Browse Source

a Fixed delete by IP, plus a bunch of small stuff

pull/40/head
Savetheinternet 12 years ago
parent
commit
c34ea2e3af
  1. 12
      inc/functions.php
  2. 12
      inc/mod.php
  3. 7
      main.js
  4. 39
      mod.php
  5. 2
      post.php

12
inc/functions.php

@ -299,7 +299,7 @@
}
// Delete a post (reply or thread)
function deletePost($id) {
function deletePost($id, $error_if_doesnt_exist=true) {
global $board;
// Select post and replies (if thread) in one query
@ -308,7 +308,9 @@
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
error(ERROR_INVALIDPOST);
if($error_if_doesnt_exist)
error(ERROR_INVALIDPOST);
else return false;
}
// Delete posts and maybe replies
@ -337,6 +339,8 @@
if(isset($rebuild)) {
buildThread($rebuild);
}
return true;
}
function clean() {
@ -370,7 +374,7 @@
while($th = $query->fetch()) {
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod);
$posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri']));
$posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `id` DESC LIMIT ?", $board['uri']));
$posts->bindValue(1, $th['id']);
$posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT);
$posts->execute() or error(db_error($posts));
@ -859,7 +863,7 @@
switch($type) {
case 'jpg':
case 'jpeg':
if(!$image = imagecreatefromjpeg($source_pic)) {
if(!$image = @imagecreatefromjpeg($source_pic)) {
unlink($source_pic);
error(ERR_INVALIDIMG);
}

12
inc/mod.php

@ -20,7 +20,7 @@
$query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
$query->bindValue(':username', $username);
$query->bindValue(':password', $password);
$query->execute();
$query->execute() or error(db_error($query));
if($user = $query->fetch()) {
return $mod = Array(
@ -56,6 +56,16 @@
unset($_SESSION['mod']);
}
function modLog($action) {
global $mod;
$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :time, :text)");
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':text', $action);
$query->execute() or error(db_error($query));
}
if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) {
// Should be username:session hash
$cookie = explode(':', $_COOKIE['mod']);

7
main.js

@ -6,8 +6,11 @@ function highlightReply(id)
if (divs[i].className.indexOf('post') != -1)
divs[i].className = divs[i].className.replace(/highlighted/, '');
}
if (id)
document.getElementById('reply_'+id).className += ' highlighted';
if (id) {
post = document.getElementById('reply_'+id);
if(post)
post.className += ' highlighted';
}
}
function focusId(id)
{

39
mod.php

@ -43,6 +43,8 @@
if(!login($_POST['username'], $_POST['password']))
loginForm(ERROR_INVALID, $_POST['username']);
modLog("Logged in.");
// Login successful
// Set cookies
setCookies();
@ -295,6 +297,9 @@
}
$query->execute() or error(db_error($query));
// Record the action
modLog("Created a new board: {$b['title']}");
// Open the board
openBoard($b['uri']) or error("Couldn't open board after creation.");
@ -356,6 +361,10 @@
// Delete post
deleteFile($post);
// Record the action
modLog("Removed file from post #{$post}");
// Rebuild board
buildIndex();
@ -377,6 +386,10 @@
// Delete post
deletePost($post);
// Record the action
modLog("Deleted post #{$post}");
// Rebuild board
buildIndex();
@ -399,8 +412,12 @@
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unstickied post #{$post}");
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Stickied post #{$post}");
$query->bindValue(':sticky', 1, PDO::PARAM_INT);
}
@ -429,8 +446,12 @@
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unlocked post #{$post}");
$query->bindValue(':locked', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Locked post #{$post}");
$query->bindValue(':locked', 1, PDO::PARAM_INT);
}
@ -454,10 +475,22 @@
if(!openBoard($boardName))
error(ERROR_NOBOARD);
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = (SELECT `ip` FROM `posts_%s` WHERE `id` = :id)", $board['uri'], $board['uri']));
$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if(!$post = $query->fetch())
error(ERROR_INVALIDPOST);
$ip = $post['ip'];
// Record the action
modLog("Deleted all posts by IP address: #{$ip}");
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri']));
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1)
error(ERROR_INVALIDPOST);
@ -529,6 +562,10 @@
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
// Record the action
modLog("Created a ban for {$_POST['ip']} with reason {$_POST['reason']}");
$query->execute() or error(db_error($query));
// Delete too

2
post.php

@ -221,7 +221,7 @@
if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name'));
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
if(!$mod && strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY);
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));

Loading…
Cancel
Save