Permalink
Browse files

Bans patch v3

+ After-ban options finally work
+ More time for ban lengths, seconds,minutes,days,months,years
+Fix sql errors in panel
+Allow deleting all by IP address
+Deletion log is now admin action log, will revisit that when appeals
are added.

tfw no templating
  • Loading branch information...
1 parent 3ecd9ee commit 7ff8d1900826999c84381d132b84598f6ac1a035 @Apogate Apogate committed Jan 7, 2016
Showing with 81 additions and 80 deletions.
  1. +56 −64 _core/admin/bans.php
  2. +7 −5 _core/admin/delete.php
  3. +4 −2 admin.php
  4. +12 −7 banned.php
  5. +2 −2 test.php
View
@@ -9,41 +9,26 @@ function checkBan($ip) {
return true; //No active bans
}
- function postOptions($no, $ip, $expires, $banType, $perma, $pubreason, $staffnote, $custmess, $showbanmess, $afterban) {
- global $mysql;
+ function postOptions($no, $ip, $expires, $expires2, $banType, $perma, $pubreason, $staffnote, $custmess, $showbanmess, $afterban) {
+ global $mysql, $my_log;
//This will do the POST processing and pass it to applyBan
- $str = "+" . $expires . " day";
+ $str = "+" . $expires . " " . $expires2;
$expires = strtotime($str, time() );
- if ($banType) {
- if ( $banType == 'warn')
- $banType = 1;
- elseif ( $banType == 'thisboard' )
- $banType = 2;
- elseif ( $banType == 'global') //bantype is global
- $banType = 3;
- else
- $banType = 4;
- }
-
- if ( $showbanmess ) {
- if ( $custmess == '')
- $custmess = "(USER WAS BANNED FOR THIS POST)";
- else
- $custmess = "(" . $custmess . ")";
- } else
- $custmess = 0;
-
- if ( $afterban !== 'none' ) {
+ $custmess = ($showbanmess) ? ($custmess == '') ? "(USER WAS BANNED FOR THIS POST)" : "(" . $custmess . ")" : 0; //pls ignore
+
+ $afterban = (int) $afterban;
+ if ($afterban > 0) {
require_once(CORE_DIR . '/admin/delete.php');
$del = new Delete;
- if ($afterban == 'delpost')
+ if ($afterban == 1):
$del->targeted($no, $pwd, $imgonly = 0, $automatic = 1, $children = 1, $die = 1);
- if ($afterban == 'delallbyip')
- $del->targeted($no, $pwd, $imgonly = 0, $automatic = 1, $children = 1, $die = 1, $allbyip = 1, $ip);
- if ($afterban == 'delimgonly')
- $del->targeted($no, $pwd, $imgonly = 1, $automatic = 1, $children = 0, $die = 1);
+ elseif ($afterban == 2):
+ $del->targeted($no, $pwd, $imgonly = 1, $automatic = 1, $children = 1, $die = 1);
+ else:
+ $del->targeted($no, $pwd, $imgonly = 0, $automatic = 1, $children = 0, $die = 1, $ip);
+ endif;
}
$mysql->query( "INSERT INTO " . SQLBANLOG . " (ip, active, placedon, expires, board, type, reason, staffnotes)
@@ -58,48 +43,55 @@ function postOptions($no, $ip, $expires, $banType, $perma, $pubreason, $staffnot
if ($custmess)
$mysql->query( "UPDATE " . SQLLOG . " SET com = CONCAT(com, '<br><b><font color=\"FF101A\">" . $mysql->escape_string( $custmess ) . "</font></b>') where no='" . $no . "'");
-
- }
+
+ $my_log->update($no);
+ }
function form($no) {
global $mysql;
- $host = $mysql->result("SELECT host FROM " . SQLBANLOG . " WHERE no='" . $mysql->escape_string($no) . "'");
- $alart = ($host) ? $mysql->num_rows("SELECT COUNT(*) FROM " . SQLBANLOG . " WHERE ip='" . $host . "'") : 0;
- $alert = ( $alart > 0) ? "<b><font color=\"FF101A\"> $alart ban(s) on record for $host!</font></b>" : "No bans on record for IP $host";
+ $host = $mysql->result("SELECT host FROM " . SQLLOG . " WHERE no='" . $mysql->escape_string($no) . "'", 0, 0);
+ $alart = ($host) ? $mysql->num_rows("SELECT COUNT(*) FROM " . SQLBANLOG . " WHERE ip='" . $host . "'") : 0;
+ $alert = ( $alart > 0) ? "<b><font color=\"FF101A\"> $alart ban(s) on record for $host!</font></b>" : "No bans on record for IP $host";
- $temp = head(1);
-
- $temp .= "<br><table border='0' cellpadding='0' cellspacing='0' /><form action='admin.php?mode=ban' method='POST' />
- <input type='hidden' name='no' value='$no' />
- <input type='hidden' name='ip' value='$host' />
- <tr><td class='postblock'>IP History: </td><td>$alert</td></tr>
- <tr><td class='postblock'>Unban in:</td><td><input type='number' min='0' size='4' name='banlength' /> days</td></tr>
- <center><tr><td class='postblock'>Ban type:</td><td></center>
- <select name='banType' />
- <option value='warn' />Warning only</option>
- <option value='thisboard' />This board - /" . BOARD_DIR . "/ </option>
- <option value='global' />All boards</option>
- <option value='perma' />Permanent - All boards</option>
- </select>
- </td></tr>
- <tr><td class='postblock'>Public reason:</td><td><textarea rows='2' cols='25' name='pubreason' /></textarea></td></tr>
- <tr><td class='postblock'>Staff notes:</td><td><input type='text' name='staffnote' /></td></tr>
- <tr><td class='postblock'>Append user's comment:</td><td><input type='text' name='custmess' placeholder='Leave blank for USER WAS BAN etc.' /> [ Show message<input type='checkbox' name='showbanmess' /> ] </td></tr>
- <tr><td class='postblock'>After-ban options:</td><td>
- <select name='afterban' />
- <option value='none' />None</option>
- <option value='delpost' />Delete this post</option>
- <option value='delallbyip' />Delete all by this IP</option>
- <option value='delimgonly' />Delete image only</option>
- </select>
- </td></tr>";
- if (valid('admin'))
- $temp .= "
- <tr><td class='postblock'>Add to Blacklist:</td><td>[ Comment<input type='checkbox' name='blacklistcom' /> ] [ Image MD5<input type='checkbox' name='blacklistimage' /> ] </td></tr>";
- $temp .= "<center><tr><td><input type='submit' value='Ban'/></td></tr></center></table></form>";
+ $temp = head(1);
- echo $temp;
+ $temp .= "<!---banning #:$no; host:$host---><br><table border='0' cellpadding='0' cellspacing='0' /><form action='admin.php?mode=ban' method='POST' />
+ <input type='hidden' name='no' value='$no' />
+ <input type='hidden' name='ip' value='$host' />
+ <tr><td class='postblock'>IP History: </td><td>$alert</td></tr>
+ <tr><td class='postblock'>Unban in:</td><td><input type='number' min='0' size='7' name='banlength1' /> <select name='banlength2' />
+ <option value='second' />seconds</option>
+ <option value='minute' />minutes</option>
+ <option value='day' />days</option>
+ <option value='month' />months</option>
+ <option value='year' />years</option>
+ </select></td></tr>
+ <center><tr><td class='postblock'>Ban type:</td><td></center>
+ <select name='banType' />
+ <option value='1' />Warning only</option>
+ <option value='2' />This board - /" . BOARD_DIR . "/ </option>
+ <option value='3' />All boards</option>
+ <option value='4' />Permanent - All boards</option>
+ </select>
+ </td></tr>
+ <tr><td class='postblock'>Public reason:</td><td><textarea rows='2' cols='25' name='pubreason' /></textarea></td></tr>
+ <tr><td class='postblock'>Staff notes:</td><td><input type='text' name='staffnote' /></td></tr>
+ <tr><td class='postblock'>Append user's comment:</td><td><input type='text' name='custmess' placeholder='Leave blank for USER WAS BAN etc.' /><br>[ Show message<input type='checkbox' name='showbanmess' /> ] </td></tr>
+ <tr><td class='postblock'>After-ban options:</td><td>
+ <select name='afterban' />
+ <option value='0' />None</option>
+ <option value='1' />Delete this post</option>
+ <option value='2' />Delete image only</option>
+ <option value='3' />Delete all by this IP</option>
+ </select>
+ </td></tr>";
+ /*if (valid('admin'))
+ $temp .= "
+ <tr><td class='postblock'>Add to Blacklist:</td><td>[ Comment<input type='checkbox' name='blacklistcom' /> ] [ Image MD5<input type='checkbox' name='blacklistimage' /> ] </td></tr>";*/ //Soon.
+ $temp .= "<center><tr><td><input type='submit' value='Ban'/></td></tr></center></table></form>";
+
+ echo $temp;
}
function afterBan() {
@@ -74,19 +74,21 @@ function targeted($resno, $pwd, $imgonly = 0, $automatic = 0, $children = 1, $di
$auser = $mysql->escape_string($_COOKIE['saguaro_auser']);
$adfsize = ($row['fsize'] > 0) ? 1 : 0;
$adname = str_replace('</span> <span class="postertrip">!', '#', $row['name']);
- $imgonly = ($imgonly) ? 1 : 0;
+ $imgonly2 = ($imgonly) ? "image" : "post";
$row['sub'] = $mysql->escape_string($row['sub']);
$row['com'] = $mysql->escape_string($row['com']);
$row['filename'] = $mysql->escape_string($row['filename']);
- $mysql->query("INSERT INTO " . SQLDELLOG . " (postno, imgonly, board,name,sub,com,img,filename,admin) values('$resno','$imgonly','" . BOARD_DIR . "','$adname','{$row['sub']}','{$row['com']}','$adfsize','{$row['filename']}','$auser')");
+ $mysql->query("INSERT INTO " . SQLDELLOG . " (admin, postno, action, board,name,sub,com,img)
+ VALUES('$auser','$resno', '$imgonly2', '" . BOARD_DIR . ", '$adname','{$row['sub']}','{$row['com']}')");
}
- if ($allbyip && $delhost !== '')
+ if ($allbyip && $delhost !== ''):
$result = $mysql->query("select no,resto,tim,ext from " . SQLLOG . " where host='" . $delhost . "'");
- if ($row['resto'] == 0 && $children && !$imgonly && !$allbyip) // select thread and children
+ elseif ($row['resto'] == 0 && $children && !$imgonly && !$allbyip): // select thread and children
$result = $mysql->query("select no,resto,tim,ext from " . SQLLOG . " where no=$resno or resto=$resno");
- else // just select the post
+ else: // just select the post
$result = $mysql->query("select no,resto,tim,ext from " . SQLLOG . " where no=$resno");
+ endif;
while ($delrow = $mysql->fetch_assoc($result)) {
// delete
$path = realpath("./") . '/' . IMG_DIR;
View
@@ -103,8 +103,10 @@ function error($mes) { //until error class is sorted out, this is in-house admin
error(S_NOPERM);
require_once(CORE_DIR . "/admin/bans.php");
$banish = new Banish;
- if (isset($no));
- $banish->postOptions($no, $ip, $banlength, $banType, $perma, $pubreason, $staffnote, $custmess, $showbanmess, $afterban);
+ if (isset($no)) {
+ $banish->postOptions($no, $ip, $banlength1, $banlength2, $banType, $perma, $pubreason, $staffnote, $custmess, $showbanmess, $afterban);
+ echo "<script>window.close();</script>";
+ }
$banish->form($_GET['no']);
break;
case 'more':
View
@@ -21,32 +21,37 @@
switch ($row['type']) {
case '1':
$status = 'have been warned on: <b>/' . $row['board'] . '/ - ' . TITLE . '</b>';
- $mysql->query("UPDATE " . SQLBANLOG . " SET active='0' WHERE ip='$host' AND active='1' LIMIT 1");
+ $mysql->query("UPDATE " . SQLBANLOG . " SET active='0' WHERE ip='$host' AND active='1' LIMIT 1"); //Save warnings.
break;
case '2':
$status = 'have been banned from: <b>/' . $row['board'] . '/ - ' . TITLE . '</b>';
if (time() > $row['expires'])
- $mysql->query("UPDATE " . SQLBANLOG . " SET active='0' WHERE ip='$host' AND active='1' LIMIT 1");
- $row['expires'] = date('F d, Y H:i', $row['expires']) . " days";
+ $mysql->query("DELETE " . SQLBANLOG . " WHERE ip='$host' AND active='1' LIMIT 1");
+ $row['expires'] = date('F d, Y H:i', $row['expires']);
break;
case '3':
$status = 'have been banned from <b>all boards</b>';
if (time() > $row['expires'])
- $mysql->query("UPDATE " . SQLBANLOG . " SET active='0' WHERE ip='$host' AND active='1' LIMIT 1");
- $row['expires'] = date('F d, Y H:i', $row['expires']) . " days";
+ $mysql->query("DELETE " . SQLBANLOG . " WHERE ip='$host' AND active='1' LIMIT 1");
+ $row['expires'] = date('F d, Y H:i', $row['expires']);
break;
case '4':
$status = 'have been <b>permanently banned from all boards<b>';
$length = '<b>forever</b>';
+ $row['expires'] = "never.";
break;
default:
$status = 'are not banned';
$row['type'] = 0;
break;
}
$row['placedon'] = date('F d, Y H:i', $row['placedon']);
+
+ //for appeals: 0: not able to appeal, 1:appealable. 2:appeal filed. 3: appeal denied.
+
}
+
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>You ' . $status . '</title>
@@ -63,8 +68,8 @@
echo '<p>You ' . $status . ' for the following reason: </p><br /><p><b>' . $row['reason'] . '</b></p><br /><hr />
<p><a href="//' . SITE_ROOT . '/' . RULES . '#' . $row['board'] . '" />Please review the board rules</a> and be aware that further rule violations can result in an extended ban.</p><br />
<h3>This warn was issued for the IP address ' . $host . '</h3>' . $footer;
-} else
+} else {
echo '<p>You <b>' . $status . '</b> for the following reason: </p><br /><p><b>' . $row['reason'] . '</b></p><br /><hr />
- <p>This ban will last <b>' . $length . ' </b>. It was placed on <b>' . $row['placedon'] . '</b> and will expire: <b>' . $row['expires'] . '</b><br/><h3>This ban was issued for the IP address ' . $host . '</h3>' . $footer;
+ <p>This ban was placed on <b>' . $row['placedon'] . '</b> and will expire on: <b>' . $row['expires'] . '</b><br/><h3>This ban was issued for the IP address ' . $host . '</h3>' . $footer;
?>
View
@@ -263,9 +263,9 @@
//Create tables.
$tables = [
SQLLOG => "primary key(no), no int not null auto_increment, now text, name text, email text, sub text, com text, host text, pwd text, ext text, w int, h int, tn_w int, tn_h int, tim text, time int, md5 text, fsize int, fname text, sticky int, permasage int, locked int, root timestamp, resto int, board text",
- SQLBANLOG => "num INT(25) PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(25), active INT(1), placedon VARCHAR(25), expires VARCHAR(25), board VARCHAR(50), type VARCHAR (2), reason VARCHAR(500), staffnotes VARCHAR(500) ",
+ SQLBANLOG => "num INT(25) PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(25), active INT(1), placedon VARCHAR(25), expires VARCHAR(25), board VARCHAR(50), type VARCHAR (2), reason VARCHAR(500), staffnotes VARCHAR(500), appeal INT(1) ",
SQLMODSLOG => "user VARCHAR(25), password VARCHAR(250), public_salt VARCHAR(256), allowed VARCHAR(250), denied VARCHAR(250), PRIMARY KEY (user), UNIQUE KEY (user)",
- SQLDELLOG => "postno VARCHAR(250) PRIMARY KEY, imgonly VARCHAR(25), board VARCHAR(250), name VARCHAR(250), sub VARCHAR(50), com VARCHAR(" . S_POSTLENGTH . "), img VARCHAR(250), filename VARCHAR(250), admin VARCHAR(100)", //Why does S_POSTLENGTH start with S_?
+ SQLDELLOG => "admin VARCHAR(250), postno VARCHAR(20) PRIMARY KEY, action VARCHAR(25), board VARCHAR(250), name VARCHAR(50) sub VARCHAR(50), com VARCHAR(" . S_POSTLENGTH . ")", //Why does S_POSTLENGTH start with S_?
"reports" => "num VARCHAR(250) PRIMARY KEY, no VARCHAR(25), board VARCHAR(250), type VARCHAR(250), time TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ip VARCHAR(250)",
"loginattempts" => "userattempt VARCHAR(25) PRIMARY KEY, passattempt VARCHAR(250), board VARCHAR(250), ip VARCHAR(250), attemptno VARCHAR(50)",
"rebuildqueue" => "board char(4) NOT NULL, no int(11) NOT NULL, ownedby int(11) NOT NULL default '0', ts timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (board,no,ownedby)"

0 comments on commit 7ff8d19

Please sign in to comment.