edit users

2012-04-16 23:18:07 +10:00 · 2012-04-16 23:18:07 +10:00 · a340c5b6ee
commit a340c5b6ee
parent 93553303b2
5 changed files with 178 additions and 2 deletions
--- a/inc/lib/Twig/Extensions/Extension/Tinyboard.php
+++ b/inc/lib/Twig/Extensions/Extension/Tinyboard.php
@ -76,7 +76,7 @@ function twig_date_filter($date, $format) {
 	return strftime($format, $date);
 }

-function twig_hasPermission_filter($mod, $permission, $board = false) {
+function twig_hasPermission_filter($mod, $permission, $board = null) {
 	return hasPermission($permission, $board, $mod);
 }

--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@ -313,6 +313,7 @@ function mod_lock($board, $unlock, $post) {
 	$query->bindValue(':locked', $unlock ? 0 : 1);
 	$query->execute() or error(db_error($query));
 	if($query->rowCount()) {
+		modLog(($unlock ? 'Unlocked' : 'Locked') . " thread #{$post}");
 		buildThread($post);
 		buildIndex();
 	}
@ -334,6 +335,7 @@ function mod_sticky($board, $unsticky, $post) {
 	$query->bindValue(':sticky', $unsticky ? 0 : 1);
 	$query->execute() or error(db_error($query));
 	if($query->rowCount()) {
+		modLog(($unlock ? 'Unstickied' : 'Stickied') . " thread #{$post}");
 		buildThread($post);
 		buildIndex();
 	}
@ -355,6 +357,7 @@ function mod_bumplock($board, $unbumplock, $post) {
 	$query->bindValue(':bumplock', $unbumplock ? 0 : 1);
 	$query->execute() or error(db_error($query));
 	if($query->rowCount()) {
+		modLog(($unlock ? 'Unbumplocked' : 'Bumplocked') . " thread #{$post}");
 		buildThread($post);
 		buildIndex();
 	}
@ -382,6 +385,85 @@ function mod_delete($board, $post) {
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }

+function mod_user($uid) {
+	global $config, $mod;
+	
+	if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id']))
+		error($config['error']['noaccess']);
+	
+	$query = prepare('SELECT * FROM `mods` WHERE `id` = :id');
+	$query->bindValue(':id', $uid);
+	$query->execute() or error(db_error($query));
+	if (!$user = $query->fetch(PDO::FETCH_ASSOC))
+		error($config['error']['404']);
+	
+	if (hasPermission($config['mod']['editusers']) && isset($_POST['username'], $_POST['password'])) {
+		if (isset($_POST['allboards'])) {
+			$boards = array('*');
+		} else {
+			$_boards = listBoards();
+			foreach ($_boards as &$board) {
+				$board = $board['uri'];
+			}
+		
+			$boards = array();
+			foreach ($_POST as $name => $value) {
+				if (preg_match('/^board_(\w+)$/', $name, $matches) && in_array($matches[1], $_boards))
+					$boards[] = $matches[1];
+			}
+		}
+		
+		$query = prepare('UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id');
+		$query->bindValue(':id', $uid);
+		$query->bindValue(':username', $_POST['username']);
+		$query->bindValue(':boards', implode(',', $boards));
+		$query->execute() or error(db_error($query));
+		
+		if ($_POST['password'] != '') {
+			$query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id');
+			$query->bindValue(':id', $uid);
+			$query->bindValue(':password', $_POST['password']);
+			$query->execute() or error(db_error($query));
+			
+			if ($uid == $mod['id']) {
+				login($_POST['username'], $_POST['password']);
+				setCookies();
+			}
+		}
+		
+		header('Location: ?/users', true, $config['redirect_http']);
+		return;
+	}
+	
+	if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) {
+		if ($_POST['password'] != '') {
+			$query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id');
+			$query->bindValue(':id', $uid);
+			$query->bindValue(':password', $_POST['password']);
+			$query->execute() or error(db_error($query));
+			
+			login($_POST['username'], $_POST['password']);
+			setCookies();
+		}
+		
+		header('Location: ?/users', true, $config['redirect_http']);
+		return;
+	}
+	
+	if (hasPermission($config['mod']['modlog'])) {
+		$query = prepare('SELECT * FROM `modlogs` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5');
+		$query->bindValue(':id', $uid);
+		$query->execute() or error(db_error($query));
+		$log = $query->fetchAll(PDO::FETCH_ASSOC);
+	} else {
+		$log = array();
+	}
+	
+	$user['boards'] = explode(',', $user['boards']);
+	
+	mod_page('Edit user', 'mod/user.html', array('user' => $user, 'logs' => $log, 'boards' => listBoards()));
+}
+
 function mod_users() {
 	global $config;
 	
--- a/mod.php
+++ b/mod.php
@ -28,6 +28,7 @@ $pages = array(
 	'!^/log/(\d+)$!'			=> 'log',		// modlog
 	
 	'!^/users$!'				=> 'users',		// manage users
+	'!^/users/(\d+)$!'			=> 'user',		// edit user
 	'!^/users/(\d+)/(promote|demote)$!'	=> 'user_promote',	// prmote/demote user
 	'!^/new_PM/([^/]+)$!'			=> 'new_pm',		// create a new pm
 	'!^/PM/(\d+)(/reply)?$!'		=> 'pm',		// read a pm
--- a/templates/mod/log.html
+++ b/templates/mod/log.html
@ -2,7 +2,7 @@
 	<tr>
 		<th>Staff</th>
 		<th>IP address</th>
-		<th>Ago</th>
+		<th>Time</th>
 		<th>Board</th>
 		<th>Action</th>
 	</tr>
--- a/templates/mod/user.html
+++ b/templates/mod/user.html
@ -0,0 +1,93 @@
+<form action="?/users/{{ mod.id }}" method="post">
+	<table>
+		<tr>
+			<th>Username</th>
+			<td>
+				{% if mod|hasPermission(config.mod.editusers) %}
+					<input size="20" maxlength="30" type="text" name="username" value="{{ user.username|e }}" autocomplete="off">
+				{% else %}
+					{{ user.username|e }}
+				{% endif %}
+			</td>
+		</tr>
+		<tr>
+			<th>Password <small style="font-weight:normal">(new; optional)</small></th>
+			<td>
+				{% if mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.change_password) and user.id == mod.id) %}
+					<input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off">
+				{% else %}
+					-
+				{% endif %}
+			</td>
+		</tr>
+		<tr>
+			<th>Boards</th>
+			<td>
+				<ul style="padding:0 5px;list-style:none">
+					<li>
+						<input type="checkbox" id="allboards" name="allboards"
+						{% if '*' in user.boards %} checked{% endif %}
+						{% if not mod|hasPermission(config.mod.editusers) %}
+						 disabled
+						{% endif %}
+						> 
+						<label for="allboards">"*" - All boards</label>
+					</li>
+					{% for board in boards %}
+						<li>
+							<input type="checkbox" id="board_{{ board.uri }}" name="board_{{ board.uri }}"
+								{% if board.uri in user.boards %} checked{% endif %}
+								{% if not mod|hasPermission(config.mod.editusers) %}
+								 disabled
+								{% endif %}
+								> 
+							<label for="board_{{ board.uri }}">
+								{{ config.board_abbreviation|sprintf(board.uri) }}
+								 - 
+								{{ board.title }}
+							</label>
+						</li>
+					{% endfor %}
+				</ul>
+			</td>
+		</tr>
+	</table>
+	
+	<ul style="padding:0;text-align:center">
+		<li><input type="submit" value="Save changes"></li>
+		{% if mod|hasPermission(config.mod.deleteusers) %}
+		<li><input type="submit" value="Delete user"></li>
+		{% endif %}
+	</ul>
+</form>
+
+{% if logs|count > 0  %}
+	<table class="modlog" style="width:600px">
+		<tr>
+			<th>IP address</th>			
+			<th>Time</th>
+			<th>Board</th>
+			<th>Action</th>
+		</tr>
+		{% for log in logs %}
+			<tr>
+				<td class="minimal">
+					<a href="?/IP/{{ log.ip }}">{{ log.ip }}</a>
+				</td>
+				<td class="minimal">
+					<span title="{{ log.time|date(config.post_date) }}">{{ log.time|ago }}</span>
+				</td>
+				<td class="minimal">
+					{% if log.board %}
+						<a href="?/{{ config.board_path|sprintf(log.board) }}{{ config.file_index }}">{{ config.board_abbreviation|sprintf(log.board) }}</a>
+					{% else %}
+						-
+					{% endif %}
+				</td>
+				<td>
+					{{ log.text }}
+				</td>
+			</tr>
+		{% endfor %}
+	</table>
+{% endif %}