Public action logs commit (log.php)

Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

===================================
Also: backports 351375185e5 (early 404)

inc/config.php

@@ -511,6 +511,13 @@
 	// The timeout for the above, in seconds.
 	$config['upload_by_url_timeout'] = 15;
 
+	// Enable early 404? With default settings, a thread would 404 if it was to leave page 3, if it had less
+	// than 3 replies.
+	$config['early_404'] = false;
+
+	$config['early_404_page'] = 3;
+	$config['early_404_replies'] = 5;
+
 	// A wordfilter (sometimes referred to as just a "filter" or "censor") automatically scans users’ posts
 	// as they are submitted and changes or censors particular words or phrases.
 
@@ -1537,25 +1544,30 @@
 
 /*
  * ====================
- *  Public post search
+ *  Public pages
  * ====================
  */
+
+	// Public post search settings
 	$config['search'] = array();
 
 	// Enable the search form
 	$config['search']['enable'] = false;
 
 	// Maximal number of queries per IP address per minutes
-    $config['search']['queries_per_minutes'] = Array(15, 2);
+	$config['search']['queries_per_minutes'] = Array(15, 2);
 
 	// Global maximal number of queries per minutes
-    $config['search']['queries_per_minutes_all'] = Array(50, 2);
+	$config['search']['queries_per_minutes_all'] = Array(50, 2);
 
 	// Limit of search results
-    $config['search']['search_limit'] = 100;
+	$config['search']['search_limit'] = 100;
 		
 	// Boards for searching
-    //$config['search']['boards'] = array('a', 'b', 'c', 'd', 'e');
+	//$config['search']['boards'] = array('a', 'b', 'c', 'd', 'e');
+
+	// Enable public logs? 0: NO, 1: YES, 2: YES, but drop names
+	$config['public_logs'] = 0;
 
 /*
  * ====================

inc/functions.php

@@ -18,6 +18,7 @@ require_once 'inc/template.php';
 require_once 'inc/database.php';
 require_once 'inc/events.php';
 require_once 'inc/api.php';
+require_once 'inc/mod/auth.php';
 require_once 'inc/polyfill.php';
 
 if (!extension_loaded('gettext')) {
@@ -524,7 +525,8 @@ function setupBoard($array) {
 	$board = array(
 		'uri' => $array['uri'],
 		'title' => $array['title'],
-		'subtitle' => $array['subtitle']
+		'subtitle' => $array['subtitle'],
+		#'indexed' => $array['indexed'],
 	);
 
 	// older versions
@@ -1270,7 +1272,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
 	return true;
 }
 
-function clean() {
+function clean($pid = false) {
 	global $board, $config;
 	$offset = round($config['max_pages']*$config['threads_per_page']);
 
@@ -1281,6 +1283,22 @@ function clean() {
 	$query->execute() or error(db_error($query));
 	while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 		deletePost($post['id'], false, false);
+		if ($pid) modLog("Automatically deleting thread #{$post['id']} due to new thread #{$pid}");
+	}
+
+	// Bump off threads with X replies earlier, spam prevention method
+	if ($config['early_404']) {
+		$offset = round($config['early_404_page']*$config['threads_per_page']);
+		$query = prepare(sprintf("SELECT `id` AS `thread_id`, (SELECT COUNT(`id`) FROM ``posts_%s`` WHERE `thread` = `thread_id`) AS `reply_count` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'], $board['uri']));
+		$query->bindValue(':offset', $offset, PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
+			if ($post['reply_count'] < $config['early_404_replies']) {
+				deletePost($post['thread_id'], false, false);
+				if ($pid) modLog("Automatically deleting thread #{$post['thread_id']} due to new thread #{$pid} (early 404 is set, #{$post['thread_id']} had {$post['reply_count']} replies)");
+			}
+		}
 	}
 }
 

inc/mod/auth.php

@@ -130,7 +130,7 @@ function destroyCookies() {
 function modLog($action, $_board=null) {
 	global $mod, $board, $config;
 	$query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)");
-	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+	$query->bindValue(':id', (isset($mod['id']) ? $mod['id'] : -1), PDO::PARAM_INT);
 	$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
 	$query->bindValue(':time', time(), PDO::PARAM_INT);
 	$query->bindValue(':text', $action);

inc/mod/pages.php

@@ -698,6 +698,42 @@ function mod_user_log($username, $page_no = 1) {
 	mod_page(_('Moderation log'), 'mod/log.html', array('logs' => $logs, 'count' => $count, 'username' => $username));
 }
 
+function mod_board_log($board, $page_no = 1, $hide_names = false, $public = false) {
+	global $config;
+	
+	if ($page_no < 1)
+		error($config['error']['404']);
+	
+	if (!hasPermission($config['mod']['mod_board_log'], $board) && !$public)
+		error($config['error']['noaccess']);
+	
+	$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `board` = :board ORDER BY `time` DESC LIMIT :offset, :limit");
+	$query->bindValue(':board', $board);
+	$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
+	$query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
+	$query->execute() or error(db_error($query));
+	$logs = $query->fetchAll(PDO::FETCH_ASSOC);
+	
+	if (empty($logs) && $page_no > 1)
+		error($config['error']['404']);
+
+	if (!hasPermission($config['mod']['show_ip'])) {
+		// Supports ipv4 only!
+		foreach ($logs as $i => &$log) {
+			$log['text'] = preg_replace_callback('/(?:<a href="\?\/IP\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}">)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:<\/a>)?/', function($matches) {
+				return "xxxx";//less_ip($matches[1]);
+			}, $log['text']);
+		}
+	}
+	
+	$query = prepare("SELECT COUNT(*) FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `board` = :board");
+	$query->bindValue(':board', $board);
+	$query->execute() or error(db_error($query));
+	$count = $query->fetchColumn();
+	
+	mod_page(_('Board log'), 'mod/log.html', array('logs' => $logs, 'count' => $count, 'board' => $board, 'hide_names' => $hide_names, 'public' => $public));
+}
+
 function mod_view_board($boardName, $page_no = 1) {
 	global $config, $mod;
 	

install.sql

@@ -65,6 +65,7 @@ CREATE TABLE IF NOT EXISTS `boards` (
   `uri` varchar(58) CHARACTER SET utf8 NOT NULL,
   `title` tinytext NOT NULL,
   `subtitle` tinytext,
+  -- `indexed` boolean default true,
   PRIMARY KEY (`uri`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
 

log.php

@@ -0,0 +1,24 @@
+<?php
+include 'inc/functions.php';
+include 'inc/mod/pages.php';
+
+if (!isset($_GET['board']) || !preg_match("/{$config['board_regex']}/u", $_GET['board'])) {
+	http_response_code(400);
+	error('Bad board.');
+}
+if (!openBoard($_GET['board'])) {
+	http_response_code(404);
+	error('No board.');
+}
+
+if ($config['public_logs'] == 0) error('This board has public logs disabled. Ask the board owner to enable it.');
+if ($config['public_logs'] == 1) $hide_names = false;
+if ($config['public_logs'] == 2) $hide_names = true;
+
+if (!isset($_GET['page'])) {
+	$page = 1;
+} else {
+	$page = (int)$_GET['page'];
+};
+
+mod_board_log($board['uri'], $page, $hide_names, true);

mod.php

@@ -5,13 +5,13 @@
  */
 
 require_once 'inc/functions.php';
-require_once 'inc/bans.php';
-require_once 'inc/mod/pages.php';
-require_once 'inc/mod/auth.php';
 
 if ($config['debug'])
 	$parse_start_time = microtime(true);
 
+require_once 'inc/bans.php';
+require_once 'inc/mod/pages.php';
+
 check_login(true);
 
 $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';

post.php

@@ -70,9 +70,11 @@ if (isset($_POST['delete'])) {
 			if (isset($_POST['file'])) {
 				// Delete just the file
 				deleteFile($id);
+				modLog("User deleted file from his own post #$id");
 			} else {
 				// Delete entire post
 				deletePost($id);
+				modLog("User deleted his own post #$id");
 			}
 			
 			_syslog(LOG_INFO, 'Deleted post: ' .
@@ -233,7 +235,6 @@ if (isset($_POST['delete'])) {
 	checkBan($board['uri']);
 
 	if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
-		require 'inc/mod/auth.php';
 		check_login(false);
 		if (!$mod) {
 			// Liar. You're not a mod.
@@ -945,7 +946,7 @@ if (isset($_POST['delete'])) {
 		$build_pages = range(1, $config['max_pages']);
 	
 	if ($post['op'])
-		clean();
+		clean($pid);
 	
 	event('post-after', $post);
 	

templates/mod/log.html

@@ -10,7 +10,15 @@
 		<tr>
 			<td class="minimal">
 				{% if log.username %}
-					<a href="?/log:{{ log.username|e }}">{{ log.username|e }}</a>
+					{% if hide_names %}
+						<em>hidden</em>
+					{% else %}
+						{% if not mod|hasPermission(config.mod.modlog) %}
+							<a href="?/new_PM/{{ log.username|e }}">{{ log.username|e }}</a>
+						{% else %}
+							<a href="?/log:{{ log.username|e }}">{{ log.username|e }}</a>
+						{% endif %}
+					{% endif %}
 				{% elseif log.mod == -1 %}
 					<em>system</em>
 				{% else %}
@@ -44,7 +52,11 @@
 {% if count > logs|count %}
 	<p class="unimportant" style="text-align:center;word-wrap:break-word">
 		{% for i in range(0, (count - 1) / config.mod.modlog_page) %}
-			<a href="?/log{% if username %}:{{ username }}{% endif %}/{{ i + 1 }}">[{{ i + 1 }}]</a> 
+			{% if public %}
+				<a href="?page={{ i + 1 }}&amp;board={{ board|url_encode }}">[{{ i + 1 }}]</a> 
+			{% else %}
+				<a href="?/log{% if username %}:{{ username }}{% elseif board %}:b:{{ board }}{% endif %}/{{ i + 1 }}">[{{ i + 1 }}]</a> 
+			{% endif %}
 		{% endfor %}
 	</p>
 {% endif %}

tools/inc/cli.php

@@ -39,7 +39,6 @@ if(!getenv('TINYBOARD_PATH')) {
 putenv('TINYBOARD_PATH=' . getcwd());
 
 require 'inc/functions.php';
-require 'inc/mod/auth.php';
 
 $mod = Array(
 	'id' => -1,