leftypol/mod.php

2271 lines
79 KiB
PHP
Raw Normal View History

2010-12-01 10:53:11 +00:00
<?php
require 'inc/functions.php';
require 'inc/display.php';
require 'inc/template.php';
2010-12-17 14:18:03 +00:00
require 'inc/database.php';
2010-12-01 10:53:11 +00:00
require 'inc/user.php';
sql_open();
// Check if banned
checkBan();
2010-12-02 07:26:09 +00:00
require 'inc/mod.php';
2010-12-01 10:53:11 +00:00
2010-12-04 03:58:24 +00:00
// Fix some encoding issues
header('Content-Type: text/html; charset=utf-8', true);
2011-02-06 13:38:01 +00:00
if (get_magic_quotes_gpc()) {
function strip_array($var) {
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
}
$_SESSION = strip_array($_SESSION);
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
2010-12-01 10:53:11 +00:00
// If not logged in
2010-12-02 07:02:48 +00:00
if(!$mod) {
2010-12-01 10:53:11 +00:00
if(isset($_POST['login'])) {
// Check if inputs are set and not empty
if( !isset($_POST['username']) ||
!isset($_POST['password']) ||
empty($_POST['username']) ||
empty($_POST['password'])
) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
2010-12-01 10:53:11 +00:00
if(!login($_POST['username'], $_POST['password']))
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
2010-12-01 10:53:11 +00:00
modLog("Logged in.");
2010-12-01 10:53:11 +00:00
// Login successful
// Set cookies
setCookies();
2010-12-02 07:02:48 +00:00
// Redirect
if(isset($_POST['redirect']))
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
else
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
2010-12-02 07:02:48 +00:00
2010-12-01 10:53:11 +00:00
// Close connection
sql_close();
} else {
loginForm(false, false, '?' . $query);
2010-12-01 10:53:11 +00:00
}
} else {
// Redirect (for index pages)
if(count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r']))
header('Location: ' . $_GET['r'], true, $_GET['status']);
2010-12-16 05:36:40 +00:00
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
2010-12-01 14:17:27 +00:00
$regex = Array(
2011-02-12 06:25:15 +00:00
'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
'img' => preg_quote($config['dir']['img'], '/'),
'thumb' => preg_quote($config['dir']['thumb'], '/'),
'res' => preg_quote($config['dir']['res'], '/'),
'index' => preg_quote($config['file_index'], '/')
2010-12-01 14:17:27 +00:00
);
if(preg_match('/^\/?$/', $query)) {
2010-12-02 07:02:48 +00:00
// Dashboard
2010-12-16 15:20:16 +00:00
$fieldset = Array(
'Boards' => '',
2011-03-30 10:47:06 +00:00
'Noticeboard' => '',
2011-03-27 03:48:22 +00:00
'Administration' => '',
2011-04-14 07:10:59 +00:00
'Themes' => '',
2011-03-29 13:56:38 +00:00
'Search' => '',
'Update' => '',
2011-03-27 03:48:22 +00:00
'Logout' => ''
2010-12-16 15:20:16 +00:00
);
2010-12-02 07:26:09 +00:00
2010-12-16 15:20:16 +00:00
// Boards
$fieldset['Boards'] .= ulBoards();
2011-03-30 10:47:06 +00:00
if($mod['type'] >= $config['mod']['noticeboard']) {
2011-03-30 10:57:51 +00:00
$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$fieldset['Noticeboard'] .= '<li>';
$_body = '';
while($notice = $query->fetch()) {
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) {
$_mod = Array('username' => '<em>???</em>');
}
$_body .= '<li><a href="?/noticeboard#' .
$notice['id'] .
'">' .
($notice['subject'] ?
$notice['subject']
:
'<em>no subject</em>'
) .
'</a><span class="unimportant"> — by ' .
$_mod['username'] .
' at ' .
date($config['post_date'], $notice['time']) .
'</span></li>';
}
if(!empty($_body)) {
$fieldset['Noticeboard'] .= '<ul>' . $_body . '</ul></li><li>';
}
$fieldset['Noticeboard'] .= '<a href="?/noticeboard">View all entires</a></li>';
2011-04-12 08:02:20 +00:00
$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
$query->bindValue(':id', $mod['id']);
$query->execute() or error(db_error($query));
$count = $query->fetch();
$count = $count['count'];
$fieldset['Noticeboard'] .= '<li><a href="?/inbox">PM inbox' .
($count > 0
?
' <strong>(' . $count . ' unread)</strong>'
: '') .
'</a></li>';
2011-04-13 14:24:49 +00:00
$fieldset['Noticeboard'] .= '<li><a href="?/news">News</a></li>';
2011-03-30 10:47:06 +00:00
}
2011-02-20 06:19:57 +00:00
if($mod['type'] >= $config['mod']['reports']) {
$fieldset['Administration'] .= '<li><a href="?/reports">Report queue</a></li>';
}
2011-02-12 06:25:15 +00:00
if($mod['type'] >= $config['mod']['view_banlist']) {
2011-02-06 13:38:01 +00:00
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>';
2011-03-02 06:15:37 +00:00
}
2011-03-02 06:51:29 +00:00
if($mod['type'] >= $config['mod']['manageusers']) {
2011-03-02 06:15:37 +00:00
$fieldset['Administration'] .= '<li><a href="?/users">Manage users</a></li>';
2011-02-06 13:38:01 +00:00
}
2011-03-02 06:51:29 +00:00
if($mod['type'] >= $config['mod']['modlog']) {
$fieldset['Administration'] .= '<li><a href="?/log">Moderation log</a></li>';
}
2011-03-26 15:35:54 +00:00
if($mod['type'] >= $config['mod']['rebuild']) {
$fieldset['Administration'] .= '<li><a href="?/rebuild">Rebuild static files</a></li>';
}
if($mod['type'] >= $config['mod']['rebuild'] && $config['memcached']['enabled']) {
$fieldset['Administration'] .= '<li><a href="?/flush">Clear cache</a></li>';
}
2011-02-12 06:25:15 +00:00
if($mod['type'] >= $config['mod']['show_config']) {
2010-12-16 15:20:16 +00:00
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>';
}
2010-12-02 07:26:09 +00:00
2011-04-14 07:10:59 +00:00
if($mod['type'] >= $config['mod']['themes']) {
$fieldset['Themes'] .= '<li><a href="?/themes">Manage themes</a></li>';
}
2011-03-29 13:56:38 +00:00
if($mod['type'] >= $config['mod']['search']) {
$fieldset['Search'] .= '<li><form style="display:inline" action="?/search" method="post">' .
'<label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" />' .
'<input type="submit" value="Search" />' .
'</form>' .
'<p class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</p>' .
2011-03-29 13:56:38 +00:00
'</li>';
}
if($mod['type'] >= ADMIN && $config['check_updates']) {
if(!$version = @file_get_contents('.installed'))
error('Could not find current version! (Check .installed)');
if(isset($_SESSION['update']) && time() - $_SESSION['update']['time'] < $config['check_updates_time']) {
$latest = $_SESSION['update']['latest'];
} else {
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 3
)
)
);
$latest = @file_get_contents('http://tinyboard.org/latest.txt', 0, $ctx);
if(preg_match('/^v(\d+)\.(\d)\.(\d+)$/', $latest, $m)) {
$newer = Array(
'massive' => (int)$m[1],
'major' => (int)$m[2],
'minor' => (int)$m[3]
);
if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $version, $m)) {
$current = Array(
'massive' => (int)$m[1],
'major' => (int)$m[2],
'minor' => (int)$m[3]
);
if(isset($m[4])) {
// Development versions are always ahead in the versioning numbers
$current['minor'] --;
}
}
// Check if it's newer
if( $newer['massive'] > $current['massive'] ||
$newer['major'] > $current['major'] ||
($newer['massive'] == $current['massive'] &&
$newer['major'] == $current['major'] &&
$newer['minor'] > $current['minor']
)) {
$latest = $latest;
} else $latest = false;
} else $latest = false;
$_SESSION['update'] = Array('time' => time(), 'latest' => $latest);
}
if($latest) {
$latest = trim($latest);
$fieldset['Update'] .= '<li>A newer version of Tinyboard (<strong>' . $latest . '</strong>) is available! See <a href="http://tinyboard.org">http://tinyboard.org/</a> for download instructions.</li>';
}
}
2011-03-27 03:48:22 +00:00
$fieldset['Logout'] .= '<li><a href="?/logout">Logout</a></li>';
2010-12-02 09:55:56 +00:00
// TODO: Statistics, etc, in the dashboard.
2010-12-16 15:20:16 +00:00
$body = '';
foreach($fieldset as $title => $data) {
if($data)
$body .= "<fieldset><legend>{$title}</legend><ul>{$data}</ul></fieldset>";
}
2010-12-02 09:55:56 +00:00
echo Element('page.html', Array(
'config'=>$config,
2010-12-02 07:26:09 +00:00
'title'=>'Dashboard',
'body'=>$body,
'__mod'=>true
2010-12-10 09:57:34 +00:00
)
);
2011-03-27 03:48:22 +00:00
} elseif(preg_match('/^\/logout$/', $query)) {
destroyCookies();
header('Location: ?/', true, $config['redirect_http']);
} elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) {
2011-05-25 10:15:47 +00:00
$uri = &$matches[1];
$body = '<p style="text-align:center">' .
'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
'You clicked ' .
'<strong>?/' . htmlentities($uri) . '</strong>' .
' but had Javascript disabled, so we weren\'t able to serve the confirmation dialog.' .
'</p>' .
'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . htmlentities($uri) . '">Confirm.</a></p>';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Confirm',
'body'=>$body,
'mod'=>true
)
);
2011-03-02 06:51:29 +00:00
} elseif(preg_match('/^\/log$/', $query)) {
2011-07-03 13:05:14 +00:00
if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
2011-03-02 06:51:29 +00:00
$boards = Array();
$_boards = listBoards();
foreach($_boards as &$_b) {
$boards[$_b['id']] = $_b['uri'];
}
$body = '<table class="modlog"><tr><th>User</th><th>IP address</th><th>Ago</th><th>Board</th><th>Action</th></tr>';
2011-03-02 06:51:29 +00:00
$query = prepare("SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :limit");
2011-03-02 06:51:29 +00:00
$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($log = $query->fetch()) {
$log['text'] = htmlentities($log['text']);
$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']);
$body .= '<tr>' .
'<td class="minimal"><a href="?/users/' . $log['id'] . '">' . $log['username'] . '</a></td>' .
'<td class="minimal"><a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a></td>' .
'<td class="minimal">' . ago($log['time']) . '</td>' .
'<td class="minimal">' .
($log['board'] ?
(isset($boards[$log['board']]) ?
'<a href="?/' . $boards[$log['board']] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . '</a></td>'
: '<em>deleted?</em>')
: '-') .
2011-03-02 06:51:29 +00:00
'<td>' . $log['text'] . '</td>' .
'</tr>';
}
$body .= '</table>';
echo Element('page.html', Array(
'config'=>$config,
2011-03-02 06:51:29 +00:00
'title'=>'Moderation log',
'body'=>$body,
2011-03-30 10:47:06 +00:00
'mod'=>true
)
);
2011-04-14 07:10:59 +00:00
} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
2011-07-03 13:05:14 +00:00
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
2011-04-14 07:10:59 +00:00
// Clearsettings
query("TRUNCATE TABLE `theme_settings`") or error(db_error());
echo Element('page.html', Array(
'config'=>$config,
'title'=>'No theme',
'body'=>'<p style="text-align:center">Successfully stopped using all themes.</p>',
2011-04-14 07:10:59 +00:00
'mod'=>true
)
);
2011-04-13 13:47:47 +00:00
} elseif(preg_match('/^\/themes(\/(\w+))?$/', $query, $match)) {
2011-07-03 13:05:14 +00:00
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
2011-04-13 13:47:47 +00:00
if(!is_dir($config['dir']['themes']))
error('Themes directory doesn\'t exist!');
if(!$dir = opendir($config['dir']['themes']))
error('Cannot open themes directory; check permissions.');
2011-04-13 13:47:47 +00:00
if(isset($match[2])) {
2011-05-25 10:15:47 +00:00
$_theme = &$match[2];
2011-04-13 13:47:47 +00:00
2011-04-14 07:10:59 +00:00
if(!$theme = loadThemeConfig($_theme)) {
error($config['error']['invalidtheme']);
}
2011-04-13 13:47:47 +00:00
if(isset($_POST['install'])) {
// Check if everything is submitted
foreach($theme['config'] as &$c) {
if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox')
2011-04-16 15:28:25 +00:00
error(sprintf($config['error']['required'], $c['title']));
2011-04-13 13:47:47 +00:00
}
// Clear previous settings
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
2011-04-13 13:47:47 +00:00
foreach($theme['config'] as &$c) {
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
$query->bindValue(':theme', $_theme);
2011-04-13 13:47:47 +00:00
$query->bindValue(':name', $c['name']);
$query->bindValue(':value', $_POST[$c['name']]);
$query->execute() or error(db_error($query));
}
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
$query->bindValue(':theme', $_theme);
2011-04-13 13:47:47 +00:00
$query->execute() or error(db_error($query));
2011-06-07 08:52:40 +00:00
$body = '';
if(isset($theme['install_callback'])) {
$ret = $theme['install_callback']($theme['config']);
if($ret && !empty($ret))
$body .= '<div style="border:1px dashed maroon;padding:20px;margin:auto;max-width:800px">' . $ret . '</div>';
}
$body .= '<p style="text-align:center">Successfully installed and built theme.</p>';
// Build themes
rebuildThemes('all');
2011-04-14 10:43:34 +00:00
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Installed "' . htmlentities($theme['name']) . '"',
2011-06-07 08:52:40 +00:00
'body'=>$body,
2011-04-14 10:43:34 +00:00
'mod'=>true
)
);
2011-04-13 13:47:47 +00:00
} else {
$body = '<form action="" method="post">';
if(!isset($theme['config']) || empty($theme['config'])) {
$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>';
} else {
$body .= '<table>';
foreach($theme['config'] as &$c) {
$body .= '<tr><th>' . $c['title'] . '</th><td>';
switch($c['type']) {
case 'text':
default:
2011-06-07 08:52:40 +00:00
$body .= '<input type="text" name="' . htmlentities($c['name']) . '" ' .
(isset($c['default']) ? 'value="' . htmlentities($c['default']) . '" ' :'') .
(isset($c['size']) ? 'size="' . (int)$c['size'] . '" ' :'') .
'/>';
2011-04-13 13:47:47 +00:00
}
2011-04-16 15:28:25 +00:00
if(isset($c['comment']))
$body .= ' <span class="unimportant">' . $c['comment'] . '</span>';
2011-04-13 13:47:47 +00:00
$body .= '</td></tr>';
}
$body .= '</table>';
}
$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Installing "' . htmlentities($theme['name']) . '"',
'body'=>$body,
'mod'=>true
)
);
}
} else {
// Scan directory for themes
$themes = Array();
while($file = readdir($dir)) {
if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
2011-04-13 13:47:47 +00:00
$themes[] = $file;
}
}
closedir($dir);
$body = '';
if(empty($themes)) {
$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>';
} else {
$body .= '<table class="modlog">';
foreach($themes as &$_theme) {
$theme = loadThemeConfig($_theme);
markup($theme['description']);
$body .= '<tr>' .
'<th class="minimal">Name</th>' .
'<td>' . htmlentities($theme['name']) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Version</th>' .
'<td>' . htmlentities($theme['version']) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Description</th>' .
'<td>' . $theme['description'] . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Thumbnail</th>' .
'<td><img style="float:none;margin:4px" src="' . $config['dir']['themes_uri'] . '/' . $_theme . '/thumb.png" /></td>' .
2011-04-13 13:47:47 +00:00
'</tr>' .
'<tr>' .
'<th class="minimal">Actions</th>' .
'<td><ul style="padding:0 20px">' .
'<li>' .
2011-04-14 06:58:43 +00:00
'<a title="Use theme" href="?/themes/' . $_theme . '">Use</a>' .
2011-04-13 13:47:47 +00:00
'</li>' .
'<li>' .
confirmLink('Remove', 'Uninstall theme', 'Are you sure you want to permanently remove this theme?', 'themes/' . $_theme . '/uninstall') .
'</li>' .
'</ul></td>' .
'</tr>' .
2011-04-14 06:58:43 +00:00
'<tr style="height:40px"><td colspan="2"><hr/></td></tr>';
2011-04-13 13:47:47 +00:00
}
$body .= '</table>';
}
2011-04-14 07:10:59 +00:00
$body .= '<p style="text-align:center"><a href="?/themes/none">Don\'t use a theme.</a></p>';
2011-04-13 13:47:47 +00:00
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Select theme',
'body'=>$body,
'mod'=>true
)
);
}
2011-03-30 10:47:06 +00:00
} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
2011-07-03 13:05:14 +00:00
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
2011-03-30 10:47:06 +00:00
$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
header('Location: ?/noticeboard', true, $config['redirect_http']);
} elseif(preg_match('/^\/noticeboard$/', $query)) {
2011-07-03 13:05:14 +00:00
if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
2011-03-30 10:47:06 +00:00
$body = '';
if($mod['type'] >= $config['mod']['noticeboard_post']) {
2011-03-30 10:57:51 +00:00
if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
2011-03-30 10:47:06 +00:00
$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
markup($_POST['body']);
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
}
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
'<th><label for="subject">Name</label></th>' .
'<td>' . $mod['username'] . '</td>' .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to noticeboard" /></td>' .
'</tr></table>' .
'</form></fieldset>';
}
$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($notice = $query->fetch()) {
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) {
$_mod = Array('username' => '<em>???</em>');
}
$body .= '<div class="ban">' .
($mod['type'] >= $config['mod']['noticeboard_delete'] ?
2011-04-13 14:15:20 +00:00
'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice['id'] . '">[delete]</a></span>'
2011-03-30 10:47:06 +00:00
: '') .
2011-04-13 14:15:20 +00:00
'<h2 id="' . $notice['id'] . '">' .
2011-03-30 10:47:06 +00:00
($notice['subject'] ?
$notice['subject']
:
'<em>no subject</em>'
) .
'<span class="unimportant"> — by ' .
$_mod['username'] .
' at ' .
date($config['post_date'], $notice['time']) .
'</span></h2><p>' . $notice['body'] . '</p></div>';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Noticeboard',
'body'=>$body,
2011-03-02 06:51:29 +00:00
'mod'=>true
)
);
2011-04-13 14:24:49 +00:00
} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
2011-07-03 13:05:14 +00:00
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
2011-04-13 14:24:49 +00:00
$query = prepare("DELETE FROM `news` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
rebuildThemes('news');
2011-04-14 07:03:12 +00:00
2011-04-13 14:24:49 +00:00
header('Location: ?/news', true, $config['redirect_http']);
} elseif(preg_match('/^\/news$/', $query)) {
$body = '';
if($mod['type'] >= $config['mod']['news']) {
if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
$query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)");
if(isset($_POST['name']) && $mod['type'] >= $config['mod']['news_custom'])
2011-05-25 10:15:47 +00:00
$name = &$_POST['name'];
2011-04-13 14:24:49 +00:00
else
2011-05-25 10:15:47 +00:00
$name = &$mod['username'];
2011-04-13 14:24:49 +00:00
$query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
markup($_POST['body']);
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
2011-04-14 07:03:12 +00:00
rebuildThemes('news');
2011-04-13 14:24:49 +00:00
}
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
2011-04-14 07:03:12 +00:00
'<th>Name</th>' .
2011-04-13 14:24:49 +00:00
($mod['type'] >= $config['mod']['news_custom'] ?
2011-04-14 07:03:12 +00:00
'<td><input type="text" size="55" name="name" id="name" value="' . htmlentities($mod['username']) . '" /></td>'
2011-04-13 14:24:49 +00:00
:
'<td>' . $mod['username'] . '</td>') .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to news" /></td>' .
'</tr></table>' .
'</form></fieldset>';
}
$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($news = $query->fetch()) {
$body .= '<div class="ban">' .
($mod['type'] >= $config['mod']['news_delete'] ?
'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news['id'] . '">[delete]</a></span>'
: '') .
'<h2 id="' . $news['id'] . '">' .
($news['subject'] ?
$news['subject']
:
'<em>no subject</em>'
) .
'<span class="unimportant"> — by ' .
$news['name'] .
' at ' .
date($config['post_date'], $news['time']) .
'</span></h2><p>' . $news['body'] . '</p></div>';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'News',
'body'=>$body,
'mod'=>true
)
);
2011-04-12 08:02:20 +00:00
} elseif(preg_match('/^\/inbox$/', $query, $match)) {
$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() == 0) {
$body = '<p style="text-align:center" class="unimportant">(No private messages for you.)</p>';
} else {
$unread_pms = 0;
$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>';
while($pm = $query->fetch()) {
$body .= '<tr' . ($pm['unread'] ? ' style="font-weight:bold"' : '') . '>' .
'<td class="minimal"><a href="?/PM/' . $pm['id'] . '">' . $pm['id'] . '</a></td>' .
'<td class="minimal"><a href="?/new_PM/' . $pm['sender'] . '">' . $pm['username'] . '</a></td>' .
'<td class="minimal">' . date($config['post_date'], $pm['time']) . '</td>' .
'<td><a href="?/PM/' . $pm['id'] . '">' . pm_snippet($pm['message']) . '</a></td>' .
'</tr>';
if($pm['unread'])
$unread_pms++;
}
$body .= '</table>';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'PM Inbox (' . ($query->rowCount() == 0 ? 'empty' : $unread_pms . ' unread') . ')',
'body'=>$body,
'mod'=>true
)
);
2011-03-17 05:52:43 +00:00
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
2011-05-25 10:15:47 +00:00
$id = &$match[1];
2011-03-17 05:52:43 +00:00
2011-04-10 19:15:15 +00:00
if($mod['type'] >= $config['mod']['master_pm']) {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
2011-04-10 19:15:15 +00:00
} else {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
2011-04-10 19:15:15 +00:00
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
}
2011-03-17 05:52:43 +00:00
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$pm = $query->fetch()) {
// Mod doesn't exist
error($config['error']['404']);
}
if(isset($_POST['delete'])) {
$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Deleted a PM');
2011-03-17 05:52:43 +00:00
header('Location: ?/', true, $config['redirect_http']);
} else {
if($pm['unread']) {
$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Read a PM');
}
2011-03-17 05:52:43 +00:00
2011-04-10 19:15:15 +00:00
if($pm['to'] != $mod['id']) {
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
2011-05-25 10:15:47 +00:00
$__to = &$_mod['username'];
2011-04-10 19:15:15 +00:00
} else {
$__to = false;
2011-04-10 19:15:15 +00:00
}
}
2011-04-12 09:56:37 +00:00
$body = '<form action="" method="post" style="margin:0"><table>' .
2011-04-10 19:15:15 +00:00
'<th>From</th><td>' .
(!$pm['username'] ?
'<em>??</em>'
:
'<a href="?/new_PM/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>'
) .
2011-03-17 05:52:43 +00:00
'</td></tr>' .
2011-04-10 19:15:15 +00:00
(isset($__to) ?
'<th>To</th><td>' .
($__to === false ?
'<em>??</em>'
:
'<a href="?/new_PM/' . $pm['to'] . '">' . htmlentities($__to) . '</a>'
) .
2011-04-10 19:15:15 +00:00
'</td></tr>'
: '') .
2011-03-17 05:52:43 +00:00
'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
'</table>' .
'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
2011-04-12 09:56:37 +00:00
'</form>' .
'<p style="text-align:center"><a href="?/new_PM/' . $pm['sender'] . '/' . $pm['id'] . '">Reply with quote</a></p>';
2011-03-17 05:52:43 +00:00
echo Element('page.html', Array(
'config'=>$config,
2011-03-17 05:52:43 +00:00
'title'=>'Private message',
'body'=>$body,
'mod'=>true
)
);
}
2011-04-12 09:56:37 +00:00
} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
2011-07-03 13:05:14 +00:00
if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
2011-03-17 05:52:43 +00:00
2011-05-25 10:15:47 +00:00
$to = &$match[1];
2011-03-17 05:52:43 +00:00
$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $to, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$to = $query->fetch()) {
// Mod doesn't exist
error($config['error']['404']);
}
if(isset($_POST['message'])) {
// Post message
2011-05-25 10:15:47 +00:00
$message = &$_POST['message'];
2011-03-17 05:52:43 +00:00
if(empty($message))
error($config['error']['tooshort_body']);
markup($message);