str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')), 'img' => preg_quote($config['dir']['img'], '/'), 'thumb' => preg_quote($config['dir']['thumb'], '/'), 'res' => preg_quote($config['dir']['res'], '/'), 'index' => preg_quote($config['file_index'], '/') ); if(preg_match('/^\/?$/', $query)) { // Dashboard $fieldset = array( 'Boards' => '', 'Noticeboard' => '', 'Administration' => '', 'Themes' => '', 'Search' => '', 'Update' => '', 'Logout' => '' ); // Boards $fieldset['Boards'] .= ulBoards(); if(hasPermission($config['mod']['noticeboard'])) { if(!$config['cache']['enabled'] || !($fieldset['Noticeboard'] = cache::get('noticeboard_preview'))) { $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); $fieldset['Noticeboard'] .= '

'; $_body = ''; while($notice = $query->fetch()) { $_body .= '

' . ($notice['subject'] ? $notice['subject'] : '' . _('no subject') . '' ) . ' — by ' . (isset($notice['username']) ? utf8tohtml($notice['username']) : '???') . ' at ' . strftime($config['post_date'], $notice['time']) . '

'; } if(!empty($_body)) { $fieldset['Noticeboard'] .= '

' . $_body . '

'; } if($config['cache']['enabled']) cache::set('noticeboard_preview', $fieldset['Noticeboard']); } $fieldset['Noticeboard'] .= '' . _('View all entries') . '

'; $query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1"); $query->bindValue(':id', $mod['id']); $query->execute() or error(db_error($query)); $count = $query->fetch(); $count = $count['count']; $fieldset['Noticeboard'] .= '

' . _('PM Inbox') . ($count > 0 ? ' (' . $count . ' unread)' : '') . '

'; $fieldset['Noticeboard'] .= '

' . _('News') . '

'; } if(hasPermission($config['mod']['reports'])) { $fieldset['Administration'] .= '

' . _('Report queue') . '

'; } if(hasPermission($config['mod']['view_banlist'])) { $fieldset['Administration'] .= '

' . _('Ban list') . '

'; } if(hasPermission($config['mod']['manageusers'])) { $fieldset['Administration'] .= '

' . _('Manage users') . '

'; } elseif(hasPermission($config['mod']['change_password'])) { $fieldset['Administration'] .= '

' . _('Change own password') . '

'; } if(hasPermission($config['mod']['modlog'])) { $fieldset['Administration'] .= '

' . _('Moderation log') . '

'; } if(hasPermission($config['mod']['rebuild'])) { $fieldset['Administration'] .= '

' . _('Rebuild static files') . '

'; } if(hasPermission($config['mod']['rebuild']) && $config['cache']['enabled']) { $fieldset['Administration'] .= '

' . _('Clear cache') . '

'; } if(hasPermission($config['mod']['show_config'])) { $fieldset['Administration'] .= '

' . _('Show configuration') . '

'; } if(hasPermission($config['mod']['themes'])) { $fieldset['Themes'] .= '

' . _('Manage themes') . '

'; } if(hasPermission($config['mod']['search'])) { $fieldset['Search'] .= '

' . '

' . _('(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)') . '

' . '

'; } if($mod['type'] >= ADMIN && $config['check_updates']) { if(!$config['version']) error(_('Could not find current version! (Check .installed)')); if(isset($_COOKIE['update'])) { $latest = unserialize($_COOKIE['update']); } else { $ctx = stream_context_create(array( 'http' => array( 'timeout' => 3 ) ) ); if($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) { eval($code); if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $m)) { $current = array( 'massive' => (int)$m[1], 'major' => (int)$m[2], 'minor' => (int)$m[3] ); if(isset($m[4])) { // Development versions are always ahead in the versioning numbers $current['minor'] --; } } // Check if it's newer if( $latest['massive'] > $current['massive'] || $latest['major'] > $current['major'] || ($latest['massive'] == $current['massive'] && $latest['major'] == $current['major'] && $latest['minor'] > $current['minor'] )) { $latest = $latest; } else $latest = false; } else { // Couldn't get latest version // TODO: Display some sort of warning message $latest = false; } setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true); } if($latest) { $fieldset['Update'] .= '

A newer version of Tinyboard (v' . $latest['massive'] . '.' . $latest['major'] . '.' . $latest['minor'] . ') is available! See http://tinyboard.org/ for upgrade instructions.

'; } } $fieldset['Logout'] .= '

' . _('Logout') . '

'; // TODO: Statistics, etc, in the dashboard. $body = ''; foreach($fieldset as $title => $data) { if($data) $body .= '

' . _($title) . '

' . $data . '

'; } echo Element('page.html', array( 'config'=>$config, 'title'=>_('Dashboard'), 'body'=>$body, '__mod'=>true )); } elseif(preg_match('/^\/logout$/', $query)) { destroyCookies(); header('Location: ?/', true, $config['redirect_http']); } elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) { $uri = &$matches[1]; $body = '

' . 'Are you sure you want to do that?' . 'We were unable to serve a confirmation dialog for ' . '?/' . utf8tohtml($uri) . '' . ', probably due to Javascript being disabled.' . '

' . '

Confirm

'; echo Element('page.html', array( 'config'=>$config, 'title'=>'Confirm', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/upgrade$/', $query)) { if($mod['type'] != ADMIN) error($config['error']['noaccess']); if(is_dir('.git')) { // use git instead $body = '

git pull

'; $body .= '

' . str_replace("\n", '
', shell_exec('git pull')) . '

'; $body .= '

'; echo Element('page.html', array( 'config' => $config, 'title' => 'Upgraded', 'body' => $body )); exit; } if(!extension_loaded('curl')) error('You need the cURL PHP extension to do that.'); if(!class_exists('ZipArchive')) error('You need the ZipArchive class to do that.'); if(!in_array('zip', stream_get_wrappers())) error('You need the zip:// stream wrapper to do that.'); $temp = tempnam($config['tmp'], 'tinyboard'); $fp = fopen($temp, 'w+'); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, 'https://github.com/savetheinternet/Tinyboard/zipball/master'); curl_setopt($curl, CURLOPT_FAILONERROR, true); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($curl, CURLOPT_TIMEOUT, 45); curl_setopt($curl, CURLOPT_FILE, $fp); curl_setopt($curl, CURLOPT_WRITEHEADER, $header = tmpfile()); curl_setopt($curl, CURLOPT_HEADER, true); curl_exec($curl); if(curl_errno($curl)) error('Failed downloading newest revision: ' . curl_error($curl)); curl_close($curl); fflush($fp); fclose($fp); fseek($header, 0); $version = false; while($line = fgets($header)) { if(preg_match('/^Content-Disposition: attachment; filename=savetheinternet-Tinyboard-(.+)\.zip\s?$/', $line, $m)) { $version = $m[1]; } } fclose($header); $zip = new ZipArchive(); if(!$zip->open($temp)) error('Could not make sense of the ZIP archive.'); $version = preg_replace('/^savetheinternet-Tinyboard-(\w+)\//', '$1', $dir = $zip->getNameIndex(0)); $errors = array(); for($i = 1; $i < $zip->numFiles; $i++) { $filename = str_replace($dir, '', $zip->getNameIndex($i)); if($filename == 'inc/instance-config.php') continue; // don't override config // are we able to write here? if(!((file_exists($filename) && is_writable($filename)) || (!file_exists($filename) && is_writable(dirname($filename))))) { // nope $errors[] = 'Cannot write to ' . $filename . '!'; } } $zip->close(); if($errors) { $body = '

Error(s) upgrading

Tinyboard can not self-upgrade until the following is fixed:

' . $error . '

Please fix the above errors and refresh to try again.

'; unlink($temp); echo Element('page.html', array( 'config' => $config, 'title' => 'Error(s) upgrading', 'body' => $body )); exit; } // For some reason, reading the ZIP entries in PHP doesn't seem to work very well. // Use shell instead. shell_exec('TEMP_DIR=$(mktemp -d); unzip -q ' . escapeshellarg($temp) . ' -d $TEMP_DIR -x "' . escapeshellarg($dir) . 'inc/instance-config.php"; mv -v $TEMP_DIR/' . escapeshellarg($dir) . '* "' . getcwd() . '"; rm -rf $TEMP_DIR'); unlink($temp); echo Element('page.html', array( 'config' => $config, 'title' => 'Upgraded', 'body' => '

Upgrading seems to have gone okay. You are now at revision ' . $version . '.

' )); } elseif(preg_match('/^\/log(\/(\d+))?$/', $query, $match)) { if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']); $page = isset($match[2]) ? $match[2] : 1; $boards = array(); $_boards = listBoards(); foreach($_boards as &$_b) { $boards[$_b['id']] = $_b['uri']; } $query = prepare("SELECT `mod` as `id`, `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); $query->bindValue(':offset', ($page - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$query->rowCount()) { $body = '

(Nothing to display.)

'; } else { $body = '' . '' . '' . '' . '' . '' . '' . ''; while($log = $query->fetch()) { $log_id = 'log_' . md5($log['text']); if($config['cache']['enabled'] && $_log = cache::get($log_id)) $log['text'] = $_log; else { $log['text'] = utf8tohtml($log['text']); $log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '$1', $log['text']); if(isset($boards[$log['board']])) { if(preg_match('/post #(\d+)/', $log['text'], $match)) { $post_query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $boards[$log['board']])); $post_query->bindValue(':id', $match[1], PDO::PARAM_INT); $post_query->execute() or error(db_error($query)); if($post = $post_query->fetch()) { $log['text'] = preg_replace('/post (#(\d+))/', 'post $1', $log['text']); } else { $log['text'] = preg_replace('/post (#(\d+))/', 'post $1', $log['text']); } if($config['cache']['enabled']) cache::set($log_id, $log['text']); } } } $body .= '' . '' . '' . '' . '' : '-') . '' . ''; } $body .= '

' . _('User') . '	' . _('IP address') . '	' . _('Ago') . '	' . _('Board') . '	' . _('Action') . '
' . ($log['username'] ? '' . $log['username'] . '' : '' . ($log['id'] < 0 ? 'system' : 'deleted?') . '') . '	' . ($log['id'] < 0 ? '–' : '' . $log['ip'] . '') . '	' . ago($log['time']) . '	' . ($log['board'] ? '' . sprintf($config['board_abbreviation'], $log['board']) . '	' . $log['text'] . '

'; $query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`"); $query->execute() or error(db_error($query)); $count = $query->fetch(); $body .= '

'; for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) { $body .= '[' . ($x + 1) . '] '; } $body .= '

'; } echo Element('page.html', array( 'config'=>$config, 'title'=>_('Moderation log'), 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/themes\/none$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); // Clearsettings query("TRUNCATE TABLE `theme_settings`") or error(db_error()); echo Element('page.html', array( 'config'=>$config, 'title'=>'No theme', 'body'=>'

Successfully uninstalled all themes.

' . '

Go back to themes.

', 'mod'=>true ) ); } elseif(preg_match('/^\/themes\/([\w\-]+)\/rebuild$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); rebuildTheme($match[1], 'all'); echo Element('page.html', array( 'config'=>$config, 'title'=>'Rebuilt', 'body'=>'

Successfully rebuilt the ' . $match[1] . ' theme.

' . '

Go back to themes.

', 'mod'=>true ) ); } elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); $query->bindValue(':theme', $match[1]); $query->execute() or error(db_error($query)); echo Element('page.html', array( 'config'=>$config, 'title'=>'Uninstalled', 'body'=>'

Successfully uninstalled the ' . $match[1] . ' theme.

' . '

Go back to themes.

', 'mod'=>true ) ); } elseif(preg_match('/^\/themes(\/([\w\-]+))?$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); if(!is_dir($config['dir']['themes'])) error(_('Themes directory doesn\'t exist!')); if(!$dir = opendir($config['dir']['themes'])) error(_('Cannot open themes directory; check permissions.')); if(isset($match[2])) { $_theme = &$match[2]; if(!$theme = loadThemeConfig($_theme)) { error($config['error']['invalidtheme']); } if(isset($_POST['install'])) { // Check if everything is submitted foreach($theme['config'] as &$c) { if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox') error(sprintf($config['error']['required'], $c['title'])); } // Clear previous settings $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); $query->bindValue(':theme', $_theme); $query->execute() or error(db_error($query)); foreach($theme['config'] as &$c) { $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)"); $query->bindValue(':theme', $_theme); $query->bindValue(':name', $c['name']); $query->bindValue(':value', $_POST[$c['name']]); $query->execute() or error(db_error($query)); } $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)"); $query->bindValue(':theme', $_theme); $query->execute() or error(db_error($query)); $result = true; $body = ''; if(isset($theme['install_callback'])) { $ret = $theme['install_callback'](themeSettings($_theme)); if($ret && !empty($ret)) { if(is_array($ret) && count($ret) == 2) { $result = $ret[0]; $ret = $ret[1]; } $body .= '

' . $ret . '

'; } } if($result) { $body .= '

Successfully installed and built theme.

'; } else { // install failed $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); $query->bindValue(':theme', $_theme); $query->execute() or error(db_error($query)); } $body .= '

Go back to themes.

'; // Build themes rebuildThemes('all'); echo Element('page.html', array( 'config'=>$config, 'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'), 'body'=>$body, 'mod'=>true ) ); } else { $body = '

'; if(!isset($theme['config']) || empty($theme['config'])) { $body .= '

(No configuration required.)

'; } else { $settings = themeSettings($_theme); $body .= ''; foreach($theme['config'] as &$c) { $body .= ''; } $body .= '

' . $c['title'] . '	'; switch($c['type']) { case 'text': default: $body .= ''; } if(isset($c['comment'])) $body .= ' ' . $c['comment'] . ''; $body .= '

'; } $body .= '

'; echo Element('page.html', array( 'config'=>$config, 'title'=>'Installing "' . utf8tohtml($theme['name']) . '"', 'body'=>$body, 'mod'=>true ) ); } } else { $themes_in_use = array(); $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); while($theme = $query->fetch()) { $themes_in_use[$theme['theme']] = true; } // Scan directory for themes $themes = array(); while($file = readdir($dir)) { if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) { $themes[] = $file; } } closedir($dir); $body = ''; if(empty($themes)) { $body = '

(No themes installed.)

'; } else { $body .= ''; foreach($themes as &$_theme) { $theme = loadThemeConfig($_theme); markup($theme['description']); $body .= '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . ''; } $body .= '

' . _('Name') . '	' . utf8tohtml($theme['name']) . '
' . _('Version') . '	' . utf8tohtml($theme['version']) . '
' . _('Description') . '	' . $theme['description'] . '
' . _('Thumbnail') . '
' . _('Actions') . '	' . ' ' . (isset($themes_in_use[$_theme]) ? _('Reconfigure') : _('Install')) . ' ' . (isset($themes_in_use[$_theme]) ? ' ' . _('Rebuild') . ' ' . ' ' . _('Uninstall') . ' ' : '') . '

'; } if(!empty($themes_in_use)) $body .= '

' . _('Uninstall all themes.') . '

'; echo Element('page.html', array( 'config'=>$config, 'title'=>_('Manage themes'), 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) { if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); $query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id"); $query->bindValue(':id', $match[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) cache::delete('noticeboard_preview'); header('Location: ?/noticeboard', true, $config['redirect_http']); } elseif(preg_match('/^\/noticeboard$/', $query)) { if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']); $body = ''; if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { $query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)"); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindvalue(':time', time(), PDO::PARAM_INT); $query->bindValue(':subject', utf8tohtml($_POST['subject'])); markup($_POST['body']); $query->bindValue(':body', $_POST['body']); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) cache::delete('noticeboard_preview'); header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']); } else { if(hasPermission($config['mod']['noticeboard_post'])) { $body .= '

New post

' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '

' . _('Name') . '	' . $mod['username'] . '
' . _('Subject') . '
' . _('Body') . '

' . '

'; } $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($notice = $query->fetch()) { $body .= '

' . (hasPermission($config['mod']['noticeboard_delete']) ? '[delete]' : '') . '

' . ($notice['subject'] ? $notice['subject'] : '' . _('no subject') . '' ) . ' — by ' . (isset($notice['username']) ? utf8tohtml($notice['username']) : '???' ) . ' at ' . strftime($config['post_date'], $notice['time']) . '

' . $notice['body'] . '

'; } echo Element('page.html', array( 'config'=>$config, 'title'=>_('Noticeboard'), 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) { if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); $query = prepare("DELETE FROM `news` WHERE `id` = :id"); $query->bindValue(':id', $match[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); rebuildThemes('news'); header('Location: ?/news', true, $config['redirect_http']); } elseif(preg_match('/^\/news$/', $query)) { $body = ''; if(hasPermission($config['mod']['news'])) { if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { $query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)"); if(isset($_POST['name']) && hasPermission($config['mod']['news_custom'])) $name = &$_POST['name']; else $name = &$mod['username']; $query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT); $query->bindvalue(':time', time(), PDO::PARAM_INT); $query->bindValue(':subject', utf8tohtml($_POST['subject'])); markup($_POST['body']); $query->bindValue(':body', $_POST['body']); $query->execute() or error(db_error($query)); rebuildThemes('news'); } $body .= '

New post

' . '' . '' . (hasPermission($config['mod']['news_custom']) ? '' : '') . '' . '' . '' . '' . '' . '' . '' . '' . '

' . _('Name') . '		' . $mod['username'] . '
' . _('Subject') . '
' . _('Body') . '

' . '

'; } $query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($news = $query->fetch()) { $body .= '

' . (hasPermission($config['mod']['news_delete']) ? '[delete]' : '') . '

' . ($news['subject'] ? $news['subject'] : '' . _('no subject') . '' ) . ' — by ' . $news['name'] . ' at ' . strftime($config['post_date'], $news['time']) . '

' . $news['body'] . '

'; } echo Element('page.html', array( 'config'=>$config, 'title'=>_('News'), 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/inbox\/readall$/', $query, $match)) { $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `to` = :id"); $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Marked all PMs as read'); header('Location: ?/inbox', true, $config['redirect_http']); } elseif(preg_match('/^\/inbox$/', $query, $match)) { $query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC"); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() == 0) { $body = '

(' . _('No private messages for you.') . ')

'; } else { $unread_pms = 0; $body = ''; while($pm = $query->fetch()) { $body .= '' . '' . '' . '' . '' . ''; if($pm['unread']) $unread_pms++; } $body .= '

ID	From	Date	Message snippet
' . $pm['id'] . '	' . ($pm['username'] ? '' . $pm['username'] . '' : 'deleted?') . '	' . strftime($config['post_date'], $pm['time']) . '	' . pm_snippet($pm['message']) . '

'; if($unread_pms) { $body = '

(Mark all as read)

' . $body; } } echo Element('page.html', array( 'config'=>$config, 'title'=>_('PM Inbox') . ' (' . ($query->rowCount() == 0 ? _('empty') : $unread_pms . ' ' . _('unread')) . ')', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) { $id = &$match[1]; if(hasPermission($config['mod']['master_pm'])) { $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id"); } else { $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); } $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$pm = $query->fetch()) { // Mod doesn't exist error($config['error']['404']); } if(isset($_POST['delete'])) { $query = prepare("DELETE FROM `pms` WHERE `id` = :id"); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Deleted a PM'); header('Location: ?/inbox', true, $config['redirect_http']); } else { if($pm['unread']) { $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id"); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Read a PM'); } if($pm['to'] != $mod['id']) { $query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $pm['to'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($_mod = $query->fetch()) { $__to = &$_mod['username']; } else { $__to = false; } } $body = '

' . '' . (isset($__to) ? '' : '') . '' . '' . '

From	' . (!$pm['username'] ? '???' : '' . utf8tohtml($pm['username']) . '' ) . '
To	' . ($__to === false ? '???' : '' . utf8tohtml($__to) . '' ) . '
Date	' . strftime($config['post_date'], $pm['time']) . '
Message	' . $pm['message'] . '

' . '

Reply with quote

'; echo Element('page.html', array( 'config'=>$config, 'title'=>'Private message', 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) { if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']); $to = &$match[1]; $query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $to, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$to = $query->fetch()) { // Mod doesn't exist error($config['error']['404']); } if(isset($_POST['message'])) { // Post message $message = &$_POST['message']; if(empty($message)) error($config['error']['tooshort_body']); markup($message); $query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)"); $query->bindValue(':sender', $mod['id'], PDO::PARAM_INT); $query->bindValue(':to', $to['id'], PDO::PARAM_INT); $query->bindValue(':message', $message); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Sent a PM to ' . $to['username']); echo Element('page.html', array( 'config'=>$config, 'title'=>'PM sent', 'body'=>'

Message sent successfully to ' . utf8tohtml($to['username']) . '.

', 'mod'=>true ) ); } else { $value = ''; if(isset($match[3])) { $reply = &$match[3]; $query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id"); $query->bindValue(':sender', $to['id'], PDO::PARAM_INT); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':id', $reply, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($pm = $query->fetch()) { $value = quote($pm['message']); } } $body = '

' . '' . '' . '' . '

To	' . (hasPermission($config['mod']['editusers']) ? '' . utf8tohtml($to['username']) . '' : utf8tohtml($to['username']) ) . '
Message	' . $value . '

' . '

'; echo Element('page.html', array( 'config'=>$config, 'title'=>'New PM for ' . utf8tohtml($to['username']), 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/search$/', $query)) { if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']); $body = '

Search

' . '

(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)

' . '

'; if(isset($_POST['search']) && !empty($_POST['search'])) { $phrase = &$_POST['search']; $_body = ''; $filters = array(); function search_filters($m) { global $filters; $name = $m[2]; $value = isset($m[4]) ? $m[4] : $m[3]; if(!in_array($name, array('id', 'thread', 'subject', 'email', 'name', 'trip', 'capcode', 'filename', 'filehash', 'ip'))) { // unknown filter return $m[0]; } $filters[$name] = $value; return $m[1]; } $phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase)); // Escape escape character $phrase = str_replace('!', '!!', $phrase); // Remove SQL wildcard $phrase = str_replace('%', '!%', $phrase); // Use asterisk as wildcard to suit convention $phrase = str_replace('*', '%', $phrase); $like = ''; $match = array(); // Find exact phrases if(preg_match_all('/"(.+?)"/', $phrase, $m)) { foreach($m[1] as &$quote) { $phrase = str_replace("\"{$quote}\"", '', $phrase); $match[] = $pdo->quote($quote); } } $words = explode(' ', $phrase); foreach($words as &$word) { if(empty($word)) continue; $match[] = $pdo->quote($word); } $like = ''; foreach($match as &$phrase) { if(!empty($like)) $like .= ' AND '; $phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase); $like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\''; } foreach($filters as $name => $value) { if(!empty($like)) $like .= ' AND '; $like .= '`' . $name . '` = '. $pdo->quote($value); } $like = str_replace('%', '%%', $like); $boards = listBoards(); foreach($boards as &$_b) { openBoard($_b['uri']); $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); $query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); $temp = ''; while($post = $query->fetch()) { if(!$post['thread']) { $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); } else { $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); } $temp .= $po->build(true) . '

'; } if(!empty($temp)) $_body .= '

' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on ' . sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] . '' . $temp . '

'; } $body .= '

'; if(!empty($_body)) $body .= $_body; else $body .= '

(No results.)

'; } echo Element('page.html', array( 'config'=>$config, 'title'=>'Search', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/users$/', $query)) { if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']); $body = '

'; $query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error()); while($_mod = $query->fetch()) { $type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin'); $_mod['boards'] = explode(',', $_mod['boards']); foreach($_mod['boards'] as &$_board) { if($_board != '*') $_board = '/' . $_board . '/'; } $body .= '' . '' . '' . '' . '' . '' . ''; } $body .= '

' . _('ID') . '	' . _('Username') . '	' . _('Type') . '	' . _('Boards') . '	' . _('Last action') . '	…
' . $_mod['id'] . '	' . utf8tohtml($_mod['username']) . '	' . $type . '	' . implode(', ', $_mod['boards']) . '	' . ($_mod['last'] ? (hasPermission($config['mod']['modlog']) ? '' . ago($_mod['last']) . '' : ago($_mod['last'])) : 'never') . '	' . (hasPermission($config['mod']['promoteusers']) ? ($_mod['type'] != ADMIN ? '▲' :'') . ($_mod['type'] != JANITOR ? '▼' :'') : '' ) . (hasPermission($config['mod']['editusers']) \|\| (hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])? '[edit]' : '' ) . (hasPermission($config['mod']['create_pm']) ? '[PM]' : '' ) . '

'; if(hasPermission($config['mod']['createusers'])) { $body .= '

' . _('Create new user') . '

'; } $body .= '

'; echo Element('page.html', array( 'config'=>$config, 'title'=>_('Manage users'), 'body'=>$body ,'mod'=>true ) ); } elseif(preg_match('/^\/users\/new$/', $query)) { if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']); if(isset($_POST['username']) && isset($_POST['password'])) { if(!isset($_POST['type'])) { error(sprintf($config['error']['required'], 'type')); } if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) { error(sprintf($config['error']['invalidfield'], 'type')); } // Check if already exists $query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username"); $query->bindValue(':username', $_POST['username']); $query->execute() or error(db_error($query)); if($_mod = $query->fetch()) { error(sprintf($config['error']['modexists'], $_mod['id'])); } $boards = array(); foreach($_POST as $name => $null) { if(preg_match('/^board_(.+)$/', $name, $m)) $boards[] = $m[1]; } $boards = implode(',', $boards); $query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)"); $query->bindValue(':username', $_POST['username']); $query->bindValue(':password', sha1($_POST['password'])); $query->bindValue(':type', $_POST['type'], PDO::PARAM_INT); $query->bindValue(':boards', $boards); $query->execute() or error(db_error($query)); modLog('Create a new user: "' . $_POST['username'] . '"'); header('Location: ?/users', true, $config['redirect_http']); } else { $__boards = '

' . '' . ' ' . ($_board['uri'] == '*' ? '"*"' : sprintf($config['board_abbreviation'], $_board['uri']) ) . ' - ' . $_board['title'] . '' . '

New user' . // Begin form '

' . '' . '' . '' . '' . '' . '

Username
Password
Type	' . ' Janitor ' . ' Mod ' . ' Admin ' . '
Boards	' . $__boards . '

' . '' . // End form '

' . ' ' . '' . ($_board['uri'] == '*' ? '"*"' : sprintf($config['board_abbreviation'], $_board['uri']) ) . ' - ' . $_board['title'] . '' . '

Edit user' . // Begin form '

' . '' . '' . '' . (isset($change_password_only) ? '' : '' ) . '

Username	' . (isset($change_password_only) ? utf8tohtml($_mod['username']) : '') . '
Password (new; optional)
Boards	' . $__boards . '

' . '' . // End form '

' . // Delete button (hasPermission($config['mod']['deleteusers']) ? '

Delete user

' :'') . '

' . '

' . 'Board: ' . sprintf($config['board_abbreviation'], $report['uri']) . '
' . 'Reason: ' . $report['reason'] . '
' . 'Report date: ' . strftime($config['post_date'], $report['time']) . '
' . (hasPermission($config['mod']['show_ip']) ? 'Reported by: ' . $report['ip'] . '
' : '') . '

' . (hasPermission($config['mod']['report_dismiss']) ? 'Dismiss | ' : '') . (hasPermission($config['mod']['report_dismiss_ip']) ? 'Dismiss+' : '') . '

Showing ' . ($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.

URI	' . $board['uri'] . '
Title
Subtitle

' . sprintf($config['board_abbreviation'], $board['uri']) . '' . ' - ' . $board['name'] . '' . // Begin form ' ' . // Delete button (hasPermission($config['mod']['deleteboard']) ? '

Delete board

' :'') . '

(There are no active bans.)

'; $body .= ''; while($ban = $query->fetch()) { $body .= '' . '' . // Reason '' . '' . // Set '' . // Expires '' . // Staff '' . ''; } $body .= '

' . _('IP address') . '	' . _('Reason') . '	' . _('Board') . '	' . _('Set') . '	' . _('Expires') . '	' . _('Staff') . '
' . // Checkbox ' ' . // IP address (preg_match('/^(\d+\.\d+\.\d+\.\d+\|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ? ''. $ban['ip'] . '' : utf8tohtml($ban['ip'])) . '	' . ($ban['reason'] ? $ban['reason'] : '-') . '	' . (isset($ban['board']) ? sprintf($config['board_abbreviation'], $ban['board']) : '' . _('all boards') . '' ) . '	' . strftime($config['post_date'], $ban['set']) . '	' . ($ban['expires'] == 0 ? 'Never' : strftime($config['post_date'], $ban['expires']) ) . '	' . (isset($ban['username']) ? (!hasPermission($config['mod']['view_banstaff']) ? ($config['mod']['view_banquestionmark'] ? '?' : ($ban['type'] == JANITOR ? 'Janitor' : ($ban['type'] == MOD ? 'Mod' : ($ban['type'] == ADMIN ? 'Admin' : '?'))) ) : utf8tohtml($ban['username']) ) : 'deleted?' ) . '

' . (hasPermission($config['mod']['unban']) ? '

' : '') . '

' . $body . '

Rebuilding…

'; $body .= 'Clearing template cache…
'; load_twig(); $twig->clearCacheFiles(); $body .= 'Regenerating theme files…
'; rebuildThemes('all'); $body .= 'Generating Javascript file…
'; buildJavascript(); $main_js = $config['file_script']; $boards = listBoards(); foreach($boards as &$board) { $body .= "Opening board /{$board['uri']}/
"; openBoard($board['uri']); $body .= 'Creating index pages
'; buildIndex(); if($config['file_script'] != $main_js) { // different javascript file $body .= 'Generating Javascript file…
'; buildJavascript(); } $query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); while($post = $query->fetch()) { $body .= "Rebuilding #{$post['id']}
"; buildThread($post['id']); } } $body .= 'Complete!

' . _('Configuration') . '

'; $var_force_string = array('blotter'); $var_system = array('version'); if(isset($_POST['save_changes'])) { $config_append = ''; foreach($config as $name => $original_value) { if(in_array($name, $var_system)) continue; $type = gettype($original_value); if($type == 'array' || $type == 'NULL') continue; if($type == 'boolean' && in_array($name, $var_force_string)) $type = 'string'; if(!isset($_POST[$name]) && $type != 'boolean') continue; if($type == 'boolean') $value = isset($_POST[$name]); else $value = $_POST[$name]; if($value != $original_value) { // value has been changed $config_append .= "\$config['" . addslashes($name) . "'] = "; if($type == 'boolean') $config_append .= $value ? 'true' : 'false'; elseif($type == 'integer') $config_append .= (int)$value; elseif($type == 'string') $config_append .= '\'' . addslashes($value) . '\''; $config_append .= ";\n"; } } if(!empty($config_append)) { $config_append = "\n// Changes made via web editor by \"" . $mod['username'] . "\" @ " . date('r') . ":\n" . $config_append . "\n"; if(@file_put_contents('inc/instance-config.php', $config_append, FILE_APPEND)) { header('Location: ?/config' . $b['uri'], true, $config['redirect_http']); exit; } else { $config_append = htmlentities($config_append); if($config['minify_html']) $config_append = str_replace("\n", ' ', $config_append); $page = array(); $page['title'] = 'Cannot write to file!'; $page['config'] = $config; $page['body'] = '

Tinyboard could not write to inc/instance-config.php with the ammended configuration, probably due to a permissions error.

You may proceed with these changes manually by copying and pasting the following code to the bottom of inc/instance-config.php:

' . $config_append . '

'; echo Element('page.html', $page); exit; } } } foreach($config as $name => $value) { $body .= ''; $body .= ''; $type = gettype($value); if($type == 'array') { $body .= ''; } else { if($type == 'string' || $type == 'integer') { $body .= ''; } elseif($type == 'boolean') { if(in_array($name, $var_force_string)) $body .= ''; else $body .= ''; } else { $body .= ''; } } $body .= ''; } $body .= '

' . utf8tohtml($name) . '	[edit]' . '				' . utf8tohtml($value) . '

hidden

Off

empty

' . utf8tohtml(substr($value, 0, 110) . (mb_strlen($value) > 110 ? '…' : '')) . '

' . $value . '

' . '[Edit using web editor]' : '') . '

' . _('Configuration') . '' . $data . '

' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '

Name	' . utf8tohtml($post['name']) . '
Subject	' . '' . '' . '
Body	' . '' . $post['body_nomarkup'] . '' . '

' . '

Move thread' . '

' . '' ; $boards = listBoards(); if(count($boards) <= 1) error(_('No board to move to; there is only one.')); $__boards = ''; foreach($boards as &$_board) { if($_board['uri'] == $board['uri']) continue; $__boards .= '

' . '' . ' ' . sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . '' . '

'; } $body .= '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '

Thread ID
Leave shadow thread	' . '' . ' (locks thread; replies to it with a link.)' . '
Target board	' . $__boards . '

' . '

\d+)$/', $query, $matches)) { if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']); $ip = $matches[1]; $id = $matches['id']; $query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id"); $query->bindValue(':ip', $ip); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); header('Location: ?/IP/' . $ip, true, $config['redirect_http']); } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) { // View information on an IP address $ip = $matches[1]; $host = $config['mod']['dns_lookup'] ? rDNS($ip) : false; if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) { removeBan($_POST['ban_id']); header('Location: ?/IP/' . $ip, true, $config['redirect_http']); } elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) { $query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)"); $query->bindValue(':ip', $ip); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':time', time(), PDO::PARAM_INT); markup($_POST['note']); $query->bindValue(':body', $_POST['note']); $query->execute() or error(db_error($query)); header('Location: ?/IP/' . $ip, true, $config['redirect_http']); } else { $body = ''; $boards = listBoards(); foreach($boards as &$_board) { openBoard($_board['uri']); $temp = ''; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); $query->bindValue(':ip', $ip); $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($post = $query->fetch()) { if(!$post['thread']) { $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); } else { $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); } $temp .= $po->build(true) . '

'; } if(!empty($temp)) $body .= '

Last ' . $query->rowCount() . ' posts on ' . sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . '' . $temp . '

'; } if(hasPermission($config['mod']['view_notes'])) { $query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) { $body .= '

' . $query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . ''; if($query->rowCount() > 0) { $body .= '' . '' . (hasPermission($config['mod']['remove_notes']) ? '' : '') . ''; while($note = $query->fetch()) { if($note['mod']) { $_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); $_query->bindValue(':id', $note['mod']); $_query->execute() or error(db_error($_query)); if($_mod = $_query->fetch()) { $staff = '' . utf8tohtml($_mod['username']) . ''; } else { $staff = '???'; } } else { $staff = 'system'; } $body .= '' . '' . (hasPermission($config['mod']['remove_notes']) ? '' : '') . ''; } $body .= '

Staff	Note	Date	Actions
' . $staff . '	' . $note['body'] . '	' . strftime($config['post_date'], $note['time']) . '	[delete]

'; } if(hasPermission($config['mod']['create_notes'])) { $body .= '

' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '' . '

Staff	' . $mod['username'] . '
Note

' . '

'; } $body .= '

'; } } if(hasPermission($config['mod']['view_ban'])) { $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() > 0) { $body .= '

Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record'; while($ban = $query->fetch()) { $body .= '

' . '' . // IP '' . // Reason '' . // Board '' . // Set '' . // Expires '' . // Staff '

Status	' . ($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ? 'Expired' : 'Active') . '
IP	' . $ban['ip'] . '
Reason	' . $ban['reason'] . '
Board	' . (isset($ban['board']) ? sprintf($config['board_abbreviation'], $ban['board']) : '' . _('all boards') . '' ) . '
Set	' . strftime($config['post_date'], $ban['set']) . '
Expires	' . ($ban['expires'] == 0 ? 'Never' : strftime($config['post_date'], $ban['expires']) ) . '
Staff	' . (isset($ban['username']) ? (!hasPermission($config['mod']['view_banstaff']) ? ($config['mod']['view_banquestionmark'] ? '?' : ($ban['type'] == JANITOR ? 'Janitor' : ($ban['type'] == MOD ? 'Mod' : ($ban['type'] == ADMIN ? 'Admin' : '?'))) ) : utf8tohtml($ban['username']) ) : 'deleted?' ) . '

' . '' . '

'; } $body .= '

'; } } if(hasPermission($config['mod']['ip_banform'])) $body .= form_newBan($ip, null, '?/IP/' . $ip); echo Element('page.html', array( 'config'=>$config, 'title'=>'IP: ' . $ip, 'subtitle' => $host, 'body'=>$body, 'mod'=>true ) ); } } else { error($config['error']['404']); } }