2011-07-27 13:45:59 +10:00

2301 lines
80 KiB
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

require 'inc/functions.php';
require 'inc/display.php';
require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php';
// Check if banned
require 'inc/mod.php';
// Fix some encoding issues
header('Content-Type: text/html; charset=utf-8', true);
if (get_magic_quotes_gpc()) {
function strip_array($var) {
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
$_SESSION = strip_array($_SESSION);
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
// If not logged in
if(!$mod) {
if(isset($_POST['login'])) {
// Check if inputs are set and not empty
if( !isset($_POST['username']) ||
!isset($_POST['password']) ||
empty($_POST['username']) ||
) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
if(!login($_POST['username'], $_POST['password']))
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
modLog("Logged in.");
// Login successful
// Set cookies
// Redirect
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
// Close connection
} else {
loginForm(false, false, '?' . $query);
} else {
// Redirect (for index pages)
if(count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r']))
header('Location: ' . $_GET['r'], true, $_GET['status']);
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
$regex = Array(
'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
'img' => preg_quote($config['dir']['img'], '/'),
'thumb' => preg_quote($config['dir']['thumb'], '/'),
'res' => preg_quote($config['dir']['res'], '/'),
'index' => preg_quote($config['file_index'], '/')
if(preg_match('/^\/?$/', $query)) {
// Dashboard
$fieldset = Array(
'Boards' => '',
'Noticeboard' => '',
'Administration' => '',
'Themes' => '',
'Search' => '',
'Update' => '',
'Logout' => ''
// Boards
$fieldset['Boards'] .= ulBoards();
if($mod['type'] >= $config['mod']['noticeboard']) {
$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$fieldset['Noticeboard'] .= '<li>';
$_body = '';
while($notice = $query->fetch()) {
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) {
$_mod = Array('username' => '<em>???</em>');
$_body .= '<li><a href="?/noticeboard#' .
$notice['id'] .
'">' .
($notice['subject'] ?
'<em>no subject</em>'
) .
'</a><span class="unimportant"> — by ' .
$_mod['username'] .
' at ' .
date($config['post_date'], $notice['time']) .
if(!empty($_body)) {
$fieldset['Noticeboard'] .= '<ul>' . $_body . '</ul></li><li>';
$fieldset['Noticeboard'] .= '<a href="?/noticeboard">View all entires</a></li>';
$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
$query->bindValue(':id', $mod['id']);
$query->execute() or error(db_error($query));
$count = $query->fetch();
$count = $count['count'];
$fieldset['Noticeboard'] .= '<li><a href="?/inbox">PM inbox' .
($count > 0
' <strong>(' . $count . ' unread)</strong>'
: '') .
$fieldset['Noticeboard'] .= '<li><a href="?/news">News</a></li>';
if($mod['type'] >= $config['mod']['reports']) {
$fieldset['Administration'] .= '<li><a href="?/reports">Report queue</a></li>';
if($mod['type'] >= $config['mod']['view_banlist']) {
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>';
if($mod['type'] >= $config['mod']['manageusers']) {
$fieldset['Administration'] .= '<li><a href="?/users">Manage users</a></li>';
if($mod['type'] >= $config['mod']['modlog']) {
$fieldset['Administration'] .= '<li><a href="?/log">Moderation log</a></li>';
if($mod['type'] >= $config['mod']['rebuild']) {
$fieldset['Administration'] .= '<li><a href="?/rebuild">Rebuild static files</a></li>';
if($mod['type'] >= $config['mod']['rebuild'] && $config['memcached']['enabled']) {
$fieldset['Administration'] .= '<li><a href="?/flush">Clear cache</a></li>';
if($mod['type'] >= $config['mod']['show_config']) {
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>';
if($mod['type'] >= $config['mod']['themes']) {
$fieldset['Themes'] .= '<li><a href="?/themes">Manage themes</a></li>';
if($mod['type'] >= $config['mod']['search']) {
$fieldset['Search'] .= '<li><form style="display:inline" action="?/search" method="post">' .
'<label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" />' .
'<input type="submit" value="Search" />' .
'</form>' .
'<p class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</p>' .
if($mod['type'] >= ADMIN && $config['check_updates']) {
if(!$version = @file_get_contents('.installed'))
error('Could not find current version! (Check .installed)');
if(isset($_SESSION['update']) && time() - $_SESSION['update']['time'] < $config['check_updates_time']) {
$latest = $_SESSION['update']['latest'];
} else {
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 3
$latest = @file_get_contents('http://tinyboard.org/latest.txt', 0, $ctx);
if(preg_match('/^v(\d+)\.(\d)\.(\d+)$/', $latest, $m)) {
$newer = Array(
'massive' => (int)$m[1],
'major' => (int)$m[2],
'minor' => (int)$m[3]
if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $version, $m)) {
$current = Array(
'massive' => (int)$m[1],
'major' => (int)$m[2],
'minor' => (int)$m[3]
if(isset($m[4])) {
// Development versions are always ahead in the versioning numbers
$current['minor'] --;
// Check if it's newer
if( $newer['massive'] > $current['massive'] ||
$newer['major'] > $current['major'] ||
($newer['massive'] == $current['massive'] &&
$newer['major'] == $current['major'] &&
$newer['minor'] > $current['minor']
)) {
$latest = $latest;
} else $latest = false;
} else $latest = false;
$_SESSION['update'] = Array('time' => time(), 'latest' => $latest);
if($latest) {
$latest = trim($latest);
$fieldset['Update'] .= '<li>A newer version of Tinyboard (<strong>' . $latest . '</strong>) is available! See <a href="http://tinyboard.org">http://tinyboard.org/</a> for download instructions.</li>';
$fieldset['Logout'] .= '<li><a href="?/logout">Logout</a></li>';
// TODO: Statistics, etc, in the dashboard.
$body = '';
foreach($fieldset as $title => $data) {
$body .= "<fieldset><legend>{$title}</legend><ul>{$data}</ul></fieldset>";
echo Element('page.html', Array(
} elseif(preg_match('/^\/logout$/', $query)) {
header('Location: ?/', true, $config['redirect_http']);
} elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) {
$uri = &$matches[1];
$body = '<p style="text-align:center">' .
'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
'You clicked ' .
'<strong>?/' . htmlentities($uri) . '</strong>' .
' but had Javascript disabled, so we weren\'t able to serve the confirmation dialog.' .
'</p>' .
'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . htmlentities($uri) . '">Confirm.</a></p>';
echo Element('page.html', Array(
} elseif(preg_match('/^\/log$/', $query)) {
if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
$boards = Array();
$_boards = listBoards();
foreach($_boards as &$_b) {
$boards[$_b['id']] = $_b['uri'];
$body = '<table class="modlog"><tr><th>User</th><th>IP address</th><th>Ago</th><th>Board</th><th>Action</th></tr>';
$query = prepare("SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($log = $query->fetch()) {
$log['text'] = htmlentities($log['text']);
$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']);
$body .= '<tr>' .
'<td class="minimal"><a href="?/users/' . $log['id'] . '">' . $log['username'] . '</a></td>' .
'<td class="minimal"><a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a></td>' .
'<td class="minimal">' . ago($log['time']) . '</td>' .
'<td class="minimal">' .
($log['board'] ?
(isset($boards[$log['board']]) ?
'<a href="?/' . $boards[$log['board']] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . '</a></td>'
: '<em>deleted?</em>')
: '-') .
'<td>' . $log['text'] . '</td>' .
$body .= '</table>';
echo Element('page.html', Array(
'title'=>'Moderation log',
} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
// Clearsettings
query("TRUNCATE TABLE `theme_settings`") or error(db_error());
echo Element('page.html', Array(
'title'=>'No theme',
'body'=>'<p style="text-align:center">Successfully stopped using all themes.</p>',
} elseif(preg_match('/^\/themes(\/(\w+))?$/', $query, $match)) {
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
error('Themes directory doesn\'t exist!');
if(!$dir = opendir($config['dir']['themes']))
error('Cannot open themes directory; check permissions.');
if(isset($match[2])) {
$_theme = &$match[2];
if(!$theme = loadThemeConfig($_theme)) {
if(isset($_POST['install'])) {
// Check if everything is submitted
foreach($theme['config'] as &$c) {
if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox')
error(sprintf($config['error']['required'], $c['title']));
// Clear previous settings
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
foreach($theme['config'] as &$c) {
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
$query->bindValue(':theme', $_theme);
$query->bindValue(':name', $c['name']);
$query->bindValue(':value', $_POST[$c['name']]);
$query->execute() or error(db_error($query));
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
$body = '';
if(isset($theme['install_callback'])) {
$ret = $theme['install_callback']($theme['config']);
if($ret && !empty($ret))
$body .= '<div style="border:1px dashed maroon;padding:20px;margin:auto;max-width:800px">' . $ret . '</div>';
$body .= '<p style="text-align:center">Successfully installed and built theme.</p>';
// Build themes
echo Element('page.html', Array(
'title'=>'Installed "' . htmlentities($theme['name']) . '"',
} else {
$body = '<form action="" method="post">';
if(!isset($theme['config']) || empty($theme['config'])) {
$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>';
} else {
$body .= '<table>';
foreach($theme['config'] as &$c) {
$body .= '<tr><th>' . $c['title'] . '</th><td>';
switch($c['type']) {
case 'text':
$body .= '<input type="text" name="' . htmlentities($c['name']) . '" ' .
(isset($c['default']) ? 'value="' . htmlentities($c['default']) . '" ' :'') .
(isset($c['size']) ? 'size="' . (int)$c['size'] . '" ' :'') .
$body .= ' <span class="unimportant">' . $c['comment'] . '</span>';
$body .= '</td></tr>';
$body .= '</table>';
$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>';
echo Element('page.html', Array(
'title'=>'Installing "' . htmlentities($theme['name']) . '"',
} else {
// Scan directory for themes
$themes = Array();
while($file = readdir($dir)) {
if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
$themes[] = $file;
$body = '';
if(empty($themes)) {
$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>';
} else {
$body .= '<table class="modlog">';
foreach($themes as &$_theme) {
$theme = loadThemeConfig($_theme);
$body .= '<tr>' .
'<th class="minimal">Name</th>' .
'<td>' . htmlentities($theme['name']) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Version</th>' .
'<td>' . htmlentities($theme['version']) . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Description</th>' .
'<td>' . $theme['description'] . '</td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Thumbnail</th>' .
'<td><img style="float:none;margin:4px" src="' . $config['dir']['themes_uri'] . '/' . $_theme . '/thumb.png" /></td>' .
'</tr>' .
'<tr>' .
'<th class="minimal">Actions</th>' .
'<td><ul style="padding:0 20px">' .
'<li>' .
'<a title="Use theme" href="?/themes/' . $_theme . '">Use</a>' .
'</li>' .
'<li>' .
confirmLink('Remove', 'Uninstall theme', 'Are you sure you want to permanently remove this theme?', 'themes/' . $_theme . '/uninstall') .
'</li>' .
'</ul></td>' .
'</tr>' .
'<tr style="height:40px"><td colspan="2"><hr/></td></tr>';
$body .= '</table>';
$body .= '<p style="text-align:center"><a href="?/themes/none">Don\'t use a theme.</a></p>';
echo Element('page.html', Array(
'title'=>'Select theme',
} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
header('Location: ?/noticeboard', true, $config['redirect_http']);
} elseif(preg_match('/^\/noticeboard$/', $query)) {
if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
$body = '';
if($mod['type'] >= $config['mod']['noticeboard_post']) {
if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
'<th><label for="subject">Name</label></th>' .
'<td>' . $mod['username'] . '</td>' .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to noticeboard" /></td>' .
'</tr></table>' .
$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($notice = $query->fetch()) {
$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
$m_query->execute() or error(db_error($m_query));
if(!$_mod = $m_query->fetch()) {
$_mod = Array('username' => '<em>???</em>');
$body .= '<div class="ban">' .
($mod['type'] >= $config['mod']['noticeboard_delete'] ?
'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice['id'] . '">[delete]</a></span>'
: '') .
'<h2 id="' . $notice['id'] . '">' .
($notice['subject'] ?
'<em>no subject</em>'
) .
'<span class="unimportant"> — by ' .
$_mod['username'] .
' at ' .
date($config['post_date'], $notice['time']) .
'</span></h2><p>' . $notice['body'] . '</p></div>';
echo Element('page.html', Array(
} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `news` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
header('Location: ?/news', true, $config['redirect_http']);
} elseif(preg_match('/^\/news$/', $query)) {
$body = '';
if($mod['type'] >= $config['mod']['news']) {
if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
$query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)");
if(isset($_POST['name']) && $mod['type'] >= $config['mod']['news_custom'])
$name = &$_POST['name'];
$name = &$mod['username'];
$query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
'<tr>' .
'<th>Name</th>' .
($mod['type'] >= $config['mod']['news_custom'] ?
'<td><input type="text" size="55" name="name" id="name" value="' . htmlentities($mod['username']) . '" /></td>'
'<td>' . $mod['username'] . '</td>') .
'</tr><tr>' .
'<th>Subject</th>' .
'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
'</tr><tr>' .
'<th>Body</th>' .
'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
'</tr><tr>' .
'<td></td><td><input type="submit" value="Post to news" /></td>' .
'</tr></table>' .
$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($news = $query->fetch()) {
$body .= '<div class="ban">' .
($mod['type'] >= $config['mod']['news_delete'] ?
'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news['id'] . '">[delete]</a></span>'
: '') .
'<h2 id="' . $news['id'] . '">' .
($news['subject'] ?
'<em>no subject</em>'
) .
'<span class="unimportant"> — by ' .
$news['name'] .
' at ' .
date($config['post_date'], $news['time']) .
'</span></h2><p>' . $news['body'] . '</p></div>';
echo Element('page.html', Array(
} elseif(preg_match('/^\/inbox$/', $query, $match)) {
$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() == 0) {
$body = '<p style="text-align:center" class="unimportant">(No private messages for you.)</p>';
} else {
$unread_pms = 0;
$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>';
while($pm = $query->fetch()) {
$body .= '<tr' . ($pm['unread'] ? ' style="font-weight:bold"' : '') . '>' .
'<td class="minimal"><a href="?/PM/' . $pm['id'] . '">' . $pm['id'] . '</a></td>' .
'<td class="minimal"><a href="?/new_PM/' . $pm['sender'] . '">' . $pm['username'] . '</a></td>' .
'<td class="minimal">' . date($config['post_date'], $pm['time']) . '</td>' .
'<td><a href="?/PM/' . $pm['id'] . '">' . pm_snippet($pm['message']) . '</a></td>' .
$body .= '</table>';
echo Element('page.html', Array(
'title'=>'PM Inbox (' . ($query->rowCount() == 0 ? 'empty' : $unread_pms . ' unread') . ')',
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
$id = &$match[1];
if($mod['type'] >= $config['mod']['master_pm']) {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
} else {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$pm = $query->fetch()) {
// Mod doesn't exist
if(isset($_POST['delete'])) {
$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Deleted a PM');
header('Location: ?/', true, $config['redirect_http']);
} else {
if($pm['unread']) {
$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Read a PM');
if($pm['to'] != $mod['id']) {
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
$__to = &$_mod['username'];
} else {
$__to = false;
$body = '<form action="" method="post" style="margin:0"><table>' .
'<th>From</th><td>' .
(!$pm['username'] ?
'<a href="?/new_PM/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>'
) .
'</td></tr>' .
(isset($__to) ?
'<th>To</th><td>' .
($__to === false ?
'<a href="?/new_PM/' . $pm['to'] . '">' . htmlentities($__to) . '</a>'
) .
: '') .
'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
'</table>' .
'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
'</form>' .
'<p style="text-align:center"><a href="?/new_PM/' . $pm['sender'] . '/' . $pm['id'] . '">Reply with quote</a></p>';
echo Element('page.html', Array(
'title'=>'Private message',
} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
$to = &$match[1];
$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $to, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$to = $query->fetch()) {
// Mod doesn't exist
if(isset($_POST['message'])) {
// Post message
$message = &$_POST['message'];
$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
$query->bindValue(':message', $message);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Sent a PM to ' . $to['username']);
echo Element('page.html', Array(
'title'=>'PM sent',
'body'=>'<p style="text-align:center">Message sent successfully to ' . htmlentities($to['username']) . '.</p>',
} else {
$value = '';
if(isset($match[3])) {
$reply = &$match[3];
$query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id");
$query->bindValue(':sender', $to['id'], PDO::PARAM_INT);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':id', $reply, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($pm = $query->fetch()) {
$value = quote($pm['message']);
$body = '<form action="" method="post">' .
'<table>' .
'<tr><th>To</th><td>' .
($mod['type'] >= $config['mod']['editusers'] ?
'<a href="?/users/' . $to['id'] . '">' . htmlentities($to['username']) . '</a>' :
) .
'</td>' .
'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40">' . $value . '</textarea></td>' .
'</table>' .
'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
echo Element('page.html', Array(
'title'=>'New PM for ' . htmlentities($to['username']),
} elseif(preg_match('/^\/search$/', $query)) {
if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']);
$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
'<p><label style="display:inline" for="search">Phrase:</label> ' .
'<input id="search" name="search" type="text" size="35" ' .
(isset($_POST['search']) ? 'value="' . htmlentities($_POST['search']) . '" ' : '') .
'/>' .
'<input type="submit" value="Search" />' .
'</p></form>' .
'<p><span class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</span></p>' .
if(isset($_POST['search']) && !empty($_POST['search'])) {
$phrase = &$_POST['search'];
$_body = '';
// Escape escape character
$phrase = str_replace('!', '!!', $phrase);
// Remove SQL wildcard
$phrase = str_replace('%', '!%', $phrase);
// Use asterisk as wildcard to suit convention
$phrase = str_replace('*', '%', $phrase);
$like = '';
$match = Array();
// Find exact phrases
if(preg_match_all('/"(.+?)"/', $phrase, $m)) {
foreach($m[1] as &$quote) {
$phrase = str_replace("\"{$quote}\"", '', $phrase);
$match[] = $pdo->quote($quote);
$words = explode(' ', $phrase);
foreach($words as &$word) {
$match[] = $pdo->quote($word);
$like = '';
foreach($match as &$phrase) {
$like .= ' AND ';
$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
$like = str_replace('%', '%%', $like);
$boards = listBoards();
foreach($boards as &$_b) {
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
$query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$temp = '';
while($post = $query->fetch()) {
if(!$post['thread']) {
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['embed'], '?/', $mod, false);
} else {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
$temp .= $po->build(true) . '<hr/>';
$_body .= '<fieldset><legend>' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on <a href="?/' .
sprintf($config['board_path'], $board['uri']) . $config['file_index'] .
'">' .
sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] .
'</a></legend>' . $temp . '</fieldset>';
$body .= '<hr/>';
$body .= $_body;
$body .= '<p style="text-align:center" class="unimportant">(No results.)</p>';
echo Element('page.html', Array(
} elseif(preg_match('/^\/users$/', $query)) {
if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']);
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Boards</th><th>Last action</th><th>…</th></tr>';
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
while($_mod = $query->fetch()) {
$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
$body .= '<tr>' .
'<td>' .
$_mod['id'] .
'</td>' .
'<td>' .
$_mod['username'] .
'</td>' .
'<td>' .
$type .
'</td>' .
'<td>' .
str_replace(',', ', ', $_mod['boards']) .
'</td>' .
'<td>' .
($_mod['last'] ?
'<span title="' . htmlentities($_mod['action']) . '">' . ago($_mod['last']) . '</span>'
: '<em>never</em>') .
'</td>' .
'<td style="white-space:nowrap">' .
($mod['type'] >= $config['mod']['promoteusers'] ?
($_mod['type'] != ADMIN ?
'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/promote" title="Promote">▲</a>'
:'') .
($_mod['type'] != JANITOR ?
'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/demote" title="Demote">▼</a>'
: ''
) .
($mod['type'] >= $config['mod']['editusers'] ||
($mod['type'] >= $config['mod']['change_password'] && $_mod['id'] == $mod['id'])?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
: '' ) .
($mod['type'] >= $config['mod']['create_pm'] ?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod['id'] . '">[PM]</a>'
: '' ) .
$body .= '</table>';
if($mod['type'] >= $config['mod']['createusers']) {
$body .= '<p style="text-align:center"><a href="?/users/new">Create new user</a></p>';
$body .= '</form>';
echo Element('page.html', Array(
'title'=>'Manage users',
} elseif(preg_match('/^\/users\/new$/', $query)) {
if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']);
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!isset($_POST['type'])) {
error(sprintf($config['error']['required'], 'type'));
if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
error(sprintf($config['error']['invalidfield'], 'type'));
// Check if already exists
$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
$query->bindValue(':username', $_POST['username']);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
error(sprintf($config['error']['modexists'], $_mod['id']));
$boards = Array();
foreach($_POST as $name => $null) {
if(preg_match('/^board_(.+)$/', $name, $m))
$boards[] = $m[1];
$boards = implode(',', $boards);
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':password', sha1($_POST['password']));
$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
$query->bindValue(':boards', $boards);
$query->execute() or error(db_error($query));
modLog('Create a new user: "' . $_POST['username'] . '"');
header('Location: ?/users', true, $config['redirect_http']);
} else {
$__boards = '<ul style="list-style:none;padding:2px 5px">';
$boards = array_merge(
Array(Array('uri' => '*', 'title' => 'All')
), listBoards());
foreach($boards as &$_board) {
$__boards .= '<li>' .
'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '">' .
'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
($_board['uri'] == '*' ?
sprintf($config['board_abbreviation'], $_board['uri'])
) .
' - ' . $_board['title'] .
'</label>' .
$body = '<fieldset><legend>New user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Type</th><td>' .
'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
'</td></tr>' .
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
'</table>' .
'<input style="margin-top:10px" type="submit" value="Create user" />' .
// End form
echo Element('page.html', Array(
'title'=>'New user',
} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
$modID = &$matches[1];
if(isset($matches[2])) {
if($matches[3] == 'delete') {
if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Deleted user #' . $modID);
} else {
// Promote/demote
if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']);
if($matches[3] == 'promote') {
$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
} else {
$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
header('Location: ?/users', true, $config['redirect_http']);
} else {
// Edit user
if(!hasPermission($config['mod']['editusers']) || !hasPermission($config['mod']['change_password'])) error($config['error']['noaccess']);
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$_mod = $query->fetch()) {
if($mod['type'] < $config['mod']['editusers'] && !($mod['type'] >= $config['mod']['change_password'] && $mod['id'] == $_mod['id'] && $change_password_only = true))
if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
if(!isset($change_password_only)) {
$boards = Array();
foreach($_POST as $name => $null) {
if(preg_match('/^board_(.+)$/', $name, $m))
$boards[] = $m[1];
$boards = implode(',', $boards);
$query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id");
$query->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
$query->bindValue(':boards', $boards, PDO::PARAM_STR);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Edited login details for user "' . $_mod['username'] . '"');
} else {
modLog('Changed own password');
if(!empty($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
$query->bindValue(':password', sha1($_POST['password']));
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
// Refresh
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$_mod = $query->fetch()) {
if($_mod['id'] == $mod['id']) {
// Changed own password. Update cookies
$__boards = '<ul style="list-style:none;padding:2px 5px">';
$boards = array_merge(
Array(Array('uri' => '*', 'title' => 'All')
), listBoards());
$_mod['boards'] = explode(',', $_mod['boards']);
foreach($boards as &$_board) {
$__boards .= '<li>' .
'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '">' .
(in_array($_board['uri'], $_mod['boards']) ?
' checked="checked"'
: '') .
'/> ' .
'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
($_board['uri'] == '*' ?
sprintf($config['board_abbreviation'], $_board['uri'])
) .
' - ' . $_board['title'] .
'</label>' .
$__boards .= '</ul>';
$body = '<fieldset><legend>Edit user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td>' .
(isset($change_password_only) ?
: '<input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" />') .
'</td></tr>' .
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
(isset($change_password_only) ? '' :
'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
) .
'</table>' .
'<input type="submit" value="Save changes" />' .
// End form
'</form> ' .
// Delete button
($mod['type'] >= $config['mod']['deleteusers'] ?
'<p style="text-align:center"><a href="?/users/' . $_mod['id'] . '/delete">Delete user</a></p>'
:'') .
echo Element('page.html', Array(
'title'=>'Edit user',
} elseif(preg_match('/^\/reports$/', $query)) {
if($mod['type'] < $config['mod']['reports']) error($config['error']['noaccess']);
$body = '';
$reports = 0;
$query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($report = $query->fetch()) {
$p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri']));
$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
$p_query->execute() or error(db_error($query));
if(!$post = $p_query->fetch()) {
// Invalid report (post has since been deleted)
$p_query = prepare("DELETE FROM `reports` WHERE `post` = :id");
$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
$p_query->execute() or error(db_error($query));
if(!$post['thread']) {
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['embed'], '?/', $mod, false);
} else {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
$append_html =
'<div class="report">' .
'<hr/>' .
'Board: <a href="?/' . $report['uri'] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $report['uri']) . '</a><br/>' .
'Reason: ' . $report['reason'] . '<br/>' .
'Reported by: <a href="?/IP/' . $report['ip'] . '">' . $report['ip'] . '</a><br/>' .
'<hr/>' .
($mod['type'] >= $config['mod']['report_dismiss'] ?
'<a title="Discard abuse report" href="?/reports/' . $report['id'] . '/dismiss">Dismiss</a> | ' : '') .
($mod['type'] >= $config['mod']['report_dismiss_ip'] ?
'<a title="Discard all abuse reports by this user" href="?/reports/' . $report['id'] . '/dismiss/all">Dismiss+</a>' : '') .
// Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21
$po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '<br/>'));
if(strlen($po->body) + strlen($append_html) > $config['body_truncate_char']) {
// still too long. temporarily increase limit in the config
$__old_body_truncate_char = $config['body_truncate_char'];
$config['body_truncate_char'] = strlen($po->body) + strlen($append_html);
$po->body .= $append_html;
$body .= $po->build(true) . '<hr/>';
$config['body_truncate_char'] = $__old_body_truncate_char;
$query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error());
$count = $query->fetch();
$body .= '<p class="unimportant" style="text-align:center">Showing ' .
($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.</p>';
echo Element('page.html', Array(
'title'=>'Report queue (' . $count['count'] . ')',
} elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) {
if(isset($matches[2]) && $matches[2] == '/all') {
if($mod['type'] < $config['mod']['report_dismiss_ip']) error($config['error']['noaccess']);
$query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id");
$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($report = $query->fetch()) {
$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
$query->bindValue(':ip', $report['ip'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Dismissed all reports by ' . $report['ip']);
} else {
if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']);
$query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id");
$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($report = $query->fetch()) {
modLog('Dismissed a report for post #' . $report['post'], $report['board']);
$query = prepare("DELETE FROM `reports` WHERE `post` = :post");
$query->bindValue(':post', $report['post'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
// Redirect
header('Location: ?/reports', true, $config['redirect_http']);
} elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) {
if($mod['type'] < $config['mod']['manageboards']) error($config['error']['noaccess']);
if(isset($matches[2]) && $matches[2] == '/delete') {
if($mod['type'] < $config['mod']['deleteboard']) error($config['error']['noaccess']);
// Delete board
modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri']));
// Delete entire board directory
rrmdir($board['uri'] . '/');
// Delete posting table
$query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error());
// Clear reports
$query = prepare("DELETE FROM `reports` WHERE `board` = :id");
$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
// Delete from table
$query = prepare("DELETE FROM `boards` WHERE `id` = :id");
$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
header('Location: ?/', true, $config['redirect_http']);
} else {
if(isset($_POST['title']) && isset($_POST['subtitle'])) {
$query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id");
$query->bindValue(':title', utf8tohtml($_POST['title'], true));
$query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true));
$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$body =
'<fieldset><legend><a href="?/' .
$board['uri'] . '/' . $config['file_index'] . '">' .
sprintf($config['board_abbreviation'], $board['uri']) . '</a>' .
' - ' . $board['name'] . '</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>URI</th><td>' . $board['uri'] . '</td>' .
'<tr><th>Title</th><td><input size="20" maxlength="20" type="text" name="title" value="' . $board['name'] . '" /></td></tr>' .
'<tr><th>Subtitle</th><td><input size="20" maxlength="40" type="text" name="subtitle" value="' .
(isset($board['title']) ? $board['title'] : '') . '" /></td></tr>' .
'</table>' .
'<input type="submit" value="Update" />' .
// End form
'</form> ' .
// Delete button
($mod['type'] >= $config['mod']['deleteboard'] ?
'<p style="text-align:center"><a href="?/board/' . $board['uri'] . '/delete">Delete board</a></p>'
:'') .
echo Element('page.html', Array(
'title'=>'Manage ' . sprintf($config['board_abbreviation'], $board['uri']),
} elseif(preg_match('/^\/bans$/', $query)) {
if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']);
if(isset($_POST['unban'])) {
if($mod['type'] < $config['mod']['unban']) error($config['error']['noaccess']);
foreach($_POST as $post => $value) {
if(preg_match('/^ban_(\w+)_(.+)$/', $post, $m)) {
$m[1] = str_replace('_', '.', $m[2]);
$query = prepare("DELETE FROM `bans` WHERE `ip` = :ip");
$query->bindValue(':ip', $m[2]);
$query->execute() or error(db_error($query));
if($config['memcached']['enabled']) {
// Remove cached ban
if($mod['type'] >= $config['mod']['view_banexpired']) {
$query = prepare("SELECT * FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` GROUP BY `ip` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
} else {
// Filter out expired bans
$query = prepare("SELECT * FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
$body = '<p style="text-align:center" class="unimportant">(There are no active bans.)</p>';
} else {
$body = '<form action="" method="post">';
$body .= '<table><tr><th>IP address</th><th>Reason</th><th>Board</th><th>Set</th><th>Expires</th><th>Staff</th></tr>';
while($ban = $query->fetch()) {
$body .=
'<tr' .
($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
' style="text-decoration:line-through"'
:'') .
'>' .
'<td style="white-space: nowrap">' .
// Checkbox
'<input type="checkbox" name="ban_' . $ban['board'] . '_' . $ban['ip'] . '" id="ban_' . $ban['ip'] . '" /> ' .
// IP address
(preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ?
'<a href="?/IP/' .
$ban['ip'] .
'">'. $ban['ip'] . '</a>'
: $ban['ip']) .
'</td>' .
// Reason
'<td>' . ($ban['reason'] ? $ban['reason'] : '<em>-</em>') . '</td>' .
'<td>' .
(isset($ban['uri']) ?
sprintf($config['board_abbreviation'], $ban['uri'])
'<em>all boards</em>'
) . '</td>' .
// Set
'<td style="white-space: nowrap">' . date($config['post_date'], $ban['set']) . '</td>' .
// Expires
'<td style="white-space: nowrap">' .
($ban['expires'] == 0 ?
date($config['post_date'], $ban['expires'])
) .
'</td>' .
// Staff
'<td>' .
($mod['type'] < $config['mod']['view_banstaff'] ?
($config['mod']['view_banquestionmark'] ?
($ban['type'] == JANITOR ? 'Janitor' :
($ban['type'] == MOD ? 'Mod' :
($ban['type'] == ADMIN ? 'Admin' :
) .
'</td>' .
$body .= '</table>' .
($mod['type'] >= $config['mod']['unban'] ?
'<p style="text-align:center"><input name="unban" type="submit" value="Unban selected" /></p>'
: '') .
echo Element('page.html', Array(
'title'=>'Ban list',
} elseif(preg_match('/^\/flush$/', $query)) {
if($mod['type'] < $config['mod']['rebuild']) error($config['error']['noaccess']);
if(!$config['memcached']['enabled']) error('Memcached is not enabled.');
if($memcached->flush()) {
$body = 'Successfully invalidated all items in the cache.';
modLog('Cleared cache');
} else {
$body = $memcached->getResultMessage();
echo Element('page.html', Array(
'body'=>'<p style="text-align:center">' . $body . '</p>',
} elseif(preg_match('/^\/rebuild$/', $query)) {
if($mod['type'] < $config['mod']['rebuild']) error($config['error']['noaccess']);
$body = '<div class="ban"><h2>Rebuilding…</h2><p>';
$body .= 'Regenerating theme files…<br/>';
$body .= 'Generating Javascript file…<br/>';
$boards = listBoards();
foreach($boards as &$board) {
$body .= "<strong style=\"display:inline-block;margin: 15px 0 2px 0;\">Opening board /{$board['uri']}/</strong><br/>";
$body .= 'Creating index pages<br/>';
$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
while($post = $query->fetch()) {
$body .= "Rebuilding #{$post['id']}<br/>";
$body .= 'Complete!</p></div>';
modLog('Rebuilt everything');
echo Element('page.html', Array(
} elseif(preg_match('/^\/config$/', $query)) {
if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']);
// Show instance-config.php
$data = '';
function do_array_part($array, $prefix = '') {
global $data, $config;
foreach($array as $name => $value) {
if(is_array($value)) {
do_array_part($value, $prefix . $name . ' → ');
} else {
if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') {
$value = '<em>hidden</em>';
} elseif(gettype($value) == 'boolean') {
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>';
} elseif(gettype($value) == 'string') {
$value = '<em>empty</em>';
$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . '</span>';
} elseif(gettype($value) == 'integer') {
$value = '<span style="color:black;">' . $value . '</span>';
$data .=
'<tr><th style="text-align:left;">' .
$prefix . (gettype($name) == 'integer' ? '[]' : $name) .
'</th><td>' .
$value .
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>';
echo Element('page.html', Array(
} elseif(preg_match('/^\/new$/', $query)) {
if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']);
// New board
$body = '';
if(isset($_POST['new_board'])) {
// Create new board
if( !isset($_POST['uri']) ||
!isset($_POST['title']) ||
) error($config['error']['missedafield']);
$b = Array(
'uri' => $_POST['uri'],
'title' => $_POST['title'],
'subtitle' => $_POST['subtitle']
// HTML characters
$b['title'] = utf8tohtml($b['title'], true);
$b['subtitle'] = utf8tohtml($b['subtitle'], true);
// Check required fields
error(sprintf($config['error']['required'], 'URI'));
error(sprintf($config['error']['required'], 'title'));
// Check string lengths
if(strlen($b['uri']) > 8)
error(sprintf($config['error']['toolong'], 'URI'));
if(strlen($b['title']) > 20)
error(sprintf($config['error']['toolong'], 'title'));
if(strlen($b['subtitle']) > 40)
error(sprintf($config['error']['toolong'], 'subtitle'));
if(!preg_match('/^\w+$/', $b['uri']))
error(sprintf($config['error']['invalidfield'], 'URI'));
if(openBoard($b['uri'])) {
error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
$query->bindValue(':uri', $b['uri']);
$query->bindValue(':title', $b['title']);
if(!empty($b['subtitle'])) {
$query->bindValue(':subtitle', $b['subtitle']);
} else {
$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
$query->execute() or error(db_error($query));
// Record the action
modLog("Created a new board: {$b['title']}");
// Open the board
openBoard($b['uri']) or error("Couldn't open board after creation.");
// Create the posts table
query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
// Build the board
header('Location: ?/board/' . $board['uri'], true, $config['redirect_http']);
} else {
$body .= form_newBoard();
// TODO: Statistics, etc, in the dashboard.
echo Element('page.html', Array(
'title'=>'New board',
} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
// Board index
$boardName = &$matches[1];
// Open board
$page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2];
if(!$page = index($page_no, $mod)) {
$page['pages'] = getPages(true);
$page['pages'][$page_no-1]['selected'] = true;
$page['btn'] = getPageButtons($page['pages'], true);
$page['hidden_inputs'] = createHiddenInputs();
$page['mod'] = true;
echo Element('index.html', $page);
} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
// View thread
$boardName = &$matches[1];
$thread = &$matches[2];
// Open board
$page = buildThread($thread, true, $mod);
echo $page;
} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']);
// Delete file from post
$boardName = &$matches[1];
$post = &$matches[2];
// Open board
// Delete post
// Record the action
modLog("Removed file from post #{$post}");
// Rebuild board
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
// Delete post
$boardName = &$matches[1];
$post = &$matches[2];
// Open board
// Delete post
// Record the action
modLog("Deleted post #{$post}");
// Rebuild board
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']);
// Add/remove sticky
$boardName = &$matches[1];
$post = &$matches[3];
// Open board
$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unstickied post #{$post}");
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Stickied post #{$post}");
$query->bindValue(':sticky', 1, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
// Lock/Unlock
$boardName = &$matches[1];
if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']);
$post = &$matches[3];
// Open board
$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unlocked post #{$post}");
$query->bindValue(':locked', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Locked post #{$post}");
$query->bindValue(':locked', 1, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) {
// Delete all posts by an IP
$boardName = &$matches[1];
$post = &$matches[2];
// Open board
$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if(!$post = $query->fetch())
$ip = $post['ip'];
// Record the action
modLog("Deleted all posts by IP address: {$ip}");
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri']));
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1)
while($post = $query->fetch()) {
deletePost($post['id'], false);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/ban$/', $query)) {
if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']);
// Ban page
if(isset($_POST['new_ban'])) {
if( !isset($_POST['ip']) ||
!isset($_POST['reason']) ||
!isset($_POST['length']) ||
) error($config['error']['missedafield']);
// Check required fields
error(sprintf($config['error']['required'], 'IP address'));
$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason, :board)");
// 1yr2hrs30mins
// 1y2h30m
$expire = 0;
if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
if(isset($m[2])) {
// Years
$expire += $m[2]*60*60*24*365;
if(isset($m[4])) {
// Months
$expire += $m[4]*60*60*24*30;
if(isset($m[6])) {
// Weeks
$expire += $m[6]*60*60*24*7;
if(isset($m[8])) {
// Days
$expire += $m[8]*60*60*24;
if(isset($m[10])) {
// Hours
$expire += $m[10]*60*60;
if(isset($m[12])) {
// Minutes
$expire += $m[12]*60;
if(isset($m[14])) {
// Seconds
$expire += $m[14];
if($expire) {
$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
} else {
// Never expire
$query->bindValue(':expires', null, PDO::PARAM_NULL);
$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':set', time(), PDO::PARAM_INT);
if(!empty($_POST['reason'])) {
$reason = $_POST['reason'];
$query->bindValue(':reason', $reason, PDO::PARAM_STR);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
if($_POST['board_id'] < 0) {
$query->bindValue(':board', null, PDO::PARAM_NULL);
} else {
$query->bindValue(':board', (int)$_POST['board_id'], PDO::PARAM_INT);
// Record the action
modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason'));
$query->execute() or error(db_error($query));
// Delete too
if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) {
$post = round($_POST['delete']);
// Record the action
modLog("Deleted post #{$post}");
// Rebuild board
if($mod['type'] >= $config['mod']['public_ban'] && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) {
$post = round($_POST['post']);
$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->bindValue(':body', sprintf($config['mod']['ban_message'], htmlentities($_POST['message'])));
$query->execute() or error(db_error($query));
// Rebuild thread
$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$thread = $query->fetch();
// Rebuild board
// Record the action
modLog("Attached a public ban message for post #{$post}: " . $_POST['message']);
// Redirect
header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
header('Location: ?/', true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
// Ban by post
$boardName = &$matches[1];
if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']);
$delete = isset($matches[2]) && $matches[2] == '&delete';
if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
$post = $matches[3];
// Open board
$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
$post = $query->fetch();
$body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete);
echo Element('page.html', Array(
'title'=>'New ban',
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P<id>\d+)$/', $query, $matches)) {
if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']);
$ip = $matches[1];
$id = $matches['id'];
$query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id");
$query->bindValue(':ip', $ip);
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) {
// View information on an IP address
$ip = $matches[1];
$host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false;
if($mod['type'] >= $config['mod']['unban'] && isset($_POST['unban'])) {
$query = prepare("DELETE FROM `bans` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($config['memcached']['enabled']) {
// Remove cached ban(s)
$boards = listBoards();
foreach($boards as &$_board) {
} elseif($mod['type'] >= $config['mod']['create_notes'] && isset($_POST['note'])) {
$query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)");
$query->bindValue(':ip', $ip);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':body', $_POST['note']);
$query->execute() or error(db_error($query));
$body = '';
$boards = listBoards();
foreach($boards as &$_board) {
$temp = '';
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
$query->bindValue(':ip', $ip);
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($post = $query->fetch()) {
if(!$post['thread']) {
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['embed'], '?/', $mod, false);
} else {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
$temp .= $po->build(true) . '<hr/>';
$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' .
sprintf($config['board_path'], $_board['uri']) . $config['file_index'] .
'">' .
sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
'</a></legend>' . $temp . '</fieldset>';
if($mod['type'] >= $config['mod']['view_notes']) {
$query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($query->rowCount() > 0 || $mod['type'] >= $config['mod']['create_notes'] ) {
$body .= '<fieldset><legend>' .
$query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' .
if($query->rowCount() > 0) {
$body .= '<table class="modlog">' .
'<tr><th>Staff</th><th>Note</th><th>Date</th>' .
($mod['type'] >= $config['mod']['remove_notes'] ? '<th>Actions</th>' : '') .
while($note = $query->fetch()) {
if($note['mod']) {
$_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$_query->bindValue(':id', $note['mod']);
$_query->execute() or error(db_error($_query));
if($_mod = $_query->fetch()) {
if($mod['type'] >= $config['mod']['editusers'])
$staff = '<a href="?/users/' . $note['mod'] . '">' . htmlentities($_mod['username']) . '</a>';
$staff = $_mod['username'];
} else {
$staff = '<em>??</em>';
} else {
$staff = '<em>system</em>';
$body .= '<tr>' .
'<td class="minimal">' .
$staff .
'</td><td>' .
$note['body'] .
'</td><td class="minimal">' .
date($config['post_date'], $note['time']) .
'</td>' .
($mod['type'] >= $config['mod']['remove_notes'] ?
'<td class="minimal"><a class="unimportant" href="?/IP/' . $ip . '/deletenote/' . $note['id'] . '">[delete]</a></td>'
: '') .
$body .= '</table>';
if($mod['type'] >= $config['mod']['create_notes']) {
$body .= '<form action="" method="post" style="text-align:center;margin:0">' .
'<table>' .
'<tr>' .
'<th>Staff</th>' .
'<td>' . $mod['username'] . '</td>' .
'</tr>' .
'<tr>' .
'<th><label for="note">Note</label></th>' .
'<td><textarea id="note" name="note" rows="5" cols="30"></textarea></td>' .
'</tr>' .
'<tr>' .
'<td></td>' .
'<td><input type="submit" value="New note" /></td>' .
'</tr>' .
'</table>' .
$body .= '</fieldset>';
if($mod['type'] >= $config['mod']['view_ban']) {
$query = prepare("SELECT * FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($query->rowCount() > 0) {
$body .= '<fieldset><legend>Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record</legend><form action="" method="post" style="text-align:center">';
while($ban = $query->fetch()) {
$body .= '<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' .
($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
: 'Active') .
'</td></tr>' .
// IP
'<tr><th>IP</th><td>' . $ban['ip'] . '</td></tr>' .
// Reason
'<tr><th>Reason</th><td>' . $ban['reason'] . '</td></tr>' .
// Board
'<tr><th>Board</th><td>' .
(isset($ban['uri']) ?
sprintf($config['board_abbreviation'], $ban['uri'])
'<em>all boards</em>'
) . '</td></tr>' .
// Set
'<tr><th>Set</th><td>' . date($config['post_date'], $ban['set']) . '</td></tr>' .
// Expires
'<tr><th>Expires</th><td>' .
($ban['expires'] == 0 ?
date($config['post_date'], $ban['expires'])
) .
'</td></tr>' .
// Staff
'<tr><th>Staff</th><td>' .
($mod['type'] < $config['mod']['view_banstaff'] ?
($config['mod']['view_banquestionmark'] ?
($ban['type'] == JANITOR ? 'Janitor' :
($ban['type'] == MOD ? 'Mod' :
($ban['type'] == ADMIN ? 'Admin' :
) .
'</td></tr>' .
$body .= '<input type="submit" name="unban" value="Remove ban' . ($query->rowCount() == 1 ? '' : 's') . '" ' .
($mod['type'] < $config['mod']['unban'] ? 'disabled' : '') .
if($mod['type'] >= $config['mod']['ip_banform'])
$body .= form_newBan($ip, null, '?/IP/' . $ip);
echo Element('page.html', Array(
'title'=>'IP: ' . $ip,
'subtitle' => $host,
} else {
// Close the connection in-case it's still open
foreach(array_keys(get_defined_vars()) as $name) if($name[0] != '_') unset(${$name});