leftypol
/
leftypol
4
5
Fork 2
Code Issues 50 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

per-board moderators

pull/40/head
Savetheinternet 13 years ago
parent
1338769d44
commit
e3cba2b450
5 changed files with 126 additions and 47 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 38
      inc/display.php
  2. 22
      inc/mod.php
  3. 6
      install.php
  4. 1
      install.sql
  5. 106
      mod.php

38
inc/display.php
View File

@ -241,29 +241,29 @@
$built = '';
if($this->mod) {
// Mod controls (on posts)
$built .= '<span class="controls">';
// Delete
if($this->mod['type'] >= $config['mod']['delete'])
if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id);
// Delete all posts by IP
if($this->mod['type'] >= $config['mod']['deletebyip'])
if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by IP?', $board['uri'] . '/deletebyip/' . $this->id);
// Ban
if($this->mod['type'] >= $config['mod']['ban'])
if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if($this->mod['type'] >= $config['mod']['bandelete'])
if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Delete file (keep post)
if(!empty($this->file) && $this->mod['type'] >= $config['mod']['deletefile'])
if(!empty($this->file) && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . $config['mod']['link_deletefile'] . '</a>';
$built .= '</span>';
if(!empty($built))
$built = '<span class="controls">' . $built . '</span>';
}
return $built;
}
@ -309,7 +309,7 @@
. (!empty($this->capcode) ? capcode($this->capcode) : '');
// IP Address
if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) {
if($this->mod && hasPermission($config['mod']['show_ip'], $board['uri'], $this->mod)) {
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
}
@ -436,43 +436,42 @@
$built = '';
if($this->mod) {
// Mod controls (on posts)
$built .= '<span class="controls op">';
// Delete
if($this->mod['type'] >= $config['mod']['delete'])
if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id);
// Delete all posts by IP
if($this->mod['type'] >= $config['mod']['deletebyip'])
if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by IP?', $board['uri'] . '/deletebyip/' . $this->id);
// Ban
if($this->mod['type'] >= $config['mod']['ban'])
if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if($this->mod['type'] >= $config['mod']['bandelete'])
if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Delete file (keep post)
if(!empty($this->file) && $this->file != 'deleted' && $this->mod['type'] >= $config['mod']['deletefile'])
if(!empty($this->file) && $this->file != 'deleted' && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . $config['mod']['link_deletefile'] . '</a>';
// Sticky
if($this->mod['type'] >= $config['mod']['sticky'])
if(hasPermission($config['mod']['sticky'], $board['uri'], $this->mod))
if($this->sticky)
$built .= ' <a title="Make thread not sticky" href="?/' . $board['uri'] . '/unsticky/' . $this->id . '">' . $config['mod']['link_desticky'] . '</a>';
else
$built .= ' <a title="Make thread sticky" href="?/' . $board['uri'] . '/sticky/' . $this->id . '">' . $config['mod']['link_sticky'] . '</a>';
// Lock
if($this->mod['type'] >= $config['mod']['lock'])
if(hasPermission($config['mod']['lock'], $board['uri'], $this->mod))
if($this->locked)
$built .= ' <a title="Unlock thread" href="?/' . $board['uri'] . '/unlock/' . $this->id . '">' . $config['mod']['link_unlock'] . '</a>';
else
$built .= ' <a title="Lock thread" href="?/' . $board['uri'] . '/lock/' . $this->id . '">' . $config['mod']['link_lock'] . '</a>';
$built .= '</span>';
if(!empty($built))
$built = '<span class="controls op">' . $built . '</span>';
}
return $built;
}
@ -534,7 +533,8 @@
. (!empty($this->capcode) ? capcode($this->capcode) : '');
// IP Address
if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) {
if($this->mod && hasPermission($config['mod']['show_ip'], $board['uri'], $this->mod)) {
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
}

22
inc/mod.php
View File

@ -14,6 +14,21 @@
return substr(base64_encode(sha1(rand() . time(), true)), 0, $length);
}
function hasPermission($action = null, $board = null, $_mod = null) {
if(isset($_mod))
$mod = &$_mod;
else
global $mod;
if(isset($action) && $mod['type'] < $action)
return false;
if(isset($board) && !in_array($board, $mod['boards']))
return false;
return true;
}
function login($username, $password, $makehash=true) {
global $mod;
@ -22,7 +37,7 @@
$password = sha1($password);
}
$query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
$query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
$query->bindValue(':username', $username);
$query->bindValue(':password', $password);
$query->execute() or error(db_error($query));
@ -33,7 +48,8 @@
'type' => $user['type'],
'username' => $username,
'password' => $password,
'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash()
'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash(),
'boards' => explode(',', $user['boards'])
);
} else return false;
}
@ -230,4 +246,4 @@
'</fieldset>';
}
?>
?>

6
install.php
View File

@ -1,6 +1,6 @@
<?php
// Installation/upgrade file
define('VERSION', 'v0.9.3-dev-1');
define('VERSION', 'v0.9.3-dev-2');
require 'inc/functions.php';
require 'inc/display.php';
@ -73,7 +73,9 @@
query("ALTER TABLE `theme_settings` ADD `theme` VARCHAR( 40 ) NOT NULL FIRST") or error(db_error());
query("ALTER TABLE `theme_settings` CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error());
query("ALTER TABLE `theme_settings` DROP INDEX `name`") or error(db_error());
case 'v0.9.3-dev-1':
query("ALTER TABLE `mods` ADD `boards` TEXT NOT NULL") or error(db_error());
case false:
// Update version number
file_write($config['has_installed'], VERSION);

1
install.sql
View File

@ -104,6 +104,7 @@ CREATE TABLE IF NOT EXISTS `mods` (
`username` varchar(30) NOT NULL,
`password` char(40) NOT NULL COMMENT 'SHA1',
`type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin',
`boards` TEXT NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`,`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

106
mod.php
View File

@ -267,7 +267,7 @@
)
);
} elseif(preg_match('/^\/log$/', $query)) {
if($mod['type'] < $config['mod']['modlog']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
$boards = Array();
$_boards = listBoards();
@ -309,7 +309,7 @@
)
);
} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
if($mod['type'] < $config['mod']['themes']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
// Clearsettings
query("TRUNCATE TABLE `theme_settings`") or error(db_error());
@ -322,7 +322,7 @@
)
);
} elseif(preg_match('/^\/themes(\/(\w+))?$/', $query, $match)) {
if($mod['type'] < $config['mod']['themes']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
if(!is_dir($config['dir']['themes']))
error('Themes directory doesn\'t exist!');
@ -476,7 +476,7 @@
);
}
} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
if($mod['type'] < $config['mod']['noticeboard_delete']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
@ -484,7 +484,7 @@
header('Location: ?/noticeboard', true, $config['redirect_http']);
} elseif(preg_match('/^\/noticeboard$/', $query)) {
if($mod['type'] < $config['mod']['noticeboard']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
$body = '';
@ -553,7 +553,7 @@
)
);
} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
if($mod['type'] < $config['mod']['noticeboard_delete']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `news` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
@ -744,7 +744,7 @@
);
}
} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
if($mod['type'] < $config['mod']['create_pm']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
$to = &$match[1];
@ -826,7 +826,7 @@
);
}
} elseif(preg_match('/^\/search$/', $query)) {
if($mod['type'] < $config['mod']['search']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']);
$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
'<p><label style="display:inline" for="search">Phrase:</label> ' .
@ -920,9 +920,9 @@
)
);
} elseif(preg_match('/^\/users$/', $query)) {
if($mod['type'] < $config['mod']['manageusers']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']);
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Last action</th><th></th></tr>';
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Boards</th><th>Last action</th><th></th></tr>';
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
while($_mod = $query->fetch()) {
@ -940,6 +940,10 @@
$type .
'</td>' .
'<td>' .
str_replace(',', ', ', $_mod['boards']) .
'</td>' .
'<td>' .
($_mod['last'] ?
'<span title="' . htmlentities($_mod['action']) . '">' . ago($_mod['last']) . '</span>'
@ -982,7 +986,7 @@
)
);
} elseif(preg_match('/^\/users\/new$/', $query)) {
if($mod['type'] < $config['mod']['createusers']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']);
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!isset($_POST['type'])) {
@ -1002,15 +1006,36 @@
error(sprintf($config['error']['modexists'], $_mod['id']));
}
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type)");
$boards = Array();
foreach($_POST as $name => $null) {
if(preg_match('/^board_(\w+)/', $name, $m))
$boards[] = $m[1];
}
$boards = implode(',', $boards);
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':password', sha1($_POST['password']));
$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
$query->bindValue(':boards', $boards);
$query->execute() or error(db_error($query));
modLog('Create a new user: "' . $_POST['username'] . '"');
}
$__boards = '<ul style="list-style:none;padding:2px 5px">';
$boards = listBoards();
foreach($boards as &$_board) {
$__boards .= '<li>' .
'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"/> ' .
'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
sprintf($config['board_abbreviation'], $_board['uri']) .
' - ' . $_board['title'] .
'</label>' .
'</li>';
}
$__boards .= '</ul>';
$body = '<fieldset><legend>New user</legend>' .
// Begin form
@ -1025,6 +1050,7 @@
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
'</td></tr>' .
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
'</table>' .
'<input style="margin-top:10px" type="submit" value="Create user" />' .
@ -1044,7 +1070,7 @@
if(isset($matches[2])) {
if($matches[3] == 'delete') {
if($mod['type'] < $config['mod']['deleteusers']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
@ -1053,7 +1079,7 @@
modLog('Deleted user #' . $modID);
} else {
// Promote/demote
if($mod['type'] < $config['mod']['promoteusers']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']);
if($matches[3] == 'promote') {
$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
@ -1069,7 +1095,7 @@
header('Location: ?/users', true, $config['redirect_http']);
} else {
// Edit user
if($mod['type'] < $config['mod']['editusers'] && $mod['type'] < $config['mod']['change_password']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['editusers']) || !hasPermission($config['mod']['change_password'])) error($config['error']['noaccess']);
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
@ -1084,8 +1110,16 @@
if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
if(!isset($change_password_only)) {
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
$query->bindValue(':username', $_POST['username']);
$boards = Array();
foreach($_POST as $name => $null) {
if(preg_match('/^board_(\w+)/', $name, $m))
$boards[] = $m[1];
}
$boards = implode(',', $boards);
$query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id");
$query->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
$query->bindValue(':boards', $boards, PDO::PARAM_STR);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Edited login details for user "' . $_mod['username'] . '"');
@ -1114,6 +1148,24 @@
}
}
$__boards = '<ul style="list-style:none;padding:2px 5px">';
$boards = listBoards();
$_mod['boards'] = explode(',', $_mod['boards']);
foreach($boards as &$_board) {
$__boards .= '<li>' .
'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"' .
(in_array($_board['uri'], $_mod['boards']) ?
' checked="checked"'
: '') .
'/> ' .
'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
sprintf($config['board_abbreviation'], $_board['uri']) .
' - ' . $_board['title'] .
'</label>' .
'</li>';
}
$__boards .= '</ul>';
$body = '<fieldset><legend>Edit user</legend>' .
// Begin form
@ -1129,6 +1181,11 @@
'</td></tr>' .
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
(isset($change_password_only) ? '' :
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
) .
'</table>' .
'<input type="submit" value="Save changes" />' .
@ -1751,10 +1808,11 @@
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']);
// Lock/Unlock
$boardName = &$matches[1];
if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']);
$post = &$matches[3];
// Open board
if(!openBoard($boardName))
@ -1817,7 +1875,7 @@
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/ban$/', $query)) {
if($mod['type'] < $config['mod']['ban']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']);
// Ban page
if(isset($_POST['new_ban'])) {
@ -1888,7 +1946,7 @@
$query->execute() or error(db_error($query));
// Delete too
if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) {
if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) {
openBoard($_POST['board']);
$post = round($_POST['delete']);
@ -1938,12 +1996,14 @@
header('Location: ?/', true, $config['redirect_http']);
}
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
if($mod['type'] < $config['mod']['ban']) error($config['error']['noaccess']);
// Ban by post
$boardName = &$matches[1];
if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']);
$delete = isset($matches[2]) && $matches[2] == '&delete';
if($delete && $mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
$post = $matches[3];
// Open board
@ -1970,7 +2030,7 @@
)
);
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P<id>\d+)$/', $query, $matches)) {
if($mod['type'] < $config['mod']['remove_notes']) error($config['error']['noaccess']);
if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']);
$ip = $matches[1];
$id = $matches['id'];

Write Preview
Loading…
Cancel
Save