From 088353c25c97fbce2e52812b18eeaf2bcc08adb2 Mon Sep 17 00:00:00 2001 From: Trevor Slocum Date: Wed, 23 Jun 2021 19:08:22 -0700 Subject: [PATCH] Add TINYIB_BANMESSAGE Allow staff to append a custom message to posts when banning users. --- css/global.css | 5 +++++ imgboard.php | 25 +++++++++++++++++++++---- inc/database/database.php | 6 ++++++ inc/database/flatfile.php | 10 ++++++++++ inc/database/mysql.php | 4 ++++ inc/database/mysqli.php | 5 +++++ inc/database/pdo.php | 6 +++++- inc/database/sqlite.php | 16 ++++++++++------ inc/database/sqlite3.php | 17 +++++++++++------ inc/defines.php | 3 +++ inc/html.php | 13 +++++++++++-- settings.default.php | 7 ++++--- 12 files changed, 95 insertions(+), 22 deletions(-) diff --git a/css/global.css b/css/global.css index 9f5ab2b..6bd9c03 100644 --- a/css/global.css +++ b/css/global.css @@ -116,6 +116,11 @@ hr { margin: 0.2em; } +.banmessage { + color: red; + font-weight: bold; +} + .footer { clear: both; text-align: center; diff --git a/imgboard.php b/imgboard.php index 3092bd7..c1dbb9d 100644 --- a/imgboard.php +++ b/imgboard.php @@ -842,7 +842,7 @@ EOF; foreach ($ips as $ip) { $banexists = banByIP($ip); if ($banexists) { - fancyDie(__('Sorry, there is already a ban on record for that IP address.')); + continue; } if (TINYIB_REPORT) { @@ -866,6 +866,25 @@ EOF; insertBan($ban); manageLogAction($action); } + if (TINYIB_BANMESSAGE && isset($_POST['message']) && $_POST['message'] != '' && isset($_GET['posts']) && $_GET['posts'] != '') { + $post_ids = explode(',', $_GET['posts']); + foreach ($post_ids as $post_id) { + $post = postByID($post_id); + if (!$post) { + continue; // The post has been deleted + } + updatePostMessage($post['id'], $post['message'] . '
' . "\n" . '(' . htmlentities($_POST['message']) . ')
'); + manageLogAction('Added ban message to ' . postLink('>>' . $post['id'])); + } + clearPostCache(); + foreach ($post_ids as $post_id) { + $post = postByID($post_id); + if (!$post) { + continue; // The post has been deleted + } + threadUpdated(getParent($post)); + } + } if (count($ips) == 1) { $text .= manageInfo(__('Banned 1 IP address')); } else { @@ -1024,10 +1043,8 @@ EOF; foreach ($post_ids as $post_id) { $post = postByID($post_id); if (!$post) { - fancyDie(__("Sorry, there doesn't appear to be a post with that ID.")); - + continue; // The post has already been deleted } - $posts[$post_id] = $post; } foreach ($post_ids as $post_id) { diff --git a/inc/database/database.php b/inc/database/database.php index fbee0fe..9ba4cba 100644 --- a/inc/database/database.php +++ b/inc/database/database.php @@ -39,3 +39,9 @@ function postsInThreadByID($id, $moderated_only = true) { } return $cache[$id]; } + +function clearPostCache() { + global $cache_all, $cache_moderated; + $cache_all = array(); + $cache_moderated = array(); +} diff --git a/inc/database/flatfile.php b/inc/database/flatfile.php index b50c364..3dc182b 100644 --- a/inc/database/flatfile.php +++ b/inc/database/flatfile.php @@ -259,6 +259,16 @@ function insertPost($newpost) { return $GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post); } +function updatePostMessage($id, $message) { + $rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON), 1); + if (count($rows) > 0) { + foreach ($rows as $post) { + $post[POST_MESSAGE] = $message; + $GLOBALS['db']->updateRowById(POSTS_FILE, POST_ID, $post); + } + } +} + function approvePostByID($id, $moderated) { $rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON), 1); if (count($rows) > 0) { diff --git a/inc/database/mysql.php b/inc/database/mysql.php index 8984b35..0a3d59d 100644 --- a/inc/database/mysql.php +++ b/inc/database/mysql.php @@ -173,6 +173,10 @@ function insertPost($post) { return mysql_insert_id(); } +function updatePostMessage($id, $message) { + mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `message` = '" . mysql_real_escape_string($message) . "' WHERE `id` = " . $id . " LIMIT 1"); +} + function approvePostByID($id, $moderated) { mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = $moderated WHERE `id` = " . $id . " LIMIT 1"); } diff --git a/inc/database/mysqli.php b/inc/database/mysqli.php index d12d726..1d9286d 100644 --- a/inc/database/mysqli.php +++ b/inc/database/mysqli.php @@ -199,6 +199,11 @@ function insertPost($post) { return mysqli_insert_id($link); } +function updatePostMessage($id, $message) { + global $link; + mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `message` = '" . mysqli_real_escape_string($link, $message) . "' WHERE `id` = " . $id . " LIMIT 1"); +} + function approvePostByID($id, $moderated) { global $link; mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = " . $moderated . " WHERE `id` = " . $id . " LIMIT 1"); diff --git a/inc/database/pdo.php b/inc/database/pdo.php index b77bc32..90021c9 100644 --- a/inc/database/pdo.php +++ b/inc/database/pdo.php @@ -159,8 +159,12 @@ function insertPost($post) { return $dbh->lastInsertId(); } +function updatePostMessage($id, $message) { + pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET message = ? WHERE id = ?", array($message, $id)); +} + function approvePostByID($id, $moderated) { - pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET moderated = ? WHERE id = ?", array($id, $moderated)); + pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET moderated = ? WHERE id = ?", array($moderated, $id)); } function bumpThreadByID($id) { diff --git a/inc/database/sqlite.php b/inc/database/sqlite.php index 862c8c0..eace0ef 100644 --- a/inc/database/sqlite.php +++ b/inc/database/sqlite.php @@ -33,11 +33,11 @@ function insertAccount($account) { } function updateAccount($account) { - sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . sqlite_escape_string($account['username']) . "', password = '" . sqlite_escape_string(hashData($account['password'])) . "', role = '" . sqlite_escape_string($account['role']) . "', lastactive = '" . sqlite_escape_string($account['lastactive']) . "' WHERE id = " . sqlite_escape_string($account['id'])); + sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . sqlite_escape_string($account['username']) . "', password = '" . sqlite_escape_string(hashData($account['password'])) . "', role = '" . sqlite_escape_string($account['role']) . "', lastactive = '" . sqlite_escape_string($account['lastactive']) . "' WHERE id = '" . sqlite_escape_string($account['id']) . "'"); } function deleteAccountByID($id) { - sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = " . sqlite_escape_string($id)); + sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = '" . sqlite_escape_string($id) . "'"); } // Ban functions @@ -77,7 +77,7 @@ function clearExpiredBans() { } function deleteBanByID($id) { - sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . sqlite_escape_string($id)); + sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = '" . sqlite_escape_string($id) . "'"); } // Keyword functions @@ -113,7 +113,7 @@ function insertKeyword($keyword) { } function deleteKeyword($id) { - sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = " . sqlite_escape_string($id)); + sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = '" . sqlite_escape_string($id) . "'"); } // Log functions @@ -151,6 +151,10 @@ function insertPost($post) { return sqlite_last_insert_rowid($GLOBALS["db"]); } +function updatePostMessage($id, $message) { + sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBPOSTS . " SET message = '" . sqlite_escape_string($message) . "' WHERE id = " . $id); +} + function approvePostByID($id, $moderated) { sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBPOSTS . " SET moderated = " . $moderated . " WHERE id = " . $id); } @@ -223,7 +227,7 @@ function latestPosts($moderated = true) { } function deletePostByID($id) { - sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . sqlite_escape_string($id)); + sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = '" . sqlite_escape_string($id) . "'"); } function trimThreads() { @@ -273,7 +277,7 @@ function insertReport($report) { } function deleteReportsByPost($post) { - sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . sqlite_escape_string($post)); + sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "'"); } function deleteReportsByIP($ip) { diff --git a/inc/database/sqlite3.php b/inc/database/sqlite3.php index a407c8b..44827d5 100644 --- a/inc/database/sqlite3.php +++ b/inc/database/sqlite3.php @@ -38,13 +38,13 @@ function insertAccount($account) { function updateAccount($account) { global $db; - $db->exec("UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . $db->escapeString($account['username']) . "', password = '" . $db->escapeString(hashData($account['password'])) . "', role = '" . $db->escapeString($account['role']) . "', lastactive = '" . $db->escapeString($account['lastactive']) . "' WHERE id = " . $db->escapeString($account['id'])); + $db->exec("UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . $db->escapeString($account['username']) . "', password = '" . $db->escapeString(hashData($account['password'])) . "', role = '" . $db->escapeString($account['role']) . "', lastactive = '" . $db->escapeString($account['lastactive']) . "' WHERE id = '" . $db->escapeString($account['id']) . "'"); return $db->lastInsertRowID(); } function deleteAccountByID($id) { global $db; - $db->exec("DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = " . $db->escapeString($id)); + $db->exec("DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = '" . $db->escapeString($id) . "'"); } // Ban functions @@ -90,7 +90,7 @@ function clearExpiredBans() { function deleteBanByID($id) { global $db; - $db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . $db->escapeString($id)); + $db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = '" . $db->escapeString($id) . "'"); } // Keyword functions @@ -131,7 +131,7 @@ function insertKeyword($keyword) { function deleteKeyword($id) { global $db; - $db->exec("DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = " . $db->escapeString($id)); + $db->exec("DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = '" . $db->escapeString($id) . "'"); } // Log functions @@ -175,6 +175,11 @@ function insertPost($post) { return $db->lastInsertRowID(); } +function updatePostMessage($id, $message) { + global $db; + $db->exec("UPDATE " . TINYIB_DBPOSTS . " SET message = '" . $db->escapeString($message) . "' WHERE id = " . $id); +} + function approvePostByID($id, $moderated) { global $db; $db->exec("UPDATE " . TINYIB_DBPOSTS . " SET moderated = " . $moderated . " WHERE id = " . $id); @@ -258,7 +263,7 @@ function latestPosts($moderated = true) { function deletePostByID($id) { global $db; - $db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $db->escapeString($id)); + $db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = '" . $db->escapeString($id) . "'"); } function trimThreads() { @@ -315,7 +320,7 @@ function insertReport($report) { function deleteReportsByPost($post) { global $db; - $db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . $db->escapeString($post)); + $db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "'"); } function deleteReportsByIP($ip) { diff --git a/inc/defines.php b/inc/defines.php index 6aaac90..60cee0b 100644 --- a/inc/defines.php +++ b/inc/defines.php @@ -79,6 +79,9 @@ if (!defined('TINYIB_AUTOHIDE')) { if (!defined('TINYIB_REQMOD')) { define('TINYIB_REQMOD', ''); } +if (!defined('TINYIB_BANMESSAGE')) { + define('TINYIB_BANMESSAGE', true); +} if (!defined('TINYIB_SPOILERTEXT')) { define('TINYIB_SPOILERTEXT', false); } diff --git a/inc/html.php b/inc/html.php index 944343e..dcf8332 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1206,7 +1206,7 @@ function manageBanForm() { $txt_ban_expire = __('Expire(sec)'); $txt_ban_reason = __('Reason'); $txt_ban_never = __('never'); - $txt_ban_optional = __('optional'); + $txt_ban_optional = __('Optional.'); $txt_submit = __('Submit'); $txt_1h = __('1 hour'); $txt_1d = __('1 day'); @@ -1214,14 +1214,21 @@ function manageBanForm() { $txt_1w = __('1 week'); $txt_2w = __('2 weeks'); $txt_1m = __('1 month'); + $banmessage_html = ''; + $post_ids = ''; + if (TINYIB_BANMESSAGE && isset($_GET['posts']) && $_GET['posts'] != '') { + $post_ids = htmlentities($_GET['posts'], ENT_QUOTES); + $banmessage_html = '' . __("Append a message to the post. Optional.") . ''; + } return << +
$txt_ban + $banmessage_html
$txt_1h $txt_1d $txt_2d $txt_1w $txt_2w $txt_1m $txt_ban_never
$txt_ban_optional

$txt_ban_help @@ -1317,6 +1324,7 @@ function manageModerateAll($post_ids, $threads, $replies, $ips) { + @@ -1451,6 +1459,7 @@ EOF;
+
diff --git a/settings.default.php b/settings.default.php index b1d7304..f07b1ef 100644 --- a/settings.default.php +++ b/settings.default.php @@ -16,7 +16,9 @@ click Rebuild All in the management panel. */ // Internationalization -define('TINYIB_LOCALE', ''); // Locale (see README for instructions) +define('TINYIB_LOCALE', ''); // See README for instructions ['' to run in English] +define('TINYIB_TIMEZONE', 'UTC'); // See https://secure.php.net/manual/en/timezones.php - e.g. America/Los_Angeles +define('TINYIB_DATEFMT', '%g/%m/%d(%a)%H:%M:%S'); // Date and time format (see php.net/strftime) // Board description and behavior // Warning: Enabling reCAPTCHA will cause all visitors to be tracked by Google. See https://nearcyan.com/you-probably-dont-need-recaptcha/ @@ -30,6 +32,7 @@ define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to define('TINYIB_REPORT', false); // Allow users to report posts define('TINYIB_AUTOHIDE', 0); // Amount of reports which will cause a post to be hidden until it is approved [0 to disable] define('TINYIB_REQMOD', ''); // Require moderation before displaying posts: files / all ['' to disable] +define('TINYIB_BANMESSAGE', true); // Allow staff to append a custom message to posts when banning users define('TINYIB_SPOILERTEXT', false); // Allow users to hide text until it is hovered over using the tags text here or text here define('TINYIB_SPOILERIMAGE', false); // Allow users to blur thumbnails via a "Spoiler" checkbox define('TINYIB_AUTOREFRESH', 30); // Delay (in seconds) between attempts to refresh a thread automatically [0 to disable] @@ -45,12 +48,10 @@ define('TINYIB_PREVIEWREPLIES', 3); // Amount of replies previewed on index pa define('TINYIB_TRUNCATE', 15); // Messages are truncated to this many lines on board index pages [0 to disable] define('TINYIB_WORDBREAK', 80); // Words longer than this many characters will be broken apart [0 to disable] define('TINYIB_EXPANDWIDTH', 85); // Expanded content size as a percentage of the screen's width -define('TINYIB_TIMEZONE', 'UTC'); // See https://secure.php.net/manual/en/timezones.php - e.g. America/Los_Angeles define('TINYIB_BACKLINKS', true); // Display reflinks to replies that reference a post define('TINYIB_CATALOG', true); // Generate catalog page define('TINYIB_JSON', true); // Generate JSON files define('TINYIB_DEFAULTSTYLE', 'futaba'); // Default page style -define('TINYIB_DATEFMT', '%g/%m/%d(%a)%H:%M:%S'); // Date and time format (see php.net/strftime) $tinyib_hidefieldsop = array(); // Fields to hide when creating a new thread - e.g. array('name', 'email', 'subject', 'message', 'file', 'embed', 'password') $tinyib_hidefields = array(); // Fields to hide when replying $tinyib_anonymous = array('Anonymous'); // Default name (or names)