Basic ban-adding

13 years ago · ca7faa835e
2 changed files with 134 additions and 6 deletions
--- a/inc/mod.php
+++ b/inc/mod.php
@ -111,24 +111,57 @@
 		return $body;
 	}
 	
+	function form_newBan($ip=null, $reason='', $continue=false) {
+		return '<fieldset><legend>New ban</legend>' . 
+					'<form action="" method="post">' . 
+						($continue ? '<input type="hidden" name="continue" value="' . htmlentities($continue) . '" />' : '') .
+						'<table>' .
+						'<tr>' . 
+							'<th><label for="ip">IP</label></th>' .
+							'<td><input type="text" name="ip" id="ip" size="15" maxlength="15" ' . 
+								(isset($ip) ?
+									'value="' . htmlentities($ip) . '" ' : ''
+								) .
+							'/></td>' .
+						'</tr>' . 
+						'<tr>' . 
+							'<th><label for="reason">Reason</label></th>' .
+							'<td><textarea name="reason" id="reason" rows="5" cols="30">' .
+								htmlentities($reason) .
+							'</textarea></td>' .
+						'</tr>' . 
+						'<tr>' . 
+							'<th><label for="length">Length</label></th>' .
+							'<td><input type="text" name="length" id="length" size="20" maxlength="40" />' .
+							' <span class="unimportant">(eg. "2d1h30m" or "2 days")</span></td>' .
+						'</tr>' . 
+						'<tr>' . 
+							'<td></td>' . 
+							'<td><input name="new_ban" type="submit" value="New Ban" /></td>' . 
+						'</tr>' . 
+						'</table>' .
+					'</form>' .
+				'</fieldset>';
+	}
+	
 	function form_newBoard() {
 		return '<fieldset><legend>New board</legend>' . 
 					'<form action="?/new" method="post">' . 
 						'<table>' .
 						'<tr>' . 
-							'<th><label for="board">URI:</label></th>' .
+							'<th><label for="board">URI</label></th>' .
 							'<td><input type="text" name="uri" id="board" size="3" maxlength="8" />' .
-							' <span class="unimportant">(eg. "b"; "mu")</span>' .
+							' <span class="unimportant">(eg. "b"; "mu")</span></td>' .
 						'</tr>' . 
 						'<tr>' . 
-							'<th><label for="title">Title:</label></th>' .
+							'<th><label for="title">Title</label></th>' .
 							'<td><input type="text" name="title" id="title" size="15" maxlength="20" />' .
-							' <span class="unimportant">(eg. "Random")</span>' .
+							' <span class="unimportant">(eg. "Random")</span></td>' .
 						'</tr>' . 
 						'<tr>' . 
-							'<th><label for="subtitle">Subtitle:</label></th>' .
+							'<th><label for="subtitle">Subtitle</label></th>' .
 							'<td><input type="text" name="subtitle" id="subtitle" size="20" maxlength="40" />' .
-							' <span class="unimportant">(optional)</span>' .
+							' <span class="unimportant">(optional)</span></td>' .
 						'</tr>' . 
 						'<tr>' . 
 							'<td></td>' . 
--- a/mod.php
+++ b/mod.php
@ -280,7 +280,102 @@
 				header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
 			else
 				header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
+		} elseif(preg_match('/^\/' . $regex['board'] . 'ban\/(\d+)$/', $query, $matches)) {
+			if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
+			// Ban by post
+			
+			$boardName = $matches[1];
+			$post = $matches[2];
+			// Open board
+			if(!openBoard($boardName))
+				error(ERROR_NOBOARD);
+			
+			// Delete post
+			//deletePost($post);
+			// Rebuild board
+			//buildIndex();
+			
+			$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
+			$query->bindValue(':id', $post, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
 			
+			if($query->rowCount() < 1) {
+				error(ERROR_INVALIDPOST);
+			}
+		
+			$post = $query->fetch();
+			
+			if(isset($_POST['new_ban'])) {
+				if(	!isset($_POST['ip']) ||
+					!isset($_POST['reason']) ||
+					!isset($_POST['length'])
+				)	error(ERROR_MISSEDAFIELD);
+				
+				// Check required fields
+				if(empty($_POST['ip']))
+					error(sprintf(ERROR_REQUIRED, 'IP address'));
+				
+				$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :expires, :reason)");
+				
+				// 1yr2hrs30mins
+				// 1y2h30m
+				if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?m?i?n?u?t?e?s?)?\s?+((\d+)\s?s?e?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
+					$expire = 0;
+					if(isset($m[2])) {
+						// Years
+						$expire += $m[2]*60*60*24*7*52;
+					}
+					if(isset($m[4])) {
+						// Weeks
+						$expire += $m[4]*60*60*24*7;
+					}
+					if(isset($m[6])) {
+						// Days
+						$expire += $m[6]*60*60*24;
+					}
+					if(isset($m[8])) {
+						// Hours
+						$expire += $m[8]*60*60;
+					}
+					if(isset($m[10])) {
+						// Minutes
+						$expire += $m[10]*60;
+					}
+					if(isset($m[12])) {
+						// Seconds
+						$expire += $m[12];
+					}
+					$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
+				} else {
+					// Never expire
+					$query->bindValue(':expires', null, PDO::PARAM_NULL);
+				}
+				
+				$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
+				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+				if(isset($_POST['reason'])) {
+					$query->bindValue(':reason', $_POST['reason'], PDO::PARAM_STR);
+				} else {
+					$query->bindValue(':reason', null, PDO::PARAM_NULL);
+				}
+				$query->execute() or error(db_error($query));
+				
+				// Redirect
+				if(isset($_POST['continue']))
+					header('Location: ' . $_POST['continue'], true, REDIRECT_HTTP);
+				else
+					header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);				
+			}
+			
+			$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false);
+			
+			echo Element('page.html', Array(
+				'index'=>ROOT,
+				'title'=>'New ban',
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
 		} else {
 			error(ERROR_404);
 		}