Merge pull request 'Store the source ip of a ban appeal' (#125) from display-appeal-src-ip into config

Reviewed-on: #125

inc/mod/pages.php

@@ -858,7 +858,7 @@ function mod_page_ip($ip) {
     if (filter_var($ip, FILTER_VALIDATE_IP) === false)
         error("Invalid IP address.");
 
-    if (isset($_POST['ban_id'], $_POST['unban'])) {
+    if (isset($_POST['ban_id'], $_POST['unban_mask'])) {
         if (!hasPermission($config['mod']['unban']))
             error($config['error']['noaccess']);
 
@@ -1066,7 +1066,7 @@ function mod_ban_appeals() {
         return;
     }
 
-    $query = query("SELECT *, ``ban_appeals``.`id` AS `id` FROM ``ban_appeals``
+    $query = query("SELECT *, ``ban_appeals``.`id` AS `id`, ``ban_appeals``.`source_ip` AS `source_ip` FROM ``ban_appeals``
         LEFT JOIN ``bans`` ON `ban_id` = ``bans``.`id`
         LEFT JOIN ``mods`` ON ``bans``.`creator` = ``mods``.`id`
         WHERE `denied` != 1 ORDER BY `time`") or error(db_error());

install.sql

@@ -290,6 +290,7 @@ CREATE TABLE IF NOT EXISTS `flood` (
 CREATE TABLE IF NOT EXISTS `ban_appeals` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `ban_id` int(10) unsigned NOT NULL,
+  `source_ip` varbinary(16) DEFAULT NULL,
   `time` int(10) unsigned NOT NULL,
   `message` text NOT NULL,
   `denied` tinyint(1) NOT NULL,

post.php

@@ -170,10 +170,11 @@ function db_insert_report($ip, $board, $post_id, $reason)
  * @param string $appeal_message Appeal message.
  * @return void
  */
-function db_insert_ban_appeal($ban_id, $appeal_message)
+function db_insert_ban_appeal($ban_id, $source_ip, $appeal_message)
 {
-    $query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)");
+    $query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :source_ip, :time, :message, 0)");
     $query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT);
+    $query->bindValue(':source_ip', $source_ip);
     $query->bindValue(':time', time(), PDO::PARAM_INT);
     $query->bindValue(':message', $appeal_message);
     $query->execute() or error(db_error($query));
@@ -1671,7 +1672,8 @@ function handle_appeal()
     // Doubles as sanitization against SQL injection.
     $ban_id = (int) $_POST['ban_id'];
 
-    $bans = Bans::find($_SERVER['REMOTE_ADDR']);
+    $source_ip = $_SERVER['REMOTE_ADDR'];
+    $bans = Bans::find($source_ip);
     foreach ($bans as $_ban) {
         if ($_ban['id'] == $ban_id) {
             $ban = $_ban;
@@ -1705,7 +1707,7 @@ function handle_appeal()
 
     // Sanitize away eventual Cross Site Scripting funkyness.
     $appeal_msg = htmlspecialchars($_POST['appeal']);
-    db_insert_ban_appeal($ban_id, $appeal_msg);
+    db_insert_ban_appeal($ban_id, $source_ip, $appeal_msg);
 
     displayBan($ban);
 }

templates/mod/ban_appeals.html

@@ -15,9 +15,15 @@
 		</tr>
 		{% if mod|hasPermission(config.mod.show_ip, board.uri) %}
 			<tr>
-				<th>{% trans 'IP' %}</th>
+				<th>{% trans 'Ban mask' %}</th>
 				<td><a href="/mod.php?/IP/{{ ban.mask }}"</a>{{ ban.mask }}</td>
 			</tr>
+			{% if ban.source_ip %}
+			<tr>
+				<th>{% trans 'Appeal IP' %}</th>
+				<td><a href="/mod.php?/IP/{{ ban.source_ip }}"</a>{{ ban.source_ip }}</td>
+			</tr>
+			{% endif %}
 		{% endif %}
 		<tr>
 			<th>{% trans 'Reason' %}</th>
@@ -89,13 +95,13 @@
 				<th>{% trans 'Action' %}</th>
 				<td>
 					<input type="hidden" name="appeal_id" value="{{ ban.id }}">
-					<input type="submit" name="unban" value="Unban"> 
+					<input type="submit" name="unban_mask" value="Unban mask">
 					<input type="submit" name="deny" value="Deny appeal">
 				</td>
 			</tr>
 		{% endif %}
 	</table>
-	
+
 	{% if ban.post %}
 		<div style="">
 			{{ ban.post.build(true) }}