' ) {
$value = '<span style="color:black;">' . $value . '</span>' ;
}
$data .=
'<tr><th style="text-align:left;">' .
$prefix . ( gettype ( $name ) == 'integer' ? '[]' : $name ) .
'</th><td>' .
$value .
'</td></tr>' ;
2010-12-17 00:25:32 -05:00
}
2010-12-16 12:41:11 -05:00
}
}
2011-02-16 03:27:52 -05:00
do_array_part ( $config );
2010-12-10 04:57:34 -05:00
2010-12-16 12:41:11 -05:00
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>' ;
2010-12-10 04:57:34 -05:00
echo Element ( 'page.html' , Array (
2011-02-12 01:25:15 -05:00
'index' => $config [ 'root' ],
2010-12-10 04:57:34 -05:00
'title' => 'Configuration' ,
2010-12-10 04:42:16 -05:00
'body' => $body ,
'mod' => true
2010-12-02 02:26:09 -05:00
)
2010-12-02 04:55:56 -05:00
);
} elseif ( preg_match ( '/^\/new$/' , $query )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'newboard' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-10 04:38:49 -05:00
2010-12-02 04:55:56 -05:00
// New board
$body = '' ;
if ( isset ( $_POST [ 'new_board' ])) {
// Create new board
if ( ! isset ( $_POST [ 'uri' ]) ||
! isset ( $_POST [ 'title' ]) ||
! isset ( $_POST [ 'subtitle' ])
2011-02-12 01:25:15 -05:00
) error ( $config [ 'error' ][ 'missedafield' ]);
2010-12-02 04:55:56 -05:00
$b = Array (
'uri' => $_POST [ 'uri' ],
'title' => $_POST [ 'title' ],
'subtitle' => $_POST [ 'subtitle' ]
);
2011-02-22 01:38:38 -05:00
// HTML characters
$b [ 'title' ] = utf8tohtml ( $b [ 'title' ], true );
$b [ 'subtitle' ] = utf8tohtml ( $b [ 'subtitle' ], true );
2010-12-02 04:55:56 -05:00
// Check required fields
if ( empty ( $b [ 'uri' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'URI' ));
2010-12-02 04:55:56 -05:00
if ( empty ( $b [ 'title' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'title' ));
2010-12-02 04:55:56 -05:00
// Check string lengths
if ( strlen ( $b [ 'uri' ]) > 8 )
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'URI' ));
2010-12-02 04:55:56 -05:00
if ( strlen ( $b [ 'title' ]) > 20 )
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'title' ));
2010-12-02 04:55:56 -05:00
if ( strlen ( $b [ 'subtitle' ]) > 40 )
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subtitle' ));
2010-12-02 04:55:56 -05:00
if ( ! preg_match ( '/^\w+$/' , $b [ 'uri' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'invalidfield' ], 'URI' ));
2010-12-02 04:55:56 -05:00
2011-01-03 01:30:17 -05:00
if ( openBoard ( $b [ 'uri' ])) {
unset ( $board );
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'boardexists' ], sprintf ( $config [ 'board_abbreviation' ], $b [ 'uri' ])));
2011-01-03 01:30:17 -05:00
}
2011-01-03 01:28:18 -05:00
2010-12-17 09:18:03 -05:00
$query = prepare ( " INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle) " );
$query -> bindValue ( ':uri' , $b [ 'uri' ]);
$query -> bindValue ( ':title' , $b [ 'title' ]);
if ( ! empty ( $b [ 'subtitle' ])) {
$query -> bindValue ( ':subtitle' , $b [ 'subtitle' ]);
} else {
$query -> bindValue ( ':subtitle' , null , PDO :: PARAM_NULL );
}
$query -> execute () or error ( db_error ( $query ));
2010-12-02 04:55:56 -05:00
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Created a new board: { $b [ 'title' ] } " );
2010-12-02 04:55:56 -05:00
// Open the board
openBoard ( $b [ 'uri' ]) or error ( " Couldn't open board after creation. " );
// Create the posts table
2010-12-17 09:18:03 -05:00
query ( Element ( 'posts.sql' , Array ( 'board' => $board [ 'uri' ]))) or error ( db_error ());
2010-12-02 04:55:56 -05:00
// Build the board
buildIndex ();
2011-02-22 01:43:42 -05:00
header ( 'Location: ?/board/' . $board [ 'uri' ], true , $config [ 'redirect_http' ]);
} else {
$body .= form_newBoard ();
// TODO: Statistics, etc, in the dashboard.
echo Element ( 'page.html' , Array (
'index' => $config [ 'root' ],
'title' => 'New board' ,
'body' => $body ,
'mod' => true
)
);
2010-12-02 04:55:56 -05:00
}
2010-12-16 05:28:03 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(' . $regex [ 'index' ] . '|' . $regex [ 'page' ] . ')?$/' , $query , $matches )) {
2010-12-02 02:02:48 -05:00
// Board index
2010-12-01 09:17:27 -05:00
2010-12-02 02:02:48 -05:00
$boardName = $matches [ 1 ];
2010-12-16 05:28:03 -05:00
2010-12-02 02:02:48 -05:00
// Open board
2010-12-10 04:45:09 -05:00
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-01 09:17:27 -05:00
2011-02-16 07:32:43 -05:00
$page_no = empty ( $matches [ 2 ]) || $matches [ 2 ] == $config [ 'file_index' ] ? 1 : $matches [ 2 ];
if ( ! $page = index ( $page_no , $mod )) {
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ '404' ]);
2010-12-16 07:09:44 -05:00
}
2011-02-16 07:32:43 -05:00
2010-12-16 05:28:03 -05:00
$page [ 'pages' ] = getPages ( true );
2011-02-16 07:32:43 -05:00
$page [ 'pages' ][ $page_no - 1 ][ 'selected' ] = true ;
2011-02-17 02:37:18 -05:00
$page [ 'btn' ] = getPageButtons ( $page [ 'pages' ], true );
2011-02-17 06:03:52 -05:00
$page [ 'hidden_inputs' ] = createHiddenInputs ();
2010-12-10 05:15:44 -05:00
$page [ 'mod' ] = true ;
echo Element ( 'index.html' , $page );
2010-12-16 00:36:40 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . $regex [ 'res' ] . $regex [ 'page' ] . '$/' , $query , $matches )) {
// View thread
$boardName = $matches [ 1 ];
$thread = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-16 00:36:40 -05:00
2011-01-01 06:12:31 -05:00
$page = buildThread ( $thread , true , $mod );
2010-12-16 00:36:40 -05:00
echo $page ;
2011-01-01 06:12:31 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletefile\/(\d+)$/' , $query , $matches )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'deletefile' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-01 06:12:31 -05:00
// Delete file from post
$boardName = $matches [ 1 ];
$post = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-01 06:12:31 -05:00
// Delete post
deleteFile ( $post );
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Removed file from post # { $post } " );
2011-01-01 06:12:31 -05:00
// Rebuild board
buildIndex ();
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-01 06:12:31 -05:00
else
2011-02-12 01:25:15 -05:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2010-12-16 00:36:40 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'delete\/(\d+)$/' , $query , $matches )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'delete' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2010-12-16 00:36:40 -05:00
// Delete post
$boardName = $matches [ 1 ];
$post = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-12-16 00:36:40 -05:00
// Delete post
deletePost ( $post );
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Deleted post # { $post } " );
2010-12-16 00:36:40 -05:00
// Rebuild board
buildIndex ();
2010-12-16 03:13:04 -05:00
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2010-12-16 03:13:04 -05:00
else
2011-02-12 01:25:15 -05:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-02 05:27:28 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?sticky\/(\d+)$/' , $query , $matches )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'sticky' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 10:00:30 -05:00
// Add/remove sticky
2011-01-02 05:27:28 -05:00
$boardName = $matches [ 1 ];
$post = $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-02 05:27:28 -05:00
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Unstickied post # { $post } " );
2011-01-02 05:27:28 -05:00
$query -> bindValue ( ':sticky' , 0 , PDO :: PARAM_INT );
} else {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Stickied post # { $post } " );
2011-01-02 05:27:28 -05:00
$query -> bindValue ( ':sticky' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-02 10:00:30 -05:00
else
2011-02-12 01:25:15 -05:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-02 10:00:30 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . '(un)?lock\/(\d+)$/' , $query , $matches )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'lock' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 10:00:30 -05:00
// Lock/Unlock
$boardName = $matches [ 1 ];
$post = $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-02 10:00:30 -05:00
$query = prepare ( sprintf ( " UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
if ( $matches [ 2 ] == 'un' ) {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Unlocked post # { $post } " );
2011-01-02 10:00:30 -05:00
$query -> bindValue ( ':locked' , 0 , PDO :: PARAM_INT );
} else {
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Locked post # { $post } " );
2011-01-02 10:00:30 -05:00
$query -> bindValue ( ':locked' , 1 , PDO :: PARAM_INT );
}
$query -> execute () or error ( db_error ( $query ));
buildIndex ();
buildThread ( $post );
// Redirect
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-02 05:27:28 -05:00
else
2011-02-12 01:25:15 -05:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-20 03:25:11 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'deletebyip\/(\d+)$/' , $query , $matches )) {
// Delete all posts by an IP
$boardName = $matches [ 1 ];
$post = $matches [ 2 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-20 03:25:11 -05:00
2011-02-11 07:02:30 -05:00
$query = prepare ( sprintf ( " SELECT `ip` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
2011-02-04 23:43:42 -05:00
$query -> bindValue ( ':id' , $post );
2011-01-20 03:25:11 -05:00
$query -> execute () or error ( db_error ( $query ));
2011-02-11 07:02:30 -05:00
if ( ! $post = $query -> fetch ())
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-02-11 07:02:30 -05:00
$ip = $post [ 'ip' ];
// Record the action
2011-03-02 01:51:29 -05:00
modLog ( " Deleted all posts by IP address: { $ip } " );
2011-02-11 07:02:30 -05:00
$query = prepare ( sprintf ( " SELECT `id` FROM `posts_%s` WHERE `ip` = :ip " , $board [ 'uri' ]));
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
2011-02-04 23:43:42 -05:00
if ( $query -> rowCount () < 1 )
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-02-04 23:43:42 -05:00
while ( $post = $query -> fetch ()) {
deletePost ( $post [ 'id' ], false );
}
if ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-02-04 23:43:42 -05:00
else
2011-02-12 01:25:15 -05:00
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-14 23:37:39 -05:00
} elseif ( preg_match ( '/^\/ban$/' , $query )) {
// Ban page
2011-01-01 08:27:30 -05:00
if ( isset ( $_POST [ 'new_ban' ])) {
if ( ! isset ( $_POST [ 'ip' ]) ||
! isset ( $_POST [ 'reason' ]) ||
! isset ( $_POST [ 'length' ])
2011-02-12 01:25:15 -05:00
) error ( $config [ 'error' ][ 'missedafield' ]);
2011-01-01 08:27:30 -05:00
// Check required fields
if ( empty ( $_POST [ 'ip' ]))
2011-02-12 01:25:15 -05:00
error ( sprintf ( $config [ 'error' ][ 'required' ], 'IP address' ));
2011-01-01 08:27:30 -05:00
2011-01-01 10:05:30 -05:00
$query = prepare ( " INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason) " );
2011-01-01 08:27:30 -05:00
// 1yr2hrs30mins
// 1y2h30m
2011-01-02 05:34:04 -05:00
$expire = 0 ;
2011-02-27 01:30:33 -05:00
if ( preg_match ( '/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/' , $_POST [ 'length' ], $m )) {
2011-01-01 08:27:30 -05:00
if ( isset ( $m [ 2 ])) {
// Years
2011-01-02 10:04:32 -05:00
$expire += $m [ 2 ] * 60 * 60 * 24 * 365 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 4 ])) {
2011-02-27 01:30:33 -05:00
// Months
$expire += $m [ 4 ] * 60 * 60 * 24 * 30 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 6 ])) {
2011-02-27 01:30:33 -05:00
// Weeks
$expire += $m [ 6 ] * 60 * 60 * 24 * 7 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 8 ])) {
2011-02-27 01:30:33 -05:00
// Days
$expire += $m [ 8 ] * 60 * 60 * 24 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 10 ])) {
2011-02-27 01:30:33 -05:00
// Hours
$expire += $m [ 10 ] * 60 * 60 ;
2011-01-01 08:27:30 -05:00
}
if ( isset ( $m [ 12 ])) {
2011-02-27 01:30:33 -05:00
// Minutes
$expire += $m [ 12 ] * 60 ;
}
if ( isset ( $m [ 14 ])) {
2011-01-01 08:27:30 -05:00
// Seconds
2011-02-27 01:30:33 -05:00
$expire += $m [ 14 ];
2011-01-01 08:27:30 -05:00
}
2011-01-02 05:34:04 -05:00
}
if ( $expire ) {
2011-01-01 08:27:30 -05:00
$query -> bindValue ( ':expires' , time () + $expire , PDO :: PARAM_INT );
} else {
// Never expire
$query -> bindValue ( ':expires' , null , PDO :: PARAM_NULL );
}
$query -> bindValue ( ':ip' , $_POST [ 'ip' ], PDO :: PARAM_STR );
$query -> bindValue ( ':mod' , $mod [ 'id' ], PDO :: PARAM_INT );
2011-01-01 10:05:30 -05:00
$query -> bindValue ( ':set' , time (), PDO :: PARAM_INT );
2011-01-01 08:27:30 -05:00
if ( isset ( $_POST [ 'reason' ])) {
$query -> bindValue ( ':reason' , $_POST [ 'reason' ], PDO :: PARAM_STR );
} else {
$query -> bindValue ( ':reason' , null , PDO :: PARAM_NULL );
}
2011-02-11 07:02:30 -05:00
// Record the action
modLog ( " Created a ban for { $_POST [ 'ip' ] } with reason { $_POST [ 'reason' ] } " );
2011-01-01 08:27:30 -05:00
$query -> execute () or error ( db_error ( $query ));
2011-01-14 23:05:58 -05:00
// Delete too
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'delete' ] && isset ( $_POST [ 'delete' ]) && isset ( $_POST [ 'board' ])) {
2011-01-14 23:37:39 -05:00
openBoard ( $_POST [ 'board' ]);
2011-03-15 08:20:37 -04:00
$post = round ( $_POST [ 'delete' ]);
deletePost ( $post );
2011-03-14 00:57:12 -04:00
// Record the action
modLog ( " Deleted post # { $post } " );
// Rebuild board
buildIndex ();
2011-01-14 23:37:39 -05:00
}
2011-01-14 23:05:58 -05:00
2011-01-01 08:27:30 -05:00
// Redirect
if ( isset ( $_POST [ 'continue' ]))
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $_POST [ 'continue' ], true , $config [ 'redirect_http' ]);
2011-02-17 08:36:50 -05:00
elseif ( isset ( $board ))
header ( 'Location: ?/' . sprintf ( $config [ 'board_path' ], $boardName ) . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
elseif ( isset ( $_SERVER [ 'HTTP_REFERER' ]))
header ( 'Location: ' . $_SERVER [ 'HTTP_REFERER' ], true , $config [ 'redirect_http' ]);
2011-01-01 08:27:30 -05:00
else
2011-02-17 08:36:50 -05:00
header ( 'Location: ?/' , true , $config [ 'redirect_http' ]);
2011-01-01 08:27:30 -05:00
}
2011-01-14 23:37:39 -05:00
} elseif ( preg_match ( '/^\/' . $regex [ 'board' ] . 'ban(&delete)?\/(\d+)$/' , $query , $matches )) {
2011-02-12 01:25:15 -05:00
if ( $mod [ 'type' ] < $config [ 'mod' ][ 'delete' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-14 23:37:39 -05:00
// Ban by post
$boardName = $matches [ 1 ];
$delete = isset ( $matches [ 2 ]) && $matches [ 2 ] == '&delete' ;
$post = $matches [ 3 ];
// Open board
if ( ! openBoard ( $boardName ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-14 23:37:39 -05:00
$query = prepare ( sprintf ( " SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1 " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () < 1 ) {
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpost' ]);
2011-01-14 23:37:39 -05:00
}
$post = $query -> fetch ();
2011-01-01 08:27:30 -05:00
2011-01-14 23:37:39 -05:00
$body = form_newBan ( $post [ 'ip' ], null , isset ( $_SERVER [ 'HTTP_REFERER' ]) ? $_SERVER [ 'HTTP_REFERER' ] : false , $delete ? $post [ 'id' ] : false , $delete ? $boardName : false );
2011-01-01 08:27:30 -05:00
echo Element ( 'page.html' , Array (
2011-02-12 01:25:15 -05:00
'index' => $config [ 'root' ],
2011-01-01 08:27:30 -05:00
'title' => 'New ban' ,
'body' => $body ,
'mod' => true
)
);
2011-02-17 04:41:00 -05:00
} elseif ( preg_match ( '/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config [ 'ipv6_regex' ] . ')$/' , $query , $matches )) {
2011-01-14 23:29:05 -05:00
// View information on an IP address
$ip = $matches [ 1 ];
2011-02-12 01:25:15 -05:00
$host = $config [ 'mod' ][ 'dns_lookup' ] ? gethostbyaddr ( $ip ) : false ;
2011-01-14 23:29:05 -05:00
2011-02-17 08:36:50 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'unban' ] && isset ( $_POST [ 'unban' ])) {
$query = prepare ( " DELETE FROM `bans` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
}
2011-01-14 23:29:05 -05:00
$body = '' ;
$boards = listBoards ();
foreach ( $boards as & $_board ) {
openBoard ( $_board [ 'uri' ]);
$temp = '' ;
2011-01-18 20:37:31 -05:00
$query = prepare ( sprintf ( " SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit " , $_board [ 'uri' ]));
2011-01-14 23:29:05 -05:00
$query -> bindValue ( ':ip' , $ip );
2011-02-12 01:25:15 -05:00
$query -> bindValue ( ':limit' , $config [ 'mod' ][ 'ip_recentposts' ], PDO :: PARAM_INT );
2011-01-14 23:29:05 -05:00
$query -> execute () or error ( db_error ( $query ));
while ( $post = $query -> fetch ()) {
2011-02-17 08:44:01 -05:00
if ( ! $post [ 'thread' ]) {
2011-02-19 01:31:11 -05:00
$po = new Thread ( $post [ 'id' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], $post [ 'sticky' ], $post [ 'locked' ], '?/' , $mod , false );
2011-02-17 08:44:01 -05:00
} else {
2011-02-19 01:31:11 -05:00
$po = new Post ( $post [ 'id' ], $post [ 'thread' ], $post [ 'subject' ], $post [ 'email' ], $post [ 'name' ], $post [ 'trip' ], $post [ 'body' ], $post [ 'time' ], $post [ 'thumb' ], $post [ 'thumbwidth' ], $post [ 'thumbheight' ], $post [ 'file' ], $post [ 'filewidth' ], $post [ 'fileheight' ], $post [ 'filesize' ], $post [ 'filename' ], $post [ 'ip' ], '?/' , $mod );
2011-02-17 08:44:01 -05:00
}
2011-02-19 01:28:34 -05:00
$temp .= $po -> build ( true ) . '<hr/>' ;
2011-01-14 23:29:05 -05:00
}
2011-02-17 08:44:01 -05:00
2011-01-14 23:29:05 -05:00
if ( ! empty ( $temp ))
$body .= '<fieldset><legend>Last ' . $query -> rowCount () . ' posts on <a href="?/' .
2011-02-12 01:25:15 -05:00
sprintf ( $config [ 'board_path' ], $_board [ 'uri' ]) . $config [ 'file_index' ] .
2011-01-14 23:29:05 -05:00
'">' .
2011-02-12 01:25:15 -05:00
sprintf ( $config [ 'board_abbreviation' ], $_board [ 'uri' ]) . ' - ' . $_board [ 'title' ] .
2011-01-14 23:29:05 -05:00
'</a></legend>' . $temp . '</fieldset>' ;
}
2011-02-17 08:36:50 -05:00
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'view_ban' ]) {
$query = prepare ( " SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` WHERE `ip` = :ip " );
$query -> bindValue ( ':ip' , $ip );
$query -> execute () or error ( db_error ( $query ));
if ( $query -> rowCount () > 0 ) {
$body .= '<fieldset><legend>Ban' . ( $query -> rowCount () == 1 ? '' : 's' ) . ' on record</legend><form action="" method="post" style="text-align:center">' ;
while ( $ban = $query -> fetch ()) {
$body .= '<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' .
( $config [ 'mod' ][ 'view_banexpired' ] && $ban [ 'expires' ] != 0 && $ban [ 'expires' ] < time () ?
'Expired'
: 'Active' ) .
'</td></tr>' .
// IP
'<tr><th>IP</th><td>' . $ban [ 'ip' ] . '</td></tr>' .
// Reason
'<tr><th>Reason</th><td>' . $ban [ 'reason' ] . '</td></tr>' .
// Set
'<tr><th>Set</th><td>' . date ( $config [ 'post_date' ], $ban [ 'set' ]) . '</td></tr>' .
// Expires
'<tr><th>Expires</th><td>' .
( $ban [ 'expires' ] == 0 ?
'<em>Never</em>'
:
date ( $config [ 'post_date' ], $ban [ 'expires' ])
) .
'</td></tr>' .
// Staff
'<tr><th>Staff</th><td>' .
( $mod [ 'type' ] < $config [ 'mod' ][ 'view_banstaff' ] ?
( $config [ 'mod' ][ 'view_banquestionmark' ] ?
'?'
:
( $ban [ 'type' ] == JANITOR ? 'Janitor' :
( $ban [ 'type' ] == MOD ? 'Mod' :
( $ban [ 'type' ] == ADMIN ? 'Admin' :
'?' )))
)
:
$ban [ 'username' ]
) .
'</td></tr>' .
'</tr></table>' ;
}
$body .= '<input type="submit" name="unban" value="Remove ban' . ( $query -> rowCount () == 1 ? '' : 's' ) . '" ' .
( $mod [ 'type' ] < $config [ 'mod' ][ 'unban' ] ? 'disabled' : '' ) .
'/></form></fieldset>' ;
}
}
if ( $mod [ 'type' ] >= $config [ 'mod' ][ 'ip_banform' ])
2011-01-14 23:29:05 -05:00
$body .= form_newBan ( $ip , null , isset ( $_SERVER [ 'HTTP_REFERER' ]) ? $_SERVER [ 'HTTP_REFERER' ] : false );
echo Element ( 'page.html' , Array (
2011-02-12 01:25:15 -05:00
'index' => $config [ 'root' ],
2011-01-14 23:29:05 -05:00
'title' => 'IP: ' . $ip ,
'subtitle' => $host ,
'body' => $body ,
'mod' => true
)
);
2010-12-01 09:17:27 -05:00
} else {
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ '404' ]);
2010-12-01 09:17:27 -05:00
}
2010-12-01 05:53:11 -05:00
}
2010-12-02 02:26:09 -05:00
// Close the connection in-case it's still open
sql_close ();
2010-12-01 05:53:11 -05:00
?>