str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')), 'img' => preg_quote($config['dir']['img'], '/'), 'thumb' => preg_quote($config['dir']['thumb'], '/'), 'res' => preg_quote($config['dir']['res'], '/'), 'index' => preg_quote($config['file_index'], '/') ); if(preg_match('/^\/?$/', $query)) { // Dashboard $fieldset = Array( 'Boards' => '', 'Noticeboard' => '', 'Administration' => '', 'Search' => '', 'Logout' => '' ); // Boards $fieldset['Boards'] .= ulBoards(); if($mod['type'] >= $config['mod']['noticeboard']) { $query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); $fieldset['Noticeboard'] .= '
  • '; $_body = ''; while($notice = $query->fetch()) { $m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); $m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT); $m_query->execute() or error(db_error($m_query)); if(!$_mod = $m_query->fetch()) { $_mod = Array('username' => '???'); } $_body .= '
  • ' . ($notice['subject'] ? $notice['subject'] : 'no subject' ) . ' — by ' . $_mod['username'] . ' at ' . date($config['post_date'], $notice['time']) . '
  • '; } if(!empty($_body)) { $fieldset['Noticeboard'] .= '
  • '; } $fieldset['Noticeboard'] .= 'View all entires
  • '; } if($mod['type'] >= $config['mod']['reports']) { $fieldset['Administration'] .= '
  • Report queue
  • '; } if($mod['type'] >= $config['mod']['view_banlist']) { $fieldset['Administration'] .= '
  • Ban list
  • '; } if($mod['type'] >= $config['mod']['manageusers']) { $fieldset['Administration'] .= '
  • Manage users
  • '; } if($mod['type'] >= $config['mod']['modlog']) { $fieldset['Administration'] .= '
  • Moderation log
  • '; } if($mod['type'] >= $config['mod']['rebuild']) { $fieldset['Administration'] .= '
  • Rebuild static files
  • '; } if($mod['type'] >= $config['mod']['show_config']) { $fieldset['Administration'] .= '
  • Show configuration
  • '; } if($mod['type'] >= $config['mod']['search']) { $fieldset['Search'] .= '
  • ' . ' ' . '' . '' . '
    ' . '

    (Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)

    ' . '
  • '; } $fieldset['Logout'] .= '
  • Logout
  • '; // TODO: Statistics, etc, in the dashboard. $body = ''; foreach($fieldset as $title => $data) { if($data) $body .= "
    {$title}
    "; } echo Element('page.html', Array( 'config'=>$config, 'title'=>'Dashboard', 'body'=>$body, '__mod'=>true ) ); } elseif(preg_match('/^\/logout$/', $query)) { destroyCookies(); header('Location: ?/', true, $config['redirect_http']); } elseif(preg_match('/^\/log$/', $query)) { if($mod['type'] < $config['mod']['modlog']) error($config['error']['noaccess']); $boards = Array(); $_boards = listBoards(); foreach($_boards as &$_b) { $boards[$_b['id']] = $_b['uri']; } $body = ''; $query = prepare("SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($log = $query->fetch()) { $log['text'] = htmlentities($log['text']); $log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '$1', $log['text']); $body .= '' . '' . '' . '' . '' : 'deleted?') : '-') . '' . ''; } $body .= '
    UserIP addressAgoBoardAction
    ' . $log['username'] . '' . $log['ip'] . '' . ago($log['time']) . '' . ($log['board'] ? (isset($boards[$log['board']]) ? '' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . '' . $log['text'] . '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Moderation log', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) { if($mod['type'] < $config['mod']['noticeboard_delete']) error($config['error']['noaccess']); $query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id"); $query->bindValue(':id', $match[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); header('Location: ?/noticeboard', true, $config['redirect_http']); } elseif(preg_match('/^\/noticeboard$/', $query)) { if($mod['type'] < $config['mod']['noticeboard']) error($config['error']['noaccess']); $body = ''; if($mod['type'] >= $config['mod']['noticeboard_post']) { if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { $query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)"); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindvalue(':time', time(), PDO::PARAM_INT); $query->bindValue(':subject', utf8tohtml($_POST['subject'])); markup($_POST['body']); $query->bindValue(':body', $_POST['body']); $query->execute() or error(db_error($query)); } $body .= '
    New post
    ' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '
    ' . $mod['username'] . '
    Subject
    Body
    ' . '
    '; } $query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($notice = $query->fetch()) { $m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); $m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT); $m_query->execute() or error(db_error($m_query)); if(!$_mod = $m_query->fetch()) { $_mod = Array('username' => '???'); } $body .= '
    ' . ($mod['type'] >= $config['mod']['noticeboard_delete'] ? '[delete]' : '') . '

    ' . ($notice['subject'] ? $notice['subject'] : 'no subject' ) . ' — by ' . $_mod['username'] . ' at ' . date($config['post_date'], $notice['time']) . '

    ' . $notice['body'] . '

    '; } echo Element('page.html', Array( 'config'=>$config, 'title'=>'Noticeboard', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) { $id = $match[1]; $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$pm = $query->fetch()) { // Mod doesn't exist error($config['error']['404']); } if(isset($_POST['delete'])) { $query = prepare("DELETE FROM `pms` WHERE `id` = :id"); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Deleted a PM'); header('Location: ?/', true, $config['redirect_http']); } else { $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id"); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Read a PM'); $body = '
    ' . '' . '' . '
    From' . ($mod['type'] >= $config['mod']['editusers'] ? '' . htmlentities($pm['username']) . '' : htmlentities($pm['username']) ) . '
    Date ' . date($config['post_date'], $pm['time']) . '
    Message ' . $pm['message'] . '
    ' . '

    ' . '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Private message', 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/new_PM\/(\d+)$/', $query, $match)) { if($mod['type'] < $config['mod']['create_pm']) error($config['error']['noaccess']); $to = $match[1]; $query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $to, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$to = $query->fetch()) { // Mod doesn't exist error($config['error']['404']); } if(isset($_POST['message'])) { // Post message $message = $_POST['message']; if(empty($message)) error($config['error']['tooshort_body']); markup($message); $query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)"); $query->bindValue(':sender', $mod['id'], PDO::PARAM_INT); $query->bindValue(':to', $to['id'], PDO::PARAM_INT); $query->bindValue(':message', $message); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Sent a PM to ' . $to['username']); echo Element('page.html', Array( 'config'=>$config, 'title'=>'PM sent', 'body'=>'

    Message sent successfully to ' . htmlentities($to['username']) . '.

    ', 'mod'=>true ) ); } else { $body = '
    ' . '' . '' . '' . '
    To' . ($mod['type'] >= $config['mod']['editusers'] ? '' . htmlentities($to['username']) . '' : htmlentities($to['username']) ) . '
    Message
    ' . '

    ' . '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'New PM for ' . htmlentities($to['username']), 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/search$/', $query)) { if($mod['type'] < $config['mod']['search']) error($config['error']['noaccess']); $body = '

    Search

    ' . '

    ' . '' . '' . '

    ' . '

    (Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)

    ' . '
    '; if(isset($_POST['search']) && !empty($_POST['search'])) { $phrase = $_POST['search']; $_body = ''; // Escape escape character $phrase = str_replace('!', '!!', $phrase); // Remove SQL wildcard $phrase = str_replace('%', '!%', $phrase); // Use asterisk as wildcard to suit convention $phrase = str_replace('*', '%', $phrase); $like = ''; $match = Array(); // Find exact phrases if(preg_match_all('/"(.+?)"/', $phrase, $m)) { foreach($m[1] as &$quote) { $phrase = str_replace("\"{$quote}\"", '', $phrase); $match[] = $pdo->quote($quote); } } $words = explode(' ', $phrase); foreach($words as &$word) { if(empty($word)) continue; $match[] = $pdo->quote($word); } $like = ''; foreach($match as &$phrase) { if(!empty($like)) $like .= ' AND '; $phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase); $like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\''; } $like = str_replace('%', '%%', $like); $boards = listBoards(); foreach($boards as &$_b) { openBoard($_b['uri']); $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); $query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); $temp = ''; while($post = $query->fetch()) { if(!$post['thread']) { $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], '?/', $mod, false); } else { $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], '?/', $mod); } $temp .= $po->build(true) . '
    '; } if(!empty($temp)) $_body .= '
    ' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on ' . sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] . '' . $temp . '
    '; } $body .= '
    '; if(!empty($_body)) $body .= $_body; else $body .= '

    (No results.)

    '; } echo Element('page.html', Array( 'config'=>$config, 'title'=>'Search', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/users$/', $query)) { if($mod['type'] < $config['mod']['manageusers']) error($config['error']['noaccess']); $body = '
    '; $query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error()); while($_mod = $query->fetch()) { $type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin'); $body .= '' . '' . '' . '' . '' . ''; } $body .= '
    IDUsernameTypeLast action
    ' . $_mod['id'] . '' . $_mod['username'] . '' . $type . '' . ($_mod['last'] ? '' . ago($_mod['last']) . '' : 'never') . '' . ($mod['type'] >= $config['mod']['promoteusers'] ? ($_mod['type'] != ADMIN ? '' :'') . ($_mod['type'] != JANITOR ? '' :'') : '' ) . ($mod['type'] >= $config['mod']['editusers'] || ($mod['type'] >= $config['mod']['change_password'] && $_mod['id'] == $mod['id'])? '[edit]' : '' ) . ($mod['type'] >= $config['mod']['create_pm'] ? '[PM]' : '' ) . '
    '; if($mod['type'] >= $config['mod']['createusers']) { $body .= '

    Create new user

    '; } $body .= '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Manage users', 'body'=>$body ,'mod'=>true ) ); } elseif(preg_match('/^\/users\/new$/', $query)) { if($mod['type'] < $config['mod']['createusers']) error($config['error']['noaccess']); if(isset($_POST['username']) && isset($_POST['password'])) { if(!isset($_POST['type'])) { error(sprintf($config['error']['required'], 'type')); } if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) { error(sprintf($config['error']['invalidfield'], 'type')); } // Check if already exists $query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username"); $query->bindValue(':username', $_POST['username']); $query->execute() or error(db_error($query)); if($_mod = $query->fetch()) { error(sprintf($config['error']['modexists'], $_mod['id'])); } $query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type)"); $query->bindValue(':username', $_POST['username']); $query->bindValue(':password', sha1($_POST['password'])); $query->bindValue(':type', $_POST['type'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Create a new user: "' . $_POST['username'] . '"'); } $body = '
    New user' . // Begin form '
    ' . '' . '' . '' . '' . '
    Username
    Password
    Type' . '
    ' . '
    ' . '
    ' . '
    ' . '' . // End form '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'New user', 'body'=>$body ,'mod'=>true ) ); } elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) { $modID = $matches[1]; if(isset($matches[2])) { if($matches[3] == 'delete') { if($mod['type'] < $config['mod']['deleteusers']) error($config['error']['noaccess']); $query = prepare("DELETE FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Deleted user #' . $modID); } else { // Promote/demote if($mod['type'] < $config['mod']['promoteusers']) error($config['error']['noaccess']); if($matches[3] == 'promote') { $query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id"); $query->bindValue(':admin', ADMIN, PDO::PARAM_INT); } else { $query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id"); $query->bindValue(':janitor', JANITOR, PDO::PARAM_INT); } $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } header('Location: ?/users', true, $config['redirect_http']); } else { // Edit user if($mod['type'] < $config['mod']['editusers'] && $mod['type'] < $config['mod']['change_password']) error($config['error']['noaccess']); $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$_mod = $query->fetch()) { error($config['error']['404']); } if($mod['type'] < $config['mod']['editusers'] && !($mod['type'] >= $config['mod']['change_password'] && $mod['id'] == $_mod['id'] && $change_password_only = true)) error($config['error']['noaccess']); if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) { if(!isset($change_password_only)) { $query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id"); $query->bindValue(':username', $_POST['username']); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Edited login details for user "' . $_mod['username'] . '"'); } else { modLog('Changed own password'); } if(!empty($_POST['password'])) { $query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id"); $query->bindValue(':password', sha1($_POST['password'])); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } // Refresh $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$_mod = $query->fetch()) { error($config['error']['404']); } if($_mod['id'] == $mod['id']) { // Changed own password. Update cookies var_dump(login($_mod['username'], $_mod['password'], false)); setCookies(); } } $body = '
    Edit user' . // Begin form '
    ' . '' . '' . '' . '
    Username' . (isset($change_password_only) ? $_mod['username'] : '') . '
    Password (new; optional)
    ' . '' . // End form '
    ' . // Delete button ($mod['type'] >= $config['mod']['deleteusers'] ? '

    Delete user

    ' :'') . '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Edit user', 'body'=>$body ,'mod'=>true ) ); } } elseif(preg_match('/^\/reports$/', $query)) { if($mod['type'] < $config['mod']['reports']) error($config['error']['noaccess']); $body = ''; $reports = 0; $query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($report = $query->fetch()) { $p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri'])); $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); $p_query->execute() or error(db_error($query)); if(!$post = $p_query->fetch()) { // Invalid report (post has since been deleted) $p_query = prepare("DELETE FROM `reports` WHERE `post` = :id"); $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); $p_query->execute() or error(db_error($query)); continue; } $reports++; openBoard($report['uri']); if(!$post['thread']) { $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], '?/', $mod, false); } else { $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], '?/', $mod); } $po->body .= '
    ' . '
    ' . 'Board: ' . sprintf($config['board_abbreviation'], $report['uri']) . '
    ' . 'Reason: ' . $report['reason'] . '
    ' . 'Reported by: ' . $report['ip'] . '
    ' . '
    ' . ($mod['type'] >= $config['mod']['report_dismiss'] ? 'Dismiss | ' : '') . ($mod['type'] >= $config['mod']['report_dismiss_ip'] ? 'Dismiss+' : '') . '
    '; $body .= $po->build(true) . '
    '; } $query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error()); $count = $query->fetch(); $body .= '

    Showing ' . ($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.

    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Report queue (' . $count['count'] . ')', 'body'=>$body, 'mod'=>true )); } elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) { if(isset($matches[2]) && $matches[2] == '/all') { if($mod['type'] < $config['mod']['report_dismiss_ip']) error($config['error']['noaccess']); $query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($report = $query->fetch()) { $query = prepare("DELETE FROM `reports` WHERE `ip` = :ip"); $query->bindValue(':ip', $report['ip'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Dismissed all reports by ' . $report['ip']); } } else { if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']); $query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($report = $query->fetch()) { modLog('Dismissed a report for post #' . $report['post'], $report['board']); $query = prepare("DELETE FROM `reports` WHERE `post` = :post"); $query->bindValue(':post', $report['post'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } } // Redirect if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else header('Location: ?/reports', true, $config['redirect_http']); } elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) { if($mod['type'] < $config['mod']['manageboards']) error($config['error']['noaccess']); if(!openBoard($matches[1])) error($config['error']['noboard']); if(isset($matches[2]) && $matches[2] == '/delete') { if($mod['type'] < $config['mod']['deleteboard']) error($config['error']['noaccess']); // Delete board modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri'])); // Delete entire board directory rrmdir($board['uri'] . '/'); // Delete posting table $query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error()); // Clear reports $query = prepare("DELETE FROM `reports` WHERE `board` = :id"); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); // Delete from table $query = prepare("DELETE FROM `boards` WHERE `id` = :id"); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); header('Location: ?/', true, $config['redirect_http']); } else { if(isset($_POST['title']) && isset($_POST['subtitle'])) { $query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id"); $query->bindValue(':title', utf8tohtml($_POST['title'], true)); if(!empty($_POST['subtitle'])) $query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true)); else $query->bindValue(':subtitle', null, PDO::PARAM_NULL); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); openBoard($board['uri']); } $body = '
    ' . sprintf($config['board_abbreviation'], $board['uri']) . '' . ' - ' . $board['name'] . '' . // Begin form '
    ' . '' . '' . '' . '' . '
    URI' . $board['uri'] . '
    Title
    Subtitle
    ' . '' . // End form '
    ' . // Delete button ($mod['type'] >= $config['mod']['deleteboard'] ? '

    Delete board

    ' :'') . '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Manage – ' . sprintf($config['board_abbreviation'], $board['uri']), 'body'=>$body, 'mod'=>true )); } } elseif(preg_match('/^\/bans$/', $query)) { if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']); if(isset($_POST['unban'])) { if($mod['type'] < $config['mod']['unban']) error($config['error']['noaccess']); foreach($_POST as $post => $value) { if(preg_match('/^ban_(.+)$/', $post, $m)) { $m[1] = str_replace('_', '.', $m[1]); $query = prepare("DELETE FROM `bans` WHERE `ip` = :ip"); $query->bindValue(':ip', $m[1]); $query->execute() or error(db_error($query)); } } } if($mod['type'] >= $config['mod']['view_banexpired']) { $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); } else { // Filter out expired bans $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); } if($query->rowCount() < 1) { $body = '

    (There are no active bans.)

    '; } else { $body = '
    '; $body .= ''; while($ban = $query->fetch()) { $body .= '' . '' . // Reason '' . // Set '' . // Expires '' . // Staff '' . ''; } $body .= '
    IP addressReasonSetExpiresStaff
    ' . // Checkbox ' ' . // IP address (preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ? ''. $ban['ip'] . '' : $ban['ip']) . '' . ($ban['reason'] ? $ban['reason'] : '-') . '' . date($config['post_date'], $ban['set']) . '' . ($ban['expires'] == 0 ? 'Never' : date($config['post_date'], $ban['expires']) ) . '' . ($mod['type'] < $config['mod']['view_banstaff'] ? ($config['mod']['view_banquestionmark'] ? '?' : ($ban['type'] == JANITOR ? 'Janitor' : ($ban['type'] == MOD ? 'Mod' : ($ban['type'] == ADMIN ? 'Admin' : '?'))) ) : $ban['username'] ) . '
    ' . ($mod['type'] >= $config['mod']['unban'] ? '

    ' : '') . '
    '; } echo Element('page.html', Array( 'config'=>$config, 'title'=>'Ban list', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/rebuild$/', $query)) { if($mod['type'] < $config['mod']['rebuild']) error($config['error']['noaccess']); set_time_limit($config['mod']['rebuild_timelimit']); $body = '

    Rebuilding…

    '; $body .= 'Generating Javascript file…
    '; buildJavascript(); $boards = listBoards(); foreach($boards as &$board) { $body .= "Opening board /{$board['uri']}/
    "; openBoard($board['uri']); $body .= 'Creating index pages
    '; buildIndex(); $query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); while($post = $query->fetch()) { $body .= "Rebuilding #{$post['id']}
    "; buildThread($post['id']); } } $body .= 'Complete!

    '; unset($board); modLog('Rebuilt everything'); echo Element('page.html', Array( 'config'=>$config, 'title'=>'Rebuilt', 'body'=>$body, 'mod'=>true )); } elseif(preg_match('/^\/config$/', $query)) { if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']); // Show instance-config.php $data = ''; function do_array_part($array, $prefix = '') { global $data, $config; foreach($array as $name => $value) { if(is_array($value)) { do_array_part($value, $prefix . $name . ' → '); } else { if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') { $value = 'hidden'; } elseif(gettype($value) == 'boolean') { $value = $value ? 'On' : 'Off'; } elseif(gettype($value) == 'string') { if(empty($value)) $value = 'empty'; else $value = '' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . ''; } elseif(gettype($value) == 'integer') { $value = '' . $value . ''; } $data .= '' . $prefix . (gettype($name) == 'integer' ? '[]' : $name) . '' . $value . ''; } } } do_array_part($config); $body = '
    Configuration' . $data . '
    '; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Configuration', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/new$/', $query)) { if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']); // New board $body = ''; if(isset($_POST['new_board'])) { // Create new board if( !isset($_POST['uri']) || !isset($_POST['title']) || !isset($_POST['subtitle']) ) error($config['error']['missedafield']); $b = Array( 'uri' => $_POST['uri'], 'title' => $_POST['title'], 'subtitle' => $_POST['subtitle'] ); // HTML characters $b['title'] = utf8tohtml($b['title'], true); $b['subtitle'] = utf8tohtml($b['subtitle'], true); // Check required fields if(empty($b['uri'])) error(sprintf($config['error']['required'], 'URI')); if(empty($b['title'])) error(sprintf($config['error']['required'], 'title')); // Check string lengths if(strlen($b['uri']) > 8) error(sprintf($config['error']['toolong'], 'URI')); if(strlen($b['title']) > 20) error(sprintf($config['error']['toolong'], 'title')); if(strlen($b['subtitle']) > 40) error(sprintf($config['error']['toolong'], 'subtitle')); if(!preg_match('/^\w+$/', $b['uri'])) error(sprintf($config['error']['invalidfield'], 'URI')); if(openBoard($b['uri'])) { unset($board); error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri']))); } $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); $query->bindValue(':uri', $b['uri']); $query->bindValue(':title', $b['title']); if(!empty($b['subtitle'])) { $query->bindValue(':subtitle', $b['subtitle']); } else { $query->bindValue(':subtitle', null, PDO::PARAM_NULL); } $query->execute() or error(db_error($query)); // Record the action modLog("Created a new board: {$b['title']}"); // Open the board openBoard($b['uri']) or error("Couldn't open board after creation."); // Create the posts table query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error()); // Build the board buildIndex(); header('Location: ?/board/' . $board['uri'], true, $config['redirect_http']); } else { $body .= form_newBoard(); // TODO: Statistics, etc, in the dashboard. echo Element('page.html', Array( 'config'=>$config, 'title'=>'New board', 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) { // Board index $boardName = $matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2]; if(!$page = index($page_no, $mod)) { error($config['error']['404']); } $page['pages'] = getPages(true); $page['pages'][$page_no-1]['selected'] = true; $page['btn'] = getPageButtons($page['pages'], true); $page['hidden_inputs'] = createHiddenInputs(); $page['mod'] = true; echo Element('index.html', $page); } elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) { // View thread $boardName = $matches[1]; $thread = $matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $page = buildThread($thread, true, $mod); echo $page; } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']); // Delete file from post $boardName = $matches[1]; $post = $matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); // Delete post deleteFile($post); // Record the action modLog("Removed file from post #{$post}"); // Rebuild board buildIndex(); // Redirect if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']); // Delete post $boardName = $matches[1]; $post = $matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); // Delete post deletePost($post); // Record the action modLog("Deleted post #{$post}"); // Rebuild board buildIndex(); // Redirect if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']); // Add/remove sticky $boardName = $matches[1]; $post = $matches[3]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unstickied post #{$post}"); $query->bindValue(':sticky', 0, PDO::PARAM_INT); } else { // Record the action modLog("Stickied post #{$post}"); $query->bindValue(':sticky', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']); // Lock/Unlock $boardName = $matches[1]; $post = $matches[3]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unlocked post #{$post}"); $query->bindValue(':locked', 0, PDO::PARAM_INT); } else { // Record the action modLog("Locked post #{$post}"); $query->bindValue(':locked', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) { // Delete all posts by an IP $boardName = $matches[1]; $post = $matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); if(!$post = $query->fetch()) error($config['error']['invalidpost']); $ip = $post['ip']; // Record the action modLog("Deleted all posts by IP address: {$ip}"); $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri'])); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) error($config['error']['invalidpost']); while($post = $query->fetch()) { deletePost($post['id'], false); } buildIndex(); if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/ban$/', $query)) { // Ban page if(isset($_POST['new_ban'])) { if( !isset($_POST['ip']) || !isset($_POST['reason']) || !isset($_POST['length']) ) error($config['error']['missedafield']); // Check required fields if(empty($_POST['ip'])) error(sprintf($config['error']['required'], 'IP address')); $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)"); // 1yr2hrs30mins // 1y2h30m $expire = 0; if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { if(isset($m[2])) { // Years $expire += $m[2]*60*60*24*365; } if(isset($m[4])) { // Months $expire += $m[4]*60*60*24*30; } if(isset($m[6])) { // Weeks $expire += $m[6]*60*60*24*7; } if(isset($m[8])) { // Days $expire += $m[8]*60*60*24; } if(isset($m[10])) { // Hours $expire += $m[10]*60*60; } if(isset($m[12])) { // Minutes $expire += $m[12]*60; } if(isset($m[14])) { // Seconds $expire += $m[14]; } } if($expire) { $query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); } else { // Never expire $query->bindValue(':expires', null, PDO::PARAM_NULL); } $query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':set', time(), PDO::PARAM_INT); if(isset($_POST['reason'])) { $query->bindValue(':reason', $_POST['reason'], PDO::PARAM_STR); } else { $query->bindValue(':reason', null, PDO::PARAM_NULL); } // Record the action modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"{$_POST['reason']}\"" : 'no reason')); $query->execute() or error(db_error($query)); // Delete too if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) { openBoard($_POST['board']); $post = round($_POST['delete']); deletePost($post); // Record the action modLog("Deleted post #{$post}"); // Rebuild board buildIndex(); } // Redirect if(isset($_POST['continue'])) header('Location: ' . $_POST['continue'], true, $config['redirect_http']); elseif(isset($board)) header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); elseif(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else header('Location: ?/', true, $config['redirect_http']); } } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']); // Ban by post $boardName = $matches[1]; $delete = isset($matches[2]) && $matches[2] == '&delete'; $post = $matches[3]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { error($config['error']['invalidpost']); } $post = $query->fetch(); $body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false); echo Element('page.html', Array( 'config'=>$config, 'title'=>'New ban', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) { // View information on an IP address $ip = $matches[1]; $host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false; if($mod['type'] >= $config['mod']['unban'] && isset($_POST['unban'])) { $query = prepare("DELETE FROM `bans` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); } $body = ''; $boards = listBoards(); foreach($boards as &$_board) { openBoard($_board['uri']); $temp = ''; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); $query->bindValue(':ip', $ip); $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($post = $query->fetch()) { if(!$post['thread']) { $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], '?/', $mod, false); } else { $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], '?/', $mod); } $temp .= $po->build(true) . '
    '; } if(!empty($temp)) $body .= '
    Last ' . $query->rowCount() . ' posts on ' . sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . '' . $temp . '
    '; } if($mod['type'] >= $config['mod']['view_ban']) { $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() > 0) { $body .= '
    Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record
    '; while($ban = $query->fetch()) { $body .= '' . // IP '' . // Reason '' . // Set '' . // Expires '' . // Staff '' . '
    Status' . ($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ? 'Expired' : 'Active') . '
    IP' . $ban['ip'] . '
    Reason' . $ban['reason'] . '
    Set' . date($config['post_date'], $ban['set']) . '
    Expires' . ($ban['expires'] == 0 ? 'Never' : date($config['post_date'], $ban['expires']) ) . '
    Staff' . ($mod['type'] < $config['mod']['view_banstaff'] ? ($config['mod']['view_banquestionmark'] ? '?' : ($ban['type'] == JANITOR ? 'Janitor' : ($ban['type'] == MOD ? 'Mod' : ($ban['type'] == ADMIN ? 'Admin' : '?'))) ) : $ban['username'] ) . '
    '; } $body .= '
    '; } } if($mod['type'] >= $config['mod']['ip_banform']) $body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false); echo Element('page.html', Array( 'config'=>$config, 'title'=>'IP: ' . $ip, 'subtitle' => $host, 'body'=>$body, 'mod'=>true ) ); } else { error($config['error']['404']); } } // Close the connection in-case it's still open sql_close(); ?>