diff --git a/inc/lib/Twig/Extensions/Extension/Tinyboard.php b/inc/lib/Twig/Extensions/Extension/Tinyboard.php index 2691cc55..df652444 100644 --- a/inc/lib/Twig/Extensions/Extension/Tinyboard.php +++ b/inc/lib/Twig/Extensions/Extension/Tinyboard.php @@ -76,7 +76,7 @@ function twig_date_filter($date, $format) { return strftime($format, $date); } -function twig_hasPermission_filter($mod, $permission, $board = false) { +function twig_hasPermission_filter($mod, $permission, $board = null) { return hasPermission($permission, $board, $mod); } diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 31c78528..e388c509 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -313,6 +313,7 @@ function mod_lock($board, $unlock, $post) { $query->bindValue(':locked', $unlock ? 0 : 1); $query->execute() or error(db_error($query)); if($query->rowCount()) { + modLog(($unlock ? 'Unlocked' : 'Locked') . " thread #{$post}"); buildThread($post); buildIndex(); } @@ -334,6 +335,7 @@ function mod_sticky($board, $unsticky, $post) { $query->bindValue(':sticky', $unsticky ? 0 : 1); $query->execute() or error(db_error($query)); if($query->rowCount()) { + modLog(($unlock ? 'Unstickied' : 'Stickied') . " thread #{$post}"); buildThread($post); buildIndex(); } @@ -355,6 +357,7 @@ function mod_bumplock($board, $unbumplock, $post) { $query->bindValue(':bumplock', $unbumplock ? 0 : 1); $query->execute() or error(db_error($query)); if($query->rowCount()) { + modLog(($unlock ? 'Unbumplocked' : 'Bumplocked') . " thread #{$post}"); buildThread($post); buildIndex(); } @@ -382,6 +385,85 @@ function mod_delete($board, $post) { header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']); } +function mod_user($uid) { + global $config, $mod; + + if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id'])) + error($config['error']['noaccess']); + + $query = prepare('SELECT * FROM `mods` WHERE `id` = :id'); + $query->bindValue(':id', $uid); + $query->execute() or error(db_error($query)); + if (!$user = $query->fetch(PDO::FETCH_ASSOC)) + error($config['error']['404']); + + if (hasPermission($config['mod']['editusers']) && isset($_POST['username'], $_POST['password'])) { + if (isset($_POST['allboards'])) { + $boards = array('*'); + } else { + $_boards = listBoards(); + foreach ($_boards as &$board) { + $board = $board['uri']; + } + + $boards = array(); + foreach ($_POST as $name => $value) { + if (preg_match('/^board_(\w+)$/', $name, $matches) && in_array($matches[1], $_boards)) + $boards[] = $matches[1]; + } + } + + $query = prepare('UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id'); + $query->bindValue(':id', $uid); + $query->bindValue(':username', $_POST['username']); + $query->bindValue(':boards', implode(',', $boards)); + $query->execute() or error(db_error($query)); + + if ($_POST['password'] != '') { + $query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id'); + $query->bindValue(':id', $uid); + $query->bindValue(':password', $_POST['password']); + $query->execute() or error(db_error($query)); + + if ($uid == $mod['id']) { + login($_POST['username'], $_POST['password']); + setCookies(); + } + } + + header('Location: ?/users', true, $config['redirect_http']); + return; + } + + if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) { + if ($_POST['password'] != '') { + $query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id'); + $query->bindValue(':id', $uid); + $query->bindValue(':password', $_POST['password']); + $query->execute() or error(db_error($query)); + + login($_POST['username'], $_POST['password']); + setCookies(); + } + + header('Location: ?/users', true, $config['redirect_http']); + return; + } + + if (hasPermission($config['mod']['modlog'])) { + $query = prepare('SELECT * FROM `modlogs` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5'); + $query->bindValue(':id', $uid); + $query->execute() or error(db_error($query)); + $log = $query->fetchAll(PDO::FETCH_ASSOC); + } else { + $log = array(); + } + + $user['boards'] = explode(',', $user['boards']); + + mod_page('Edit user', 'mod/user.html', array('user' => $user, 'logs' => $log, 'boards' => listBoards())); +} + function mod_users() { global $config; diff --git a/mod.php b/mod.php index 8af74a7b..85d10c6c 100644 --- a/mod.php +++ b/mod.php @@ -28,6 +28,7 @@ $pages = array( '!^/log/(\d+)$!' => 'log', // modlog '!^/users$!' => 'users', // manage users + '!^/users/(\d+)$!' => 'user', // edit user '!^/users/(\d+)/(promote|demote)$!' => 'user_promote', // prmote/demote user '!^/new_PM/([^/]+)$!' => 'new_pm', // create a new pm '!^/PM/(\d+)(/reply)?$!' => 'pm', // read a pm diff --git a/templates/mod/log.html b/templates/mod/log.html index 61243202..19924b1d 100644 --- a/templates/mod/log.html +++ b/templates/mod/log.html @@ -2,7 +2,7 @@ Staff IP address - Ago + Time Board Action diff --git a/templates/mod/user.html b/templates/mod/user.html new file mode 100644 index 00000000..87a57d92 --- /dev/null +++ b/templates/mod/user.html @@ -0,0 +1,93 @@ +
+ + + + + + + + + + + + + +
Username + {% if mod|hasPermission(config.mod.editusers) %} + + {% else %} + {{ user.username|e }} + {% endif %} +
Password (new; optional) + {% if mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.change_password) and user.id == mod.id) %} + + {% else %} + - + {% endif %} +
Boards +
    +
  • + + +
    • + {% for board in boards %} +
  • + + +
    • + {% endfor %} +
+
+ + +
+ +{% if logs|count > 0 %} + + + + + + + + {% for log in logs %} + + + + + + + {% endfor %} +
IP addressTimeBoardAction
+ {{ log.ip }} + + {{ log.time|ago }} + + {% if log.board %} + {{ config.board_abbreviation|sprintf(log.board) }} + {% else %} + - + {% endif %} + + {{ log.text }} +
+{% endif %}