Add account system

When TINYIB_ADMINPASS is set, a super-administrator account with the
username 'admin' is created using the provided password.

WHEN TINYIB_MODPASS is set, a moderator account with the username 'mod'
is created using the provided password.

.gitignore

@@ -1,8 +1,12 @@
 settings.php
 *.html
 *.db
-.posts
-.posts.lock
+.accounts*
+.bans*
+.keywords*
+.logs*
+.posts*
+.reports*
 .project
 .settings/
 .idea/

.htaccess

@@ -33,5 +33,11 @@ AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css a
 </Ifmodule>
 
 <IfModule mod_alias.c>
+RedirectMatch 404 (.*)\.accounts$
+RedirectMatch 404 (.*)\.bans$
+RedirectMatch 404 (.*)\.keywords$
+RedirectMatch 404 (.*)\.logs$
 RedirectMatch 404 (.*)\.posts$
+RedirectMatch 404 (.*)\.reports$
+RedirectMatch 404 (.*)\.tinyib.db$
 </Ifmodule>

README.md

@@ -14,7 +14,7 @@ See [DEMOS.md](https://code.rocketnine.space/tslocum/tinyib/src/branch/master/DE
 
  - GIF, JPG, PNG, SWF, MP4 and WebM upload.
  - YouTube, Vimeo and SoundCloud embedding.
- - CAPTCHA
+ - CAPTCHA:
    - A simple, self-hosted implementation is included.
    - [hCaptcha](https://hcaptcha.com) is supported.
    - [ReCAPTCHA](https://www.google.com/recaptcha/about/) is supported. (But [not recommended](https://nearcyan.com/you-probably-dont-need-recaptcha/))
@@ -24,8 +24,10 @@ See [DEMOS.md](https://code.rocketnine.space/tslocum/tinyib/src/branch/master/DE
  - Report posts.
  - Block keywords.
  - Management panel:
-   - Administrators and moderators use separate passwords.
-     - Moderators are only able to sticky threads, lock threads, delete posts, and approve posts when necessary.  (See ``TINYIB_REQMOD``)
+   - Account system:
+     - Super administrators (all privileges)
+     - Administrators (all privileges except account management)
+     - Moderators (only able to sticky threads, lock threads, approve posts and delete posts)
    - Ban offensive/abusive posters across all boards.
    - Post using raw HTML.
    - Upgrade automatically when installed via git.  (Tested on Linux only)
@@ -62,8 +64,7 @@ support in mind.
       - This library is usually installed by default.
       - If you plan on disabling image uploads to use TinyIB as a text board only, this library is not required.
      - [cURL Library](https://www.php.net/manual/en/book.curl.php)
-       - This is recommended, but is not strictly required except:
-         - When `TINYIB_CAPTCHA` is set to `hcaptcha` or `recaptcha`.
+       - This is recommended, but is not strictly required except when `TINYIB_CAPTCHA` is set to `hcaptcha` or `recaptcha`.
  2. CD to the directory you wish to install TinyIB.
  3. Run the command:
     - `git clone https://code.rocketnine.space/tslocum/tinyib.git ./`
@@ -149,8 +150,8 @@ Translation is handled [online](https://hosted.weblate.org/projects/tinyib/tinyi
 
 ## Contribute
 
-**Note:** Please do not submit translations as patches.  See above.
+**Note:** Please do not submit translations via pull requests.  See above.
 
- 1. Fork TinyIB using [git](https://git-scm.com/downloads).
+ 1. [Fork TinyIB.](https://code.rocketnine.space/repo/fork/6)
  2. Commit code changes to your forked repository.
- 3. Send your patches to trevor@rocketnine.space via [git send-email](https://git-send-email.io/).
+ 3. [Submit a pull request.](https://code.rocketnine.space/tslocum/tinyib/pulls)

imgboard.php

@@ -34,10 +34,8 @@ ini_set("display_errors", 1);
 session_start();
 setcookie(session_name(), session_id(), time() + 2592000);
 ob_implicit_flush();
-if (function_exists('ob_get_level')) {
-	while (ob_get_level() > 0) {
-		ob_end_flush();
-	}
+while (ob_get_level() > 0) {
+	ob_end_flush();
 }
 
 function fancyDie($message) {
@@ -53,6 +51,7 @@ if (!file_exists('settings.php')) {
 }
 require 'settings.php';
 require 'inc/defines.php';
+global $tinyib_capcodes, $tinyib_embeds, $tinyib_hidefields, $tinyib_hidefieldsop;
 
 if (!defined('TINYIB_LOCALE') || TINYIB_LOCALE == '') {
 	function __($string) {
@@ -67,12 +66,65 @@ if (!defined('TINYIB_LOCALE') || TINYIB_LOCALE == '') {
 	$translator->register();
 }
 
+if (TINYIB_TRIPSEED == '' || TINYIB_ADMINPASS == '') {
+	fancyDie(__('TINYIB_TRIPSEED and TINYIB_ADMINPASS must be configured.'));
+}
+
+if ((TINYIB_CAPTCHA === 'hcaptcha' || TINYIB_MANAGECAPTCHA === 'hcaptcha') && (TINYIB_HCAPTCHA_SITE == '' || TINYIB_HCAPTCHA_SECRET == '')) {
+	fancyDie(__('TINYIB_HCAPTCHA_SITE and TINYIB_HCAPTCHA_SECRET  must be configured.'));
+}
+
+if ((TINYIB_CAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) {
+	fancyDie(__('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET  must be configured.'));
+}
+
+if (TINYIB_TIMEZONE != '') {
+	date_default_timezone_set(TINYIB_TIMEZONE);
+}
+
+$bcrypt_salt = '$2y$12$' . str_pad(str_replace('=', '/', str_replace('+', '.', substr(base64_encode(TINYIB_TRIPSEED), 0, 22))), 22, '/');
+
 $database_modes = array('flatfile', 'mysql', 'mysqli', 'sqlite', 'sqlite3', 'pdo');
 if (!in_array(TINYIB_DBMODE, $database_modes)) {
 	fancyDie(__('Unknown database mode specified.'));
 }
 
 if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
+	$accounts_sql = 'CREATE TABLE "' . TINYIB_DBACCOUNTS . '" (
+		"id" bigserial NOT NULL,
+		"username" varchar(255) NOT NULL,
+		"password" text NOT NULL,
+		"role" integer NOT NULL,
+		"lastactive" integer NOT NULL,
+		PRIMARY KEY	("id")
+	);';
+
+	$bans_sql = 'CREATE TABLE "' . TINYIB_DBBANS . '" (
+		"id" bigserial NOT NULL,
+		"ip" varchar(255) NOT NULL,
+		"timestamp" integer NOT NULL,
+		"expire" integer NOT NULL,
+		"reason" text NOT NULL,
+		PRIMARY KEY	("id")
+	);
+	CREATE INDEX ON "' . TINYIB_DBBANS . '"("ip");';
+
+	$keywords_sql = 'CREATE TABLE "' . TINYIB_DBKEYWORDS . '" (
+		"id" bigserial NOT NULL,
+		"text" varchar(255) NOT NULL,
+		"action" varchar(255) NOT NULL,
+		PRIMARY KEY	("id")
+	);';
+
+	$logs_sql = 'CREATE TABLE "' . TINYIB_DBLOGS . '" (
+		"id" bigserial NOT NULL,
+		"timestamp" integer NOT NULL,
+		"account" integer NOT NULL,
+		"message" text NOT NULL,
+		PRIMARY KEY	("id")
+	);
+	CREATE INDEX ON "' . TINYIB_DBLOGS . '"("account");';
+
 	$posts_sql = 'CREATE TABLE "' . TINYIB_DBPOSTS . '" (
 		"id" bigserial NOT NULL,
 		"parent" integer NOT NULL,
@@ -106,30 +158,48 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
 	CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("stickied");
 	CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("moderated");';
 
-	$bans_sql = 'CREATE TABLE "' . TINYIB_DBBANS . '" (
-		"id" bigserial NOT NULL,
-		"ip" varchar(255) NOT NULL,
-		"timestamp" integer NOT NULL,
-		"expire" integer NOT NULL,
-		"reason" text NOT NULL,
-		PRIMARY KEY	("id")
-	);
-	CREATE INDEX ON "' . TINYIB_DBBANS . '"("ip");';
-
 	$reports_sql = 'CREATE TABLE "' . TINYIB_DBREPORTS . '" (
 		"id" bigserial NOT NULL,
 		"ip" varchar(255) NOT NULL,
 		"post" integer NOT NULL,
 		PRIMARY KEY	("id")
 	);';
-
-	$keywords_sql = 'CREATE TABLE "' . TINYIB_DBKEYWORDS . '" (
-		"id" bigserial NOT NULL,
-		"text" varchar(255) NOT NULL,
-		"action" varchar(255) NOT NULL,
-		PRIMARY KEY	("id")
-	);';
 } else {
+	$accounts_sql = "CREATE TABLE `" . TINYIB_DBACCOUNTS . "` (
+		`id` mediumint(7) unsigned NOT NULL auto_increment,
+		`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+		`password` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+		`role` mediumint(7) unsigned NOT NULL,
+		`lastactive` int(20) unsigned NOT NULL,
+		PRIMARY KEY	(`id`)
+	)";
+
+	$bans_sql = "CREATE TABLE `" . TINYIB_DBBANS . "` (
+		`id` mediumint(7) unsigned NOT NULL auto_increment,
+		`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+		`timestamp` int(20) NOT NULL,
+		`expire` int(20) NOT NULL,
+		`reason` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+		PRIMARY KEY	(`id`),
+		KEY `ip` (`ip`)
+	)";
+
+	$keywords_sql = "CREATE TABLE `" . TINYIB_DBKEYWORDS . "` (
+		`id` mediumint(7) unsigned NOT NULL auto_increment,
+		`text` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+		`action` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+		PRIMARY KEY	(`id`)
+	)";
+
+	$logs_sql = "CREATE TABLE `" . TINYIB_DBLOGS . "` (
+		`id` mediumint(7) unsigned NOT NULL auto_increment,
+		`timestamp` int(20),
+		`account` mediumint(7) unsigned NOT NULL,
+		`message` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
+		PRIMARY KEY	(`id`),
+		KEY `account` (`account`)
+	)";
+
 	$posts_sql = "CREATE TABLE `" . TINYIB_DBPOSTS . "` (
 		`id` mediumint(7) unsigned NOT NULL auto_increment,
 		`parent` mediumint(7) unsigned NOT NULL,
@@ -162,29 +232,12 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
 		KEY `moderated` (`moderated`)
 	)";
 
-	$bans_sql = "CREATE TABLE `" . TINYIB_DBBANS . "` (
-		`id` mediumint(7) unsigned NOT NULL auto_increment,
-		`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
-		`timestamp` int(20) NOT NULL,
-		`expire` int(20) NOT NULL,
-		`reason` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
-		PRIMARY KEY	(`id`),
-		KEY `ip` (`ip`)
-	)";
-
 	$reports_sql = "CREATE TABLE `" . TINYIB_DBREPORTS . "` (
 		`id` mediumint(7) unsigned NOT NULL auto_increment,
 		`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
 		`post` int(20) NOT NULL,
 		PRIMARY KEY	(`id`)
 	)";
-
-	$keywords_sql = "CREATE TABLE `" . TINYIB_DBKEYWORDS . "` (
-		`id` mediumint(7) unsigned NOT NULL auto_increment,
-		`text` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
-		`action` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
-		PRIMARY KEY	(`id`)
-	)";
 }
 
 // Check directories are writable by the script
@@ -198,29 +251,11 @@ foreach ($writedirs as $dir) {
 	}
 }
 
-$includes = array('inc/functions.php', 'inc/html.php', 'inc/database/' . TINYIB_DBMODE . '_link.php', 'inc/database/' . TINYIB_DBMODE . '.php');
+$includes = array('inc/functions.php', 'inc/html.php', 'inc/database/' . TINYIB_DBMODE . '_link.php', 'inc/database/' . TINYIB_DBMODE . '.php', 'inc/database/database.php');
 foreach ($includes as $include) {
 	require $include;
 }
 
-if (TINYIB_TRIPSEED == '' || TINYIB_ADMINPASS == '') {
-	fancyDie(__('TINYIB_TRIPSEED and TINYIB_ADMINPASS must be configured.'));
-}
-
-if ((TINYIB_CAPTCHA === 'hcaptcha' || TINYIB_MANAGECAPTCHA === 'hcaptcha') && (TINYIB_HCAPTCHA_SITE == '' || TINYIB_HCAPTCHA_SECRET == '')) {
-	fancyDie(__('TINYIB_HCAPTCHA_SITE and TINYIB_HCAPTCHA_SECRET  must be configured.'));
-}
-
-if ((TINYIB_CAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) {
-	fancyDie(__('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET  must be configured.'));
-}
-
-if (TINYIB_TIMEZONE != '') {
-	date_default_timezone_set(TINYIB_TIMEZONE);
-}
-
-$bcrypt_salt = '$2y$12$' . str_pad(str_replace('=', '/', str_replace('+', '.', substr(base64_encode(TINYIB_TRIPSEED), 0, 22))), 22, '/');
-
 $redirect = true;
 // Check if the request is to make a post
 if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) || isset($_POST['email']) || isset($_POST['subject']) || isset($_POST['message']) || isset($_POST['file']) || isset($_POST['embed']) || isset($_POST['password']))) {
@@ -228,7 +263,8 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		fancyDie(__('Posting is currently disabled.<br>Please try again in a few moments.'));
 	}
 
-	list($loggedin, $isadmin) = manageCheckLogIn(false);
+	list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
+
 	$rawpost = isRawPost();
 	$rawposttext = '';
 	if (!$loggedin) {
@@ -512,7 +548,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 	$json_posts = array();
 	$posts = postsInThreadByID($thread_id);
 	if ($new_since > 0) {
-		foreach ($posts as $i =>  $post) {
+		foreach ($posts as $i => $post) {
 			if ($post['id'] <= $new_since) {
 				continue;
 			}
@@ -554,9 +590,9 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 
 	$post = postByID($_POST['delete']);
 	if ($post) {
-		list($loggedin, $isadmin) = manageCheckLogIn(false);
+		list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
 
-		if ($loggedin && $_POST['password'] == '') {
+		if (!empty($account) && $_POST['password'] == '') {
 			// Redirect to post moderation page
 			echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . $_POST['delete'] . '">';
 		} elseif ($post['password'] != '' && (hashData($_POST['password']) == $post['password'] || md5(md5($_POST['password'])) == $post['password'])) {
@@ -592,7 +628,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		die('--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=imgboard.php">');
 	}
 
-	list($loggedin, $isadmin) = manageCheckLogIn(true);
+	list($account, $loggedin, $isadmin) = manageCheckLogIn(true);
 
 	if ($loggedin) {
 		if ($isadmin) {
@@ -608,6 +644,57 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 					fancyDie(__('Reporting is disabled.'));
 				}
 				$text .= manageReportsPage($_GET['reports']);
+			} elseif (isset($_GET['accounts'])) {
+				if ($account['role'] != TINYIB_SUPER_ADMINISTRATOR) {
+					fancyDie(__('Access denied'));
+				}
+
+				$id = intval($_GET['accounts']);
+				if (isset($_POST['id'])) {
+					$id = intval($_POST['id']);
+				}
+				$a = array('id' => 0);
+				if ($id > 0) {
+					$a = accountByID($id);
+					if (empty($a)) {
+						fancyDie(__('Account not found.'));
+					}
+
+					if ($a['username'] == 'admin' && TINYIB_ADMINPASS != '') {
+						fancyDie(__('This account may not be updated while TINYIB_ADMINPASS is set.'));
+					} else if ($a['username'] == 'mod' && TINYIB_MODPASS != '') {
+						fancyDie(__('This account may not be updated while TINYIB_MODPASS is set.'));
+					}
+				}
+
+				if (isset($_POST['id'])) {
+					if ($id == 0 && $_POST['password'] == '') {
+						fancyDie(__('A password is required.'));
+					}
+
+					$a['username'] = $_POST['username'];
+					if ($_POST['password'] != '') {
+						$a['password'] = $_POST['password'];
+					}
+					$a['role'] = intval($_POST['role']);
+					if ($a['role'] !== TINYIB_SUPER_ADMINISTRATOR && $a['role'] != TINYIB_ADMINISTRATOR && $a['role'] != TINYIB_MODERATOR && $a['role'] != TINYIB_DISABLED) {
+						fancyDie(__('Invalid role.'));
+					}
+
+					if ($id == 0) {
+						insertAccount($a);
+						$text .= manageInfo(__('Added account'));
+					} else {
+						updateAccount($a);
+						$text .= manageInfo(__('Updated account'));
+					}
+				}
+
+				$onload = manageOnLoad('accounts');
+				$text .= manageAccountForm($_GET['accounts']);
+				if (intval($_GET['accounts']) == 0) {
+					$text .= manageAccountsTable();
+				}
 			} elseif (isset($_GET['bans'])) {
 				clearExpiredBans();
 
@@ -690,22 +777,49 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 					<p>If you installed TinyIB without Git, you must <a href="https://code.rocketnine.space/tslocum/tinyib">update manually</a>.  If you did install with Git, ensure the script has read and write access to the <b>.git</b> folder.</p>';
 				}
 			} elseif (isset($_GET['dbmigrate'])) {
-				if (TINYIB_DBMIGRATE !== '' && TINYIB_DBMIGRATE !== false) {
+				if (TINYIB_DBMIGRATE !== '' && TINYIB_DBMIGRATE !== false && TINYIB_DBMODE != TINYIB_DBMIGRATE) {
+					$mysql_modes = array('mysql', 'mysqli');
+					if (in_array(TINYIB_DBMODE, $mysql_modes) && in_array(TINYIB_DBMIGRATE, $mysql_modes)) {
+						fancyDie('TINYIB_DBMODE and TINYIB_DBMIGRATE are both set to MySQL database modes. No migration is necessary.');
+					}
+
+					$sqlite_modes = array('sqlite', 'sqlite3');
+					if (in_array(TINYIB_DBMODE, $sqlite_modes) && in_array(TINYIB_DBMIGRATE, $sqlite_modes)) {
+						fancyDie('TINYIB_DBMODE and TINYIB_DBMIGRATE are both set to SQLite database modes. No migration is necessary.');
+					}
+
+					if (!in_array(TINYIB_DBMIGRATE, $database_modes)) {
+						fancyDie(__('Unknown database mode specified.'));
+					}
+
 					if (isset($_GET['go'])) {
-						if (TINYIB_DBMODE == TINYIB_DBMIGRATE) {
-							fancyDie('Set TINYIB_DBMIGRATE to the desired TINYIB_DBMODE and enter in any database related settings in settings.php before migrating.');
+						require 'inc/database/' . TINYIB_DBMIGRATE . '_link.php';
+
+						echo '<p>Migrating accounts...</p>';
+						$accounts = allAccounts();
+						foreach ($accounts as $account) {
+							migrateAccount($account);
+						}
+
+						echo '<p>Migrating bans...</p>';
+						$bans = allBans();
+						foreach ($bans as $ban) {
+							migrateBan($ban);
 						}
 
-						$mysql_modes = array('mysql', 'mysqli');
-						if (in_array(TINYIB_DBMODE, $mysql_modes) && in_array(TINYIB_DBMIGRATE, $mysql_modes)) {
-							fancyDie('TINYIB_DBMODE and TINYIB_DBMIGRATE are both set to MySQL database modes. No migration is necessary.');
+						echo '<p>Migrating keywords...</p>';
+						$keywords = allKeywords();
+						foreach ($keywords as $keyword) {
+							migrateKeyword($keyword);
 						}
 
-						if (!in_array(TINYIB_DBMIGRATE, $database_modes)) {
-							fancyDie(__('Unknown database mode specified.'));
+						echo '<p>Migrating logs...</p>';
+						$logs = allLogs();
+						foreach ($logs as $log) {
+							migrateLog($log);
 						}
-						require 'inc/database/' . TINYIB_DBMIGRATE . '_link.php';
 
+						echo '<p>Migrating posts...</p>';
 						$threads = allThreads();
 						foreach ($threads as $thread) {
 							$posts = postsInThreadByID($thread['id']);
@@ -714,17 +828,18 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 							}
 						}
 
-						$bans = allBans();
-						foreach ($bans as $ban) {
-							migrateBan($ban);
+						echo '<p>Migrating reports...</p>';
+						$reports = allReports();
+						foreach ($reports as $report) {
+							migrateReport($report);
 						}
 
-						echo '<p><b>Database migration complete</b>.  Set TINYIB_DBMODE to mysqli and TINYIB_DBMIGRATE to false, then click <b>Rebuild All</b> above and ensure everything looks the way it should.</p>';
+						echo '<p><b>Database migration complete</b>.  Set TINYIB_DBMODE to the new database mode and TINYIB_DBMIGRATE to false, then click <b>Rebuild All</b> above and ensure everything looks and works as it should.</p>';
 					} else {
 						$text .= '<p>Your original database will not be deleted.  If the migration fails, disable the tool and your board will be unaffected.  See the <a href="https://code.rocketnine.space/tslocum/tinyib/src/branch/master/README.md" target="_blank">README</a> <small>(<a href="README.md" target="_blank">alternate link</a>)</small> for instructions.</a><br><br><a href="?manage&dbmigrate&go"><b>Start the migration</b></a></p>';
 					}
 				} else {
-					fancyDie('Set TINYIB_DBMIGRATE to true in settings.php to use this feature.');
+					fancyDie('Set TINYIB_DBMIGRATE to the desired TINYIB_DBMODE and enter in any database related settings in settings.php before migrating.');
 				}
 			}
 		}
@@ -813,10 +928,25 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		} elseif (isset($_GET["rawpost"])) {
 			$onload = manageOnLoad("rawpost");
 			$text .= buildPostForm(0, true);
-		}
+		} elseif (isset($_GET['changepassword'])) {
+			if ($account['username'] == 'admin' && TINYIB_ADMINPASS != '') {
+				fancyDie(__('This account may not be updated while TINYIB_ADMINPASS is set.'));
+			} else if ($account['username'] == 'mod' && TINYIB_MODPASS != '') {
+				fancyDie(__('This account may not be updated while TINYIB_MODPASS is set.'));
+			}
+
+			if (isset($_POST['password'])) {
+				if ($_POST['password'] == '') {
+					fancyDie(__('A password is required.'));
+				}
+
+				$account['password'] = $_POST['password'];
+				updateAccount($account);
 
-		if ($text == '') {
-			$text = manageStatus();
+				$text .= manageInfo(__('Password updated'));
+			}
+
+			$text .= manageChangePasswordForm();
 		}
 	} else {
 		$onload = manageOnLoad('login');
@@ -830,4 +960,4 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 
 if ($redirect) {
 	echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="' . (isset($slow_redirect) ? '3' : '0') . ';url=' . (is_string($redirect) ? $redirect : TINYIB_INDEX) . '">';
-}
+}

inc/database/database.php

@@ -0,0 +1,23 @@
+<?php
+
+if (TINYIB_ADMINPASS != '') {
+	$admin = accountByUsername('admin');
+	if (!empty($admin)) {
+		$admin['password'] = TINYIB_ADMINPASS;
+		updateAccount($admin);
+	} else {
+		$admin = array('username' => 'admin', 'password' => TINYIB_ADMINPASS, 'role' => TINYIB_SUPER_ADMINISTRATOR);
+		insertAccount($admin);
+	}
+}
+
+if (TINYIB_MODPASS != '') {
+	$mod = accountByUsername('mod');
+	if (!empty($mod)) {
+		$mod['password'] = TINYIB_MODPASS;
+		updateAccount($mod);
+	} else {
+		$mod = array('username' => 'mod', 'password' => TINYIB_MODPASS, 'role' => TINYIB_MODERATOR);
+		insertAccount($mod);
+	}
+}

inc/database/flatfile.php

@@ -3,6 +3,218 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
 
+// Account functions
+function accountByID($id) {
+	$rows = $GLOBALS['db']->selectWhere(ACCOUNTS_FILE, new SimpleWhereClause(ACCOUNT_ID, '=', $id, INTEGER_COMPARISON), 1);
+	if (isset($rows[0])) {
+		return $rows[0];
+	}
+	return array();
+}
+
+function accountByUsername($username) {
+	$rows = $GLOBALS['db']->selectWhere(ACCOUNTS_FILE, new SimpleWhereClause(ACCOUNT_USERNAME, '=', $username, STRING_COMPARISON), 1);
+	if (isset($rows[0])) {
+		return $rows[0];
+	}
+	return array();
+}
+
+function allAccounts() {
+	$rows = $GLOBALS['db']->selectWhere(ACCOUNTS_FILE, NULL, -1, array(new OrderBy(ACCOUNT_ROLE, ASCENDING, INTEGER_COMPARISON), new OrderBy(ACCOUNT_USERNAME, ASCENDING, STRING_COMPARISON)));
+	return convertAccountsToSQLStyle($rows);
+}
+
+function convertAccountsToSQLStyle($accounts, $single = false) {
+	$newaccounts = array();
+	foreach ($accounts as $a) {
+		$account = array();
+		$account['id'] = $a[ACCOUNT_ID];
+		$account['username'] = $a[ACCOUNT_USERNAME];
+		$account['password'] = $a[ACCOUNT_PASSWORD];
+		$account['role'] = $a[ACCOUNT_ROLE];
+		$account['lastactive'] = $a[ACCOUNT_LASTACTIVE];
+
+		if ($single) {
+			return $account;
+		}
+		$newaccounts[] = $account;
+	}
+	return $newaccounts;
+}
+
+function insertAccount($a) {
+	$account = array();
+	$account[ACCOUNT_ID] = '0';
+	$account[ACCOUNT_USERNAME] = $a['username'];
+	$account[ACCOUNT_PASSWORD] =  hashData($a['password']);
+	$account[ACCOUNT_ROLE] = $a['role'];
+	$account[ACCOUNT_LASTACTIVE] = 0;
+
+	$GLOBALS['db']->insertWithAutoId(ACCOUNTS_FILE, ACCOUNT_ID, $account);
+}
+
+function updateAccount($a) {
+	$account = array();
+	$account[ACCOUNT_ID] = $a['id'];
+	$account[ACCOUNT_USERNAME] = $a['username'];
+	$account[ACCOUNT_PASSWORD] = hashData($a['password']);
+	$account[ACCOUNT_ROLE] = $a['role'];
+	$account[ACCOUNT_LASTACTIVE] = $a['lastactive'];
+
+	$GLOBALS['db']->updateRowById(ACCOUNTS_FILE, ACCOUNT_ID, $account);
+}
+
+function deleteAccountByID($id) {
+	$GLOBALS['db']->deleteWhere(ACCOUNTS_FILE, new SimpleWhereClause(ACCOUNT_ID, '=', $id, INTEGER_COMPARISON));
+}
+
+// Ban functions
+function banByID($id) {
+	return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON), 1), true);
+}
+
+function banByIP($ip) {
+	$compClause = new OrWhereClause();
+	$compClause->add(new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON));
+	$compClause->add(new SimpleWhereClause(BAN_IP, '=', hashData($ip), STRING_COMPARISON));
+	return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, $compClause, 1), true);
+}
+
+function allBans() {
+	$rows = $GLOBALS['db']->selectWhere(BANS_FILE, NULL, -1, new OrderBy(BAN_TIMESTAMP, DESCENDING, INTEGER_COMPARISON));
+	return convertBansToSQLStyle($rows);
+}
+
+function convertBansToSQLStyle($bans, $single = false) {
+	$newbans = array();
+	foreach ($bans as $oldban) {
+		$ban = array();
+		$ban['id'] = $oldban[BAN_ID];
+		$ban['ip'] = $oldban[BAN_IP];
+		$ban['timestamp'] = $oldban[BAN_TIMESTAMP];
+		$ban['expire'] = $oldban[BAN_EXPIRE];
+		$ban['reason'] = $oldban[BAN_REASON];
+
+		if ($single) {
+			return $ban;
+		}
+		$newbans[] = $ban;
+	}
+	return $newbans;
+}
+
+function insertBan($newban) {
+	$ban = array();
+	$ban[BAN_ID] = '0';
+	$ban[BAN_IP] = hashData($newban['ip']);
+	$ban[BAN_TIMESTAMP] = time();
+	$ban[BAN_EXPIRE] = $newban['expire'];
+	$ban[BAN_REASON] = $newban['reason'];
+
+	return $GLOBALS['db']->insertWithAutoId(BANS_FILE, BAN_ID, $ban);
+}
+
+function clearExpiredBans() {
+	$compClause = new AndWhereClause();
+	$compClause->add(new SimpleWhereClause(BAN_EXPIRE, '>', 0, INTEGER_COMPARISON));
+	$compClause->add(new SimpleWhereClause(BAN_EXPIRE, '<=', time(), INTEGER_COMPARISON));
+
+	$bans = $GLOBALS['db']->selectWhere(BANS_FILE, $compClause, -1);
+	foreach ($bans as $ban) {
+		deleteBanByID($ban[BAN_ID]);
+	}
+}
+
+function deleteBanByID($id) {
+	$GLOBALS['db']->deleteWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON));
+}
+
+// Keyword functions
+function keywordByID($id) {
+	$clause = new SimpleWhereClause(KEYWORD_ID, '=', $id, INTEGER_COMPARISON);
+	return convertKeywordsToSQLStyle($GLOBALS['db']->selectWhere(KEYWORDS_FILE, $clause, 1), true);
+}
+
+function keywordByText($text) {
+	$text = strtolower($text);
+	$clause = new SimpleWhereClause(KEYWORD_TEXT, '=', $text, STRING_COMPARISON);
+	return convertKeywordsToSQLStyle($GLOBALS['db']->selectWhere(KEYWORDS_FILE, $clause, 1), true);
+}
+
+function allKeywords() {
+	$rows = $GLOBALS['db']->selectWhere(KEYWORDS_FILE, NULL, -1, new OrderBy(KEYWORD_TEXT, ASCENDING, INTEGER_COMPARISON));
+	return convertKeywordsToSQLStyle($rows);
+}
+
+function convertKeywordsToSQLStyle($keywords, $single = false) {
+	$newkeywords = array();
+	foreach ($keywords as $oldkeyword) {
+		$keyword = array();
+		$keyword['id'] = $oldkeyword[KEYWORD_ID];
+		$keyword['text'] = $oldkeyword[KEYWORD_TEXT];
+		$keyword['action'] = $oldkeyword[KEYWORD_ACTION];
+
+		if ($single) {
+			return $keyword;
+		}
+		$newkeywords[] = $keyword;
+	}
+	return $newkeywords;
+}
+
+function insertKeyword($newkeyword) {
+	$newkeyword['text'] = strtolower($newkeyword['text']);
+
+	$keyword = array();
+	$keyword[KEYWORD_ID] = '0';
+	$keyword[KEYWORD_TEXT] = $newkeyword['text'];
+	$keyword[KEYWORD_ACTION] = $newkeyword['action'];
+
+	$GLOBALS['db']->insertWithAutoId(KEYWORDS_FILE, KEYWORD_ID, $keyword);
+}
+
+function deleteKeyword($id) {
+	$GLOBALS['db']->deleteWhere(KEYWORDS_FILE, new SimpleWhereClause(KEYWORD_ID, '=', $id, INTEGER_COMPARISON));
+}
+
+// Log functions
+function allLogs() {
+	$rows = $GLOBALS['db']->selectWhere(LOGS_FILE, NULL, -1, new OrderBy(LOG_ID, DESCENDING, INTEGER_COMPARISON));
+	return convertLogsToSQLStyle($rows);
+}
+
+function convertLogsToSQLStyle($logs, $single = false) {
+	$newlogs = array();
+	foreach ($logs as $l) {
+		$log = array();
+		$log['id'] = $l[LOG_ID];
+		$log['timestamp'] = $l[LOG_TIMESTAMP];
+		$log['account'] = $l[LOG_ACCOUNT];
+		$log['message'] = $l[LOG_MESSAGE];
+
+		if ($single) {
+			return $log;
+		}
+		$newlogs[] = $log;
+	}
+	return $newlogs;
+}
+
+function insertLog($l) {
+	$log = array();
+	$log['id'] = '0';
+	$log['timestamp'] = $l[LOG_TIMESTAMP];
+	$log['account'] = $l[LOG_ACCOUNT];
+	$log['message'] = $l[LOG_MESSAGE];
+
+	$GLOBALS['db']->insertWithAutoId(LOGS_FILE, LOG_ID, $log);
+}
+
+function deleteLog($id) {
+	$GLOBALS['db']->deleteWhere(LOGS_FILE, new SimpleWhereClause(LOG_ID, '=', $id, INTEGER_COMPARISON));
+}
+
 // Post functions
 function uniquePosts() {
 	return 0; // Unsupported by this database option
@@ -96,7 +308,7 @@ function countThreads() {
 	return count($rows);
 }
 
-function convertPostsToSQLStyle($posts, $singlepost = false) {
+function convertPostsToSQLStyle($posts, $single = false) {
 	$newposts = array();
 	foreach ($posts as $oldpost) {
 		$post = newPost();
@@ -129,7 +341,7 @@ function convertPostsToSQLStyle($posts, $singlepost = false) {
 			$post['parent'] = TINYIB_NEWTHREAD;
 		}
 
-		if ($singlepost) {
+		if ($single) {
 			return $post;
 		}
 		$newposts[] = $post;
@@ -201,67 +413,6 @@ function lastPostByIP() {
 	return convertPostsToSQLStyle($rows, true);
 }
 
-// Ban functions
-function banByID($id) {
-	return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON), 1), true);
-}
-
-function banByIP($ip) {
-	$compClause = new OrWhereClause();
-	$compClause->add(new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON));
-	$compClause->add(new SimpleWhereClause(BAN_IP, '=', hashData($ip), STRING_COMPARISON));
-	return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, $compClause, 1), true);
-}
-
-function allBans() {
-	$rows = $GLOBALS['db']->selectWhere(BANS_FILE, NULL, -1, new OrderBy(BAN_TIMESTAMP, DESCENDING, INTEGER_COMPARISON));
-	return convertBansToSQLStyle($rows);
-}
-
-function convertBansToSQLStyle($bans, $singleban = false) {
-	$newbans = array();
-	foreach ($bans as $oldban) {
-		$ban = array();
-		$ban['id'] = $oldban[BAN_ID];
-		$ban['ip'] = $oldban[BAN_IP];
-		$ban['timestamp'] = $oldban[BAN_TIMESTAMP];
-		$ban['expire'] = $oldban[BAN_EXPIRE];
-		$ban['reason'] = $oldban[BAN_REASON];
-
-		if ($singleban) {
-			return $ban;
-		}
-		$newbans[] = $ban;
-	}
-	return $newbans;
-}
-
-function insertBan($newban) {
-	$ban = array();
-	$ban[BAN_ID] = '0';
-	$ban[BAN_IP] = hashData($newban['ip']);
-	$ban[BAN_TIMESTAMP] = time();
-	$ban[BAN_EXPIRE] = $newban['expire'];
-	$ban[BAN_REASON] = $newban['reason'];
-
-	return $GLOBALS['db']->insertWithAutoId(BANS_FILE, BAN_ID, $ban);
-}
-
-function clearExpiredBans() {
-	$compClause = new AndWhereClause();
-	$compClause->add(new SimpleWhereClause(BAN_EXPIRE, '>', 0, INTEGER_COMPARISON));
-	$compClause->add(new SimpleWhereClause(BAN_EXPIRE, '<=', time(), INTEGER_COMPARISON));
-
-	$bans = $GLOBALS['db']->selectWhere(BANS_FILE, $compClause, -1);
-	foreach ($bans as $ban) {
-		deleteBanByID($ban[BAN_ID]);
-	}
-}
-
-function deleteBanByID($id) {
-	$GLOBALS['db']->deleteWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON));
-}
-
 // Report functions
 function reportByIP($post, $ip) {
 	$ipClause = new OrWhereClause();
@@ -284,7 +435,7 @@ function allReports() {
 	return convertReportsToSQLStyle($rows);
 }
 
-function convertReportsToSQLStyle($reports, $singlereport = false) {
+function convertReportsToSQLStyle($reports, $single = false) {
 	$newreports = array();
 	foreach ($reports as $oldreport) {
 		$report = array();
@@ -292,7 +443,7 @@ function convertReportsToSQLStyle($reports, $singlereport = false) {
 		$report['ip'] = $oldreport[REPORT_IP];
 		$report['post'] = $oldreport[REPORT_POST];
 
-		if ($singlereport) {
+		if ($single) {
 			return $report;
 		}
 		$newreports[] = $report;
@@ -320,50 +471,3 @@ function deleteReportsByIP($ip) {
 
 	$GLOBALS['db']->deleteWhere(REPORTS_FILE, $ipClause);
 }
-
-// Keyword functions
-function keywordByID($id) {
-	$clause = new SimpleWhereClause(KEYWORD_ID, '=', $id, INTEGER_COMPARISON);
-	return convertKeywordsToSQLStyle($GLOBALS['db']->selectWhere(KEYWORDS_FILE, $clause, 1), true);
-}
-function keywordByText($text) {
-	$text = strtolower($text);
-	$clause = new SimpleWhereClause(KEYWORD_TEXT, '=', $text, STRING_COMPARISON);
-	return convertKeywordsToSQLStyle($GLOBALS['db']->selectWhere(KEYWORDS_FILE, $clause, 1), true);
-}
-
-function allKeywords() {
-	$rows = $GLOBALS['db']->selectWhere(KEYWORDS_FILE, NULL, -1, new OrderBy(KEYWORD_TEXT, ASCENDING, INTEGER_COMPARISON));
-	return convertKeywordsToSQLStyle($rows);
-}
-
-function convertKeywordsToSQLStyle($keywords, $singlekeyword = false) {
-	$newkeywords = array();
-	foreach ($keywords as $oldkeyword) {
-		$keyword = array();
-		$keyword['id'] = $oldkeyword[KEYWORD_ID];
-		$keyword['text'] = $oldkeyword[KEYWORD_TEXT];
-		$keyword['action'] = $oldkeyword[KEYWORD_ACTION];
-
-		if ($singlekeyword) {
-			return $keyword;
-		}
-		$newkeywords[] = $keyword;
-	}
-	return $newkeywords;
-}
-
-function insertKeyword($newkeyword) {
-	$newkeyword['text'] = strtolower($newkeyword['text']);
-
-	$keyword = array();
-	$keyword[KEYWORD_ID] = '0';
-	$keyword[KEYWORD_TEXT] = $newkeyword['text'];
-	$keyword[KEYWORD_ACTION] = $newkeyword['action'];
-
-	$GLOBALS['db']->insertWithAutoId(KEYWORDS_FILE, KEYWORD_ID, $keyword);
-}
-
-function deleteKeyword($id) {
-	$GLOBALS['db']->deleteWhere(KEYWORDS_FILE, new SimpleWhereClause(KEYWORD_ID, '=', $id, INTEGER_COMPARISON));
-}

inc/database/flatfile_link.php

@@ -3,6 +3,35 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
 
+// Accounts table
+define('ACCOUNTS_FILE', '.accounts');
+define('ACCOUNT_ID', 0);
+define('ACCOUNT_USERNAME', 1);
+define('ACCOUNT_PASSWORD', 2);
+define('ACCOUNT_ROLE', 3);
+define('ACCOUNT_LASTACTIVE', 4);
+
+// Bans table
+define('BANS_FILE', '.bans');
+define('BAN_ID', 0);
+define('BAN_IP', 1);
+define('BAN_TIMESTAMP', 2);
+define('BAN_EXPIRE', 3);
+define('BAN_REASON', 4);
+
+// Keywords table
+define('KEYWORDS_FILE', '.keywords');
+define('KEYWORD_ID', 0);
+define('KEYWORD_TEXT', 1);
+define('KEYWORD_ACTION', 2);
+
+// Log table
+define('LOGS_FILE', '.logs');
+define('LOG_ID', 0);
+define('LOG_TIMESTAMP', 1);
+define('LOG_ACCOUNT', 2);
+define('LOG_MESSAGE', 3);
+
 // Posts table
 define('POSTS_FILE', '.posts');
 define('POST_ID', 0);
@@ -31,26 +60,12 @@ define('POST_STICKIED', 22);
 define('POST_LOCKED', 23);
 define('POST_MODERATED', 24);
 
-// Bans table
-define('BANS_FILE', '.bans');
-define('BAN_ID', 0);
-define('BAN_IP', 1);
-define('BAN_TIMESTAMP', 2);
-define('BAN_EXPIRE', 3);
-define('BAN_REASON', 4);
-
 // Reports table
 define('REPORTS_FILE', '.reports');
 define('REPORT_ID', 0);
 define('REPORT_IP', 1);
 define('REPORT_POST', 2);
 
-// Keywords table
-define('KEYWORDS_FILE', '.keywords');
-define('KEYWORD_ID', 0);
-define('KEYWORD_TEXT', 1);
-define('KEYWORD_ACTION', 2);
-
 require_once 'flatfile/flatfile.php';
 $db = new Flatfile();
 $db->datadir = 'inc/database/flatfile/';
@@ -60,59 +75,78 @@ if (file_exists('inc/flatfile/' . POSTS_FILE)) {
 }
 
 if (function_exists('insertPost')) {
-	function migratePost($newpost) {
-		$post = array();
-		$post[POST_ID] = $newpost['id'];
-		$post[POST_PARENT] = $newpost['parent'];
-		$post[POST_TIMESTAMP] = $newpost['timestamp'];
-		$post[POST_BUMPED] = $newpost['bumped'];
-		$post[POST_IP] = $newpost['ip'];
-		$post[POST_NAME] = $newpost['name'];
-		$post[POST_TRIPCODE] = $newpost['tripcode'];
-		$post[POST_EMAIL] = $newpost['email'];
-		$post[POST_NAMEBLOCK] = $newpost['nameblock'];
-		$post[POST_SUBJECT] = $newpost['subject'];
-		$post[POST_MESSAGE] = $newpost['message'];
-		$post[POST_PASSWORD] = $newpost['password'];
-		$post[POST_FILE] = $newpost['file'];
-		$post[POST_FILE_HEX] = $newpost['file_hex'];
-		$post[POST_FILE_ORIGINAL] = $newpost['file_original'];
-		$post[POST_FILE_SIZE] = $newpost['file_size'];
-		$post[POST_FILE_SIZE_FORMATTED] = $newpost['file_size_formatted'];
-		$post[POST_IMAGE_WIDTH] = $newpost['image_width'];
-		$post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
-		$post[POST_THUMB] = $newpost['thumb'];
-		$post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
-		$post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
-		$post[POST_MODERATED] = $newpost['moderated'];
-		$post[POST_STICKIED] = $newpost['stickied'];
-		$post[POST_LOCKED] = $newpost['locked'];
-		$GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
+	function migrateAccount($a) {
+		$account = array();
+		$account[ACCOUNT_ID] = $a['id'];
+		$account[ACCOUNT_USERNAME] = $a['username'];
+		$account[ACCOUNT_PASSWORD] = $a['password'];
+		$account[ACCOUNT_ROLE] = $a['role'];
+		$account[ACCOUNT_LASTACTIVE] = $a['lastactive'];
+		$GLOBALS['db']->insertWithAutoId(ACCOUNTS_FILE, ACCOUNT_ID, $account);
 	}
 
-	function migrateBan($newban) {
+	function migrateBan($b) {
 		$ban = array();
-		$ban[BAN_ID] = $newban['id'];
-		$ban[BAN_IP] = $newban['ip'];
-		$ban[BAN_TIMESTAMP] = $newban['timestamp'];
-		$ban[BAN_EXPIRE] = $newban['expire'];
-		$ban[BAN_REASON] = $newban['reason'];
+		$ban[BAN_ID] = $b['id'];
+		$ban[BAN_IP] = $b['ip'];
+		$ban[BAN_TIMESTAMP] = $b['timestamp'];
+		$ban[BAN_EXPIRE] = $b['expire'];
+		$ban[BAN_REASON] = $b['reason'];
 		$GLOBALS['db']->insertWithAutoId(BANS_FILE, BAN_ID, $ban);
 	}
 
-	function migrateReport($newreport) {
-		$report = array();
-		$report[REPORT_ID] = $newreport['id'];
-		$report[REPORT_IP] = $newreport['ip'];
-		$report[REPORT_POST] = $newreport['post'];
-		$GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
-	}
-
-	function migrateKeyword($newkeyword) {
+	function migrateKeyword($k) {
 		$keyword = array();
-		$keyword[KEYWORD_ID] = $newkeyword['id'];
-		$keyword[KEYWORD_TEXT] = $newkeyword['text'];
-		$keyword[KEYWORD_ACTION] = $newkeyword['action'];
+		$keyword[KEYWORD_ID] = $k['id'];
+		$keyword[KEYWORD_TEXT] = $k['text'];
+		$keyword[KEYWORD_ACTION] = $k['action'];
 		$GLOBALS['db']->insertWithAutoId(KEYWORDS_FILE, KEYWORD_ID, $keyword);
 	}
+
+	function migrateLog($l) {
+		$log = array();
+		$log[LOG_ID] = $l['id'];
+		$log[LOG_TIMESTAMP] = $l['timestamp'];
+		$log[LOG_ACCOUNT] = $l['account'];
+		$log[LOG_MESSAGE] = $l['message'];
+		$GLOBALS['db']->insertWithAutoId(LOGS_FILE, LOG_ID, $log);
+	}
+
+	function migratePost($p) {
+		$post = array();
+		$post[POST_ID] = $p['id'];
+		$post[POST_PARENT] = $p['parent'];
+		$post[POST_TIMESTAMP] = $p['timestamp'];
+		$post[POST_BUMPED] = $p['bumped'];
+		$post[POST_IP] = $p['ip'];
+		$post[POST_NAME] = $p['name'];
+		$post[POST_TRIPCODE] = $p['tripcode'];
+		$post[POST_EMAIL] = $p['email'];
+		$post[POST_NAMEBLOCK] = $p['nameblock'];
+		$post[POST_SUBJECT] = $p['subject'];
+		$post[POST_MESSAGE] = $p['message'];
+		$post[POST_PASSWORD] = $p['password'];
+		$post[POST_FILE] = $p['file'];
+		$post[POST_FILE_HEX] = $p['file_hex'];
+		$post[POST_FILE_ORIGINAL] = $p['file_original'];
+		$post[POST_FILE_SIZE] = $p['file_size'];
+		$post[POST_FILE_SIZE_FORMATTED] = $p['file_size_formatted'];
+		$post[POST_IMAGE_WIDTH] = $p['image_width'];
+		$post[POST_IMAGE_HEIGHT] = $p['image_height'];
+		$post[POST_THUMB] = $p['thumb'];
+		$post[POST_THUMB_WIDTH] = $p['thumb_width'];
+		$post[POST_THUMB_HEIGHT] = $p['thumb_height'];
+		$post[POST_MODERATED] = $p['moderated'];
+		$post[POST_STICKIED] = $p['stickied'];
+		$post[POST_LOCKED] = $p['locked'];
+		$GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
+	}
+
+	function migrateReport($r) {
+		$report = array();
+		$report[REPORT_ID] = $r['id'];
+		$report[REPORT_IP] = $r['ip'];
+		$report[REPORT_POST] = $r['post'];
+		$GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
+	}
 }

inc/database/mysql.php

@@ -3,6 +3,47 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
 
+// Account functions
+function accountByID($id) {
+	$result = mysql_query("SELECT * FROM `" . TINYIB_DBACCOUNTS . "` WHERE `id` = '" . mysql_real_escape_string($id) . "' LIMIT 1");
+	if ($result) {
+		while ($account = mysql_fetch_assoc($result)) {
+			return $account;
+		}
+	}
+}
+
+function accountByUsername($username) {
+	$result = mysql_query("SELECT * FROM `" . TINYIB_DBACCOUNTS . "` WHERE `username` = '" . mysql_real_escape_string($username) . "' LIMIT 1");
+	if ($result) {
+		while ($account = mysql_fetch_assoc($result)) {
+			return $account;
+		}
+	}
+}
+
+function allAccounts($username) {
+	$result = mysql_query("SELECT * FROM `" . TINYIB_DBACCOUNTS . "` ORDER BY `role` ASC, `username` ASC");
+	if ($result) {
+		while ($account = mysql_fetch_assoc($result)) {
+			return $account;
+		}
+	}
+}
+
+function insertAccount($account) {
+	mysql_query("INSERT INTO `" . TINYIB_DBACCOUNTS . "` (`username`, `password`, `role`, `lastactive`) VALUES (" . $account['username'] . ", '" . hashData($account['password']) . "', '" . mysql_real_escape_string($account['role']) . "', '0')");
+	return mysql_insert_id();
+}
+
+function updateAccount($account) {
+	mysql_query("UPDATE `" . TINYIB_DBACCOUNTS . "` SET `username` = " . $account['username'] . ", `password` = '" . hashData($account['password']) . "', `role` = '" . mysql_real_escape_string($account['role']) . "', `lastactive` = " . mysql_real_escape_string($account['lastactive']) . " WHERE `id` = '" . mysql_real_escape_string($account['id']) . "'");
+}
+
+function deleteAccountByID($id) {
+	mysql_query("DELETE FROM `" . TINYIB_DBACCOUNTS . "` WHERE `id` = '" . mysql_real_escape_string($id) . "'");
+}
+
 // Post functions
 function uniquePosts() {
 	$row = mysql_fetch_row(mysql_query("SELECT COUNT(DISTINCT(`ip`)) FROM " . TINYIB_DBPOSTS));

inc/database/mysql_link.php

@@ -17,26 +17,31 @@ if (!$db_selected) {
 }
 mysql_query("SET NAMES 'utf8mb4'");
 
-// Create the posts table if it does not exist
-if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBPOSTS . "'")) == 0) {
-	mysql_query($posts_sql);
+// Create tables (when necessary)
+if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBACCOUNTS . "'")) == 0) {
+	mysql_query($accounts_sql);
 }
 
-// Create the bans table if it does not exist
 if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBBANS . "'")) == 0) {
 	mysql_query($bans_sql);
 }
 
-// Create the reports table if it does not exist
-if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBREPORTS . "'")) == 0) {
-	mysql_query($reports_sql);
-}
-
-// Create the keywords table if it does not exist
 if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBKEYWORDS . "'")) == 0) {
 	mysql_query($keywords_sql);
 }
 
+if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBLOGS . "'")) == 0) {
+	mysql_query($logs_sql);
+}
+
+if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBPOSTS . "'")) == 0) {
+	mysql_query($posts_sql);
+}
+
+if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . TINYIB_DBREPORTS . "'")) == 0) {
+	mysql_query($reports_sql);
+}
+
 if (mysql_num_rows(mysql_query("SHOW COLUMNS FROM `" . TINYIB_DBPOSTS . "` LIKE 'stickied'")) == 0) {
 	mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN stickied TINYINT(1) NOT NULL DEFAULT '0'");
 }
@@ -51,19 +56,27 @@ mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NUL
 mysql_query("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 
 if (function_exists('insertPost')) {
-	function migratePost($post) {
-		mysql_query("INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . mysql_real_escape_string($post['ip']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "',	'" . mysql_real_escape_string($post['email']) . "',	'" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
+	function migrateAccount($account) {
+		mysql_query("INSERT INTO " . TINYIB_DBACCOUNTS . " (id, username, password, role, lastactive) VALUES ('" . mysql_real_escape_string($account['id']) . "', '" . mysql_real_escape_string($account['username']) . "', '" . mysql_real_escape_string($account['password']) . "', '" . mysql_real_escape_string($account['role']) . "', '" . mysql_real_escape_string($account['lastactive']) . "')");
 	}
 
 	function migrateBan($ban) {
 		mysql_query("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysql_real_escape_string($ban['id']) . "', '" . mysql_real_escape_string($ban['ip']) . "', '" . mysql_real_escape_string($ban['timestamp']) . "', '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
 	}
 
-	function migrateReport($report) {
-		mysql_query("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysql_real_escape_string($report['id']) . "', '" . mysql_real_escape_string($report['ip']) . "', '" . mysql_real_escape_string($report['post']) . "')");
-	}
-
 	function migrateKeyword($keyword) {
 		mysql_query("INSERT INTO " . TINYIB_DBKEYWORDS . " (id, text, action) VALUES ('" . mysql_real_escape_string($keyword['id']) . "', '" . mysql_real_escape_string($keyword['text']) . "', '" . mysql_real_escape_string($keyword['action']) . "')");
 	}
+
+	function migrateLog($log) {
+		mysql_query("INSERT INTO " . TINYIB_DBLOGS . " (id, timestamp, account, message) VALUES ('" . mysql_real_escape_string($log['id']) . "', '" . mysql_real_escape_string($log['timestamp']) . "', '" . mysql_real_escape_string($log['account']) . "', '" . mysql_real_escape_string($log['message']) . "')");
+	}
+
+	function migratePost($post) {
+		mysql_query("INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . mysql_real_escape_string($post['ip']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "',	'" . mysql_real_escape_string($post['email']) . "',	'" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
+	}
+
+	function migrateReport($report) {
+		mysql_query("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysql_real_escape_string($report['id']) . "', '" . mysql_real_escape_string($report['ip']) . "', '" . mysql_real_escape_string($report['post']) . "')");
+	}
 }

inc/database/mysqli.php

@@ -3,6 +3,55 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
 
+// Account functions
+function accountByID($id) {
+	global $link;
+	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBACCOUNTS . "` WHERE `id` = '" . mysqli_real_escape_string($link, $id) . "' LIMIT 1");
+	if ($result) {
+		while ($account = mysqli_fetch_assoc($result)) {
+			return $account;
+		}
+	}
+}
+
+function accountByUsername($username) {
+	global $link;
+	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBACCOUNTS . "` WHERE `username` = '" . mysqli_real_escape_string($link, $username) . "' LIMIT 1");
+	if ($result) {
+		while ($account = mysqli_fetch_assoc($result)) {
+			return $account;
+		}
+	}
+}
+
+function allAccounts() {
+	global $link;
+	$accounts = array();
+	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBACCOUNTS . "` ORDER BY `role` ASC, `username` ASC");
+	if ($result) {
+		while ($account = mysqli_fetch_assoc($result)) {
+			$accounts[] = $account;
+		}
+	}
+	return $accounts;
+}
+
+function insertAccount($account) {
+	global $link;
+	mysqli_query($link, "INSERT INTO `" . TINYIB_DBACCOUNTS . "` (`username`, `password`, `role`, `lastactive`) VALUES ('" . mysqli_real_escape_string($link, $account['username']) . "', '" . mysqli_real_escape_string($link, hashData($account['password'])) . "', '" . mysqli_real_escape_string($link, $account['role']) . "', '0')");
+	return mysqli_insert_id($link);
+}
+
+function updateAccount($account) {
+	global $link;
+	mysqli_query($link, "UPDATE `" . TINYIB_DBACCOUNTS . "` SET `username` = '" . mysqli_real_escape_string($link, $account['username']) . "', `password` = '" . mysqli_real_escape_string($link, hashData($account['password'])) . "', `role` = '" . mysqli_real_escape_string($link, $account['role']) . "', `lastactive` = " . mysqli_real_escape_string($link, $account['lastactive'])  . " WHERE `id` = " . mysqli_real_escape_string($link, $account['id']) . " LIMIT 1");
+}
+
+function deleteAccountByID($id) {
+	global $link;
+	mysqli_query($link, "DELETE FROM `" . TINYIB_DBACCOUNTS . "` WHERE `id` = " . mysqli_real_escape_string($link, $id) . " LIMIT 1");
+}
+
 // Post functions
 function uniquePosts() {
 	global $link;

inc/database/mysqli_link.php

@@ -17,26 +17,31 @@ if (!$db_selected) {
 }
 mysqli_query($link, "SET NAMES 'utf8mb4'");
 
-// Create the posts table if it does not exist
-if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBPOSTS . "'")) == 0) {
-	mysqli_query($link, $posts_sql);
+// Create tables (when necessary)
+if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBACCOUNTS . "'")) == 0) {
+	mysqli_query($link, $accounts_sql);
 }
 
-// Create the bans table if it does not exist
 if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBBANS . "'")) == 0) {
 	mysqli_query($link, $bans_sql);
 }
 
-// Create the reports table if it does not exist
-if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBREPORTS . "'")) == 0) {
-	mysqli_query($link, $reports_sql);
-}
-
-// Create the keywords table if it does not exist
 if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBKEYWORDS . "'")) == 0) {
 	mysqli_query($link, $keywords_sql);
 }
 
+if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBLOGS . "'")) == 0) {
+	mysqli_query($link, $logs_sql);
+}
+
+if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBPOSTS . "'")) == 0) {
+	mysqli_query($link, $posts_sql);
+}
+
+if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBREPORTS . "'")) == 0) {
+	mysqli_query($link, $reports_sql);
+}
+
 if (mysqli_num_rows(mysqli_query($link, "SHOW COLUMNS FROM `" . TINYIB_DBPOSTS . "` LIKE 'stickied'")) == 0) {
 	mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN stickied TINYINT(1) NOT NULL DEFAULT '0'");
 }
@@ -51,9 +56,9 @@ mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255)
 mysqli_query($link, "ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 
 if (function_exists('insertPost')) {
-	function migratePost($post) {
+	function migrateAccount($account) {
 		global $link;
-		mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`id`, `parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`, `stickied`, `locked`) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . mysqli_real_escape_string($link, $post['ip']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "',      '" . mysqli_real_escape_string($link, $post['email']) . "',     '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
+		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBACCOUNTS . " (id, username, password, role, lastactive) VALUES (" . mysqli_real_escape_string($link, $account['id']) . "', '" . mysqli_real_escape_string($link, $account['username']) . "', '" . mysqli_real_escape_string($link, $account['password']) . "', '" . mysqli_real_escape_string($link, $account['role']) . "', '" . mysqli_real_escape_string($link, $account['lastactive']) . "')");
 	}
 
 	function migrateBan($ban) {
@@ -61,13 +66,23 @@ if (function_exists('insertPost')) {
 		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysqli_real_escape_string($link, $ban['id']) . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . mysqli_real_escape_string($link, $ban['timestamp']) . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
 	}
 
-	function migrateReport($report) {
+	function migrateKeyword($keyword) {
 		global $link;
-		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysqli_real_escape_string($link, $report['id']) . "', '" . mysqli_real_escape_string($link, $report['ip']) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
+		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBKEYWORDS . " (id, text, action) VALUES ('" . mysqli_real_escape_string($link, $keyword['id']) . "', '" . mysqli_real_escape_string($link, $keyword['text']) . "', '" . mysqli_real_escape_string($link, $keyword['action']) . "')");
 	}
 
-	function migrateKeyword($keyword) {
+	function migrateLog($log) {
 		global $link;
-		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBKEYWORDS . " (id, text, action) VALUES ('" . mysqli_real_escape_string($link, $keyword['id']) . "', '" . mysqli_real_escape_string($link, $keyword['text']) . "', '" . mysqli_real_escape_string($link, $keyword['action']) . "')");
+		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBLOGS . " (id, timestamp, account, message) VALUES ('" . mysqli_real_escape_string($link, $log['id']) . "', '" . mysqli_real_escape_string($link, $log['timestamp']) . "', '" . mysqli_real_escape_string($link, $log['account']) . "', '" . mysqli_real_escape_string($link, $log['message']) . "')");
+	}
+
+	function migratePost($post) {
+		global $link;
+		mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`id`, `parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`, `stickied`, `locked`) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . mysqli_real_escape_string($link, $post['ip']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "',      '" . mysqli_real_escape_string($link, $post['email']) . "',     '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
+	}
+
+	function migrateReport($report) {
+		global $link;
+		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysqli_real_escape_string($link, $report['id']) . "', '" . mysqli_real_escape_string($link, $report['ip']) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
 	}
 }

inc/database/pdo.php

@@ -3,6 +3,43 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
 
+// Account functions
+function accountByID($id) {
+	$result = pdoQuery("SELECT * FROM " . TINYIB_DBACCOUNTS . " WHERE id = ?", array($id));
+	return $result->fetch(PDO::FETCH_ASSOC);
+}
+
+function accountByUsername($username) {
+	$result = pdoQuery("SELECT * FROM " . TINYIB_DBACCOUNTS . " WHERE username = ? LIMIT 1", array($username));
+	return $result->fetch(PDO::FETCH_ASSOC);
+}
+
+function allAccounts() {
+	$accounts = array();
+	$results = pdoQuery("SELECT * FROM " . TINYIB_DBACCOUNTS . " ORDER BY role ASC, username ASC");
+	while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
+		$accounts[] = $row;
+	}
+	return $accounts;
+}
+
+function insertAccount($account) {
+	global $dbh;
+	$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBACCOUNTS . " (username, password, role, lastactive) VALUES (?, ?, ?, ?)");
+	$stm->execute(array($account['username'], hashData($account['password']), $account['role'], 0));
+	return $dbh->lastInsertId();
+}
+
+function updateAccount($account) {
+	global $dbh;
+	$stm = $dbh->prepare("UPDATE " . TINYIB_DBACCOUNTS . " SET username = ?, password = ?, role = ?, lastactive = ? WHERE id = ?");
+	$stm->execute(array($account['username'], hashData($account['password']), $account['role'], $account['lastactive'], $account['id']));
+}
+
+function deleteAccountByID($id) {
+	pdoQuery("DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = ?", array($id));
+}
+
 // Post functions
 function uniquePosts() {
 	$result = pdoQuery("SELECT COUNT(DISTINCT(ip)) FROM " . TINYIB_DBPOSTS);

inc/database/pdo_link.php

@@ -28,19 +28,40 @@ try {
 	fancyDie("Failed to connect to the database: " . $e->getMessage());
 }
 
-// Create the posts table if it does not exist
+// Create tables (when necessary)
 if (TINYIB_DBDRIVER === 'pgsql') {
-	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBPOSTS);
-	$posts_exists = $dbh->query($query)->fetchColumn() != 0;
+	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBACCOUNTS);
+	$accounts_exists = $dbh->query($query)->fetchColumn() != 0;
 } else {
-	$dbh->query("SHOW TABLES LIKE " . $dbh->quote(TINYIB_DBPOSTS));
-	$posts_exists = $dbh->query("SELECT FOUND_ROWS()")->fetchColumn() != 0;
+	$dbh->query("SHOW TABLES LIKE " . $dbh->quote(TINYIB_DBACCOUNTS));
+	$accounts_exists = $dbh->query("SELECT FOUND_ROWS()")->fetchColumn() != 0;
 }
-if (!$posts_exists) {
-	$dbh->exec($posts_sql);
+if (!$accounts_exists) {
+	$dbh->exec($accounts_sql);
+}
+
+if (TINYIB_DBDRIVER === 'pgsql') {
+	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBLOGS);
+	$logs_exists = $dbh->query($query)->fetchColumn() != 0;
+} else {
+	$dbh->query("SHOW TABLES LIKE " . $dbh->quote(TINYIB_DBLOGS));
+	$logs_exists = $dbh->query("SELECT FOUND_ROWS()")->fetchColumn() != 0;
+}
+if (!$logs_exists) {
+	$dbh->exec($logs_sql);
+}
+
+if (TINYIB_DBDRIVER === 'pgsql') {
+	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBKEYWORDS);
+	$keywords_exists = $dbh->query($query)->fetchColumn() != 0;
+} else {
+	$dbh->query("SHOW TABLES LIKE " . $dbh->quote(TINYIB_DBKEYWORDS));
+	$keywords_exists = $dbh->query("SELECT FOUND_ROWS()")->fetchColumn() != 0;
+}
+if (!$keywords_exists) {
+	$dbh->exec($keywords_sql);
 }
 
-// Create the bans table if it does not exist
 if (TINYIB_DBDRIVER === 'pgsql') {
 	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBBANS);
 	$bans_exists = $dbh->query($query)->fetchColumn() != 0;
@@ -52,7 +73,17 @@ if (!$bans_exists) {
 	$dbh->exec($bans_sql);
 }
 
-// Create the reports table if it does not exist
+if (TINYIB_DBDRIVER === 'pgsql') {
+	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBPOSTS);
+	$posts_exists = $dbh->query($query)->fetchColumn() != 0;
+} else {
+	$dbh->query("SHOW TABLES LIKE " . $dbh->quote(TINYIB_DBPOSTS));
+	$posts_exists = $dbh->query("SELECT FOUND_ROWS()")->fetchColumn() != 0;
+}
+if (!$posts_exists) {
+	$dbh->exec($posts_sql);
+}
+
 if (TINYIB_DBDRIVER === 'pgsql') {
 	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBREPORTS);
 	$reports_exists = $dbh->query($query)->fetchColumn() != 0;
@@ -64,18 +95,6 @@ if (!$reports_exists) {
 	$dbh->exec($reports_sql);
 }
 
-// Create the keywords table if it does not exist
-if (TINYIB_DBDRIVER === 'pgsql') {
-	$query = "SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE tablename LIKE " . $dbh->quote(TINYIB_DBKEYWORDS);
-	$keywords_exists = $dbh->query($query)->fetchColumn() != 0;
-} else {
-	$dbh->query("SHOW TABLES LIKE " . $dbh->quote(TINYIB_DBKEYWORDS));
-	$keywords_exists = $dbh->query("SELECT FOUND_ROWS()")->fetchColumn() != 0;
-}
-if (!$keywords_exists) {
-	$dbh->exec($keywords_sql);
-}
-
 if (TINYIB_DBDRIVER === 'pgsql') {
 	$query = "SELECT column_name FROM information_schema.columns WHERE table_name='" . TINYIB_DBPOSTS . "' and column_name='moderated'";
 	$moderated_exists = $dbh->query($query)->fetchColumn() != 0;
@@ -137,6 +156,30 @@ function pdoQuery($sql, $params = false) {
 }
 
 if (function_exists('insertPost')) {
+	function migrateAccount($account) {
+		global $dbh;
+		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBACCOUNTS . " (id, username, password, role, lastactive) VALUES (?, ?, ?, ?, ?)");
+		$stm->execute(array($account['id'], $account['username'], $account['password'], $account['role'], $account['lastactive']));
+	}
+
+	function migrateBan($ban) {
+		global $dbh;
+		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (?, ?, ?, ?, ?)");
+		$stm->execute(array($ban['id'], $ban['ip'], $ban['timestamp'], $ban['expire'], $ban['reason']));
+	}
+
+	function migrateKeyword($keyword) {
+		global $dbh;
+		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBKEYWORDS . " (id, text, action) VALUES (?, ?, ?)");
+		$stm->execute(array($keyword['id'], $keyword['text'], $keyword['action']));
+	}
+
+	function migrateLog($log) {
+		global $dbh;
+		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBLOGS . " (id, timestamp, account, message) VALUES (?, ?, ?, ?)");
+		$stm->execute(array($log['id'], $log['timestamp'], $log['account'], $log['message']));
+	}
+
 	function migratePost($post) {
 		global $dbh;
 		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) " .
@@ -147,21 +190,9 @@ if (function_exists('insertPost')) {
 			$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated'], $post['stickied'], $post['locked']));
 	}
 
-	function migrateBan($ban) {
-		global $dbh;
-		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (?, ?, ?, ?, ?)");
-		$stm->execute(array($ban['id'], $ban['ip'], $ban['timestamp'], $ban['expire'], $ban['reason']));
-	}
-
 	function migrateReport($report) {
 		global $dbh;
 		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES (?, ?, ?)");
 		$stm->execute(array($report['id'], $report['ip'], $report['post']));
 	}
-
-	function migrateKeyword($keyword) {
-		global $dbh;
-		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBKEYWORDS . " (id, text, action) VALUES (?, ?, ?)");
-		$stm->execute(array($keyword['id'], $keyword['text'], $keyword['action']));
-	}
 }

inc/database/sqlite.php

@@ -3,6 +3,43 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
 
+// Account functions
+function accountByID($id) {
+	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBACCOUNTS . " WHERE id = '" . sqlite_escape_string($id) . "' LIMIT 1"), SQLITE_ASSOC);
+	foreach ($result as $account) {
+		return $account;
+	}
+}
+
+function accountByUsername($username) {
+	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBACCOUNTS . " WHERE username = '" . sqlite_escape_string($username) . "' LIMIT 1"), SQLITE_ASSOC);
+	foreach ($result as $account) {
+		return $account;
+	}
+}
+
+function allAccounts() {
+	$accounts = array();
+	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBACCOUNTS . " ORDER BY role ASC, username ASC"), SQLITE_ASSOC);
+	foreach ($result as $account) {
+		$accounts[] = $account;
+	}
+	return $accounts;
+}
+
+function insertAccount($account) {
+	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBACCOUNTS . " (username, password, role, lastactive) VALUES ('" . sqlite_escape_string($account['username']) . "', '" . sqlite_escape_string(hashData($account['password'])) . "', '" . sqlite_escape_string($account['role']) . "', '0')");
+	return sqlite_last_insert_rowid($GLOBALS["db"]);
+}
+
+function updateAccount($account) {
+	sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . sqlite_escape_string($account['username']) . "', password = '" . sqlite_escape_string(hashData($account['password'])) . "', role = '" . sqlite_escape_string($account['role']) . "', lastactive = '" . sqlite_escape_string($account['lastactive']) . "' WHERE id = " . sqlite_escape_string($account['id']));
+}
+
+function deleteAccountByID($id) {
+	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = " . sqlite_escape_string($id));
+}
+
 // Post functions
 function uniquePosts() {
 	return sqlite_fetch_single(sqlite_query($GLOBALS["db"], "SELECT COUNT(ip) FROM (SELECT DISTINCT ip FROM " . TINYIB_DBPOSTS . ")"));

inc/database/sqlite3.php

@@ -3,6 +3,50 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
 
+// Account functions