lainchan/inc/mod/pages.php

<?php

/*
 *  Copyright (c) 2010-2012 Tinyboard Development Group
 */

if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
	// You cannot request this file directly.
	exit;
}

function mod_page($title, $template, $args) {
	global $config, $mod;
	
	echo Element('page.html', array(
		'config' => $config,
		'mod' => $mod,
		'title' => $title,
		'body' => Element($template,
				array_merge(
					array('config' => $config, 'mod' => $mod), 
					$args
				)
			)
		)
	);
}

function mod_login() {
	$args = array();
	
	if (isset($_POST['login'])) {
		// Check if inputs are set and not empty
		if (!isset($_POST['username'], $_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') {
			$args['error'] = $config['error']['invalid'];
		} elseif (!login($_POST['username'], $_POST['password'])) {
			if ($config['syslog'])
				_syslog(LOG_WARNING, 'Unauthorized login attempt!');
			
			$args['error'] = $config['error']['invalid'];
		} else {
			modLog("Logged in.");
			
			// Login successful
			// Set cookies
			setCookies();
			
			header('Location: ?/', true, $config['redirect_http']);
		}
	}
	
	if (isset($_POST['username']))
		$args['username'] = $_POST['username'];

	mod_page('Login', 'mod/login.html', $args);
}

function mod_confirm($request) {
	mod_page('Confirm action', 'mod/confirm.html', array('request' => $request));
}

function mod_dashboard() {
	$args = array();
	
	$args['boards'] = listBoards();
	
	mod_page('Dashboard', 'mod/dashboard.html', $args);
}

function mod_log($page_no = 1) {
	global $config;
	
	if (!hasPermission($config['mod']['modlog']))
		error($config['error']['noaccess']);
	
	$query = prepare("SELECT `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
	$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
	$query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
	$query->execute() or error(db_error($query));
	$logs = $query->fetchAll(PDO::FETCH_ASSOC);
	
	$query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`");
	$query->execute() or error(db_error($query));
	$count = $query->fetchColumn(0);
	
	mod_page('Moderation log', 'mod/log.html', array('logs' => $logs, 'count' => $count));
}

function mod_view_board($boardName, $page_no = 1) {
	global $config, $mod;
	
	if (!openBoard($boardName))
		error($config['error']['noboard']);
	
	if (!$page = index($page_no, $mod)) {
		error($config['error']['404']);
	}
	
	$page['pages'] = getPages(true);
	$page['pages'][$page_no-1]['selected'] = true;
	$page['btn'] = getPageButtons($page['pages'], true);
	$page['mod'] = true;
	$page['config'] = $config;
	echo Element('index.html', $page);
}

function mod_view_thread($boardName, $thread) {
	global $config, $mod;
	
	if (!openBoard($boardName))
		error($config['error']['noboard']);
	
	$page = buildThread($thread, true, $mod);
	echo $page;
}

function mod_ip_remove_note($ip, $id) {
	global $config, $mod;
	
	if (filter_var($ip, FILTER_VALIDATE_IP) === false)
		error("Invalid IP address.");
	
	$query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id');
	$query->bindValue(':ip', $ip);
	$query->bindValue(':id', $id);
	$query->execute() or error(db_error($query));
	
	header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
}

function mod_page_ip($ip) {
	global $config, $mod;
	
	if (filter_var($ip, FILTER_VALIDATE_IP) === false)
		error("Invalid IP address.");
	
	if (isset($_POST['ban_id'], $_POST['unban'])) {
		require_once 'inc/mod/ban.php';
		
		unban($_POST['ban_id']);
		header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
		return;
	}
	
	if (isset($_POST['note'])) {
		// TODO: permissions
		
		markup($_POST['note']);
		$query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)');
		$query->bindValue(':ip', $ip);
		$query->bindValue(':mod', $mod['id']);
		$query->bindValue(':time', time());
		$query->bindValue(':body', $_POST['note']);
		$query->execute() or error(db_error($query));
		
		header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
		return;
	}
	
	$args = array();
	$args['ip'] = $ip;
	$args['posts'] = array();
	
	$boards = listBoards();
	foreach ($boards as $board) {
		openBoard($board['uri']);
		
		$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
		$query->bindValue(':ip', $ip);
		$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
		$query->execute() or error(db_error($query));
		
		while ($post = $query->fetch()) {
			if (!$post['thread']) {
				$po = new Thread(
					$post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'],
					$post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'],
					$post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'],
					$post['sage'], $post['embed'], '?/', $mod, false
				);
			} else {
				$po = new Post(
					$post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'],
					$post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'],
					$post['fileheight'], $post['filesize'], $post['filename'], $post['ip'],  $post['embed'], '?/', $mod
				);
			}
			
			if (!isset($args['posts'][$board['uri']]))
				$args['posts'][$board['uri']] = array('board' => $board, 'posts' => array());
			$args['posts'][$board['uri']]['posts'][] = $po->build(true);
		}
	}
	
	$args['boards'] = $boards;
	
	$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
	$query->bindValue(':ip', $ip);
	$query->execute() or error(db_error($query));
	$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
	
	$query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
	$query->bindValue(':ip', $ip);
	$query->execute() or error(db_error($query));
	$args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC);
	
	mod_page("IP: $ip", 'mod/view_ip.html', $args);
}

function mod_ban() {
	if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
		mod_page("New ban", 'mod/ban_form.html', array());
		return;
	}
	
	$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
	$query->bindValue(':ip', $ip);
	$query->execute() or error(db_error($query));
	$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
	
	$ip = $_POST['ip'];
	
	require_once 'inc/mod/ban.php';
	
	ban($_POST['ip'], $_POST['reason'], parse_time($_POST['length']), $_POST['board'] == '*' ? false : $_POST['board']);
	
	if (isset($_POST['redirect']))
		header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
	else
		header('Location: ?/', true, $config['redirect_http']);
}

function mod_delete($board, $post) {
	global $config, $mod;
	
	if (!openBoard($board))
		error($config['error']['noboard']);
	
	if (!hasPermission($config['mod']['delete'], $board))
		error($config['error']['noaccess']);
	
	// Delete post
	deletePost($post);
	// Record the action
	modLog("Deleted post #{$post}");
	// Rebuild board
	buildIndex();
	
	// Redirect
	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
}
start on mod interface rewrite 2012-04-12 12:11:41 -04:00			`<?php`

			`/*`
			`* Copyright (c) 2010-2012 Tinyboard Development Group`
			`*/`

			`if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {`
			`// You cannot request this file directly.`
			`exit;`
			`}`

			`function mod_page($title, $template, $args) {`
			`global $config, $mod;`

			`echo Element('page.html', array(`
			`'config' => $config,`
			`'mod' => $mod,`
			`'title' => $title,`
			`'body' => Element($template,`
			`array_merge(`
			`array('config' => $config, 'mod' => $mod),`
			`$args`
			`)`
			`)`
			`)`
			`);`
			`}`

			`function mod_login() {`
			`$args = array();`

			`if (isset($_POST['login'])) {`
			`// Check if inputs are set and not empty`
			`if (!isset($_POST['username'], $_POST['password']) \|\| $_POST['username'] == '' \|\| $_POST['password'] == '') {`
			`$args['error'] = $config['error']['invalid'];`
			`} elseif (!login($_POST['username'], $_POST['password'])) {`
			`if ($config['syslog'])`
			`_syslog(LOG_WARNING, 'Unauthorized login attempt!');`

			`$args['error'] = $config['error']['invalid'];`
			`} else {`
			`modLog("Logged in.");`

			`// Login successful`
			`// Set cookies`
			`setCookies();`

			`header('Location: ?/', true, $config['redirect_http']);`
			`}`
			`}`

			`if (isset($_POST['username']))`
			`$args['username'] = $_POST['username'];`

IP notes 2012-04-12 20:41:30 -04:00			`mod_page('Login', 'mod/login.html', $args);`
			`}`

			`function mod_confirm($request) {`
			`mod_page('Confirm action', 'mod/confirm.html', array('request' => $request));`
start on mod interface rewrite 2012-04-12 12:11:41 -04:00			`}`

			`function mod_dashboard() {`
			`$args = array();`

			`$args['boards'] = listBoards();`

			`mod_page('Dashboard', 'mod/dashboard.html', $args);`
			`}`

IP notes 2012-04-12 20:41:30 -04:00			`function mod_log($page_no = 1) {`
			`global $config;`

			`if (!hasPermission($config['mod']['modlog']))`
			`error($config['error']['noaccess']);`

			$query = prepare("SELECT `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
			`$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);`
			`$query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);`
			`$query->execute() or error(db_error($query));`
			`$logs = $query->fetchAll(PDO::FETCH_ASSOC);`

paginate moderation log 2012-04-13 06:57:59 -04:00			$query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`");
			`$query->execute() or error(db_error($query));`
			`$count = $query->fetchColumn(0);`

			`mod_page('Moderation log', 'mod/log.html', array('logs' => $logs, 'count' => $count));`
IP notes 2012-04-12 20:41:30 -04:00			`}`

start on mod interface rewrite 2012-04-12 12:11:41 -04:00			`function mod_view_board($boardName, $page_no = 1) {`
			`global $config, $mod;`

			`if (!openBoard($boardName))`
			`error($config['error']['noboard']);`

			`if (!$page = index($page_no, $mod)) {`
			`error($config['error']['404']);`
			`}`

			`$page['pages'] = getPages(true);`
			`$page['pages'][$page_no-1]['selected'] = true;`
			`$page['btn'] = getPageButtons($page['pages'], true);`
			`$page['mod'] = true;`
			`$page['config'] = $config;`
			`echo Element('index.html', $page);`
			`}`

			`function mod_view_thread($boardName, $thread) {`
			`global $config, $mod;`

			`if (!openBoard($boardName))`
			`error($config['error']['noboard']);`

			`$page = buildThread($thread, true, $mod);`
			`echo $page;`
			`}`

IP notes 2012-04-12 20:41:30 -04:00			`function mod_ip_remove_note($ip, $id) {`
			`global $config, $mod;`

			`if (filter_var($ip, FILTER_VALIDATE_IP) === false)`
			`error("Invalid IP address.");`

			$query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id');
			`$query->bindValue(':ip', $ip);`
			`$query->bindValue(':id', $id);`
			`$query->execute() or error(db_error($query));`

			`header('Location: ?/IP/' . $ip, true, $config['redirect_http']);`
			`}`

start on mod interface rewrite 2012-04-12 12:11:41 -04:00			`function mod_page_ip($ip) {`
			`global $config, $mod;`

view bans / unban 2012-04-12 19:47:27 -04:00			`if (filter_var($ip, FILTER_VALIDATE_IP) === false)`
View IP adress page, ban form. 2012-04-12 19:29:08 -04:00			`error("Invalid IP address.");`

view bans / unban 2012-04-12 19:47:27 -04:00			`if (isset($_POST['ban_id'], $_POST['unban'])) {`
			`require_once 'inc/mod/ban.php';`

			`unban($_POST['ban_id']);`
			`header('Location: ?/IP/' . $ip, true, $config['redirect_http']);`
			`return;`
			`}`

IP notes 2012-04-12 20:41:30 -04:00			`if (isset($_POST['note'])) {`
			`// TODO: permissions`

			`markup($_POST['note']);`
			$query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)');
			`$query->bindValue(':ip', $ip);`
			`$query->bindValue(':mod', $mod['id']);`
			`$query->bindValue(':time', time());`
			`$query->bindValue(':body', $_POST['note']);`
			`$query->execute() or error(db_error($query));`

			`header('Location: ?/IP/' . $ip, true, $config['redirect_http']);`
			`return;`
			`}`

start on mod interface rewrite 2012-04-12 12:11:41 -04:00			`$args = array();`
			`$args['ip'] = $ip;`
			`$args['posts'] = array();`

			`$boards = listBoards();`
			`foreach ($boards as $board) {`
View IP adress page, ban form. 2012-04-12 19:29:08 -04:00			`openBoard($board['uri']);`

start on mod interface rewrite 2012-04-12 12:11:41 -04:00			$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
			`$query->bindValue(':ip', $ip);`
			`$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);`
			`$query->execute() or error(db_error($query));`

			`while ($post = $query->fetch()) {`
			`if (!$post['thread']) {`
			`$po = new Thread(`
			`$post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'],`
			`$post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'],`
			`$post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'],`
			`$post['sage'], $post['embed'], '?/', $mod, false`
			`);`
			`} else {`
			`$po = new Post(`
			`$post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'],`
			`$post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'],`
			`$post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod`
			`);`
			`}`

			`if (!isset($args['posts'][$board['uri']]))`
View IP adress page, ban form. 2012-04-12 19:29:08 -04:00			`$args['posts'][$board['uri']] = array('board' => $board, 'posts' => array());`
			`$args['posts'][$board['uri']]['posts'][] = $po->build(true);`
start on mod interface rewrite 2012-04-12 12:11:41 -04:00			`}`
			`}`

View IP adress page, ban form. 2012-04-12 19:29:08 -04:00			`$args['boards'] = $boards;`

view bans / unban 2012-04-12 19:47:27 -04:00			$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
			`$query->bindValue(':ip', $ip);`
			`$query->execute() or error(db_error($query));`
IP notes 2012-04-12 20:41:30 -04:00			`$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);`

			$query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
			`$query->bindValue(':ip', $ip);`
			`$query->execute() or error(db_error($query));`
			`$args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC);`
view bans / unban 2012-04-12 19:47:27 -04:00
start on mod interface rewrite 2012-04-12 12:11:41 -04:00			`mod_page("IP: $ip", 'mod/view_ip.html', $args);`
			`}`

IP notes 2012-04-12 20:41:30 -04:00			`function mod_ban() {`
			`if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {`
			`mod_page("New ban", 'mod/ban_form.html', array());`
			`return;`
			`}`

			$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
			`$query->bindValue(':ip', $ip);`
			`$query->execute() or error(db_error($query));`
			`$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);`
View IP adress page, ban form. 2012-04-12 19:29:08 -04:00
			`$ip = $_POST['ip'];`

			`require_once 'inc/mod/ban.php';`

			`ban($_POST['ip'], $_POST['reason'], parse_time($_POST['length']), $_POST['board'] == '*' ? false : $_POST['board']);`

view bans / unban 2012-04-12 19:47:27 -04:00			`if (isset($_POST['redirect']))`
View IP adress page, ban form. 2012-04-12 19:29:08 -04:00			`header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);`
			`else`
			`header('Location: ?/', true, $config['redirect_http']);`
			`}`

IP notes 2012-04-12 20:41:30 -04:00			`function mod_delete($board, $post) {`
			`global $config, $mod;`

			`if (!openBoard($board))`
			`error($config['error']['noboard']);`

			`if (!hasPermission($config['mod']['delete'], $board))`
			`error($config['error']['noaccess']);`

			`// Delete post`
			`deletePost($post);`
			`// Record the action`
			`modLog("Deleted post #{$post}");`
			`// Rebuild board`
			`buildIndex();`

			`// Redirect`
			`header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);`
			`}`