fixed ban addition page

This commit is contained in:
Savetheinternet 2011-01-15 15:37:39 +11:00
parent c2727787ab
commit f47cccab01
2 changed files with 31 additions and 25 deletions

View File

@ -111,10 +111,12 @@
return $body;
}
function form_newBan($ip=null, $reason='', $continue=false) {
function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false) {
return '<fieldset><legend>New ban</legend>' .
'<form action="" method="post">' .
'<form action="?/ban" method="post">' .
($continue ? '<input type="hidden" name="continue" value="' . htmlentities($continue) . '" />' : '') .
($delete ? '<input type="hidden" name="delete" value="' . htmlentities($delete) . '" />' : '') .
($board ? '<input type="hidden" name="board" value="' . htmlentities($board) . '" />' : '') .
'<table>' .
'<tr>' .
'<th><label for="ip">IP</label></th>' .

50
mod.php
View File

@ -348,26 +348,8 @@
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
// Ban by post
$boardName = $matches[1];
$delete = isset($matches[2]) && $matches[2] == '&delete';
$post = $matches[3];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
error(ERROR_INVALIDPOST);
}
$post = $query->fetch();
} elseif(preg_match('/^\/ban$/', $query)) {
// Ban page
if(isset($_POST['new_ban'])) {
if( !isset($_POST['ip']) ||
@ -429,8 +411,10 @@
$query->execute() or error(db_error($query));
// Delete too
if($delete)
deletePost($post['id']);
if($mod['type'] >= MOD_DELETE && isset($_POST['delete']) && isset($_POST['board'])) {
openBoard($_POST['board']);
deletePost(round($_POST['delete']));
}
// Redirect
if(isset($_POST['continue']))
@ -438,8 +422,28 @@
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
}
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
// Ban by post
$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false);
$boardName = $matches[1];
$delete = isset($matches[2]) && $matches[2] == '&delete';
$post = $matches[3];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
error(ERROR_INVALIDPOST);
}
$post = $query->fetch();
$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false);
echo Element('page.html', Array(
'index'=>ROOT,