diff --git a/inc/functions.php b/inc/functions.php index c9b85ad4..6901de62 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -299,7 +299,7 @@ } // Delete a post (reply or thread) - function deletePost($id) { + function deletePost($id, $error_if_doesnt_exist=true) { global $board; // Select post and replies (if thread) in one query @@ -308,7 +308,9 @@ $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { - error(ERROR_INVALIDPOST); + if($error_if_doesnt_exist) + error(ERROR_INVALIDPOST); + else return false; } // Delete posts and maybe replies @@ -337,6 +339,8 @@ if(isset($rebuild)) { buildThread($rebuild); } + + return true; } function clean() { @@ -370,7 +374,7 @@ while($th = $query->fetch()) { $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod); - $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri'])); + $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `id` DESC LIMIT ?", $board['uri'])); $posts->bindValue(1, $th['id']); $posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT); $posts->execute() or error(db_error($posts)); @@ -859,7 +863,7 @@ switch($type) { case 'jpg': case 'jpeg': - if(!$image = imagecreatefromjpeg($source_pic)) { + if(!$image = @imagecreatefromjpeg($source_pic)) { unlink($source_pic); error(ERR_INVALIDIMG); } diff --git a/inc/mod.php b/inc/mod.php index 5a3e6157..115c595a 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -20,7 +20,7 @@ $query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); - $query->execute(); + $query->execute() or error(db_error($query)); if($user = $query->fetch()) { return $mod = Array( @@ -56,6 +56,16 @@ unset($_SESSION['mod']); } + function modLog($action) { + global $mod; + $query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :time, :text)"); + $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':text', $action); + $query->execute() or error(db_error($query)); + } + if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) { // Should be username:session hash $cookie = explode(':', $_COOKIE['mod']); diff --git a/main.js b/main.js index d0a82dda..038713cd 100644 --- a/main.js +++ b/main.js @@ -6,8 +6,11 @@ function highlightReply(id) if (divs[i].className.indexOf('post') != -1) divs[i].className = divs[i].className.replace(/highlighted/, ''); } - if (id) - document.getElementById('reply_'+id).className += ' highlighted'; + if (id) { + post = document.getElementById('reply_'+id); + if(post) + post.className += ' highlighted'; + } } function focusId(id) { diff --git a/mod.php b/mod.php index 43dd8d26..12b730a0 100644 --- a/mod.php +++ b/mod.php @@ -43,6 +43,8 @@ if(!login($_POST['username'], $_POST['password'])) loginForm(ERROR_INVALID, $_POST['username']); + modLog("Logged in."); + // Login successful // Set cookies setCookies(); @@ -295,6 +297,9 @@ } $query->execute() or error(db_error($query)); + // Record the action + modLog("Created a new board: {$b['title']}"); + // Open the board openBoard($b['uri']) or error("Couldn't open board after creation."); @@ -356,6 +361,10 @@ // Delete post deleteFile($post); + + // Record the action + modLog("Removed file from post #{$post}"); + // Rebuild board buildIndex(); @@ -377,6 +386,10 @@ // Delete post deletePost($post); + + // Record the action + modLog("Deleted post #{$post}"); + // Rebuild board buildIndex(); @@ -399,8 +412,12 @@ $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { + // Record the action + modLog("Unstickied post #{$post}"); $query->bindValue(':sticky', 0, PDO::PARAM_INT); } else { + // Record the action + modLog("Stickied post #{$post}"); $query->bindValue(':sticky', 1, PDO::PARAM_INT); } @@ -429,8 +446,12 @@ $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { + // Record the action + modLog("Unlocked post #{$post}"); $query->bindValue(':locked', 0, PDO::PARAM_INT); } else { + // Record the action + modLog("Locked post #{$post}"); $query->bindValue(':locked', 1, PDO::PARAM_INT); } @@ -454,10 +475,22 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = (SELECT `ip` FROM `posts_%s` WHERE `id` = :id)", $board['uri'], $board['uri'])); + $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); + if(!$post = $query->fetch()) + error(ERROR_INVALIDPOST); + + $ip = $post['ip']; + + // Record the action + modLog("Deleted all posts by IP address: #{$ip}"); + + $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri'])); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + if($query->rowCount() < 1) error(ERROR_INVALIDPOST); @@ -529,6 +562,10 @@ } else { $query->bindValue(':reason', null, PDO::PARAM_NULL); } + + // Record the action + modLog("Created a ban for {$_POST['ip']} with reason {$_POST['reason']}"); + $query->execute() or error(db_error($query)); // Delete too diff --git a/post.php b/post.php index 62260e1b..38599222 100644 --- a/post.php +++ b/post.php @@ -221,7 +221,7 @@ if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name')); if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); - if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); + if(!$mod && strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));