per-board moderators
This commit is contained in:
parent
1338769d44
commit
e3cba2b450
@ -241,29 +241,29 @@
|
||||
$built = '';
|
||||
if($this->mod) {
|
||||
// Mod controls (on posts)
|
||||
$built .= '<span class="controls">';
|
||||
|
||||
// Delete
|
||||
if($this->mod['type'] >= $config['mod']['delete'])
|
||||
if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
|
||||
$built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id);
|
||||
|
||||
// Delete all posts by IP
|
||||
if($this->mod['type'] >= $config['mod']['deletebyip'])
|
||||
if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
|
||||
$built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by IP?', $board['uri'] . '/deletebyip/' . $this->id);
|
||||
|
||||
// Ban
|
||||
if($this->mod['type'] >= $config['mod']['ban'])
|
||||
if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
|
||||
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
|
||||
|
||||
// Ban & Delete
|
||||
if($this->mod['type'] >= $config['mod']['bandelete'])
|
||||
if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
|
||||
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
|
||||
|
||||
// Delete file (keep post)
|
||||
if(!empty($this->file) && $this->mod['type'] >= $config['mod']['deletefile'])
|
||||
if(!empty($this->file) && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
|
||||
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . $config['mod']['link_deletefile'] . '</a>';
|
||||
|
||||
$built .= '</span>';
|
||||
if(!empty($built))
|
||||
$built = '<span class="controls">' . $built . '</span>';
|
||||
}
|
||||
return $built;
|
||||
}
|
||||
@ -309,7 +309,7 @@
|
||||
. (!empty($this->capcode) ? capcode($this->capcode) : '');
|
||||
|
||||
// IP Address
|
||||
if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) {
|
||||
if($this->mod && hasPermission($config['mod']['show_ip'], $board['uri'], $this->mod)) {
|
||||
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
|
||||
}
|
||||
|
||||
@ -436,43 +436,42 @@
|
||||
$built = '';
|
||||
if($this->mod) {
|
||||
// Mod controls (on posts)
|
||||
$built .= '<span class="controls op">';
|
||||
|
||||
// Delete
|
||||
if($this->mod['type'] >= $config['mod']['delete'])
|
||||
if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
|
||||
$built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id);
|
||||
|
||||
// Delete all posts by IP
|
||||
if($this->mod['type'] >= $config['mod']['deletebyip'])
|
||||
if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
|
||||
$built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by IP?', $board['uri'] . '/deletebyip/' . $this->id);
|
||||
|
||||
// Ban
|
||||
if($this->mod['type'] >= $config['mod']['ban'])
|
||||
if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
|
||||
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
|
||||
|
||||
// Ban & Delete
|
||||
if($this->mod['type'] >= $config['mod']['bandelete'])
|
||||
if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
|
||||
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
|
||||
|
||||
// Delete file (keep post)
|
||||
if(!empty($this->file) && $this->file != 'deleted' && $this->mod['type'] >= $config['mod']['deletefile'])
|
||||
if(!empty($this->file) && $this->file != 'deleted' && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
|
||||
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . $config['mod']['link_deletefile'] . '</a>';
|
||||
|
||||
// Sticky
|
||||
if($this->mod['type'] >= $config['mod']['sticky'])
|
||||
if(hasPermission($config['mod']['sticky'], $board['uri'], $this->mod))
|
||||
if($this->sticky)
|
||||
$built .= ' <a title="Make thread not sticky" href="?/' . $board['uri'] . '/unsticky/' . $this->id . '">' . $config['mod']['link_desticky'] . '</a>';
|
||||
else
|
||||
$built .= ' <a title="Make thread sticky" href="?/' . $board['uri'] . '/sticky/' . $this->id . '">' . $config['mod']['link_sticky'] . '</a>';
|
||||
|
||||
// Lock
|
||||
if($this->mod['type'] >= $config['mod']['lock'])
|
||||
if(hasPermission($config['mod']['lock'], $board['uri'], $this->mod))
|
||||
if($this->locked)
|
||||
$built .= ' <a title="Unlock thread" href="?/' . $board['uri'] . '/unlock/' . $this->id . '">' . $config['mod']['link_unlock'] . '</a>';
|
||||
else
|
||||
$built .= ' <a title="Lock thread" href="?/' . $board['uri'] . '/lock/' . $this->id . '">' . $config['mod']['link_lock'] . '</a>';
|
||||
|
||||
$built .= '</span>';
|
||||
if(!empty($built))
|
||||
$built = '<span class="controls op">' . $built . '</span>';
|
||||
}
|
||||
return $built;
|
||||
}
|
||||
@ -534,7 +533,8 @@
|
||||
. (!empty($this->capcode) ? capcode($this->capcode) : '');
|
||||
|
||||
// IP Address
|
||||
if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) {
|
||||
|
||||
if($this->mod && hasPermission($config['mod']['show_ip'], $board['uri'], $this->mod)) {
|
||||
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
|
||||
}
|
||||
|
||||
|
22
inc/mod.php
22
inc/mod.php
@ -14,6 +14,21 @@
|
||||
return substr(base64_encode(sha1(rand() . time(), true)), 0, $length);
|
||||
}
|
||||
|
||||
function hasPermission($action = null, $board = null, $_mod = null) {
|
||||
if(isset($_mod))
|
||||
$mod = &$_mod;
|
||||
else
|
||||
global $mod;
|
||||
|
||||
if(isset($action) && $mod['type'] < $action)
|
||||
return false;
|
||||
|
||||
if(isset($board) && !in_array($board, $mod['boards']))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function login($username, $password, $makehash=true) {
|
||||
global $mod;
|
||||
|
||||
@ -22,7 +37,7 @@
|
||||
$password = sha1($password);
|
||||
}
|
||||
|
||||
$query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
|
||||
$query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
|
||||
$query->bindValue(':username', $username);
|
||||
$query->bindValue(':password', $password);
|
||||
$query->execute() or error(db_error($query));
|
||||
@ -33,7 +48,8 @@
|
||||
'type' => $user['type'],
|
||||
'username' => $username,
|
||||
'password' => $password,
|
||||
'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash()
|
||||
'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash(),
|
||||
'boards' => explode(',', $user['boards'])
|
||||
);
|
||||
} else return false;
|
||||
}
|
||||
@ -230,4 +246,4 @@
|
||||
'</fieldset>';
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
// Installation/upgrade file
|
||||
define('VERSION', 'v0.9.3-dev-1');
|
||||
define('VERSION', 'v0.9.3-dev-2');
|
||||
|
||||
require 'inc/functions.php';
|
||||
require 'inc/display.php';
|
||||
@ -73,7 +73,9 @@
|
||||
query("ALTER TABLE `theme_settings` ADD `theme` VARCHAR( 40 ) NOT NULL FIRST") or error(db_error());
|
||||
query("ALTER TABLE `theme_settings` CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error());
|
||||
query("ALTER TABLE `theme_settings` DROP INDEX `name`") or error(db_error());
|
||||
|
||||
case 'v0.9.3-dev-1':
|
||||
query("ALTER TABLE `mods` ADD `boards` TEXT NOT NULL") or error(db_error());
|
||||
case false:
|
||||
// Update version number
|
||||
file_write($config['has_installed'], VERSION);
|
||||
|
||||
|
@ -104,6 +104,7 @@ CREATE TABLE IF NOT EXISTS `mods` (
|
||||
`username` varchar(30) NOT NULL,
|
||||
`password` char(40) NOT NULL COMMENT 'SHA1',
|
||||
`type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin',
|
||||
`boards` TEXT NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
UNIQUE KEY `id` (`id`,`username`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
|
||||
|
106
mod.php
106
mod.php
@ -267,7 +267,7 @@
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/log$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['modlog']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
|
||||
|
||||
$boards = Array();
|
||||
$_boards = listBoards();
|
||||
@ -309,7 +309,7 @@
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
|
||||
if($mod['type'] < $config['mod']['themes']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
|
||||
|
||||
// Clearsettings
|
||||
query("TRUNCATE TABLE `theme_settings`") or error(db_error());
|
||||
@ -322,7 +322,7 @@
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/themes(\/(\w+))?$/', $query, $match)) {
|
||||
if($mod['type'] < $config['mod']['themes']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
|
||||
|
||||
if(!is_dir($config['dir']['themes']))
|
||||
error('Themes directory doesn\'t exist!');
|
||||
@ -476,7 +476,7 @@
|
||||
);
|
||||
}
|
||||
} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
|
||||
if($mod['type'] < $config['mod']['noticeboard_delete']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
|
||||
@ -484,7 +484,7 @@
|
||||
|
||||
header('Location: ?/noticeboard', true, $config['redirect_http']);
|
||||
} elseif(preg_match('/^\/noticeboard$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['noticeboard']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
|
||||
|
||||
$body = '';
|
||||
|
||||
@ -553,7 +553,7 @@
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
|
||||
if($mod['type'] < $config['mod']['noticeboard_delete']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("DELETE FROM `news` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
|
||||
@ -744,7 +744,7 @@
|
||||
);
|
||||
}
|
||||
} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
|
||||
if($mod['type'] < $config['mod']['create_pm']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
|
||||
|
||||
$to = &$match[1];
|
||||
|
||||
@ -826,7 +826,7 @@
|
||||
);
|
||||
}
|
||||
} elseif(preg_match('/^\/search$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['search']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']);
|
||||
|
||||
$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
|
||||
'<p><label style="display:inline" for="search">Phrase:</label> ' .
|
||||
@ -920,9 +920,9 @@
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/users$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['manageusers']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']);
|
||||
|
||||
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Last action</th><th>…</th></tr>';
|
||||
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Boards</th><th>Last action</th><th>…</th></tr>';
|
||||
|
||||
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
|
||||
while($_mod = $query->fetch()) {
|
||||
@ -941,6 +941,10 @@
|
||||
'</td>' .
|
||||
|
||||
'<td>' .
|
||||
str_replace(',', ', ', $_mod['boards']) .
|
||||
'</td>' .
|
||||
|
||||
'<td>' .
|
||||
($_mod['last'] ?
|
||||
'<span title="' . htmlentities($_mod['action']) . '">' . ago($_mod['last']) . '</span>'
|
||||
: '<em>never</em>') .
|
||||
@ -982,7 +986,7 @@
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/users\/new$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['createusers']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']);
|
||||
|
||||
if(isset($_POST['username']) && isset($_POST['password'])) {
|
||||
if(!isset($_POST['type'])) {
|
||||
@ -1002,15 +1006,36 @@
|
||||
error(sprintf($config['error']['modexists'], $_mod['id']));
|
||||
}
|
||||
|
||||
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type)");
|
||||
$boards = Array();
|
||||
foreach($_POST as $name => $null) {
|
||||
if(preg_match('/^board_(\w+)/', $name, $m))
|
||||
$boards[] = $m[1];
|
||||
}
|
||||
$boards = implode(',', $boards);
|
||||
|
||||
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)");
|
||||
$query->bindValue(':username', $_POST['username']);
|
||||
$query->bindValue(':password', sha1($_POST['password']));
|
||||
$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
|
||||
$query->bindValue(':boards', $boards);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
modLog('Create a new user: "' . $_POST['username'] . '"');
|
||||
}
|
||||
|
||||
$__boards = '<ul style="list-style:none;padding:2px 5px">';
|
||||
$boards = listBoards();
|
||||
foreach($boards as &$_board) {
|
||||
$__boards .= '<li>' .
|
||||
'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"/> ' .
|
||||
'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
|
||||
sprintf($config['board_abbreviation'], $_board['uri']) .
|
||||
' - ' . $_board['title'] .
|
||||
'</label>' .
|
||||
'</li>';
|
||||
}
|
||||
$__boards .= '</ul>';
|
||||
|
||||
$body = '<fieldset><legend>New user</legend>' .
|
||||
|
||||
// Begin form
|
||||
@ -1025,6 +1050,7 @@
|
||||
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
|
||||
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
|
||||
'</td></tr>' .
|
||||
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
|
||||
'</table>' .
|
||||
|
||||
'<input style="margin-top:10px" type="submit" value="Create user" />' .
|
||||
@ -1044,7 +1070,7 @@
|
||||
|
||||
if(isset($matches[2])) {
|
||||
if($matches[3] == 'delete') {
|
||||
if($mod['type'] < $config['mod']['deleteusers']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
@ -1053,7 +1079,7 @@
|
||||
modLog('Deleted user #' . $modID);
|
||||
} else {
|
||||
// Promote/demote
|
||||
if($mod['type'] < $config['mod']['promoteusers']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']);
|
||||
|
||||
if($matches[3] == 'promote') {
|
||||
$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
|
||||
@ -1069,7 +1095,7 @@
|
||||
header('Location: ?/users', true, $config['redirect_http']);
|
||||
} else {
|
||||
// Edit user
|
||||
if($mod['type'] < $config['mod']['editusers'] && $mod['type'] < $config['mod']['change_password']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['editusers']) || !hasPermission($config['mod']['change_password'])) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
@ -1084,8 +1110,16 @@
|
||||
|
||||
if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
|
||||
if(!isset($change_password_only)) {
|
||||
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
|
||||
$query->bindValue(':username', $_POST['username']);
|
||||
$boards = Array();
|
||||
foreach($_POST as $name => $null) {
|
||||
if(preg_match('/^board_(\w+)/', $name, $m))
|
||||
$boards[] = $m[1];
|
||||
}
|
||||
$boards = implode(',', $boards);
|
||||
|
||||
$query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id");
|
||||
$query->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
|
||||
$query->bindValue(':boards', $boards, PDO::PARAM_STR);
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
modLog('Edited login details for user "' . $_mod['username'] . '"');
|
||||
@ -1114,6 +1148,24 @@
|
||||
}
|
||||
}
|
||||
|
||||
$__boards = '<ul style="list-style:none;padding:2px 5px">';
|
||||
$boards = listBoards();
|
||||
$_mod['boards'] = explode(',', $_mod['boards']);
|
||||
foreach($boards as &$_board) {
|
||||
$__boards .= '<li>' .
|
||||
'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"' .
|
||||
(in_array($_board['uri'], $_mod['boards']) ?
|
||||
' checked="checked"'
|
||||
: '') .
|
||||
'/> ' .
|
||||
'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
|
||||
sprintf($config['board_abbreviation'], $_board['uri']) .
|
||||
' - ' . $_board['title'] .
|
||||
'</label>' .
|
||||
'</li>';
|
||||
}
|
||||
$__boards .= '</ul>';
|
||||
|
||||
$body = '<fieldset><legend>Edit user</legend>' .
|
||||
|
||||
// Begin form
|
||||
@ -1129,6 +1181,11 @@
|
||||
|
||||
'</td></tr>' .
|
||||
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
|
||||
|
||||
(isset($change_password_only) ? '' :
|
||||
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
|
||||
) .
|
||||
|
||||
'</table>' .
|
||||
|
||||
'<input type="submit" value="Save changes" />' .
|
||||
@ -1751,10 +1808,11 @@
|
||||
// Redirect
|
||||
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
|
||||
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
|
||||
if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']);
|
||||
// Lock/Unlock
|
||||
|
||||
$boardName = &$matches[1];
|
||||
if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']);
|
||||
|
||||
$post = &$matches[3];
|
||||
// Open board
|
||||
if(!openBoard($boardName))
|
||||
@ -1817,7 +1875,7 @@
|
||||
|
||||
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
|
||||
} elseif(preg_match('/^\/ban$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['ban']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']);
|
||||
// Ban page
|
||||
|
||||
if(isset($_POST['new_ban'])) {
|
||||
@ -1888,7 +1946,7 @@
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
// Delete too
|
||||
if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) {
|
||||
if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) {
|
||||
openBoard($_POST['board']);
|
||||
|
||||
$post = round($_POST['delete']);
|
||||
@ -1938,12 +1996,14 @@
|
||||
header('Location: ?/', true, $config['redirect_http']);
|
||||
}
|
||||
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
|
||||
if($mod['type'] < $config['mod']['ban']) error($config['error']['noaccess']);
|
||||
|
||||
// Ban by post
|
||||
|
||||
$boardName = &$matches[1];
|
||||
if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']);
|
||||
|
||||
$delete = isset($matches[2]) && $matches[2] == '&delete';
|
||||
if($delete && $mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
|
||||
if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
|
||||
|
||||
$post = $matches[3];
|
||||
// Open board
|
||||
@ -1970,7 +2030,7 @@
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P<id>\d+)$/', $query, $matches)) {
|
||||
if($mod['type'] < $config['mod']['remove_notes']) error($config['error']['noaccess']);
|
||||
if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']);
|
||||
|
||||
$ip = $matches[1];
|
||||
$id = $matches['id'];
|
||||
|
Loading…
Reference in New Issue
Block a user