a Fixed delete by IP, plus a bunch of small stuff
This commit is contained in:
Savetheinternet
parent
0346862645
commit
c34ea2e3af
@ -299,7 +299,7 @@
|
||||
}
|
||||
|
||||
// Delete a post (reply or thread)
|
||||
function deletePost($id) {
|
||||
function deletePost($id, $error_if_doesnt_exist=true) {
|
||||
global $board;
|
||||
|
||||
// Select post and replies (if thread) in one query
|
||||
@ -308,7 +308,9 @@
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($query->rowCount() < 1) {
|
||||
error(ERROR_INVALIDPOST);
|
||||
if($error_if_doesnt_exist)
|
||||
error(ERROR_INVALIDPOST);
|
||||
else return false;
|
||||
}
|
||||
|
||||
// Delete posts and maybe replies
|
||||
@ -337,6 +339,8 @@
|
||||
if(isset($rebuild)) {
|
||||
buildThread($rebuild);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function clean() {
|
||||
@ -370,7 +374,7 @@
|
||||
while($th = $query->fetch()) {
|
||||
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod);
|
||||
|
||||
$posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri']));
|
||||
$posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `id` DESC LIMIT ?", $board['uri']));
|
||||
$posts->bindValue(1, $th['id']);
|
||||
$posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT);
|
||||
$posts->execute() or error(db_error($posts));
|
||||
@ -859,7 +863,7 @@
|
||||
switch($type) {
|
||||
case 'jpg':
|
||||
case 'jpeg':
|
||||
if(!$image = imagecreatefromjpeg($source_pic)) {
|
||||
if(!$image = @imagecreatefromjpeg($source_pic)) {
|
||||
unlink($source_pic);
|
||||
error(ERR_INVALIDIMG);
|
||||
}
|
||||
|
||||
12
inc/mod.php
12
inc/mod.php
@ -20,7 +20,7 @@
|
||||
$query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
|
||||
$query->bindValue(':username', $username);
|
||||
$query->bindValue(':password', $password);
|
||||
$query->execute();
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($user = $query->fetch()) {
|
||||
return $mod = Array(
|
||||
@ -56,6 +56,16 @@
|
||||
unset($_SESSION['mod']);
|
||||
}
|
||||
|
||||
function modLog($action) {
|
||||
global $mod;
|
||||
$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :time, :text)");
|
||||
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
|
||||
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
||||
$query->bindValue(':time', time(), PDO::PARAM_INT);
|
||||
$query->bindValue(':text', $action);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
|
||||
if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) {
|
||||
// Should be username:session hash
|
||||
$cookie = explode(':', $_COOKIE['mod']);
|
||||
|
||||
7
main.js
7
main.js
@ -6,8 +6,11 @@ function highlightReply(id)
|
||||
if (divs[i].className.indexOf('post') != -1)
|
||||
divs[i].className = divs[i].className.replace(/highlighted/, '');
|
||||
}
|
||||
if (id)
|
||||
document.getElementById('reply_'+id).className += ' highlighted';
|
||||
if (id) {
|
||||
post = document.getElementById('reply_'+id);
|
||||
if(post)
|
||||
post.className += ' highlighted';
|
||||
}
|
||||
}
|
||||
function focusId(id)
|
||||
{
|
||||
|
||||
39
mod.php
39
mod.php
@ -43,6 +43,8 @@
|
||||
if(!login($_POST['username'], $_POST['password']))
|
||||
loginForm(ERROR_INVALID, $_POST['username']);
|
||||
|
||||
modLog("Logged in.");
|
||||
|
||||
// Login successful
|
||||
// Set cookies
|
||||
setCookies();
|
||||
@ -295,6 +297,9 @@
|
||||
}
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
// Record the action
|
||||
modLog("Created a new board: {$b['title']}");
|
||||
|
||||
// Open the board
|
||||
openBoard($b['uri']) or error("Couldn't open board after creation.");
|
||||
|
||||
@ -356,6 +361,10 @@
|
||||
|
||||
// Delete post
|
||||
deleteFile($post);
|
||||
|
||||
// Record the action
|
||||
modLog("Removed file from post #{$post}");
|
||||
|
||||
// Rebuild board
|
||||
buildIndex();
|
||||
|
||||
@ -377,6 +386,10 @@
|
||||
|
||||
// Delete post
|
||||
deletePost($post);
|
||||
|
||||
// Record the action
|
||||
modLog("Deleted post #{$post}");
|
||||
|
||||
// Rebuild board
|
||||
buildIndex();
|
||||
|
||||
@ -399,8 +412,12 @@
|
||||
$query->bindValue(':id', $post, PDO::PARAM_INT);
|
||||
|
||||
if($matches[2] == 'un') {
|
||||
// Record the action
|
||||
modLog("Unstickied post #{$post}");
|
||||
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
|
||||
} else {
|
||||
// Record the action
|
||||
modLog("Stickied post #{$post}");
|
||||
$query->bindValue(':sticky', 1, PDO::PARAM_INT);
|
||||
}
|
||||
|
||||
@ -429,8 +446,12 @@
|
||||
$query->bindValue(':id', $post, PDO::PARAM_INT);
|
||||
|
||||
if($matches[2] == 'un') {
|
||||
// Record the action
|
||||
modLog("Unlocked post #{$post}");
|
||||
$query->bindValue(':locked', 0, PDO::PARAM_INT);
|
||||
} else {
|
||||
// Record the action
|
||||
modLog("Locked post #{$post}");
|
||||
$query->bindValue(':locked', 1, PDO::PARAM_INT);
|
||||
}
|
||||
|
||||
@ -454,10 +475,22 @@
|
||||
if(!openBoard($boardName))
|
||||
error(ERROR_NOBOARD);
|
||||
|
||||
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = (SELECT `ip` FROM `posts_%s` WHERE `id` = :id)", $board['uri'], $board['uri']));
|
||||
$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
|
||||
$query->bindValue(':id', $post);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if(!$post = $query->fetch())
|
||||
error(ERROR_INVALIDPOST);
|
||||
|
||||
$ip = $post['ip'];
|
||||
|
||||
// Record the action
|
||||
modLog("Deleted all posts by IP address: #{$ip}");
|
||||
|
||||
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri']));
|
||||
$query->bindValue(':ip', $ip);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($query->rowCount() < 1)
|
||||
error(ERROR_INVALIDPOST);
|
||||
|
||||
@ -529,6 +562,10 @@
|
||||
} else {
|
||||
$query->bindValue(':reason', null, PDO::PARAM_NULL);
|
||||
}
|
||||
|
||||
// Record the action
|
||||
modLog("Created a ban for {$_POST['ip']} with reason {$_POST['reason']}");
|
||||
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
// Delete too
|
||||
|
||||
2
post.php
2
post.php
@ -221,7 +221,7 @@
|
||||
if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name'));
|
||||
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
|
||||
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
|
||||
if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
|
||||
if(!$mod && strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
|
||||
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY);
|
||||
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user