diff --git a/inc/mod/ban.php b/inc/mod/ban.php index 33b64975..8d86cbcd 100644 --- a/inc/mod/ban.php +++ b/inc/mod/ban.php @@ -55,6 +55,8 @@ function parse_time($str) { function ban($mask, $reason, $length, $board) { global $mod; + // TODO: permissions + $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board)"); $query->bindValue(':ip', $mask); $query->bindValue(':mod', $mod['id']); @@ -79,6 +81,8 @@ function ban($mask, $reason, $length, $board) { } function unban($id) { + // TODO: permissions + $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); diff --git a/inc/mod/pages.php b/inc/mod/pages.php index e7e4f065..73015cf9 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -52,7 +52,11 @@ function mod_login() { if (isset($_POST['username'])) $args['username'] = $_POST['username']; - mod_page('Dashboard', 'mod/login.html', $args); + mod_page('Login', 'mod/login.html', $args); +} + +function mod_confirm($request) { + mod_page('Confirm action', 'mod/confirm.html', array('request' => $request)); } function mod_dashboard() { @@ -63,6 +67,21 @@ function mod_dashboard() { mod_page('Dashboard', 'mod/dashboard.html', $args); } +function mod_log($page_no = 1) { + global $config; + + if (!hasPermission($config['mod']['modlog'])) + error($config['error']['noaccess']); + + $query = prepare("SELECT `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); + $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); + $query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + $logs = $query->fetchAll(PDO::FETCH_ASSOC); + + mod_page('Moderation log', 'mod/log.html', array('logs' => $logs)); +} + function mod_view_board($boardName, $page_no = 1) { global $config, $mod; @@ -91,6 +110,20 @@ function mod_view_thread($boardName, $thread) { echo $page; } +function mod_ip_remove_note($ip, $id) { + global $config, $mod; + + if (filter_var($ip, FILTER_VALIDATE_IP) === false) + error("Invalid IP address."); + + $query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id'); + $query->bindValue(':ip', $ip); + $query->bindValue(':id', $id); + $query->execute() or error(db_error($query)); + + header('Location: ?/IP/' . $ip, true, $config['redirect_http']); +} + function mod_page_ip($ip) { global $config, $mod; @@ -105,6 +138,21 @@ function mod_page_ip($ip) { return; } + if (isset($_POST['note'])) { + // TODO: permissions + + markup($_POST['note']); + $query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)'); + $query->bindValue(':ip', $ip); + $query->bindValue(':mod', $mod['id']); + $query->bindValue(':time', time()); + $query->bindValue(':body', $_POST['note']); + $query->execute() or error(db_error($query)); + + header('Location: ?/IP/' . $ip, true, $config['redirect_http']); + return; + } + $args = array(); $args['ip'] = $ip; $args['posts'] = array(); @@ -145,14 +193,26 @@ function mod_page_ip($ip) { $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); - $args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC); + $args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC); + + $query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + $args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC); mod_page("IP: $ip", 'mod/view_ip.html', $args); } -function mod_page_ban() { - if(!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) - error($config['error']['missedafield']); +function mod_ban() { + if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) { + mod_page("New ban", 'mod/ban_form.html', array()); + return; + } + + $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + $args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC); $ip = $_POST['ip']; @@ -166,3 +226,23 @@ function mod_page_ban() { header('Location: ?/', true, $config['redirect_http']); } +function mod_delete($board, $post) { + global $config, $mod; + + if (!openBoard($board)) + error($config['error']['noboard']); + + if (!hasPermission($config['mod']['delete'], $board)) + error($config['error']['noaccess']); + + // Delete post + deletePost($post); + // Record the action + modLog("Deleted post #{$post}"); + // Rebuild board + buildIndex(); + + // Redirect + header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']); +} + diff --git a/mod.php b/mod.php index 5f2cad56..c89c2f01 100644 --- a/mod.php +++ b/mod.php @@ -21,11 +21,18 @@ if (get_magic_quotes_gpc()) { $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; $pages = array( - '!^$!' => ':?/', // redirect to dashboard - '!^/$!' => 'dashboard', // dashboard + '!^$!' => ':?/', // redirect to dashboard + '!^/$!' => 'dashboard', // dashboard + '!^/log$!' => 'log', // modlog + '!^/log/(\d+)/$!' => 'log', // modlog - '!^/IP/(.+)$!' => 'ip', // view ip address - '!^/ban$!' => 'ban', // new ban + '!^/confirm/(.+)$!' => 'confirm', // confirm action (if javascript didn't work) + + '!^/ban$!' => 'ban', // new ban + '!^/IP/([\w.:]+)$!' => 'ip', // view ip address + '!^/IP/([\w.:]+)/remove_note/(\d+)$!' => 'ip_remove_note', // remove note from ip address + + '!^/(\w+)/delete/(\d+)$!' => 'delete', // delete post // This should always be at the end: '!^/(\w+)/' . preg_quote($config['file_index'], '!') . '?$!' => 'view_board', diff --git a/templates/mod/confirm.html b/templates/mod/confirm.html new file mode 100644 index 00000000..7509ce3c --- /dev/null +++ b/templates/mod/confirm.html @@ -0,0 +1,7 @@ +
+ Are you sure you want to do that? Click to proceed to ?/{{ request }}. +
++ You are seeing this message because we were unable to serve a confirmation dialog, probably due to Javascript being disabled. +
+ diff --git a/templates/mod/log.html b/templates/mod/log.html new file mode 100644 index 00000000..2aa0ea0a --- /dev/null +++ b/templates/mod/log.html @@ -0,0 +1,11 @@ ++ + | +
---|