From 7f6f836bf85350fe92d3975d2fb3973343923aeb Mon Sep 17 00:00:00 2001
From: Michael Save <savetheinternet@tinyboard.org>
Date: Fri, 13 Apr 2012 10:41:30 +1000
Subject: [PATCH] IP notes

---
 inc/mod/ban.php            |  4 ++
 inc/mod/pages.php          | 90 +++++++++++++++++++++++++++++++++++---
 mod.php                    | 15 +++++--
 templates/mod/confirm.html |  7 +++
 templates/mod/log.html     | 11 +++++
 templates/mod/view_ip.html | 80 ++++++++++++++++++++++++++++++---
 6 files changed, 191 insertions(+), 16 deletions(-)
 create mode 100644 templates/mod/confirm.html
 create mode 100644 templates/mod/log.html

diff --git a/inc/mod/ban.php b/inc/mod/ban.php
index 33b64975..8d86cbcd 100644
--- a/inc/mod/ban.php
+++ b/inc/mod/ban.php
@@ -55,6 +55,8 @@ function parse_time($str) {
 function ban($mask, $reason, $length, $board) {
 	global $mod;
 	
+	// TODO: permissions
+	
 	$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board)");
 	$query->bindValue(':ip', $mask);
 	$query->bindValue(':mod', $mod['id']);
@@ -79,6 +81,8 @@ function ban($mask, $reason, $length, $board) {
 }
 
 function unban($id) {
+	// TODO: permissions
+	
 	$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
 	$query->bindValue(':id', $id);
 	$query->execute() or error(db_error($query));
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index e7e4f065..73015cf9 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -52,7 +52,11 @@ function mod_login() {
 	if (isset($_POST['username']))
 		$args['username'] = $_POST['username'];
 
-	mod_page('Dashboard', 'mod/login.html', $args);
+	mod_page('Login', 'mod/login.html', $args);
+}
+
+function mod_confirm($request) {
+	mod_page('Confirm action', 'mod/confirm.html', array('request' => $request));
 }
 
 function mod_dashboard() {
@@ -63,6 +67,21 @@ function mod_dashboard() {
 	mod_page('Dashboard', 'mod/dashboard.html', $args);
 }
 
+function mod_log($page_no = 1) {
+	global $config;
+	
+	if (!hasPermission($config['mod']['modlog']))
+		error($config['error']['noaccess']);
+	
+	$query = prepare("SELECT `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
+	$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
+	$query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
+	$query->execute() or error(db_error($query));
+	$logs = $query->fetchAll(PDO::FETCH_ASSOC);
+	
+	mod_page('Moderation log', 'mod/log.html', array('logs' => $logs));
+}
+
 function mod_view_board($boardName, $page_no = 1) {
 	global $config, $mod;
 	
@@ -91,6 +110,20 @@ function mod_view_thread($boardName, $thread) {
 	echo $page;
 }
 
+function mod_ip_remove_note($ip, $id) {
+	global $config, $mod;
+	
+	if (filter_var($ip, FILTER_VALIDATE_IP) === false)
+		error("Invalid IP address.");
+	
+	$query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id');
+	$query->bindValue(':ip', $ip);
+	$query->bindValue(':id', $id);
+	$query->execute() or error(db_error($query));
+	
+	header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
+}
+
 function mod_page_ip($ip) {
 	global $config, $mod;
 	
@@ -105,6 +138,21 @@ function mod_page_ip($ip) {
 		return;
 	}
 	
+	if (isset($_POST['note'])) {
+		// TODO: permissions
+		
+		markup($_POST['note']);
+		$query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)');
+		$query->bindValue(':ip', $ip);
+		$query->bindValue(':mod', $mod['id']);
+		$query->bindValue(':time', time());
+		$query->bindValue(':body', $_POST['note']);
+		$query->execute() or error(db_error($query));
+		
+		header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
+		return;
+	}
+	
 	$args = array();
 	$args['ip'] = $ip;
 	$args['posts'] = array();
@@ -145,14 +193,26 @@ function mod_page_ip($ip) {
 	$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
 	$query->bindValue(':ip', $ip);
 	$query->execute() or error(db_error($query));
-	$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);	
+	$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
+	
+	$query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
+	$query->bindValue(':ip', $ip);
+	$query->execute() or error(db_error($query));
+	$args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC);
 	
 	mod_page("IP: $ip", 'mod/view_ip.html', $args);
 }
 
-function mod_page_ban() {
-	if(!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board']))
-		error($config['error']['missedafield']);
+function mod_ban() {
+	if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
+		mod_page("New ban", 'mod/ban_form.html', array());
+		return;
+	}
+	
+	$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
+	$query->bindValue(':ip', $ip);
+	$query->execute() or error(db_error($query));
+	$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
 	
 	$ip = $_POST['ip'];
 	
@@ -166,3 +226,23 @@ function mod_page_ban() {
 		header('Location: ?/', true, $config['redirect_http']);
 }
 
+function mod_delete($board, $post) {
+	global $config, $mod;
+	
+	if (!openBoard($board))
+		error($config['error']['noboard']);
+	
+	if (!hasPermission($config['mod']['delete'], $board))
+		error($config['error']['noaccess']);
+	
+	// Delete post
+	deletePost($post);
+	// Record the action
+	modLog("Deleted post #{$post}");
+	// Rebuild board
+	buildIndex();
+	
+	// Redirect
+	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
+}
+
diff --git a/mod.php b/mod.php
index 5f2cad56..c89c2f01 100644
--- a/mod.php
+++ b/mod.php
@@ -21,11 +21,18 @@ if (get_magic_quotes_gpc()) {
 $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
 
 $pages = array(
-	'!^$!'		=> ':?/',		// redirect to dashboard
-	'!^/$!'		=> 'dashboard',		// dashboard
+	'!^$!'					=> ':?/',		// redirect to dashboard
+	'!^/$!'					=> 'dashboard',		// dashboard
+	'!^/log$!'				=> 'log',		// modlog
+	'!^/log/(\d+)/$!'			=> 'log',		// modlog
 	
-	'!^/IP/(.+)$!'	=> 'ip',		// view ip address
-	'!^/ban$!'	=> 'ban',		// new ban
+	'!^/confirm/(.+)$!'			=> 'confirm',		// confirm action (if javascript didn't work)
+	
+	'!^/ban$!'				=> 'ban',		// new ban
+	'!^/IP/([\w.:]+)$!'			=> 'ip',		// view ip address
+	'!^/IP/([\w.:]+)/remove_note/(\d+)$!'	=> 'ip_remove_note',	// remove note from ip address
+	
+	'!^/(\w+)/delete/(\d+)$!'		=> 'delete',		// delete post
 	
 	// This should always be at the end:
 	'!^/(\w+)/' . preg_quote($config['file_index'], '!') . '?$!'					=> 'view_board',
diff --git a/templates/mod/confirm.html b/templates/mod/confirm.html
new file mode 100644
index 00000000..7509ce3c
--- /dev/null
+++ b/templates/mod/confirm.html
@@ -0,0 +1,7 @@
+<p style="text-align:center;font-size:1.1em">
+	Are you sure you want to do that? <a href="?/{{ request }}">Click to proceed to ?/{{ request }}</a>.
+</p>
+<p class="unimportant" style="text-align:center">
+	You are seeing this message because we were unable to serve a confirmation dialog, probably due to Javascript being disabled.
+</p>
+
diff --git a/templates/mod/log.html b/templates/mod/log.html
new file mode 100644
index 00000000..2aa0ea0a
--- /dev/null
+++ b/templates/mod/log.html
@@ -0,0 +1,11 @@
+<table class="modlog">
+	<tr>
+		<th>
+		
+		</th>
+	</tr>
+	{% for log in logs %}
+		
+	{% endfor %}
+</table>
+
diff --git a/templates/mod/view_ip.html b/templates/mod/view_ip.html
index a9676dd7..3bc9654c 100644
--- a/templates/mod/view_ip.html
+++ b/templates/mod/view_ip.html
@@ -9,9 +9,73 @@
 	</fieldset>
 {% endfor %}
 
-{% set redirect = '?/IP/' ~ ip %}
+{% if mod|hasPermission(config.mod.view_notes) %}
+	<fieldset>
+		<legend>
+			{{ notes|count }} note{% if notes|count != 1 %}s{% endif %} on record
+		</legend>
+		
+		{% if notes|count > 0 %}
+			<table class="modlog">
+				<tr>
+					<th>Staff</th>
+					<th>Note</th>
+					<th>Date</th>
+					{% if mod|hasPermission(config.mod.remove_notes) %}
+						<th>Actions</th>
+					{% endif %}
+				</tr>
+				{% for note in notes %}
+					<tr>
+						<td class="minimal">
+							{% if note.username %}
+								<a href="?/new_PM/{{ note.username }}">{{ note.username }}</a>
+							{% else %}
+								<em>deleted?</em>
+							{% endif %}
+						</td>
+						<td>
+							{{ note.body }}
+						</td>
+						<td class="minimal">
+							{{ note.time|date(config.post_date) }}
+						</td>
+						{% if mod|hasPermission(config.mod.remove_notes) %}
+							<td class="minimal">
+								<a href="?/IP/{{ ip }}/remove_note/{{ note.id }}"><small>[remove]</small></a>
+							</td>
+						{% endif %}
+					</tr>
+				{% endfor %}
+			</table>
+		{% endif %}
+		
+		{% if mod|hasPermission(config.mod.create_notes) %}
+			<form action="" method="post" style="margin:0">
+				<table>
+					<tr>
+						<th>Staff</th>
+						<td>{{ mod.username }}</td>
+					</tr>
+					<tr>
+						<th>
+							<label for="note">Note</label>
+						</th>
+						<td>
+							<textarea id="note" name="note" rows="5" cols="30"></textarea>
+						</td>
+					</tr>
+					<tr>
+						<td></td>
+						<td><input type="submit" value="New note"></td>
+					</tr>
+				</table>
+			</form>
+		{% endif %}
+	</fieldset>
+{% endif %}
 
-{% if bans|count > 0 %}
+{% if bans|count > 0 and mod|hasPermission(config.mod.view_ban) %}
 	<fieldset>
 		<legend>Ban{% if bans|count != 1 %}s{% endif %} on record</legend>
 		
@@ -84,8 +148,10 @@
 	</fieldset>
 {% endif %}
 
-<fieldset>
-	<legend>New ban</legend>
-	{% include 'mod/ban_form.html' %}
-</fieldset>
-
+{% if mod|hasPermission(config.mod.ban) %}
+	<fieldset>
+		<legend>New ban</legend>
+		{% set redirect = '?/IP/' ~ ip %}
+		{% include 'mod/ban_form.html' %}
+	</fieldset>
+{% endif %}