diff --git a/assets/js/main.js b/assets/js/main.js index ce3ba8f..d694dca 100644 --- a/assets/js/main.js +++ b/assets/js/main.js @@ -8,6 +8,7 @@ document.addEventListener("DOMContentLoaded", function(event) { var refreshButton = document.querySelector("#captcha"); refreshButton.onclick = function() { document.querySelector("#captcha").src = install_location + '/includes/captcha.php?' + Date.now(); + document.querySelector("#captcha-field").value = ''; } } diff --git a/includes/default.php b/includes/default.php index b332f88..a61c515 100644 --- a/includes/default.php +++ b/includes/default.php @@ -7,7 +7,7 @@ $main_file = 'main.php'; //leave empty if using handlers like apache to hide fil $post_file = 'post.php'; //i cant imagine any reason to change this, but i suppose it could be in a different folder if you want to $display_version = true; -$version = 'v0.85'; +$version = 'v0.86'; $site_name = 'ImoutoIB'; $site_slogan = 'As if it were written by a literal child.'; diff --git a/includes/functions.php b/includes/functions.php index d9b7199..2ac992e 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -354,7 +354,7 @@ function DeletePost($database_folder, $uploads_folder, $board, $thread, $post, $ foreach ($files_ as $file) { unlink($file); } - //DELETE FOLDER (unfortunately no way to delete folder with all files in) + //DELETE FOLDER rmdir(__dir__ . '/../' . $database_folder . '/boards/' . $board . '/' . $thread); //success! diff --git a/includes/inits.php b/includes/inits.php index d919307..980bf43 100644 --- a/includes/inits.php +++ b/includes/inits.php @@ -41,6 +41,9 @@ $changed_password = false; $user_created = false; $user_edited = false; $user_deleted = false; +$ban_removed = false; +$ban_created = false; +$warning_created = false; $is_banned = false; diff --git a/mod.php b/mod.php index fe42452..ddd674b 100644 --- a/mod.php +++ b/mod.php @@ -189,6 +189,109 @@ if (isset($_POST['delete-user'])) { $user_deleted = true; } +//DELETE BAN +if (isset($_POST['delete-ban'])) { + if ($user_mod_level < $config['mod']['ban']) { + error('You don\'t have permission to remove bans.'); + } + if (!ctype_alnum($_POST['delete-ban-ip'])) { + error('Invalid IP'); + } + if (!file_exists(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip'] . '/' . $_POST['delete-ban-id'] . '.php')) { + error('This ban doesn\'t exist.'); + } + unlink(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip'] . '/' . $_POST['delete-ban-id'] . '.php'); + if (!glob(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip'] . '/*')) { + rmdir(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip']); //Delete folder if no bans exist anymore. Expired bans count as existing. + } + + $ban_removed = true; +} + +//CREATE BAN +if (isset($_POST['create-ban'])) { + if ($user_mod_level < $config['mod']['ban']) { + error('You don\'t have permission to create bans.'); + } + + //check ban form requirements isnt manipulated (duration, reason, etc) and set stuff + if (!isset($_POST['create-ban-expire'])){ + error('Ban expiry form not given.'); + } + $ban_reason = phpClean($_POST['create-ban-reason']); + $ban_expire = phpClean($_POST['create-ban-expire']); + $ban_original_ip = phpClean($_POST['create-ban-ip']); + if (strlen($ban_reason) > 256) { + error('Ban reason too long. Maximum 256 characters.'); + } + if ($ban_reason == '') { + $ban_reason = 'No reason given.'; + } + + if ($ban_original_ip > 256) { + error('Suspiciously long IP.'); + } + + //remove dots and slashes + $new_ban['original_ip'] = $ban_original_ip; + $new_ban['ip'] = preg_replace('/(\/|\.)/i','' , $_POST['create-ban-ip']); //remove dots and slashes from ip + if (!ctype_alnum($new_ban['ip'])) { + error('Invalid IP'); + } + + //create folder for bans if doesnt exist + if (!file_exists($path . '/' . $database_folder . '/bans')) { + mkdir($path . '/' . $database_folder . '/bans'); + } + if (!file_exists($path . '/' . $database_folder . '/bans/' . $new_ban['ip'])) { + mkdir($path . '/' . $database_folder . '/bans/' .$new_ban['ip']); + } + //create counter if doesnt exist + if (!file_exists($path . '/' . $database_folder . '/bans/counter.php')) { + file_put_contents($path . '/' . $database_folder . '/bans/counter.php', 0); + } + + $new_ban['id'] = file_get_contents($path . '/' . $database_folder . '/bans/counter.php'); + + $new_ban['time'] = time(); + $new_ban['duration'] = $ban_expire; + + if ($ban_expire == "warning") { + $new_ban['is_active'] = "0"; + } else { + $new_ban['is_active'] = "1"; + } + $new_ban['is_read'] = "0"; //replace on read + + $create_ban = ''; + + file_put_contents($path . '/' . $database_folder . '/bans/' . $new_ban['ip'] . '/' . $new_ban['id'] . '.php', $create_ban); //save ban + file_put_contents($path . '/' . $database_folder . '/bans/counter.php', $new_ban['id'] + 1); //increase counter + + if ($new_ban['duration'] == 'warning') { + $warning_created = true; + } else { + $ban_created = true; + } +} + //LOGGIN IN? if (isset($_POST['username']) && isset($_POST['password'])) { if ($_POST['username'] == "") { @@ -855,13 +958,13 @@ if ($_GET["page"] == 'bans') { echo '

Ban IP

'; echo '
'; echo '

'; - echo '

Ban IP (incomplete)'; - echo '
+ echo '
Ban IP'; + echo ' - - + + + '; + echo ''; echo ''; - echo ''; } } @@ -963,8 +1078,14 @@ if ($_GET["page"] == 'bans') { echo '
'; echo ''; - if ($user_created == true) { - echo '
User created.
'; + if ($ban_removed == true) { + echo '
Ban has been deleted.
'; + } + if ($ban_created == true) { + echo '
Ban has been created.
'; + } + if ($warning_created == true) { + echo '
Warning has been created.
'; } include $path . '/templates/footer.html'; diff --git a/post.php b/post.php index 04a57b0..3880128 100644 --- a/post.php +++ b/post.php @@ -2,6 +2,10 @@ require dirname(__FILE__) . '/require.php'; +if (!isset($_POST['board'])) { + //error('No board selected.'); + $_POST['board'] = array_key_first($config['boards']); //set a board and allow seeing bans instead: +} //CHECK BANS, move this to a different file maybe. $check_ban = crypt($_SERVER['REMOTE_ADDR'] , $secure_hash); diff --git a/templates/banned.html b/templates/banned.html index aaf1ce7..6e17ab9 100644 --- a/templates/banned.html +++ b/templates/banned.html @@ -23,19 +23,26 @@ include __dir__ . '/header.html'; echo '

How did you manage this...

'; - echo '
'; - if ($ban['post-subject'] != '') { - echo ''.$ban['post-subject'].' '; - } - if ($ban['post-email'] != '') { - echo ''.$ban['post-name'].' '; + echo '
'; + if (isset($ban['post_body'])) { + echo '
'; + if ($ban['post-subject'] != '') { + echo ''.$ban['post-subject'].' '; + } + if ($ban['post-email'] != '') { + echo ''.$ban['post-name'].' '; + } else { + echo ''.$ban['post-name'].' '; + } + echo ''.timeConvert($ban['post-time'], $time_method).' '; + echo 'No.'.$ban['reply'].''; + echo '
'.$ban['post-body'].'
'; } else { - echo ''.$ban['post-name'].' '; + echo 'Manual ban.'; } - - echo ''.timeConvert($ban['post-time'], $time_method).' '; - echo 'No.'.$ban['reply'].''; - echo '
'.$ban['post-body'].'
'; + + + echo '
'; echo '

'; diff --git a/templates/post-form.html b/templates/post-form.html index c0e12db..17d1260 100644 --- a/templates/post-form.html +++ b/templates/post-form.html @@ -65,7 +65,7 @@ echo '

'; ?> + echo ' '; }?>
IP:
Reason:
IP:
Reason:
Duration: - @@ -932,24 +1035,36 @@ if ($_GET["page"] == 'bans') { echo ''; echo '
More'; - echo '
View'; //see post that caused ban - echo '
'; - if ($ban['post-subject'] != '') { - echo ''.$ban['post-subject'].' '; - } - if ($ban['post-email'] != '') { - echo ''.$ban['post-name'].' '; + if ($ban["post-body"] != false) { //manual ban or not? + echo '
View'; //see post that caused ban + echo '
'; + if ($ban['post-subject'] != '') { + echo ''.$ban['post-subject'].' '; + } + if ($ban['post-email'] != '') { + echo ''.$ban['post-name'].' '; + } else { + echo ''.$ban['post-name'].' '; + } + + echo ''.timeConvert($ban['post-time'], $time_method).' '; + echo 'No.'.$ban['reply'].''; + echo '
'.$ban['post-body'].'
'; + echo '
'; //"view file" } else { - echo ''.$ban['post-name'].' '; + echo 'Manual ban.'; } - - echo ''.timeConvert($ban['post-time'], $time_method).' '; - echo 'No.'.$ban['reply'].''; - echo '
'.$ban['post-body'].'
'; - echo '
'; //"view file" + + //delete + echo '
Delete
Are you sure you want to remove this ban?'; + echo ' + + +
Verification
Verification