From f47cccab019f3e7882a188c7d09e3070eb8f82ce Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@n0v4.com>
Date: Sat, 15 Jan 2011 15:37:39 +1100
Subject: [PATCH] fixed ban addition page

---
 inc/mod.php |  6 ++++--
 mod.php     | 50 +++++++++++++++++++++++++++-----------------------
 2 files changed, 31 insertions(+), 25 deletions(-)

diff --git a/inc/mod.php b/inc/mod.php
index 23ec43af..a325d589 100644
--- a/inc/mod.php
+++ b/inc/mod.php
@@ -111,10 +111,12 @@
 		return $body;
 	}
 	
-	function form_newBan($ip=null, $reason='', $continue=false) {
+	function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false) {
 		return '<fieldset><legend>New ban</legend>' . 
-					'<form action="" method="post">' . 
+					'<form action="?/ban" method="post">' . 
 						($continue ? '<input type="hidden" name="continue" value="' . htmlentities($continue) . '" />' : '') .
+						($delete ? '<input type="hidden" name="delete" value="' . htmlentities($delete) . '" />' : '') .
+						($board ? '<input type="hidden" name="board" value="' . htmlentities($board) . '" />' : '') .
 						'<table>' .
 						'<tr>' . 
 							'<th><label for="ip">IP</label></th>' .
diff --git a/mod.php b/mod.php
index f93430b8..b4355fe4 100644
--- a/mod.php
+++ b/mod.php
@@ -348,26 +348,8 @@
 				header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
 			else
 				header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
-		} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)\/(\d+)$/', $query, $matches)) {
-			if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
-			// Ban by post
-			
-			$boardName = $matches[1];
-			$delete = isset($matches[2]) && $matches[2] == '&delete';
-			$post = $matches[3];
-			// Open board
-			if(!openBoard($boardName))
-				error(ERROR_NOBOARD);
-			
-			$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
-			$query->bindValue(':id', $post, PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			if($query->rowCount() < 1) {
-				error(ERROR_INVALIDPOST);
-			}
-		
-			$post = $query->fetch();
+		} elseif(preg_match('/^\/ban$/', $query)) {
+			// Ban page
 			
 			if(isset($_POST['new_ban'])) {
 				if(	!isset($_POST['ip']) ||
@@ -429,8 +411,10 @@
 				$query->execute() or error(db_error($query));
 				
 				// Delete too
-				if($delete)
-					deletePost($post['id']);
+				if($mod['type'] >= MOD_DELETE && isset($_POST['delete']) && isset($_POST['board'])) {
+					openBoard($_POST['board']);
+					deletePost(round($_POST['delete']));
+				}
 				
 				// Redirect
 				if(isset($_POST['continue']))
@@ -438,8 +422,28 @@
 				else
 					header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);				
 			}
+		} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
+			if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
+			// Ban by post
+			
+			$boardName = $matches[1];
+			$delete = isset($matches[2]) && $matches[2] == '&delete';
+			$post = $matches[3];
+			// Open board
+			if(!openBoard($boardName))
+				error(ERROR_NOBOARD);
+			
+			$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
+			$query->bindValue(':id', $post, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if($query->rowCount() < 1) {
+				error(ERROR_INVALIDPOST);
+			}
+		
+			$post = $query->fetch();
 			
-			$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false);
+			$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false);
 			
 			echo Element('page.html', Array(
 				'index'=>ROOT,