diff --git a/inc/config.php b/inc/config.php index 4b03c3b7..b4bbc60e 100644 --- a/inc/config.php +++ b/inc/config.php @@ -736,16 +736,14 @@ // Remote servers // http://tinyboard.org/wiki/index.php?title=Multiple_Servers - //$config['remote'] = Array( - // 'static' => Array( - // 'host' => 'static.example.org', - // 'auth' => Array( - // 'method' => 'plain', - // 'username' => 'username', - // 'password' => 'password!123' - // ), - // 'type' => 'scp' - // ) + //$config['remote']['static'] = Array( + // 'host' => 'static.example.org', + // 'auth' => Array( + // 'method' => 'plain', + // 'username' => 'username', + // 'password' => 'password!123' + // ), + // 'type' => 'scp' //); // Enable reCaptcha to make spam even harder diff --git a/inc/functions.php b/inc/functions.php index 523d82f5..b461fe99 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -477,13 +477,6 @@ return; } - if($config['memcached']['enabled']) { - // Cached ban? - if($ban = $memcached->get("ban_${board}_${_SERVER['REMOTE_ADDR']}")) { - displayBan($ban); - } - } - $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board); @@ -512,8 +505,6 @@ return; } - if($config['memcached']['enabled']) - $memcached->set("ban_${board}_${_SERVER['REMOTE_ADDR']}", $ban, $ban['expires']); displayBan($ban); } } diff --git a/inc/mod.php b/inc/mod.php index ff89ecf5..a6c2c9cc 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -273,5 +273,20 @@ '' . ''; } - + + + function removeBan($id) { + global $config; + + $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($config['memcached']['enabled']) { + // Remove cached ban + // TODO + $memcached->delete("ban_{$id}"); + } + } + ?> diff --git a/install.php b/install.php index 20806661..3dace266 100644 --- a/install.php +++ b/install.php @@ -1,6 +1,6 @@ = $config['mod']['noticeboard']) { + if(hasPermission($config['mod']['noticeboard'])) { $query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -141,33 +141,33 @@ $fieldset['Noticeboard'] .= '
  • News
    • '; } - if($mod['type'] >= $config['mod']['reports']) { + if(hasPermission($config['mod']['reports'])) { $fieldset['Administration'] .= '
  • Report queue
    • '; } - if($mod['type'] >= $config['mod']['view_banlist']) { + if(hasPermission($config['mod']['view_banlist'])) { $fieldset['Administration'] .= '
  • Ban list
    • '; } - if($mod['type'] >= $config['mod']['manageusers']) { + if(hasPermission($config['mod']['manageusers'])) { $fieldset['Administration'] .= '
  • Manage users
    • '; } - if($mod['type'] >= $config['mod']['modlog']) { + if(hasPermission($config['mod']['modlog'])) { $fieldset['Administration'] .= '
  • Moderation log
    • '; } - if($mod['type'] >= $config['mod']['rebuild']) { + if(hasPermission($config['mod']['rebuild'])) { $fieldset['Administration'] .= '
  • Rebuild static files
    • '; } - if($mod['type'] >= $config['mod']['rebuild'] && $config['memcached']['enabled']) { + if(hasPermission($config['mod']['rebuild']) && $config['memcached']['enabled']) { $fieldset['Administration'] .= '
  • Clear cache
    • '; } - if($mod['type'] >= $config['mod']['show_config']) { + if(hasPermission($config['mod']['show_config'])) { $fieldset['Administration'] .= '
  • Show configuration
    • '; } - if($mod['type'] >= $config['mod']['themes']) { + if(hasPermission($config['mod']['themes'])) { $fieldset['Themes'] .= '
  • Manage themes
    • '; } - if($mod['type'] >= $config['mod']['search']) { + if(hasPermission($config['mod']['search'])) { $fieldset['Search'] .= '
  • ' . ' ' . '' . @@ -530,7 +530,7 @@ } $body .= '
    ' . - ($mod['type'] >= $config['mod']['noticeboard_delete'] ? + (hasPermission($config['mod']['noticeboard_delete']) ? '[delete]' : '') . '

    ' . @@ -568,11 +568,11 @@ } elseif(preg_match('/^\/news$/', $query)) { $body = ''; - if($mod['type'] >= $config['mod']['news']) { + if(hasPermission($config['mod']['news'])) { if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { $query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)"); - if(isset($_POST['name']) && $mod['type'] >= $config['mod']['news_custom']) + if(isset($_POST['name']) && hasPermission($config['mod']['news_custom'])) $name = &$_POST['name']; else $name = &$mod['username']; @@ -591,7 +591,7 @@ $body .= '
    New post' . '' . '' . - ($mod['type'] >= $config['mod']['news_custom'] ? + (hasPermission($config['mod']['news_custom']) ? '' : '') . @@ -612,7 +612,7 @@ $query->execute() or error(db_error($query)); while($news = $query->fetch()) { $body .= '
    ' . - ($mod['type'] >= $config['mod']['news_delete'] ? + (hasPermission($config['mod']['news_delete']) ? '[delete]' : '') . '

    ' . @@ -672,7 +672,7 @@ } elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) { $id = &$match[1]; - if($mod['type'] >= $config['mod']['master_pm']) { + if(hasPermission($config['mod']['master_pm'])) { $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id"); } else { $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); @@ -816,7 +816,7 @@ '

    Name' . $mod['username'] . '
    ' . '' . ''; @@ -985,7 +985,7 @@ $body .= '
    To' . - ($mod['type'] >= $config['mod']['editusers'] ? + (hasPermission($config['mod']['editusers']) ? '' . htmlentities($to['username']) . '' : htmlentities($to['username']) ) . @@ -964,7 +964,7 @@ '' . - ($mod['type'] >= $config['mod']['promoteusers'] ? + (hasPermission($config['mod']['promoteusers']) ? ($_mod['type'] != ADMIN ? '' :'') . @@ -973,11 +973,11 @@ :'') : '' ) . - ($mod['type'] >= $config['mod']['editusers'] || - ($mod['type'] >= $config['mod']['change_password'] && $_mod['id'] == $mod['id'])? + (hasPermission($config['mod']['editusers']) || + (hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])? '[edit]' : '' ) . - ($mod['type'] >= $config['mod']['create_pm'] ? + (hasPermission($config['mod']['create_pm']) ? '[PM]' : '' ) . '
    '; - if($mod['type'] >= $config['mod']['createusers']) { + if(hasPermission($config['mod']['createusers'])) { $body .= '

    Create new user

    '; } @@ -1125,7 +1125,7 @@ error($config['error']['404']); } - if($mod['type'] < $config['mod']['editusers'] && !($mod['type'] >= $config['mod']['change_password'] && $mod['id'] == $_mod['id'] && $change_password_only = true)) + if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true)) error($config['error']['noaccess']); if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) { @@ -1221,7 +1221,7 @@ ' ' . // Delete button - ($mod['type'] >= $config['mod']['deleteusers'] ? + (hasPermission($config['mod']['deleteusers']) ? '

    Delete user

    ' :'') . @@ -1236,7 +1236,7 @@ ); } } elseif(preg_match('/^\/reports$/', $query)) { - if($mod['type'] < $config['mod']['reports']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']); $body = ''; $reports = 0; @@ -1275,9 +1275,9 @@ 'Report date: ' . date($config['post_date'], $report['time']) . '
    ' . 'Reported by: ' . $report['ip'] . '
    ' . '
    ' . - ($mod['type'] >= $config['mod']['report_dismiss'] ? + (hasPermission($config['mod']['report_dismiss']) ? 'Dismiss | ' : '') . - ($mod['type'] >= $config['mod']['report_dismiss_ip'] ? + (hasPermission($config['mod']['report_dismiss_ip']) ? 'Dismiss+' : '') . '

    '; @@ -1312,7 +1312,7 @@ )); } elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) { if(isset($matches[2]) && $matches[2] == '/all') { - if($mod['type'] < $config['mod']['report_dismiss_ip']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']); $query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); @@ -1326,7 +1326,7 @@ modLog('Dismissed all reports by ' . $report['ip']); } } else { - if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']); $query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); @@ -1344,13 +1344,13 @@ // Redirect header('Location: ?/reports', true, $config['redirect_http']); } elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) { - if($mod['type'] < $config['mod']['manageboards']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']); if(!openBoard($matches[1])) error($config['error']['noboard']); if(isset($matches[2]) && $matches[2] == '/delete') { - if($mod['type'] < $config['mod']['deleteboard']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']); // Delete board modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri'])); @@ -1416,7 +1416,7 @@ ' ' . // Delete button - ($mod['type'] >= $config['mod']['deleteboard'] ? + (hasPermission($config['mod']['deleteboard']) ? '

    Delete board

    ' :'') . @@ -1430,27 +1430,18 @@ )); } } elseif(preg_match('/^\/bans$/', $query)) { - if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']); if(isset($_POST['unban'])) { - if($mod['type'] < $config['mod']['unban']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']); foreach($_POST as $post => $value) { - if(preg_match('/^ban_(\w+)_(.+)$/', $post, $m)) { - $m[1] = str_replace('_', '.', $m[2]); - $query = prepare("DELETE FROM `bans` WHERE `ip` = :ip"); - $query->bindValue(':ip', $m[2]); - $query->execute() or error(db_error($query)); - - if($config['memcached']['enabled']) { - // Remove cached ban - // TODO - $memcached->delete("ban_{$m[1]}_${m[2]}"); - } + if(preg_match('/^ban_(\d+)$/', $post, $m)) { + removeBan($m[1]); } } } - if($mod['type'] >= $config['mod']['view_banexpired']) { + if(hasPermission($config['mod']['view_banexpired'])) { $query = prepare("SELECT * FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` GROUP BY `ip` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1478,7 +1469,7 @@ '' . // Checkbox - ' ' . + ' ' . // IP address (preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ? @@ -1514,7 +1505,7 @@ // Staff '' . - ($mod['type'] < $config['mod']['view_banstaff'] ? + (!hasPermission($config['mod']['view_banstaff']) ? ($config['mod']['view_banquestionmark'] ? '?' : @@ -1533,7 +1524,7 @@ $body .= '' . - ($mod['type'] >= $config['mod']['unban'] ? + (hasPermission($config['mod']['unban']) ? '

    ' : '') . @@ -1548,7 +1539,7 @@ ) ); } elseif(preg_match('/^\/flush$/', $query)) { - if($mod['type'] < $config['mod']['rebuild']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); if(!$config['memcached']['enabled']) error('Memcached is not enabled.'); if($memcached->flush()) { @@ -1565,7 +1556,7 @@ 'mod'=>true )); } elseif(preg_match('/^\/rebuild$/', $query)) { - if($mod['type'] < $config['mod']['rebuild']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); set_time_limit($config['mod']['rebuild_timelimit']); @@ -1604,7 +1595,7 @@ 'mod'=>true )); } elseif(preg_match('/^\/config$/', $query)) { - if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['show_config'])) error($config['error']['noaccess']); // Show instance-config.php @@ -1652,7 +1643,7 @@ ) ); } elseif(preg_match('/^\/new$/', $query)) { - if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']); // New board $body = ''; @@ -1770,7 +1761,7 @@ echo $page; } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { - if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['deletefile'])) error($config['error']['noaccess']); // Delete file from post $boardName = &$matches[1]; @@ -1792,7 +1783,7 @@ // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { - if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['delete'])) error($config['error']['noaccess']); // Delete post $boardName = &$matches[1]; @@ -1813,7 +1804,7 @@ // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { - if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['sticky'])) error($config['error']['noaccess']); // Add/remove sticky $boardName = &$matches[1]; @@ -1925,7 +1916,7 @@ if(empty($_POST['ip'])) error(sprintf($config['error']['required'], 'IP address')); - $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason, :board)"); + $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)"); // 1yr2hrs30mins // 1y2h30m @@ -2007,7 +1998,7 @@ buildIndex(); } - if($mod['type'] >= $config['mod']['public_ban'] && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) { + if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) { openBoard($_POST['board']); $post = round($_POST['post']); @@ -2094,19 +2085,10 @@ $ip = $matches[1]; $host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false; - if($mod['type'] >= $config['mod']['unban'] && isset($_POST['unban'])) { - $query = prepare("DELETE FROM `bans` WHERE `ip` = :ip"); - $query->bindValue(':ip', $ip); - $query->execute() or error(db_error($query)); - - if($config['memcached']['enabled']) { - // Remove cached ban(s) - $boards = listBoards(); - foreach($boards as &$_board) { - $memcached->delete("ban_{$_board['id']}_${ip}"); - } - } - } elseif($mod['type'] >= $config['mod']['create_notes'] && isset($_POST['note'])) { + if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) { + removeBan($_POST['ban_id']); + header('Location: ?/IP/' . $ip, true, $config['redirect_http']); + } elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) { $query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)"); $query->bindValue(':ip', $ip); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); @@ -2145,19 +2127,19 @@ '' . $temp . ''; } - if($mod['type'] >= $config['mod']['view_notes']) { + if(hasPermission($config['mod']['view_notes'])) { $query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); - if($query->rowCount() > 0 || $mod['type'] >= $config['mod']['create_notes'] ) { + if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) { $body .= '
    ' . $query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . ''; if($query->rowCount() > 0) { $body .= '' . '' . - ($mod['type'] >= $config['mod']['remove_notes'] ? '' : '') . + (hasPermission($config['mod']['remove_notes']) ? '' : '') . ''; while($note = $query->fetch()) { @@ -2166,7 +2148,7 @@ $_query->bindValue(':id', $note['mod']); $_query->execute() or error(db_error($_query)); if($_mod = $_query->fetch()) { - if($mod['type'] >= $config['mod']['editusers']) + if(hasPermission($config['mod']['editusers'])) $staff = '' . htmlentities($_mod['username']) . ''; else $staff = $_mod['username']; @@ -2184,7 +2166,7 @@ '' . - ($mod['type'] >= $config['mod']['remove_notes'] ? + (hasPermission($config['mod']['remove_notes']) ? '' : '') . ''; @@ -2192,7 +2174,7 @@ $body .= '
    StaffNoteDateActionsActions' . date($config['post_date'], $note['time']) . '[delete]
    '; } - if($mod['type'] >= $config['mod']['create_notes']) { + if(hasPermission($config['mod']['create_notes'])) { $body .= '
    ' . '' . '' . @@ -2215,16 +2197,17 @@ } } - if($mod['type'] >= $config['mod']['view_ban']) { - $query = prepare("SELECT * FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + if(hasPermission($config['mod']['view_ban'])) { + $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() > 0) { - $body .= '
    Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record'; + $body .= '
    Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record'; while($ban = $query->fetch()) { - $body .= '
    Status' . + $body .= '' . + '' . - - '
    Status' . ($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ? 'Expired' : 'Active') . @@ -2258,7 +2241,7 @@ // Staff '
    Staff' . - ($mod['type'] < $config['mod']['view_banstaff'] ? + (!hasPermission($config['mod']['view_banstaff']) ? ($config['mod']['view_banquestionmark'] ? '?' : @@ -2270,18 +2253,21 @@ : $ban['username'] ) . - '
    '; + '
    ' . + + '' . + + '
    '; } - - $body .= '
    '; + + $body .= ''; + } } - if($mod['type'] >= $config['mod']['ip_banform']) + if(hasPermission($config['mod']['ip_banform'])) $body .= form_newBan($ip, null, '?/IP/' . $ip); echo Element('page.html', Array(