diff --git a/inc/config.php b/inc/config.php index bf3956fe..f4040570 100644 --- a/inc/config.php +++ b/inc/config.php @@ -244,6 +244,15 @@ /* Administration */ // Display the contents of instant-config.php define('MOD_SHOW_CONFIG', MOD_ADMIN, true); + // View list of bans + define('MOD_VIEW_BANLIST', MOD_MOD, true); + // View the username of the mod who made a ban + define('MOD_VIEW_BANSTAFF', MOD_MOD, true); + // If the moderator doesn't fit the MOD_VIEW_BANSTAFF (previous) permission, + // show him just a "?" instead. Otherwise, it will be "Mod" or "Admin" + define('MOD_VIEW_BANQUESTIONMARK', false, true); + // Show expired bans in the ban list (they are kept in cache until the culprit returns) + define('MOD_VIEW_BANEXPIRED', true, true); // Create a new board define('MOD_NEWBOARD', MOD_ADMIN, true); diff --git a/mod.php b/mod.php index c67bfd66..c16676ad 100644 --- a/mod.php +++ b/mod.php @@ -19,6 +19,16 @@ // Fix some encoding issues header('Content-Type: text/html; charset=utf-8', true); + if (get_magic_quotes_gpc()) { + function strip_array($var) { + return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); + } + + $_SESSION = strip_array($_SESSION); + $_GET = strip_array($_GET); + $_POST = strip_array($_POST); + } + // If not logged in if(!$mod) { if(isset($_POST['login'])) { @@ -70,6 +80,9 @@ $fieldset['Boards'] .= ulBoards(); if($mod['type'] >= MOD_SHOW_CONFIG) { + $fieldset['Administration'] .= '
  • Ban list
    • '; + } + if($mod['type'] >= MOD_SHOW_CONFIG) { $fieldset['Administration'] .= '
  • Show configuration
    • '; } @@ -88,6 +101,90 @@ //,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */ ) ); + } elseif(preg_match('/^\/bans$/', $query)) { + if($mod['type'] < MOD_VIEW_BANLIST) error(ERROR_NOACCESS); + + if(MOD_VIEW_BANEXPIRED) { + $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } else { + // Filter out expired bans + $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } + + if($query->rowCount() < 1) { + $body = '(There are no active bans.)'; + } else { + $body = '
    '; + $body .= ''; + + while($ban = $query->fetch()) { + $body .= + '' . + + '' . + + // Reason + '' . + + // Set + '' . + + // Expires + '' . + + // Staff + '' . + + '' . + + ''; + } + + $body .= '
    IP addressReasonSetExpiresStaffActions
    ' . + + // Checkbox + ' ' . + + // IP address + ''. $ban['ip'] . '' . $ban['reason'] . '' . date(POST_DATE, $ban['set']) . '' . + ($ban['expires'] == 0 ? + 'Never' + : + date(POST_DATE, $ban['expires']) + ) . + '' . + ($mod['type'] < MOD_VIEW_BANSTAFF ? + (MOD_VIEW_BANQUESTIONMARK ? + '?' + : + ($ban['type'] == MOD_JANITOR ? 'Janitor' : + ($ban['type'] == MOD_MOD ? 'Mod' : + ($ban['type'] == MOD_ADMIN ? 'Admin' : + '?'))) + ) + : + $ban['username'] + ) . + '
    '; + } + + echo Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Ban list', + 'body'=>$body, + 'mod'=>true + ) + ); } elseif(preg_match('/^\/config$/', $query)) { if($mod['type'] < MOD_SHOW_CONFIG) error(ERROR_NOACCESS);