From 7f6f836bf85350fe92d3975d2fb3973343923aeb Mon Sep 17 00:00:00 2001 From: Michael Save Date: Fri, 13 Apr 2012 10:41:30 +1000 Subject: [PATCH] IP notes --- inc/mod/ban.php | 4 +++ inc/mod/pages.php | 90 +++++++++++++++++++++++++++++++++++++++++++--- mod.php | 15 +++++--- templates/mod/confirm.html | 7 ++++ templates/mod/log.html | 11 ++++++ templates/mod/view_ip.html | 80 +++++++++++++++++++++++++++++++++++++---- 6 files changed, 191 insertions(+), 16 deletions(-) create mode 100644 templates/mod/confirm.html create mode 100644 templates/mod/log.html diff --git a/inc/mod/ban.php b/inc/mod/ban.php index 33b64975..8d86cbcd 100644 --- a/inc/mod/ban.php +++ b/inc/mod/ban.php @@ -55,6 +55,8 @@ function parse_time($str) { function ban($mask, $reason, $length, $board) { global $mod; + // TODO: permissions + $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board)"); $query->bindValue(':ip', $mask); $query->bindValue(':mod', $mod['id']); @@ -79,6 +81,8 @@ function ban($mask, $reason, $length, $board) { } function unban($id) { + // TODO: permissions + $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); diff --git a/inc/mod/pages.php b/inc/mod/pages.php index e7e4f065..73015cf9 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -52,7 +52,11 @@ function mod_login() { if (isset($_POST['username'])) $args['username'] = $_POST['username']; - mod_page('Dashboard', 'mod/login.html', $args); + mod_page('Login', 'mod/login.html', $args); +} + +function mod_confirm($request) { + mod_page('Confirm action', 'mod/confirm.html', array('request' => $request)); } function mod_dashboard() { @@ -63,6 +67,21 @@ function mod_dashboard() { mod_page('Dashboard', 'mod/dashboard.html', $args); } +function mod_log($page_no = 1) { + global $config; + + if (!hasPermission($config['mod']['modlog'])) + error($config['error']['noaccess']); + + $query = prepare("SELECT `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); + $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); + $query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + $logs = $query->fetchAll(PDO::FETCH_ASSOC); + + mod_page('Moderation log', 'mod/log.html', array('logs' => $logs)); +} + function mod_view_board($boardName, $page_no = 1) { global $config, $mod; @@ -91,6 +110,20 @@ function mod_view_thread($boardName, $thread) { echo $page; } +function mod_ip_remove_note($ip, $id) { + global $config, $mod; + + if (filter_var($ip, FILTER_VALIDATE_IP) === false) + error("Invalid IP address."); + + $query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id'); + $query->bindValue(':ip', $ip); + $query->bindValue(':id', $id); + $query->execute() or error(db_error($query)); + + header('Location: ?/IP/' . $ip, true, $config['redirect_http']); +} + function mod_page_ip($ip) { global $config, $mod; @@ -105,6 +138,21 @@ function mod_page_ip($ip) { return; } + if (isset($_POST['note'])) { + // TODO: permissions + + markup($_POST['note']); + $query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)'); + $query->bindValue(':ip', $ip); + $query->bindValue(':mod', $mod['id']); + $query->bindValue(':time', time()); + $query->bindValue(':body', $_POST['note']); + $query->execute() or error(db_error($query)); + + header('Location: ?/IP/' . $ip, true, $config['redirect_http']); + return; + } + $args = array(); $args['ip'] = $ip; $args['posts'] = array(); @@ -145,14 +193,26 @@ function mod_page_ip($ip) { $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); - $args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC); + $args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC); + + $query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + $args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC); mod_page("IP: $ip", 'mod/view_ip.html', $args); } -function mod_page_ban() { - if(!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) - error($config['error']['missedafield']); +function mod_ban() { + if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) { + mod_page("New ban", 'mod/ban_form.html', array()); + return; + } + + $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + $args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC); $ip = $_POST['ip']; @@ -166,3 +226,23 @@ function mod_page_ban() { header('Location: ?/', true, $config['redirect_http']); } +function mod_delete($board, $post) { + global $config, $mod; + + if (!openBoard($board)) + error($config['error']['noboard']); + + if (!hasPermission($config['mod']['delete'], $board)) + error($config['error']['noaccess']); + + // Delete post + deletePost($post); + // Record the action + modLog("Deleted post #{$post}"); + // Rebuild board + buildIndex(); + + // Redirect + header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']); +} + diff --git a/mod.php b/mod.php index 5f2cad56..c89c2f01 100644 --- a/mod.php +++ b/mod.php @@ -21,11 +21,18 @@ if (get_magic_quotes_gpc()) { $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; $pages = array( - '!^$!' => ':?/', // redirect to dashboard - '!^/$!' => 'dashboard', // dashboard + '!^$!' => ':?/', // redirect to dashboard + '!^/$!' => 'dashboard', // dashboard + '!^/log$!' => 'log', // modlog + '!^/log/(\d+)/$!' => 'log', // modlog - '!^/IP/(.+)$!' => 'ip', // view ip address - '!^/ban$!' => 'ban', // new ban + '!^/confirm/(.+)$!' => 'confirm', // confirm action (if javascript didn't work) + + '!^/ban$!' => 'ban', // new ban + '!^/IP/([\w.:]+)$!' => 'ip', // view ip address + '!^/IP/([\w.:]+)/remove_note/(\d+)$!' => 'ip_remove_note', // remove note from ip address + + '!^/(\w+)/delete/(\d+)$!' => 'delete', // delete post // This should always be at the end: '!^/(\w+)/' . preg_quote($config['file_index'], '!') . '?$!' => 'view_board', diff --git a/templates/mod/confirm.html b/templates/mod/confirm.html new file mode 100644 index 00000000..7509ce3c --- /dev/null +++ b/templates/mod/confirm.html @@ -0,0 +1,7 @@ +

+ Are you sure you want to do that? Click to proceed to ?/{{ request }}. +

+

+ You are seeing this message because we were unable to serve a confirmation dialog, probably due to Javascript being disabled. +

+ diff --git a/templates/mod/log.html b/templates/mod/log.html new file mode 100644 index 00000000..2aa0ea0a --- /dev/null +++ b/templates/mod/log.html @@ -0,0 +1,11 @@ + + + + + {% for log in logs %} + + {% endfor %} +
+ +
+ diff --git a/templates/mod/view_ip.html b/templates/mod/view_ip.html index a9676dd7..3bc9654c 100644 --- a/templates/mod/view_ip.html +++ b/templates/mod/view_ip.html @@ -9,9 +9,73 @@ {% endfor %} -{% set redirect = '?/IP/' ~ ip %} +{% if mod|hasPermission(config.mod.view_notes) %} +
+ + {{ notes|count }} note{% if notes|count != 1 %}s{% endif %} on record + + + {% if notes|count > 0 %} + + + + + + {% if mod|hasPermission(config.mod.remove_notes) %} + + {% endif %} + + {% for note in notes %} + + + + + {% if mod|hasPermission(config.mod.remove_notes) %} + + {% endif %} + + {% endfor %} +
StaffNoteDateActions
+ {% if note.username %} + {{ note.username }} + {% else %} + deleted? + {% endif %} + + {{ note.body }} + + {{ note.time|date(config.post_date) }} + + [remove] +
+ {% endif %} + + {% if mod|hasPermission(config.mod.create_notes) %} +
+ + + + + + + + + + + + + +
Staff{{ mod.username }}
+ + + +
+
+ {% endif %} +
+{% endif %} -{% if bans|count > 0 %} +{% if bans|count > 0 and mod|hasPermission(config.mod.view_ban) %}
Ban{% if bans|count != 1 %}s{% endif %} on record @@ -84,8 +148,10 @@
{% endif %} -
- New ban - {% include 'mod/ban_form.html' %} -
- +{% if mod|hasPermission(config.mod.ban) %} +
+ New ban + {% set redirect = '?/IP/' ~ ip %} + {% include 'mod/ban_form.html' %} +
+{% endif %}