<?php
require 'inc/functions.php';
require 'inc/display.php';
require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php';
sql_open();
// Check if banned
checkBan();
require 'inc/mod.php';
// Fix some encoding issues
header('Content-Type: text/html; charset=utf-8', true);
if (get_magic_quotes_gpc()) {
function strip_array($var) {
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
}
$_SESSION = strip_array($_SESSION);
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
// If not logged in
if(!$mod) {
if(isset($_POST['login'])) {
// Check if inputs are set and not empty
if( !isset($_POST['username']) ||
!isset($_POST['password']) ||
empty($_POST['username']) ||
empty($_POST['password'])
) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
if(!login($_POST['username'], $_POST['password']))
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
modLog("Logged in.");
// Login successful
// Set cookies
setCookies();
// Redirect
if(isset($_POST['redirect']))
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
else
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
// Close connection
sql_close();
} else {
loginForm(false, false, '?' . $query);
}
} else {
// Redirect (for index pages)
if(count($_GET) == 2 & & isset($_GET['status']) & & isset($_GET['r']))
header('Location: ' . $_GET['r'], true, $_GET['status']);
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
$regex = Array(
'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
'img' => preg_quote($config['dir']['img'], '/'),
'thumb' => preg_quote($config['dir']['thumb'], '/'),
'res' => preg_quote($config['dir']['res'], '/'),
'index' => preg_quote($config['file_index'], '/')
);
if(preg_match('/^\/?$/', $query)) {
// Dashboard
$fieldset = Array(
'Boards' => '',
'Noticeboard' => '',
'Administration' => '',
'Themes' => '',
'Search' => '',
'Update' => '',
'Logout' => ''
);
// Boards
$fieldset['Boards'] .= ulBoards();
if($mod['type'] >= $config['mod']['noticeboard']) {
$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$fieldset['Noticeboard'] .= '< li > ';
$_body = '';
while($notice = $query->fetch()) {
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) {
$_mod = Array('username' => '< em > ???< / em > ');
}
$_body .= '< li > < a href = "?/noticeboard#' .
$notice['id'] .
'">' .
($notice['subject'] ?
$notice['subject']
:
'< em > no subject< / em > '
) .
'< / a > < span class = "unimportant" > — by ' .
$_mod['username'] .
' at ' .
date($config['post_date'], $notice['time']) .
'< / span > < / li > ';
}
if(!empty($_body)) {
$fieldset['Noticeboard'] .= '< ul > ' . $_body . '< / ul > < / li > < li > ';
}
$fieldset['Noticeboard'] .= '< a href = "?/noticeboard" > View all entires< / a > < / li > ';
$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
$query->bindValue(':id', $mod['id']);
$query->execute() or error(db_error($query));
$count = $query->fetch();
$count = $count['count'];
$fieldset['Noticeboard'] .= '< li > < a href = "?/inbox" > PM inbox' .
($count > 0
?
' < strong > (' . $count . ' unread)< / strong > '
: '') .
'< / a > < / li > ';
$fieldset['Noticeboard'] .= '< li > < a href = "?/news" > News< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['reports']) {
$fieldset['Administration'] .= '< li > < a href = "?/reports" > Report queue< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['view_banlist']) {
$fieldset['Administration'] .= '< li > < a href = "?/bans" > Ban list< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['manageusers']) {
$fieldset['Administration'] .= '< li > < a href = "?/users" > Manage users< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['modlog']) {
$fieldset['Administration'] .= '< li > < a href = "?/log" > Moderation log< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['rebuild']) {
$fieldset['Administration'] .= '< li > < a href = "?/rebuild" > Rebuild static files< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['rebuild'] & & $config['memcached']['enabled']) {
$fieldset['Administration'] .= '< li > < a href = "?/flush" > Clear cache< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['show_config']) {
$fieldset['Administration'] .= '< li > < a href = "?/config" > Show configuration< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['themes']) {
$fieldset['Themes'] .= '< li > < a href = "?/themes" > Manage themes< / a > < / li > ';
}
if($mod['type'] >= $config['mod']['search']) {
$fieldset['Search'] .= '< li > < form style = "display:inline" action = "?/search" method = "post" > ' .
'< label style = "display:inline" for = "search" > Phrase:< / label > ' .
'< input id = "search" name = "search" type = "text" size = "35" / > ' .
'< input type = "submit" value = "Search" / > ' .
'< / form > ' .
'< p class = "unimportant" > (Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)< / p > ' .
'< / li > ';
}
if($mod['type'] >= ADMIN & & $config['check_updates']) {
if(!$version = @file_get_contents('.installed'))
error('Could not find current version! (Check .installed)');
if(isset($_SESSION['update']) & & time() - $_SESSION['update']['time'] < $config['check_updates_time']) {
$latest = $_SESSION['update']['latest'];
} else {
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 3
)
)
);
$latest = @file_get_contents('http://tinyboard.org/latest.txt', 0, $ctx);
if(preg_match('/^v(\d+)\.(\d)\.(\d+)$/', $latest, $m)) {
$newer = Array(
'massive' => (int)$m[1],
'major' => (int)$m[2],
'minor' => (int)$m[3]
);
if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $version, $m)) {
$current = Array(
'massive' => (int)$m[1],
'major' => (int)$m[2],
'minor' => (int)$m[3]
);
if(isset($m[4])) {
// Development versions are always ahead in the versioning numbers
$current['minor'] --;
}
}
// Check if it's newer
if( $newer['massive'] > $current['massive'] ||
$newer['major'] > $current['major'] ||
($newer['massive'] == $current['massive'] & &
$newer['major'] == $current['major'] & &
$newer['minor'] > $current['minor']
)) {
$latest = $latest;
} else $latest = false;
} else $latest = false;
$_SESSION['update'] = Array('time' => time(), 'latest' => $latest);
}
if($latest) {
$latest = trim($latest);
$fieldset['Update'] .= '< li > A newer version of Tinyboard (< strong > ' . $latest . '< / strong > ) is available! See < a href = "http://tinyboard.org" > http://tinyboard.org/< / a > for download instructions.< / li > ';
}
}
$fieldset['Logout'] .= '< li > < a href = "?/logout" > Logout< / a > < / li > ';
// TODO: Statistics, etc, in the dashboard.
$body = '';
foreach($fieldset as $title => $data) {
if($data)
$body .= "< fieldset > < legend > {$title}< / legend > < ul > {$data}< / ul > < / fieldset > ";
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Dashboard',
'body'=>$body,
'__mod'=>true
)
);
} elseif(preg_match('/^\/logout$/', $query)) {
destroyCookies();
header('Location: ?/', true, $config['redirect_http']);
} elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) {
$uri = &$matches[1];
$body = '< p style = "text-align:center" > ' .
'< span class = "heading" style = "margin-bottom:6px" > Are you sure you want to do that?< / span > ' .
'You clicked ' .
'< strong > ?/' . htmlentities($uri) . '< / strong > ' .
' but had Javascript disabled, so we weren\'t able to serve the confirmation dialog.' .
'< / p > ' .
'< p style = "text-align:center" > < a style = "margin:block;font-size:150%;font-weight:bold" href = "?/' . htmlentities($uri) . '" > Confirm.< / a > < / p > ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Confirm',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/log$/', $query)) {
if($mod['type'] < $config['mod']['modlog']) error($config['error']['noaccess']);
$boards = Array();
$_boards = listBoards();
foreach($_boards as & $_b) {
$boards[$_b['id']] = $_b['uri'];
}
$body = '< table class = "modlog" > < tr > < th > User< / th > < th > IP address< / th > < th > Ago< / th > < th > Board< / th > < th > Action< / th > < / tr > ';
$query = prepare("SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($log = $query->fetch()) {
$log['text'] = htmlentities($log['text']);
$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '< a href = "?/IP/$1" > $1< / a > ', $log['text']);
$body .= '< tr > ' .
'< td class = "minimal" > < a href = "?/users/' . $log['id'] . '" > ' . $log['username'] . '< / a > < / td > ' .
'< td class = "minimal" > < a href = "?/IP/' . $log['ip'] . '" > ' . $log['ip'] . '< / a > < / td > ' .
'< td class = "minimal" > ' . ago($log['time']) . '< / td > ' .
'< td class = "minimal" > ' .
($log['board'] ?
(isset($boards[$log['board']]) ?
'< a href = "?/' . $boards[$log['board']] . '/' . $config['file_index'] . '" > ' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . '< / a > < / td > '
: '< em > deleted?< / em > ')
: '-') .
'< td > ' . $log['text'] . '< / td > ' .
'< / tr > ';
}
$body .= '< / table > ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Moderation log',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
if($mod['type'] < $config['mod']['themes']) error($config['error']['noaccess']);
// Clearsettings
query("TRUNCATE TABLE `theme_settings`") or error(db_error());
echo Element('page.html', Array(
'config'=>$config,
'title'=>'No theme',
'body'=>'< p style = "text-align:center" > Successfully stopped using all themes.< / p > ',
'mod'=>true
)
);
} elseif(preg_match('/^\/themes(\/(\w+))?$/', $query, $match)) {
if($mod['type'] < $config['mod']['themes']) error($config['error']['noaccess']);
if(!is_dir($config['dir']['themes']))
error('Themes directory doesn\'t exist!');
if(!$dir = opendir($config['dir']['themes']))
error('Cannot open themes directory; check permissions.');
if(isset($match[2])) {
$_theme = &$match[2];
if(!$theme = loadThemeConfig($_theme)) {
error($config['error']['invalidtheme']);
}
if(isset($_POST['install'])) {
// Check if everything is submitted
foreach($theme['config'] as & $c) {
if(!isset($_POST[$c['name']]) & & $c['type'] != 'checkbox')
error(sprintf($config['error']['required'], $c['title']));
}
// Clear previous settings
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
foreach($theme['config'] as & $c) {
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
$query->bindValue(':theme', $_theme);
$query->bindValue(':name', $c['name']);
$query->bindValue(':value', $_POST[$c['name']]);
$query->execute() or error(db_error($query));
}
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
// Build themes
rebuildThemes('all');
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Installed "' . htmlentities($theme['name']) . '"',
'body'=>'< p style = "text-align:center" > Successfully installed and built theme.< / p > ',
'mod'=>true
)
);
} else {
$body = '< form action = "" method = "post" > ';
if(!isset($theme['config']) || empty($theme['config'])) {
$body .= '< p style = "text-align:center" class = "unimportant" > (No configuration required.)< / p > ';
} else {
$body .= '< table > ';
foreach($theme['config'] as & $c) {
$body .= '< tr > < th > ' . $c['title'] . '< / th > < td > ';
switch($c['type']) {
case 'text':
default:
$body .= '< input type = "text" name = "' . $c['name'] . '" / > ';
}
if(isset($c['comment']))
$body .= ' < span class = "unimportant" > ' . $c['comment'] . '< / span > ';
$body .= '< / td > < / tr > ';
}
$body .= '< / table > ';
}
$body .= '< p style = "text-align:center" > < input name = "install" type = "submit" value = "Install theme" / > < / p > < / form > ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Installing "' . htmlentities($theme['name']) . '"',
'body'=>$body,
'mod'=>true
)
);
}
} else {
// Scan directory for themes
$themes = Array();
while($file = readdir($dir)) {
if($file[0] != '.' & & is_dir($config['dir']['themes'] . '/' . $file)) {
$themes[] = $file;
}
}
closedir($dir);
$body = '';
if(empty($themes)) {
$body = '< p style = "text-align:center" class = "unimportant" > (No themes installed.)< / p > ';
} else {
$body .= '< table class = "modlog" > ';
foreach($themes as & $_theme) {
$theme = loadThemeConfig($_theme);
markup($theme['description']);
$body .= '< tr > ' .
'< th class = "minimal" > Name< / th > ' .
'< td > ' . htmlentities($theme['name']) . '< / td > ' .
'< / tr > ' .
'< tr > ' .
'< th class = "minimal" > Version< / th > ' .
'< td > ' . htmlentities($theme['version']) . '< / td > ' .
'< / tr > ' .
'< tr > ' .
'< th class = "minimal" > Description< / th > ' .
'< td > ' . $theme['description'] . '< / td > ' .
'< / tr > ' .
'< tr > ' .
'< th class = "minimal" > Thumbnail< / th > ' .
'< td > < img style = "float:none;margin:4px" src = "' . $config['dir']['themes_uri'] . '/' . $_theme . '/thumb.png" / > < / td > ' .
'< / tr > ' .
'< tr > ' .
'< th class = "minimal" > Actions< / th > ' .
'< td > < ul style = "padding:0 20px" > ' .
'< li > ' .
'< a title = "Use theme" href = "?/themes/' . $_theme . '" > Use< / a > ' .
'< / li > ' .
'< li > ' .
confirmLink('Remove', 'Uninstall theme', 'Are you sure you want to permanently remove this theme?', 'themes/' . $_theme . '/uninstall') .
'< / li > ' .
'< / ul > < / td > ' .
'< / tr > ' .
'< tr style = "height:40px" > < td colspan = "2" > < hr / > < / td > < / tr > ';
}
$body .= '< / table > ';
}
$body .= '< p style = "text-align:center" > < a href = "?/themes/none" > Don\'t use a theme.< / a > < / p > ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Select theme',
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
if($mod['type'] < $config['mod']['noticeboard_delete']) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
header('Location: ?/noticeboard', true, $config['redirect_http']);
} elseif(preg_match('/^\/noticeboard$/', $query)) {
if($mod['type'] < $config['mod']['noticeboard']) error($config['error']['noaccess']);
$body = '';
if($mod['type'] >= $config['mod']['noticeboard_post']) {
if(isset($_POST['subject']) & & isset($_POST['body']) & & !empty($_POST['body'])) {
$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
markup($_POST['body']);
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
}
$body .= '< fieldset > < legend > New post< / legend > < form style = "display:inline" action = "" method = "post" > < table > ' .
'< tr > ' .
'< th > < label for = "subject" > Name< / label > < / th > ' .
'< td > ' . $mod['username'] . '< / td > ' .
'< / tr > < tr > ' .
'< th > Subject< / th > ' .
'< td > < input type = "text" size = "55" name = "subject" id = "subject" / > < / td > ' .
'< / tr > < tr > ' .
'< th > Body< / th > ' .
'< td > < textarea name = "body" style = "width:100%;height:100px" > < / textarea > < / td > ' .
'< / tr > < tr > ' .
'< td > < / td > < td > < input type = "submit" value = "Post to noticeboard" / > < / td > ' .
'< / tr > < / table > ' .
'< / form > < / fieldset > ';
}
$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($notice = $query->fetch()) {
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) {
$_mod = Array('username' => '< em > ???< / em > ');
}
$body .= '< div class = "ban" > ' .
($mod['type'] >= $config['mod']['noticeboard_delete'] ?
'< span style = "float:right;padding:2px" > < a class = "unimportant" href = "?/noticeboard/delete/' . $notice['id'] . '" > [delete]< / a > < / span > '
: '') .
'< h2 id = "' . $notice['id'] . '" > ' .
($notice['subject'] ?
$notice['subject']
:
'< em > no subject< / em > '
) .
'< span class = "unimportant" > — by ' .
$_mod['username'] .
' at ' .
date($config['post_date'], $notice['time']) .
'< / span > < / h2 > < p > ' . $notice['body'] . '< / p > < / div > ';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Noticeboard',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
if($mod['type'] < $config['mod']['noticeboard_delete']) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `news` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
rebuildThemes('news');
header('Location: ?/news', true, $config['redirect_http']);
} elseif(preg_match('/^\/news$/', $query)) {
$body = '';
if($mod['type'] >= $config['mod']['news']) {
if(isset($_POST['subject']) & & isset($_POST['body']) & & !empty($_POST['body'])) {
$query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)");
if(isset($_POST['name']) & & $mod['type'] >= $config['mod']['news_custom'])
$name = &$_POST['name'];
else
$name = &$mod['username'];
$query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
markup($_POST['body']);
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
rebuildThemes('news');
}
$body .= '< fieldset > < legend > New post< / legend > < form style = "display:inline" action = "" method = "post" > < table > ' .
'< tr > ' .
'< th > Name< / th > ' .
($mod['type'] >= $config['mod']['news_custom'] ?
'< td > < input type = "text" size = "55" name = "name" id = "name" value = "' . htmlentities($mod['username']) . '" / > < / td > '
:
'< td > ' . $mod['username'] . '< / td > ') .
'< / tr > < tr > ' .
'< th > Subject< / th > ' .
'< td > < input type = "text" size = "55" name = "subject" id = "subject" / > < / td > ' .
'< / tr > < tr > ' .
'< th > Body< / th > ' .
'< td > < textarea name = "body" style = "width:100%;height:100px" > < / textarea > < / td > ' .
'< / tr > < tr > ' .
'< td > < / td > < td > < input type = "submit" value = "Post to news" / > < / td > ' .
'< / tr > < / table > ' .
'< / form > < / fieldset > ';
}
$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($news = $query->fetch()) {
$body .= '< div class = "ban" > ' .
($mod['type'] >= $config['mod']['news_delete'] ?
'< span style = "float:right;padding:2px" > < a class = "unimportant" href = "?/news/delete/' . $news['id'] . '" > [delete]< / a > < / span > '
: '') .
'< h2 id = "' . $news['id'] . '" > ' .
($news['subject'] ?
$news['subject']
:
'< em > no subject< / em > '
) .
'< span class = "unimportant" > — by ' .
$news['name'] .
' at ' .
date($config['post_date'], $news['time']) .
'< / span > < / h2 > < p > ' . $news['body'] . '< / p > < / div > ';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'News',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/inbox$/', $query, $match)) {
$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() == 0) {
$body = '< p style = "text-align:center" class = "unimportant" > (No private messages for you.)< / p > ';
} else {
$unread_pms = 0;
$body = '< table class = "modlog" > < tr > < th > ID< / th > < th > From< / th > < th > Date< / th > < th > Message snippet< / th > < / tr > ';
while($pm = $query->fetch()) {
$body .= '< tr ' . ( $ pm [ ' unread ' ] ? ' style = "font-weight:bold" ' : ' ' ) . ' > ' .
'< td class = "minimal" > < a href = "?/PM/' . $pm['id'] . '" > ' . $pm['id'] . '< / a > < / td > ' .
'< td class = "minimal" > < a href = "?/new_PM/' . $pm['sender'] . '" > ' . $pm['username'] . '< / a > < / td > ' .
'< td class = "minimal" > ' . date($config['post_date'], $pm['time']) . '< / td > ' .
'< td > < a href = "?/PM/' . $pm['id'] . '" > ' . pm_snippet($pm['message']) . '< / a > < / td > ' .
'< / tr > ';
if($pm['unread'])
$unread_pms++;
}
$body .= '< / table > ';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'PM Inbox (' . ($query->rowCount() == 0 ? 'empty' : $unread_pms . ' unread') . ')',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
$id = &$match[1];
if($mod['type'] >= $config['mod']['master_pm']) {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
} else {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
}
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$pm = $query->fetch()) {
// Mod doesn't exist
error($config['error']['404']);
}
if(isset($_POST['delete'])) {
$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Deleted a PM');
header('Location: ?/', true, $config['redirect_http']);
} else {
$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($pm['to'] != $mod['id']) {
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
$__to = &$_mod['username'];
} else {
$__to = '< em > ??< / em > ';
}
}
modLog('Read a PM');
$body = '< form action = "" method = "post" style = "margin:0" > < table > ' .
'< th > From< / th > < td > ' .
'< a href = "?/new_PM/' . $pm['sender'] . '" > ' . htmlentities($pm['username']) . '< / a > ' .
'< / td > < / tr > ' .
(isset($__to) ?
'< th > To< / th > < td > ' .
'< a href = "?/new_PM/' . $pm['to'] . '" > ' . htmlentities($__to) . '< / a > ' .
'< / td > < / tr > '
: '') .
'< tr > < th > Date< / th > < td > ' . date($config['post_date'], $pm['time']) . '< / td > < / tr > ' .
'< tr > < th > Message< / th > < td > ' . $pm['message'] . '< / td > < / tr > ' .
'< / table > ' .
'< p style = "text-align:center" > < input type = "submit" name = "delete" value = "Delete forever" / > < / p > ' .
'< / form > ' .
'< p style = "text-align:center" > < a href = "?/new_PM/' . $pm['sender'] . '/' . $pm['id'] . '" > Reply with quote< / a > < / p > ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Private message',
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
if($mod['type'] < $config['mod']['create_pm']) error($config['error']['noaccess']);
$to = &$match[1];
$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $to, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$to = $query->fetch()) {
// Mod doesn't exist
error($config['error']['404']);
}
if(isset($_POST['message'])) {
// Post message
$message = &$_POST['message'];
if(empty($message))
error($config['error']['tooshort_body']);
markup($message);
$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
$query->bindValue(':message', $message);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Sent a PM to ' . $to['username']);
echo Element('page.html', Array(
'config'=>$config,
'title'=>'PM sent',
'body'=>'< p style = "text-align:center" > Message sent successfully to ' . htmlentities($to['username']) . '.< / p > ',
'mod'=>true
)
);
} else {
$value = '';
if(isset($match[3])) {
$reply = &$match[3];
$query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id");
$query->bindValue(':sender', $to['id'], PDO::PARAM_INT);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':id', $reply, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($pm = $query->fetch()) {
$value = quote($pm['message']);
}
}
$body = '< form action = "" method = "post" > ' .
'< table > ' .
'< tr > < th > To< / th > < td > ' .
($mod['type'] >= $config['mod']['editusers'] ?
'< a href = "?/users/' . $to['id'] . '" > ' . htmlentities($to['username']) . '< / a > ' :
htmlentities($to['username'])
) .
'< / td > ' .
'< tr > < th > Message< / th > < td > < textarea name = "message" rows = "10" cols = "40" > ' . $value . '< / textarea > < / td > ' .
'< / table > ' .
'< p style = "text-align:center" > < input type = "submit" value = "Send message" / > < / p > ' .
'< / form > ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'New PM for ' . htmlentities($to['username']),
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/search$/', $query)) {
if($mod['type'] < $config['mod']['search']) error($config['error']['noaccess']);
$body = '< div class = "ban" > < h2 > Search< / h2 > < form style = "display:inline" action = "?/search" method = "post" > ' .
'< p > < label style = "display:inline" for = "search" > Phrase:< / label > ' .
'< input id = "search" name = "search" type = "text" size = "35" ' .
(isset($_POST['search']) ? 'value="' . htmlentities($_POST['search']) . '" ' : '') .
'/>' .
'< input type = "submit" value = "Search" / > ' .
'< / p > < / form > ' .
'< p > < span class = "unimportant" > (Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)< / span > < / p > ' .
'< / div > ';
if(isset($_POST['search']) & & !empty($_POST['search'])) {
$phrase = &$_POST['search'];
$_body = '';
// Escape escape character
$phrase = str_replace('!', '!!', $phrase);
// Remove SQL wildcard
$phrase = str_replace('%', '!%', $phrase);
// Use asterisk as wildcard to suit convention
$phrase = str_replace('*', '%', $phrase);
$like = '';
$match = Array();
// Find exact phrases
if(preg_match_all('/"(.+?)"/', $phrase, $m)) {
foreach($m[1] as & $quote) {
$phrase = str_replace("\"{$quote}\"", '', $phrase);
$match[] = $pdo->quote($quote);
}
}
$words = explode(' ', $phrase);
foreach($words as & $word) {
if(empty($word))
continue;
$match[] = $pdo->quote($word);
}
$like = '';
foreach($match as & $phrase) {
if(!empty($like))
$like .= ' AND ';
$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
}
$like = str_replace('%', '%%', $like);
$boards = listBoards();
foreach($boards as & $_b) {
openBoard($_b['uri']);
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
$query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$temp = '';
while($post = $query->fetch()) {
if(!$post['thread']) {
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['embed'], '?/', $mod, false);
} else {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
}
$temp .= $po->build(true) . '< hr / > ';
}
if(!empty($temp))
$_body .= '< fieldset > < legend > ' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on < a href = "?/' .
sprintf($config['board_path'], $board['uri']) . $config['file_index'] .
'">' .
sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] .
'< / a > < / legend > ' . $temp . '< / fieldset > ';
}
$body .= '< hr / > ';
if(!empty($_body))
$body .= $_body;
else
$body .= '< p style = "text-align:center" class = "unimportant" > (No results.)< / p > ';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Search',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/users$/', $query)) {
if($mod['type'] < $config['mod']['manageusers']) error($config['error']['noaccess']);
$body = '< form action = "" method = "post" > < table > < tr > < th > ID< / th > < th > Username< / th > < th > Type< / th > < th > Last action< / th > < th > …< / th > < / tr > ';
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
while($_mod = $query->fetch()) {
$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
$body .= '< tr > ' .
'< td > ' .
$_mod['id'] .
'< / td > ' .
'< td > ' .
$_mod['username'] .
'< / td > ' .
