From ce18d43bcd5f23aabab2c6bd60a6b01128772d42 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 20 Feb 2011 17:19:57 +1100 Subject: [PATCH] Reports/report queue --- inc/config.php | 11 +++++++ inc/functions.php | 4 +-- mod.php | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++ post.php | 54 +++++++++++++++++++++++++++++++++ templates/index.html | 12 +++++--- templates/thread.html | 12 +++++--- 6 files changed, 167 insertions(+), 10 deletions(-) diff --git a/inc/config.php b/inc/config.php index 2f3a691e..27352b5a 100644 --- a/inc/config.php +++ b/inc/config.php @@ -100,6 +100,8 @@ $config['error']['tor'] = 'Hmm… That looks like a Tor exit node.'; $config['error']['toomanylinks'] = 'Too many links; flood detected.'; $config['error']['nodelete'] = 'You didn\'t select anything to delete.'; + $config['error']['noreport'] = 'You didn\'t select anything to report.'; + $config['error']['toomanyreports'] = 'You can\'t report that many posts at once.'; $config['error']['invalidpassword'] = 'Wrong password…'; $config['error']['invalidimg'] = 'Invalid image.'; $config['error']['filesize'] = 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes'; @@ -120,6 +122,9 @@ $config['error']['invalidpost'] = 'That post doesn\'t exist…'; $config['error']['404'] = 'Page not found.'; + // How many reports you can create in the same request. + $config['report_limit'] = 2; + // Reply limit (deletes thread when this is reached) $config['reply_limit'] = 250; @@ -264,6 +269,12 @@ /* Administration */ // Display the contents of instance-config.php $config['mod']['show_config'] = ADMIN; + // View the report queue + $config['mod']['reports'] = JANITOR; + // Dismiss an abuse report + $config['mod']['report_dismiss'] = JANITOR; + // Dismiss all abuse reports by an IP + $config['mod']['report_dismiss_ip'] = JANITOR; // View list of bans $config['mod']['view_banlist'] = MOD; // View the username of the mod who made a ban diff --git a/inc/functions.php b/inc/functions.php index 09e3f1fe..6e709d9b 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -828,8 +828,8 @@ ) == '127.0.0.2'; } - function ReverseIPOctets($inputip) { - $ipoc = explode('.', $inputip); + function ReverseIPOctets($ip) { + $ipoc = explode('.', $ip); return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0]; } diff --git a/mod.php b/mod.php index 9424ab54..2e8a993e 100644 --- a/mod.php +++ b/mod.php @@ -80,6 +80,9 @@ // Boards $fieldset['Boards'] .= ulBoards(); + if($mod['type'] >= $config['mod']['reports']) { + $fieldset['Administration'] .= '
  • Report queue
  • '; + } if($mod['type'] >= $config['mod']['view_banlist']) { $fieldset['Administration'] .= '
  • Ban list
  • '; } @@ -102,6 +105,87 @@ //,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */ ) ); + } elseif(preg_match('/^\/reports$/', $query)) { + $body = ''; + + $query = query("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC") or error(db_error()); + if($query->rowCount() < 1) + $body = '(Empty.)'; + else { + while($report = $query->fetch()) { + $p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri'])); + $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); + $p_query->execute() or error(db_error($query)); + + if(!$post = $p_query->fetch()) { + // Invalid report (post has since been deleted) + $p_query = prepare("DELETE FROM `reports` WHERE `post` = :id"); + $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); + $p_query->execute() or error(db_error($query)); + } + + openBoard($report['uri']); + + if(!$post['thread']) { + $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], '?/', $mod, false); + } else { + $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], '?/', $mod); + } + + $po->body .= + '
    ' . + '
    ' . + 'Board: ' . sprintf($config['board_abbreviation'], $report['uri']) . '
    ' . + 'Reason: ' . $report['reason'] . '
    ' . + 'Reported by: ' . $report['ip'] . '
    ' . + '
    ' . + ($mod['type'] >= $config['mod']['report_dismiss'] ? + 'Dismiss | ' : '') . + ($mod['type'] >= $config['mod']['report_dismiss_ip'] ? + 'Dismiss+' : '') . + '
    '; + $body .= $po->build(true) . '
    '; + } + } + + echo Element('page.html', Array( + 'index'=>$config['root'], + 'title'=>'Report queue', + 'body'=>$body, + 'mod'=>true + )); + } elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) { + if(isset($matches[2]) && $matches[2] == '/all') { + if($mod['type'] < $config['mod']['report_dismiss_ip']) error($config['error']['noaccess']); + + $query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id"); + $query->bindValue(':id', $matches[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($report = $query->fetch()) { + $query = prepare("DELETE FROM `reports` WHERE `ip` = :ip"); + $query->bindValue(':ip', $report['ip'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } + } else { + if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']); + + $query = prepare("SELECT `post` FROM `reports` WHERE `id` = :id"); + $query->bindValue(':id', $matches[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($report = $query->fetch()) { + $query = prepare("DELETE FROM `reports` WHERE `post` = :post"); + $query->bindValue(':post', $report['post'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } + } + + // Redirect + if(isset($_SERVER['HTTP_REFERER'])) + header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); + else + header('Location: ?/reports', true, $config['redirect_http']); } elseif(preg_match('/^\/bans$/', $query)) { if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']); diff --git a/post.php b/post.php index e23bba79..5b1268da 100644 --- a/post.php +++ b/post.php @@ -78,7 +78,61 @@ $root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); + + } elseif(isset($_POST['report'])) { + if( !isset($_POST['board']) || + !isset($_POST['password']) || + !isset($_POST['reason']) + ) + error($config['error']['bot']); + $report = Array(); + foreach($_POST as $post => $value) { + if(preg_match('/^delete_(\d+)$/', $post, $m)) { + $report[] = (int)$m[1]; + } + } + + sql_open(); + + // Check if banned + checkBan(); + + if($config['block_tor'] && isTor()) + error($config['error']['tor']); + + // Check if board exists + if(!openBoard($_POST['board'])) + error($config['error']['noboard']); + + if(empty($report)) + error($config['error']['noreport']); + + if(count($report) > $config['report_limit']) + error($config['error']['toomanyreports']); + + foreach($report as &$id) { + $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($post = $query->fetch()) { + $query = prepare("INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason)"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); + $query->bindValue(':board', $board['id'], PDO::PARAM_INT); + $query->bindValue(':post', $id, PDO::PARAM_INT); + $query->bindValue(':reason', htmlentities($_POST['reason']), PDO::PARAM_STR); + $query->execute() or error(db_error($query)); + } + } + + sql_close(); + + $is_mod = isset($_POST['mod']) && $_POST['mod']; + $root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; + + header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); } elseif(isset($_POST['post'])) { if( !isset($_POST['name']) || !isset($_POST['email']) || diff --git a/templates/index.html b/templates/index.html index 03082681..b30b4a67 100644 --- a/templates/index.html +++ b/templates/index.html @@ -93,15 +93,19 @@
    - {mod?} {body}
    Delete Post [ - ] Password - - + ] + + +
    +
    + + +
    {btn[prev]} {pages: diff --git a/templates/thread.html b/templates/thread.html index 221e3e5f..8a290999 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -85,15 +85,19 @@
    - {mod?} {body}
    Delete Post [ - ] Password - - + ] + + +
    +
    + + +
    [Return.]