' . $_body . '

' . 'Are you sure you want to do that?' . 'We were unable to serve a confirmation dialog for ' . '?/' . utf8tohtml($uri) . '' . ', probably due to Javascript being disabled.' . '

Confirm

Upgrading seems to have gone okay. You are now at revision ' . $version . '.

(Nothing to display.)

'; for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) { $body .= '[' . ($x + 1) . '] '; } $body .= '

Successfully uninstalled all themes.

Go back to themes.

Successfully rebuilt the ' . $match[1] . ' theme.

Go back to themes.

Successfully uninstalled the ' . $match[1] . ' theme.

Go back to themes.

Successfully installed and built theme.

Go back to themes.

(No themes installed.)

' . _('Name') . '	' . utf8tohtml($theme['name']) . '
' . _('Version') . '	' . utf8tohtml($theme['version']) . '
' . _('Description') . '	' . $theme['description'] . '
' . _('Thumbnail') . '
' . _('Actions') . '	' . ' ' . (isset($themes_in_use[$_theme]) ? _('Reconfigure') : _('Install')) . ' ' . (isset($themes_in_use[$_theme]) ? ' ' . _('Rebuild') . ' ' . ' ' . _('Uninstall') . ' ' : '') . '

' . _('Uninstall all themes.') . '

(' . _('No private messages for you.') . ')

(Mark all as read)

Reply with quote

Message sent successfully to ' . utf8tohtml($to['username']) . '.

(No results.)

'; $boards = array_merge( array(array('uri' => '*', 'title' => 'All') ), listBoards()); foreach($boards as &$_board) { $__boards .= '
• ' . '' . ' ' . ($_board['uri'] == '*' ? '"*"' : sprintf($config['board_abbreviation'], $_board['uri']) ) . ' - ' . $_board['title'] . '' . '
'; } $body = '
New user
' . // Begin form '
' . '' . '' . '' . '' . '' . '
Username
Password
Type	' . ' Janitor ' . ' Mod ' . ' Admin ' . '
Boards	' . $__boards . '
' . '' . // End form '
'; echo Element('page.html', array( 'config'=>$config, 'title'=>'New user', 'body'=>$body ,'mod'=>true ) ); } } elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) { $modID = &$matches[1]; if(isset($matches[2])) { if($matches[3] == 'delete') { if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']); $query = prepare("DELETE FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Deleted user #' . $modID); } else { // Promote/demote if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']); if($matches[3] == 'promote') { $query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id"); $query->bindValue(':admin', ADMIN, PDO::PARAM_INT); } else { $query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id"); $query->bindValue(':janitor', JANITOR, PDO::PARAM_INT); } $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } header('Location: ?/users', true, $config['redirect_http']); } else { // Edit user if(!hasPermission($config['mod']['editusers']) && !hasPermission($config['mod']['change_password'])) error($config['error']['noaccess']); $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$_mod = $query->fetch()) { error($config['error']['404']); } if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true)) error($config['error']['noaccess']); if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) { if(!isset($change_password_only)) { $boards = array(); foreach($_POST as $name => $null) { if(preg_match('/^board_(.+)$/', $name, $m)) $boards[] = $m[1]; } $boards = implode(',', $boards); $query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id"); $query->bindValue(':username', $_POST['username'], PDO::PARAM_STR); $query->bindValue(':boards', $boards, PDO::PARAM_STR); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Edited login details for user "' . $_mod['username'] . '"'); } else { modLog('Changed own password'); } if(!empty($_POST['password'])) { $query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id"); $query->bindValue(':password', sha1($_POST['password'])); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } // Refresh $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$_mod = $query->fetch()) { error($config['error']['404']); } if($_mod['id'] == $mod['id']) { // Changed own password. Update cookies if(!login($_mod['username'], $_mod['password'], false, true)) error(_('Could not re-login after changing password. (?)')); setCookies(); } if(hasPermission($config['mod']['manageusers'])) header('Location: ?/users', true, $config['redirect_http']); else header('Location: ?/', true, $config['redirect_http']); exit; } $__boards = '
'; $boards = array_merge( array(array('uri' => '*', 'title' => 'All') ), listBoards()); $_mod['boards'] = explode(',', $_mod['boards']); foreach($boards as &$_board) { $__boards .= '
• ' . ' ' . '' . ($_board['uri'] == '*' ? '"*"' : sprintf($config['board_abbreviation'], $_board['uri']) ) . ' - ' . $_board['title'] . '' . '
'; } $__boards .= '
'; $body = '
Edit user
' . // Begin form '
' . '' . '' . '' . (isset($change_password_only) ? '' : '' ) . '
Username	' . (isset($change_password_only) ? utf8tohtml($_mod['username']) : '') . '
Password (new; optional)
Boards	' . $__boards . '
' . '' . // End form '
' . // Delete button (hasPermission($config['mod']['deleteusers']) ? '
Delete user
' :'') . '
'; echo Element('page.html', array( 'config'=>$config, 'title'=>'Edit user', 'body'=>$body ,'mod'=>true ) ); } } elseif(preg_match('/^\/reports$/', $query)) { if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']); $body = ''; $reports = 0; $query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($report = $query->fetch()) { $p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri'])); $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); $p_query->execute() or error(db_error($query)); if(!$post = $p_query->fetch()) { // Invalid report (post has since been deleted) $p_query = prepare("DELETE FROM `reports` WHERE `post` = :id"); $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); $p_query->execute() or error(db_error($query)); continue; } $reports++; openBoard($report['uri']); if(!$post['thread']) { $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); } else { $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); } $append_html = '
' . '
---
' . 'Board: ' . sprintf($config['board_abbreviation'], $report['uri']) . '
' . 'Reason: ' . $report['reason'] . '
' . 'Report date: ' . strftime($config['post_date'], $report['time']) . '
' . (hasPermission($config['mod']['show_ip']) ? 'Reported by: ' . $report['ip'] . '
' : '') . '
---
' . (hasPermission($config['mod']['report_dismiss']) ? 'Dismiss | ' : '') . (hasPermission($config['mod']['report_dismiss_ip']) ? 'Dismiss+' : '') . '
'; // Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21 $po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '
')); if(mb_strlen($po->body) + mb_strlen($append_html) > $config['body_truncate_char']) { // still too long. temporarily increase limit in the config $__old_body_truncate_char = $config['body_truncate_char']; $config['body_truncate_char'] = mb_strlen($po->body) + mb_strlen($append_html); } $po->body .= $append_html; $body .= $po->build(true) . '

---

'; if(isset($__old_body_truncate_char)) $config['body_truncate_char'] = $__old_body_truncate_char; } $query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error()); $count = $query->fetch(); $body .= '

Showing ' . ($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.

'; echo Element('page.html', array( 'config'=>$config, 'title'=>_('Report queue') . ' (' . $count['count'] . ')', 'body'=>$body, 'mod'=>true )); } elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) { if(isset($matches[2]) && $matches[2] == '/all') { if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']); $query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($report = $query->fetch()) { $query = prepare("DELETE FROM `reports` WHERE `ip` = :ip"); $query->bindValue(':ip', $report['ip'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Dismissed all reports by ' . $report['ip']); } } else { if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']); $query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($report = $query->fetch()) { modLog('Dismissed a report for post #' . $report['post'], $report['board']); $query = prepare("DELETE FROM `reports` WHERE `post` = :post AND `board` = :board"); $query->bindValue(':board', $report['board'], PDO::PARAM_INT); $query->bindValue(':post', $report['post'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } } // Redirect header('Location: ?/reports', true, $config['redirect_http']); } elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) { if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']); if(!openBoard($matches[1])) error($config['error']['noboard']); if(isset($matches[2]) && $matches[2] == '/delete') { if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']); // Delete board modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri'])); // Delete entire board directory rrmdir($board['uri'] . '/'); // Delete posting table $query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error()); // Clear reports $query = prepare("DELETE FROM `reports` WHERE `board` = :id"); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); // Delete from table $query = prepare("DELETE FROM `boards` WHERE `id` = :id"); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) { cache::delete('board_' . $board['uri']); cache::delete('all_boards'); } $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); while($cite = $query->fetch()) { if($board['uri'] != $cite['board']) { if(!isset($tmp_board)) $tmp_board = $board; openBoard($cite['board']); rebuildPost($cite['post']); } } if(isset($tmp_board)) $board = $tmp_board; $query = prepare("DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); $_board = $board; rebuildThemes('boards'); $board = $_board; header('Location: ?/', true, $config['redirect_http']); } else { if(isset($_POST['title']) && isset($_POST['subtitle'])) { $query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id"); $query->bindValue(':title', utf8tohtml($_POST['title'], true)); if(!empty($_POST['subtitle'])) $query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true)); else $query->bindValue(':subtitle', null, PDO::PARAM_NULL); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) { cache::delete('board_' . $board['uri']); cache::delete('all_boards'); } $_board = $board; rebuildThemes('boards'); $board = $_board; openBoard($board['uri']); } $body = '
' . sprintf($config['board_abbreviation'], $board['uri']) . '' . ' - ' . $board['name'] . '
' . // Begin form '
' . '' . '' . '' . '' . '
URI	' . $board['uri'] . '
Title
Subtitle
' . '' . // End form '
' . // Delete button (hasPermission($config['mod']['deleteboard']) ? '
Delete board
' :'') . '
'; echo Element('page.html', array( 'config'=>$config, 'title'=>'Manage – ' . sprintf($config['board_abbreviation'], $board['uri']), 'body'=>$body, 'mod'=>true )); } } elseif(preg_match('/^\/bans$/', $query)) { if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']); if(isset($_POST['unban'])) { if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']); foreach($_POST as $post => $value) { if(preg_match('/^ban_(\d+)$/', $post, $m)) { removeBan($m[1]); } } } if(hasPermission($config['mod']['view_banexpired'])) { $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); } else { // Filter out expired bans $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); } if($query->rowCount() < 1) { $body = '

(There are no active bans.)

'; } else { $body = '
'; $body .= ''; while($ban = $query->fetch()) { $body .= '' . '' . // Reason '' . '' . // Set '' . // Expires '' . // Staff '' . ''; } $body .= '
' . _('IP address') . '	' . _('Reason') . '	' . _('Board') . '	' . _('Set') . '	' . _('Expires') . '	' . _('Staff') . '
' . // Checkbox ' ' . // IP address (preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ? ''. $ban['ip'] . '' : utf8tohtml($ban['ip'])) . '	' . ($ban['reason'] ? $ban['reason'] : '-') . '	' . (isset($ban['uri']) ? sprintf($config['board_abbreviation'], $ban['uri']) : '' . _('all boards') . '' ) . '	' . strftime($config['post_date'], $ban['set']) . '	' . ($ban['expires'] == 0 ? 'Never' : strftime($config['post_date'], $ban['expires']) ) . '	' . (isset($ban['username']) ? (!hasPermission($config['mod']['view_banstaff']) ? ($config['mod']['view_banquestionmark'] ? '?' : ($ban['type'] == JANITOR ? 'Janitor' : ($ban['type'] == MOD ? 'Mod' : ($ban['type'] == ADMIN ? 'Admin' : '?'))) ) : utf8tohtml($ban['username']) ) : 'deleted?' ) . '
' . (hasPermission($config['mod']['unban']) ? '
' : '') . '
'; } echo Element('page.html', array( 'config'=>$config, 'title'=>_('Ban list'), 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/flush$/', $query)) { if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); if(!$config['cache']['enabled']) error(_('Cache is not enabled.')); if(cache::flush()) { $body = 'Successfully invalidated all items in cache.'; modLog('Cleared cache'); } else { $body = 'An error occured while trying to flush cache.'; } echo Element('page.html', array( 'config'=>$config, 'title'=>'Flushed', 'body'=>'

' . $body . '

', 'mod'=>true )); } elseif(preg_match('/^\/rebuild$/', $query)) { if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); set_time_limit($config['mod']['rebuild_timelimit']); $body = '

Rebuilding…

'; $body .= 'Clearing template cache…
'; load_twig(); $twig->clearCacheFiles(); $body .= 'Regenerating theme files…
'; rebuildThemes('all'); $body .= 'Generating Javascript file…
'; buildJavascript(); $main_js = $config['file_script']; $boards = listBoards(); foreach($boards as &$board) { $body .= "Opening board /{$board['uri']}/
"; openBoard($board['uri']); $body .= 'Creating index pages
'; buildIndex(); if($config['file_script'] != $main_js) { // different javascript file $body .= 'Generating Javascript file…
'; buildJavascript(); } $query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); while($post = $query->fetch()) { $body .= "Rebuilding #{$post['id']}
"; buildThread($post['id']); } } $body .= 'Complete!

'; unset($board); modLog('Rebuilt everything'); echo Element('page.html', array( 'config'=>$config, 'title'=>'Rebuilt', 'body'=>$body, 'mod'=>true )); } elseif(preg_match('/^\/config\/edit$/', $query)) { if(!hasPermission($config['mod']['edit_config'])) error($config['error']['noaccess']); // TODO: display "unset variables" // $config_file = file_get_contents('inc/config.php'); // preg_match_all('/\$config\[\'(\w+)\']/', $config_file, $matches); // $config_variables = array_unique($matches[1]); $body = '
' . _('Configuration') . '
'; $var_force_string = array('blotter'); $var_system = array('version'); if(isset($_POST['save_changes'])) { $config_append = ''; foreach($config as $name => $original_value) { if(in_array($name, $var_system)) continue; $type = gettype($original_value); if($type == 'array' || $type == 'NULL') continue; if($type == 'boolean' && in_array($name, $var_force_string)) $type = 'string'; if(!isset($_POST[$name]) && $type != 'boolean') continue; if($type == 'boolean') $value = isset($_POST[$name]); else $value = $_POST[$name]; if($value != $original_value) { // value has been changed $config_append .= "\$config['" . addslashes($name) . "'] = "; if($type == 'boolean') $config_append .= $value ? 'true' : 'false'; elseif($type == 'integer') $config_append .= (int)$value; elseif($type == 'string') $config_append .= '\'' . addslashes($value) . '\''; $config_append .= ";\n"; } } if(!empty($config_append)) { $config_append = "\n// Changes made via web editor by \"" . $mod['username'] . "\" @ " . date('r') . ":\n" . $config_append . "\n"; if(@file_put_contents('inc/instance-config.php', $config_append, FILE_APPEND)) { header('Location: ?/config' . $b['uri'], true, $config['redirect_http']); exit; } else { $config_append = htmlentities($config_append); if($config['minify_html']) $config_append = str_replace("\n", ' ', $config_append); $page = array(); $page['title'] = 'Cannot write to file!'; $page['config'] = $config; $page['body'] = '
Tinyboard could not write to inc/instance-config.php with the ammended configuration, probably due to a permissions error.
You may proceed with these changes manually by copying and pasting the following code to the bottom of inc/instance-config.php:
' . $config_append . ' '; echo Element('page.html', $page); exit; } } } foreach($config as $name => $value) { $body .= ''; $body .= ''; $type = gettype($value); if($type == 'array') { $body .= ''; } else { if($type == 'string' || $type == 'integer') { $body .= ''; } elseif($type == 'boolean') { if(in_array($name, $var_force_string)) $body .= ''; else $body .= ''; } else { $body .= ''; } } $body .= ''; } $body .= '
' . utf8tohtml($name) . '	[edit]' . '				' . utf8tohtml($value) . '
'; echo Element('page.html', array( 'config'=>$config, 'title'=>_('Configuration'), 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/config$/', $query)) { if(!hasPermission($config['mod']['show_config'])) error($config['error']['noaccess']); // Show instance-config.php $data = ''; function do_array_part($array, $prefix = '') { global $data, $config; foreach($array as $name => $value) { if(is_array($value)) { do_array_part($value, $prefix . $name . ' → '); } else { if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') { $value = 'hidden'; } elseif(gettype($value) == 'boolean') { $value = $value ? 'On' : 'Off'; } elseif(gettype($value) == 'string') { if(empty($value)) $value = 'empty'; else $value = '' . utf8tohtml(substr($value, 0, 110) . (mb_strlen($value) > 110 ? '…' : '')) . ''; } elseif(gettype($value) == 'integer') { $value = '' . $value . ''; } elseif(is_object($value) && get_class($value) == 'Closure') { $value = '[callback]'; } $data .= '' . $prefix . (gettype($name) == 'integer' ? '[]' : utf8tohtml($name)) . '' . $value . ''; } } } do_array_part($config); $body = (hasPermission($config['mod']['edit_config']) ? '

' . '[Edit using web editor]' : '') . '

' . _('Configuration') . '
' . $data . '
'; echo Element('page.html', array( 'config'=>$config, 'title'=>_('Configuration'), 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/new$/', $query)) { if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']); // New board $body = ''; if(isset($_POST['new_board'])) { // Create new board if( !isset($_POST['uri']) || !isset($_POST['title']) || !isset($_POST['subtitle']) ) error($config['error']['missedafield']); $b = array( 'uri' => $_POST['uri'], 'title' => $_POST['title'], 'subtitle' => $_POST['subtitle'] ); // HTML characters $b['title'] = utf8tohtml($b['title'], true); $b['subtitle'] = utf8tohtml($b['subtitle'], true); // Check required fields if(empty($b['uri'])) error(sprintf($config['error']['required'], 'URI')); if(empty($b['title'])) error(sprintf($config['error']['required'], 'title')); if(!preg_match('/^\w+$/', $b['uri'])) error(sprintf($config['error']['invalidfield'], 'URI')); if(openBoard($b['uri'])) { unset($board); error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri']))); } $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); $query->bindValue(':uri', $b['uri']); $query->bindValue(':title', $b['title']); if(!empty($b['subtitle'])) { $query->bindValue(':subtitle', $b['subtitle']); } else { $query->bindValue(':subtitle', null, PDO::PARAM_NULL); } $query->execute() or error(db_error($query)); // Record the action modLog("Created a new board: {$b['title']}"); // Open the board openBoard($b['uri']) or error(_("Couldn't open board after creation.")); // Create the posts table query(Element('posts.sql', array('board' => $board['uri']))) or error(db_error()); if($config['cache']['enabled']) cache::delete('all_boards'); // Build the board buildIndex(); rebuildThemes('boards'); header('Location: ?/board/' . $b['uri'], true, $config['redirect_http']); } else { $body .= form_newBoard(); // TODO: Statistics, etc, in the dashboard. echo Element('page.html', array( 'config'=>$config, 'title'=>'New board', 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) { // Board index $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2]; if(!$page = index($page_no, $mod)) { error($config['error']['404']); } $page['pages'] = getPages(true); $page['pages'][$page_no-1]['selected'] = true; $page['btn'] = getPageButtons($page['pages'], true); $page['mod'] = true; echo Element('index.html', $page); } elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) { // View thread $boardName = &$matches[1]; $thread = &$matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $page = buildThread($thread, true, $mod); echo $page; } elseif(preg_match('/^\/' . $regex['board'] . 'edit\/(\d+)$/', $query, $matches)) { // Edit post body $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['editpost'], $boardName)) error($config['error']['noaccess']); $postID = &$matches[2]; $query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $post = $query->fetch() or error($config['error']['invalidpost']); if(isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) { if(mb_strlen($_POST['subject']) > 100) error(sprintf($config['error']['toolong'], 'subject')); $body = $_POST['body']; $body_nomarkup = $body; wordfilters($body); $tracked_cites = markup($body, true); $query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post"); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->bindValue(':body', $body); $query->bindValue(':body_nomarkup', $body_nomarkup); $query->bindValue(':subject', utf8tohtml($_POST['subject'])); $query->execute() or error(db_error($query)); if(isset($tracked_cites)) { foreach($tracked_cites as $cite) { $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $postID, PDO::PARAM_INT); $query->bindValue(':target_board',$cite[0]); $query->bindValue(':target', $cite[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } } // Record the action modLog("Edited post #{$postID}"); buildThread($post['thread'] ? $post['thread'] : $postID); // Rebuild board buildIndex(); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); exit; } $post['body_nomarkup'] = utf8tohtml($post['body_nomarkup']); if($config['minify_html']) $post['body_nomarkup'] = str_replace("\n", ' ', $post['body_nomarkup']); $body = '
' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '
Name	' . utf8tohtml($post['name']) . '
Subject	' . '' . '' . '
Body	' . '' . $post['body_nomarkup'] . '' . '
' . '
'; echo Element('page.html', array( 'config' => $config, 'body' => $body, 'title' => 'Edit Post #' . $postID )); } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { // Delete file from post $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['deletefile'], $boardName)) error($config['error']['noaccess']); $post = &$matches[2]; // Delete post deleteFile($post); // Record the action modLog("Removed file from post #{$post}"); // Rebuild board buildIndex(); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { // Delete post $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); $post = &$matches[2]; // Delete post deletePost($post); // Record the action modLog("Deleted post #{$post}"); // Rebuild board buildIndex(); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { // Add/remove sticky $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['sticky'], $boardName)) error($config['error']['noaccess']); $post = &$matches[3]; $query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unstickied post #{$post}"); $query->bindValue(':sticky', 0, PDO::PARAM_INT); } else { // Record the action modLog("Stickied post #{$post}"); $query->bindValue(':sticky', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { // Lock/Unlock $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']); $post = &$matches[3]; $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unlocked post #{$post}"); $query->bindValue(':locked', 0, PDO::PARAM_INT); } else { // Record the action modLog("Locked post #{$post}"); $query->bindValue(':locked', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'bump(un)?lock\/(\d+)$/', $query, $matches)) { // Lock/Unlock $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['bumplock'], $boardName)) error($config['error']['noaccess']); $post = &$matches[3]; $query = prepare(sprintf("UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unbumplocked post #{$post}"); $query->bindValue(':bumplocked', 0, PDO::PARAM_INT); } else { // Record the action modLog("Bumplocked post #{$post}"); $query->bindValue(':bumplocked', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)(\/global)?$/', $query, $matches)) { // Delete all posts by an IP $boardName = &$matches[1]; $post = &$matches[2]; $global = isset($matches[3]) && $matches[3] == '/global'; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); if(!$post = $query->fetch()) error($config['error']['invalidpost']); $ip = $post['ip']; if($global) $boards = listBoards(); else $boards = array(array('uri' => $board['uri'])); $query = ''; foreach($boards as $_board) { $query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']); } $query = preg_replace('/UNION ALL $/', '', $query); $query = prepare($query); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) error($config['error']['invalidpost']); $boards = array(); while($post = $query->fetch()) { openBoard($post['board']); $boards[] = $post['board']; deletePost($post['id'], false); } foreach($boards as &$_board) { openBoard($_board); buildIndex(); } // Record the action modLog("Deleted all posts by IP address: {$ip}"); header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/ban$/', $query)) { if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']); // Ban page if(isset($_POST['new_ban'])) { if( !isset($_POST['ip']) || !isset($_POST['reason']) || !isset($_POST['length']) || !isset($_POST['board_id']) ) error($config['error']['missedafield']); // Check required fields if(empty($_POST['ip'])) error(sprintf($config['error']['required'], 'IP address')); $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)"); // 1yr2hrs30mins // 1y2h30m $expire = 0; if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { if(isset($m[2])) { // Years $expire += $m[2]*60*60*24*365; } if(isset($m[4])) { // Months $expire += $m[4]*60*60*24*30; } if(isset($m[6])) { // Weeks $expire += $m[6]*60*60*24*7; } if(isset($m[8])) { // Days $expire += $m[8]*60*60*24; } if(isset($m[10])) { // Hours $expire += $m[10]*60*60; } if(isset($m[12])) { // Minutes $expire += $m[12]*60; } if(isset($m[14])) { // Seconds $expire += $m[14]; } } if($expire) { $query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); } else { // Never expire $query->bindValue(':expires', null, PDO::PARAM_NULL); } $query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':set', time(), PDO::PARAM_INT); if(!empty($_POST['reason'])) { $reason = $_POST['reason']; markup($reason); $query->bindValue(':reason', $reason, PDO::PARAM_STR); } else { $query->bindValue(':reason', null, PDO::PARAM_NULL); } if($_POST['board_id'] < 0) { $query->bindValue(':board', null, PDO::PARAM_NULL); } else { $query->bindValue(':board', (int)$_POST['board_id'], PDO::PARAM_INT); } // Record the action modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason')); $query->execute() or error(db_error($query)); if(isset($_POST['board'])) openBoard($_POST['board']); // Delete too if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) { $post = round($_POST['delete']); deletePost($post); // Record the action modLog("Deleted post #{$post}"); // Rebuild board buildIndex(); } if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) { $post = round($_POST['post']); $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message']))); $query->execute() or error(db_error($query)); // Rebuild thread $query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $thread = $query->fetch(); if($thread['thread']) buildThread($thread['thread']); else buildThread($post); // Rebuild board buildIndex(); // Record the action modLog("Attached a public ban message for post #{$post}: " . $_POST['message']); } // Redirect if(isset($_POST['continue'])) header('Location: ' . $_POST['continue'], true, $config['redirect_http']); elseif(isset($board)) header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); else header('Location: ?/', true, $config['redirect_http']); } } elseif(preg_match('/^\/' . $regex['board'] . 'move\/(\d+)$/', $query, $matches)) { $boardName = &$matches[1]; $postID = $matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['move'], $boardName)) error($config['error']['noaccess']); if(isset($_POST['board'])) { $targetBoard = $_POST['board']; $shadow = isset($_POST['shadow']); if($targetBoard == $boardName) error(_("Target and source board are the same.")); // copy() if leaving a shadow thread behind. otherwise, rename(). $clone = $shadow ? 'copy' : 'rename'; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$post = $query->fetch()) { error($config['error']['nonexistant']); } $post['op'] = true; if($post['file']) { $post['has_file'] = true; $post['width'] = &$post['filewidth']; $post['height'] = &$post['fileheight']; $file_src = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; $file_thumb = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; } else $post['has_file'] = false; // allow thread to keep its same traits (stickied, locked, etc.) $post['mod'] = true; if(!openBoard($targetBoard)) error($config['error']['noboard']); $newID = post($post); if($post['has_file']) { $clone($file_src, sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); $clone($file_thumb, sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); } // move replies too... openBoard($boardName); $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $replies = array(); while($post = $query->fetch()) { $post['mod'] = true; $post['thread'] = $newID; if($post['file']) { $post['has_file'] = true; $post['width'] = &$post['filewidth']; $post['height'] = &$post['fileheight']; $post['file_src'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; $post['file_thumb'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; } else $post['has_file'] = false; $replies[] = $post; } $newIDs = array($postID => $newID); openBoard($targetBoard); foreach($replies as &$post) { $query = prepare("SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post"); $query->bindValue(':board', $boardName); $query->bindValue(':post', $post['id'], PDO::PARAM_INT); $query->execute() or error(db_error($qurey)); while($cite = $query->fetch(PDO::FETCH_ASSOC)) { if(isset($newIDs[$cite['target']])) { $post['body_nomarkup'] = preg_replace( '/(>>(>\/' . preg_quote($boardName, '/') . '\/)?)' . preg_quote($cite['target'], '/') . '/', '>>' . $newIDs[$cite['target']], $post['body_nomarkup']); $post['body'] = $post['body_nomarkup']; } } $post['op'] = false; $post['tracked_cites'] = markup($post['body'], true); $newIDs[$post['id']] = $newPostID = post($post); if($post['has_file']) { $clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); $clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); } foreach($post['tracked_cites'] as $cite) { $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $newPostID, PDO::PARAM_INT); $query->bindValue(':target_board',$cite[0]); $query->bindValue(':target', $cite[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } } // build thread buildThread($newID); buildIndex(); // trigger themes rebuildThemes('post'); openBoard($boardName); if($shadow) { // lock thread $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $post = array( 'mod' => true, 'subject' => '', 'email' => '', 'name' => $config['mod']['shadow_name'], 'capcode' => $config['mod']['shadow_capcode'], 'trip' => '', 'body' => sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID), 'password' => '', 'has_file' => false, // attach to original thread 'thread' => $postID, 'op' => false ); markup($post['body']); $botID = post($post); buildThread($postID); header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $postID) . '#' . $botID, true, $config['redirect_http']); } else { deletePost($postID); buildIndex(); openBoard($targetBoard); header('Location: ?/' . sprintf($config['board_path'], $board['uri']) . $config['dir']['res'] . sprintf($config['file_page'], $newID), true, $config['redirect_http']); } } else { $body = '
Move thread
' . '
' . '' ; $boards = listBoards(); if(count($boards) <= 1) error(_('No board to move to; there is only one.')); $__boards = ''; foreach($boards as &$_board) { if($_board['uri'] == $board['uri']) continue; $__boards .= '
' . '' . ' ' . sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . '' . '
'; } $body .= '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '
Thread ID
Leave shadow thread	' . '' . ' (locks thread; replies to it with a link.)' . '
Target board	' . $__boards . '
' . '
'; echo Element('page.html', array( 'config'=>$config, 'title'=>'Move #' . $postID, 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { // Ban by post $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']); $delete = isset($matches[2]) && $matches[2] == '&delete'; if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); $post = $matches[3]; $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { error($config['error']['invalidpost']); } $post = $query->fetch(); $body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete); echo Element('page.html', array( 'config'=>$config, 'title'=>'New ban', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P\d+)$/', $query, $matches)) { if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']); $ip = $matches[1]; $id = $matches['id']; $query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id"); $query->bindValue(':ip', $ip); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); header('Location: ?/IP/' . $ip, true, $config['redirect_http']); } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) { // View information on an IP address $ip = $matches[1]; $host = $config['mod']['dns_lookup'] ? rDNS($ip) : false; if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) { removeBan($_POST['ban_id']); header('Location: ?/IP/' . $ip, true, $config['redirect_http']); } elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) { $query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)"); $query->bindValue(':ip', $ip); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':time', time(), PDO::PARAM_INT); markup($_POST['note']); $query->bindValue(':body', $_POST['note']); $query->execute() or error(db_error($query)); header('Location: ?/IP/' . $ip, true, $config['redirect_http']); } else { $body = ''; $boards = listBoards(); foreach($boards as &$_board) { openBoard($_board['uri']); $temp = ''; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); $query->bindValue(':ip', $ip); $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($post = $query->fetch()) { if(!$post['thread']) { $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); } else { $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); } $temp .= $po->build(true) . '

---

'; } if(!empty($temp)) $body .= '
Last ' . $query->rowCount() . ' posts on ' . sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . '
' . $temp . '
'; } if(hasPermission($config['mod']['view_notes'])) { $query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) { $body .= '
' . $query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . '
'; if($query->rowCount() > 0) { $body .= '' . '' . (hasPermission($config['mod']['remove_notes']) ? '' : '') . ''; while($note = $query->fetch()) { if($note['mod']) { $_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); $_query->bindValue(':id', $note['mod']); $_query->execute() or error(db_error($_query)); if($_mod = $_query->fetch()) { $staff = '' . utf8tohtml($_mod['username']) . ''; } else { $staff = '???'; } } else { $staff = 'system'; } $body .= '' . '' . (hasPermission($config['mod']['remove_notes']) ? '' : '') . ''; } $body .= '
Staff	Note	Date	Actions
' . $staff . '	' . $note['body'] . '	' . strftime($config['post_date'], $note['time']) . '	[delete]
'; } if(hasPermission($config['mod']['create_notes'])) { $body .= '
' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '
Staff	' . $mod['username'] . '
Note
' . '
'; } $body .= '
'; } } if(hasPermission($config['mod']['view_ban'])) { $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() > 0) { $body .= '
Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record
'; while($ban = $query->fetch()) { $body .= '
' . '' . // IP '' . // Reason '' . // Board '' . // Set '' . // Expires '' . // Staff '
Status	' . ($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ? 'Expired' : 'Active') . '
IP	' . $ban['ip'] . '
Reason	' . $ban['reason'] . '
Board	' . (isset($ban['board']) ? (isset($ban['uri']) ? sprintf($config['board_abbreviation'], $ban['uri']) : 'deleted?' ) : '' . _('all boards') . '' ) . '
Set	' . strftime($config['post_date'], $ban['set']) . '
Expires	' . ($ban['expires'] == 0 ? 'Never' : strftime($config['post_date'], $ban['expires']) ) . '
Staff	' . (isset($ban['username']) ? (!hasPermission($config['mod']['view_banstaff']) ? ($config['mod']['view_banquestionmark'] ? '?' : ($ban['type'] == JANITOR ? 'Janitor' : ($ban['type'] == MOD ? 'Mod' : ($ban['type'] == ADMIN ? 'Admin' : '?'))) ) : utf8tohtml($ban['username']) ) : 'deleted?' ) . '
' . '' . '
'; } $body .= '
'; } } if(hasPermission($config['mod']['ip_banform'])) $body .= form_newBan($ip, null, '?/IP/' . $ip); echo Element('page.html', array( 'config'=>$config, 'title'=>'IP: ' . $ip, 'subtitle' => $host, 'body'=>$body, 'mod'=>true ) ); } } else { error($config['error']['404']); } }