From 6bbd058466a4c28211b134e5afbd44d79f174aac Mon Sep 17 00:00:00 2001 From: Sanpaku <67713780+ithrts@users.noreply.github.com> Date: Fri, 8 Oct 2021 14:57:49 +0200 Subject: [PATCH] manual ban+delete ban clear captcha field on image reload manual ban support delete bans set first board in boardlist if no board is set to apply to ban theme if user visits post.php manually --- assets/js/main.js | 1 + includes/default.php | 2 +- includes/functions.php | 2 +- includes/inits.php | 3 + mod.php | 163 ++++++++++++++++++++++++++++++++++----- post.php | 4 + templates/banned.html | 29 ++++--- templates/post-form.html | 2 +- 8 files changed, 171 insertions(+), 35 deletions(-) diff --git a/assets/js/main.js b/assets/js/main.js index ce3ba8f..d694dca 100644 --- a/assets/js/main.js +++ b/assets/js/main.js @@ -8,6 +8,7 @@ document.addEventListener("DOMContentLoaded", function(event) { var refreshButton = document.querySelector("#captcha"); refreshButton.onclick = function() { document.querySelector("#captcha").src = install_location + '/includes/captcha.php?' + Date.now(); + document.querySelector("#captcha-field").value = ''; } } diff --git a/includes/default.php b/includes/default.php index b332f88..a61c515 100644 --- a/includes/default.php +++ b/includes/default.php @@ -7,7 +7,7 @@ $main_file = 'main.php'; //leave empty if using handlers like apache to hide fil $post_file = 'post.php'; //i cant imagine any reason to change this, but i suppose it could be in a different folder if you want to $display_version = true; -$version = 'v0.85'; +$version = 'v0.86'; $site_name = 'ImoutoIB'; $site_slogan = 'As if it were written by a literal child.'; diff --git a/includes/functions.php b/includes/functions.php index d9b7199..2ac992e 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -354,7 +354,7 @@ function DeletePost($database_folder, $uploads_folder, $board, $thread, $post, $ foreach ($files_ as $file) { unlink($file); } - //DELETE FOLDER (unfortunately no way to delete folder with all files in) + //DELETE FOLDER rmdir(__dir__ . '/../' . $database_folder . '/boards/' . $board . '/' . $thread); //success! diff --git a/includes/inits.php b/includes/inits.php index d919307..980bf43 100644 --- a/includes/inits.php +++ b/includes/inits.php @@ -41,6 +41,9 @@ $changed_password = false; $user_created = false; $user_edited = false; $user_deleted = false; +$ban_removed = false; +$ban_created = false; +$warning_created = false; $is_banned = false; diff --git a/mod.php b/mod.php index fe42452..ddd674b 100644 --- a/mod.php +++ b/mod.php @@ -189,6 +189,109 @@ if (isset($_POST['delete-user'])) { $user_deleted = true; } +//DELETE BAN +if (isset($_POST['delete-ban'])) { + if ($user_mod_level < $config['mod']['ban']) { + error('You don\'t have permission to remove bans.'); + } + if (!ctype_alnum($_POST['delete-ban-ip'])) { + error('Invalid IP'); + } + if (!file_exists(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip'] . '/' . $_POST['delete-ban-id'] . '.php')) { + error('This ban doesn\'t exist.'); + } + unlink(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip'] . '/' . $_POST['delete-ban-id'] . '.php'); + if (!glob(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip'] . '/*')) { + rmdir(__dir__ . '/' . $database_folder . '/bans/' . $_POST['delete-ban-ip']); //Delete folder if no bans exist anymore. Expired bans count as existing. + } + + $ban_removed = true; +} + +//CREATE BAN +if (isset($_POST['create-ban'])) { + if ($user_mod_level < $config['mod']['ban']) { + error('You don\'t have permission to create bans.'); + } + + //check ban form requirements isnt manipulated (duration, reason, etc) and set stuff + if (!isset($_POST['create-ban-expire'])){ + error('Ban expiry form not given.'); + } + $ban_reason = phpClean($_POST['create-ban-reason']); + $ban_expire = phpClean($_POST['create-ban-expire']); + $ban_original_ip = phpClean($_POST['create-ban-ip']); + if (strlen($ban_reason) > 256) { + error('Ban reason too long. Maximum 256 characters.'); + } + if ($ban_reason == '') { + $ban_reason = 'No reason given.'; + } + + if ($ban_original_ip > 256) { + error('Suspiciously long IP.'); + } + + //remove dots and slashes + $new_ban['original_ip'] = $ban_original_ip; + $new_ban['ip'] = preg_replace('/(\/|\.)/i','' , $_POST['create-ban-ip']); //remove dots and slashes from ip + if (!ctype_alnum($new_ban['ip'])) { + error('Invalid IP'); + } + + //create folder for bans if doesnt exist + if (!file_exists($path . '/' . $database_folder . '/bans')) { + mkdir($path . '/' . $database_folder . '/bans'); + } + if (!file_exists($path . '/' . $database_folder . '/bans/' . $new_ban['ip'])) { + mkdir($path . '/' . $database_folder . '/bans/' .$new_ban['ip']); + } + //create counter if doesnt exist + if (!file_exists($path . '/' . $database_folder . '/bans/counter.php')) { + file_put_contents($path . '/' . $database_folder . '/bans/counter.php', 0); + } + + $new_ban['id'] = file_get_contents($path . '/' . $database_folder . '/bans/counter.php'); + + $new_ban['time'] = time(); + $new_ban['duration'] = $ban_expire; + + if ($ban_expire == "warning") { + $new_ban['is_active'] = "0"; + } else { + $new_ban['is_active'] = "1"; + } + $new_ban['is_read'] = "0"; //replace on read + + $create_ban = ''; + + file_put_contents($path . '/' . $database_folder . '/bans/' . $new_ban['ip'] . '/' . $new_ban['id'] . '.php', $create_ban); //save ban + file_put_contents($path . '/' . $database_folder . '/bans/counter.php', $new_ban['id'] + 1); //increase counter + + if ($new_ban['duration'] == 'warning') { + $warning_created = true; + } else { + $ban_created = true; + } +} + //LOGGIN IN? if (isset($_POST['username']) && isset($_POST['password'])) { if ($_POST['username'] == "") { @@ -855,13 +958,13 @@ if ($_GET["page"] == 'bans') { echo '

Ban IP

'; echo '
'; echo '

'; - echo '

Ban IP (incomplete)'; - echo '
+ echo '
Ban IP'; + echo ' - - + + + '; + echo ''; echo ''; - echo ''; } } @@ -963,8 +1078,14 @@ if ($_GET["page"] == 'bans') { echo '
'; echo ''; - if ($user_created == true) { - echo '
User created.
'; + if ($ban_removed == true) { + echo '
Ban has been deleted.
'; + } + if ($ban_created == true) { + echo '
Ban has been created.
'; + } + if ($warning_created == true) { + echo '
Warning has been created.
'; } include $path . '/templates/footer.html'; diff --git a/post.php b/post.php index 04a57b0..3880128 100644 --- a/post.php +++ b/post.php @@ -2,6 +2,10 @@ require dirname(__FILE__) . '/require.php'; +if (!isset($_POST['board'])) { + //error('No board selected.'); + $_POST['board'] = array_key_first($config['boards']); //set a board and allow seeing bans instead: +} //CHECK BANS, move this to a different file maybe. $check_ban = crypt($_SERVER['REMOTE_ADDR'] , $secure_hash); diff --git a/templates/banned.html b/templates/banned.html index aaf1ce7..6e17ab9 100644 --- a/templates/banned.html +++ b/templates/banned.html @@ -23,19 +23,26 @@ include __dir__ . '/header.html'; echo '

How did you manage this...

'; - echo '
'; - if ($ban['post-subject'] != '') { - echo ''.$ban['post-subject'].' '; - } - if ($ban['post-email'] != '') { - echo ''.$ban['post-name'].' '; + echo '
'; + if (isset($ban['post_body'])) { + echo '
'; + if ($ban['post-subject'] != '') { + echo ''.$ban['post-subject'].' '; + } + if ($ban['post-email'] != '') { + echo ''.$ban['post-name'].' '; + } else { + echo ''.$ban['post-name'].' '; + } + echo ''.timeConvert($ban['post-time'], $time_method).' '; + echo 'No.'.$ban['reply'].''; + echo '
'.$ban['post-body'].'
'; } else { - echo ''.$ban['post-name'].' '; + echo 'Manual ban.'; } - - echo ''.timeConvert($ban['post-time'], $time_method).' '; - echo 'No.'.$ban['reply'].''; - echo '
'.$ban['post-body'].'
'; + + + echo '
'; echo '

'; diff --git a/templates/post-form.html b/templates/post-form.html index c0e12db..17d1260 100644 --- a/templates/post-form.html +++ b/templates/post-form.html @@ -65,7 +65,7 @@ echo '

'; ?> + echo ' '; }?>
IP:
Reason:
IP:
Reason:
Duration: - @@ -932,24 +1035,36 @@ if ($_GET["page"] == 'bans') { echo ''; echo '
More'; - echo '
View'; //see post that caused ban - echo '
'; - if ($ban['post-subject'] != '') { - echo ''.$ban['post-subject'].' '; - } - if ($ban['post-email'] != '') { - echo ''.$ban['post-name'].' '; + if ($ban["post-body"] != false) { //manual ban or not? + echo '
View'; //see post that caused ban + echo '
'; + if ($ban['post-subject'] != '') { + echo ''.$ban['post-subject'].' '; + } + if ($ban['post-email'] != '') { + echo ''.$ban['post-name'].' '; + } else { + echo ''.$ban['post-name'].' '; + } + + echo ''.timeConvert($ban['post-time'], $time_method).' '; + echo 'No.'.$ban['reply'].''; + echo '
'.$ban['post-body'].'
'; + echo '
'; //"view file" } else { - echo ''.$ban['post-name'].' '; + echo 'Manual ban.'; } - - echo ''.timeConvert($ban['post-time'], $time_method).' '; - echo 'No.'.$ban['reply'].''; - echo '
'.$ban['post-body'].'
'; - echo '
'; //"view file" + + //delete + echo '
Delete
Are you sure you want to remove this ban?'; + echo ' + + +
Verification
Verification