Add TINYIB_BANMESSAGE

Allow staff to append a custom message to posts when banning users.
This commit is contained in:
Trevor Slocum 2021-06-23 19:08:22 -07:00
parent 8ba54d87f0
commit 088353c25c
12 changed files with 95 additions and 22 deletions

View File

@ -116,6 +116,11 @@ hr {
margin: 0.2em;
}
.banmessage {
color: red;
font-weight: bold;
}
.footer {
clear: both;
text-align: center;

View File

@ -842,7 +842,7 @@ EOF;
foreach ($ips as $ip) {
$banexists = banByIP($ip);
if ($banexists) {
fancyDie(__('Sorry, there is already a ban on record for that IP address.'));
continue;
}
if (TINYIB_REPORT) {
@ -866,6 +866,25 @@ EOF;
insertBan($ban);
manageLogAction($action);
}
if (TINYIB_BANMESSAGE && isset($_POST['message']) && $_POST['message'] != '' && isset($_GET['posts']) && $_GET['posts'] != '') {
$post_ids = explode(',', $_GET['posts']);
foreach ($post_ids as $post_id) {
$post = postByID($post_id);
if (!$post) {
continue; // The post has been deleted
}
updatePostMessage($post['id'], $post['message'] . '<br>' . "\n" . '<span class="banmessage">(' . htmlentities($_POST['message']) . ')</span><br>');
manageLogAction('Added ban message to ' . postLink('&gt;&gt;' . $post['id']));
}
clearPostCache();
foreach ($post_ids as $post_id) {
$post = postByID($post_id);
if (!$post) {
continue; // The post has been deleted
}
threadUpdated(getParent($post));
}
}
if (count($ips) == 1) {
$text .= manageInfo(__('Banned 1 IP address'));
} else {
@ -1024,10 +1043,8 @@ EOF;
foreach ($post_ids as $post_id) {
$post = postByID($post_id);
if (!$post) {
fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
continue; // The post has already been deleted
}
$posts[$post_id] = $post;
}
foreach ($post_ids as $post_id) {

View File

@ -39,3 +39,9 @@ function postsInThreadByID($id, $moderated_only = true) {
}
return $cache[$id];
}
function clearPostCache() {
global $cache_all, $cache_moderated;
$cache_all = array();
$cache_moderated = array();
}

View File

@ -259,6 +259,16 @@ function insertPost($newpost) {
return $GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
}
function updatePostMessage($id, $message) {
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON), 1);
if (count($rows) > 0) {
foreach ($rows as $post) {
$post[POST_MESSAGE] = $message;
$GLOBALS['db']->updateRowById(POSTS_FILE, POST_ID, $post);
}
}
}
function approvePostByID($id, $moderated) {
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON), 1);
if (count($rows) > 0) {

View File

@ -173,6 +173,10 @@ function insertPost($post) {
return mysql_insert_id();
}
function updatePostMessage($id, $message) {
mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `message` = '" . mysql_real_escape_string($message) . "' WHERE `id` = " . $id . " LIMIT 1");
}
function approvePostByID($id, $moderated) {
mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = $moderated WHERE `id` = " . $id . " LIMIT 1");
}

View File

@ -199,6 +199,11 @@ function insertPost($post) {
return mysqli_insert_id($link);
}
function updatePostMessage($id, $message) {
global $link;
mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `message` = '" . mysqli_real_escape_string($link, $message) . "' WHERE `id` = " . $id . " LIMIT 1");
}
function approvePostByID($id, $moderated) {
global $link;
mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = " . $moderated . " WHERE `id` = " . $id . " LIMIT 1");

View File

@ -159,8 +159,12 @@ function insertPost($post) {
return $dbh->lastInsertId();
}
function updatePostMessage($id, $message) {
pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET message = ? WHERE id = ?", array($message, $id));
}
function approvePostByID($id, $moderated) {
pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET moderated = ? WHERE id = ?", array($id, $moderated));
pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET moderated = ? WHERE id = ?", array($moderated, $id));
}
function bumpThreadByID($id) {

View File

@ -33,11 +33,11 @@ function insertAccount($account) {
}
function updateAccount($account) {
sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . sqlite_escape_string($account['username']) . "', password = '" . sqlite_escape_string(hashData($account['password'])) . "', role = '" . sqlite_escape_string($account['role']) . "', lastactive = '" . sqlite_escape_string($account['lastactive']) . "' WHERE id = " . sqlite_escape_string($account['id']));
sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . sqlite_escape_string($account['username']) . "', password = '" . sqlite_escape_string(hashData($account['password'])) . "', role = '" . sqlite_escape_string($account['role']) . "', lastactive = '" . sqlite_escape_string($account['lastactive']) . "' WHERE id = '" . sqlite_escape_string($account['id']) . "'");
}
function deleteAccountByID($id) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = " . sqlite_escape_string($id));
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = '" . sqlite_escape_string($id) . "'");
}
// Ban functions
@ -77,7 +77,7 @@ function clearExpiredBans() {
}
function deleteBanByID($id) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . sqlite_escape_string($id));
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = '" . sqlite_escape_string($id) . "'");
}
// Keyword functions
@ -113,7 +113,7 @@ function insertKeyword($keyword) {
}
function deleteKeyword($id) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = " . sqlite_escape_string($id));
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = '" . sqlite_escape_string($id) . "'");
}
// Log functions
@ -151,6 +151,10 @@ function insertPost($post) {
return sqlite_last_insert_rowid($GLOBALS["db"]);
}
function updatePostMessage($id, $message) {
sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBPOSTS . " SET message = '" . sqlite_escape_string($message) . "' WHERE id = " . $id);
}
function approvePostByID($id, $moderated) {
sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBPOSTS . " SET moderated = " . $moderated . " WHERE id = " . $id);
}
@ -223,7 +227,7 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . sqlite_escape_string($id));
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = '" . sqlite_escape_string($id) . "'");
}
function trimThreads() {
@ -273,7 +277,7 @@ function insertReport($report) {
}
function deleteReportsByPost($post) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . sqlite_escape_string($post));
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "'");
}
function deleteReportsByIP($ip) {

View File

@ -38,13 +38,13 @@ function insertAccount($account) {
function updateAccount($account) {
global $db;
$db->exec("UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . $db->escapeString($account['username']) . "', password = '" . $db->escapeString(hashData($account['password'])) . "', role = '" . $db->escapeString($account['role']) . "', lastactive = '" . $db->escapeString($account['lastactive']) . "' WHERE id = " . $db->escapeString($account['id']));
$db->exec("UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . $db->escapeString($account['username']) . "', password = '" . $db->escapeString(hashData($account['password'])) . "', role = '" . $db->escapeString($account['role']) . "', lastactive = '" . $db->escapeString($account['lastactive']) . "' WHERE id = '" . $db->escapeString($account['id']) . "'");
return $db->lastInsertRowID();
}
function deleteAccountByID($id) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = " . $db->escapeString($id));
$db->exec("DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = '" . $db->escapeString($id) . "'");
}
// Ban functions
@ -90,7 +90,7 @@ function clearExpiredBans() {
function deleteBanByID($id) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . $db->escapeString($id));
$db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = '" . $db->escapeString($id) . "'");
}
// Keyword functions
@ -131,7 +131,7 @@ function insertKeyword($keyword) {
function deleteKeyword($id) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = " . $db->escapeString($id));
$db->exec("DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = '" . $db->escapeString($id) . "'");
}
// Log functions
@ -175,6 +175,11 @@ function insertPost($post) {
return $db->lastInsertRowID();
}
function updatePostMessage($id, $message) {
global $db;
$db->exec("UPDATE " . TINYIB_DBPOSTS . " SET message = '" . $db->escapeString($message) . "' WHERE id = " . $id);
}
function approvePostByID($id, $moderated) {
global $db;
$db->exec("UPDATE " . TINYIB_DBPOSTS . " SET moderated = " . $moderated . " WHERE id = " . $id);
@ -258,7 +263,7 @@ function latestPosts($moderated = true) {
function deletePostByID($id) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $db->escapeString($id));
$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = '" . $db->escapeString($id) . "'");
}
function trimThreads() {
@ -315,7 +320,7 @@ function insertReport($report) {
function deleteReportsByPost($post) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . $db->escapeString($post));
$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "'");
}
function deleteReportsByIP($ip) {

View File

@ -79,6 +79,9 @@ if (!defined('TINYIB_AUTOHIDE')) {
if (!defined('TINYIB_REQMOD')) {
define('TINYIB_REQMOD', '');
}
if (!defined('TINYIB_BANMESSAGE')) {
define('TINYIB_BANMESSAGE', true);
}
if (!defined('TINYIB_SPOILERTEXT')) {
define('TINYIB_SPOILERTEXT', false);
}

View File

@ -1206,7 +1206,7 @@ function manageBanForm() {
$txt_ban_expire = __('Expire(sec)');
$txt_ban_reason = __('Reason');
$txt_ban_never = __('never');
$txt_ban_optional = __('optional');
$txt_ban_optional = __('Optional.');
$txt_submit = __('Submit');
$txt_1h = __('1 hour');
$txt_1d = __('1 day');
@ -1214,14 +1214,21 @@ function manageBanForm() {
$txt_1w = __('1 week');
$txt_2w = __('2 weeks');
$txt_1m = __('1 month');
$banmessage_html = '';
$post_ids = '';
if (TINYIB_BANMESSAGE && isset($_GET['posts']) && $_GET['posts'] != '') {
$post_ids = htmlentities($_GET['posts'], ENT_QUOTES);
$banmessage_html = '<tr><td><label for="message">' . __('Message') . '</label></td><td><input type="text" name="message" id="message"></td><td><small>' . __("Append a message to the post. Optional.") . '</small></td></tr>';
}
return <<<EOF
<form id="tinyib" name="tinyib" method="post" action="?manage&bans">
<form id="tinyib" name="tinyib" method="post" action="?manage&bans&posts=$post_ids">
<fieldset>
<legend>$txt_ban</legend>
<table border="0">
<tr><td><label for="ip">$txt_ban_ip</label></td><td><input type="text" name="ip" id="ip" value="${_GET['bans']}"></td><td><input type="submit" value="$txt_submit" class="managebutton"></td></tr>
<tr><td><label for="expire">$txt_ban_expire</label></td><td><input type="text" name="expire" id="expire" value="0"></td><td><small><a href="#" onclick="document.tinyib.expire.value='3600';return false;">$txt_1h</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='86400';return false;">$txt_1d</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='172800';return false;">$txt_2d</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='604800';return false;">$txt_1w</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='1209600';return false;">$txt_2w</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='2592000';return false;">$txt_1m</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='0';return false;">$txt_ban_never</a></small></td></tr>
<tr><td><label for="reason">$txt_ban_reason</label></td><td><input type="text" name="reason" id="reason"></td><td><small>$txt_ban_optional</small></td></tr>
$banmessage_html
</table><br>
<small>$txt_ban_help</small>
<legend>
@ -1317,6 +1324,7 @@ function manageModerateAll($post_ids, $threads, $replies, $ips) {
<form method="get" action="?">
<input type="hidden" name="manage" value="">
<input type="hidden" name="bans" value="{$ips_comma}">
<input type="hidden" name="posts" value="{$post_ids_quoted}">
<input type="submit" value="$txt_ban_all" class="managebutton" $ban_disabled>
</form>
@ -1451,6 +1459,7 @@ EOF;
<form method="get" action="?">
<input type="hidden" name="manage" value="">
<input type="hidden" name="bans" value="${post['ip']}">
<input type="hidden" name="posts" value="${post['id']}">
<input type="submit" value="$txt_ban" class="managebutton" $ban_disabled>
</form>

View File

@ -16,7 +16,9 @@ click Rebuild All in the management panel.
*/
// Internationalization
define('TINYIB_LOCALE', ''); // Locale (see README for instructions)
define('TINYIB_LOCALE', ''); // See README for instructions ['' to run in English]
define('TINYIB_TIMEZONE', 'UTC'); // See https://secure.php.net/manual/en/timezones.php - e.g. America/Los_Angeles
define('TINYIB_DATEFMT', '%g/%m/%d(%a)%H:%M:%S'); // Date and time format (see php.net/strftime)
// Board description and behavior
// Warning: Enabling reCAPTCHA will cause all visitors to be tracked by Google. See https://nearcyan.com/you-probably-dont-need-recaptcha/
@ -30,6 +32,7 @@ define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to
define('TINYIB_REPORT', false); // Allow users to report posts
define('TINYIB_AUTOHIDE', 0); // Amount of reports which will cause a post to be hidden until it is approved [0 to disable]
define('TINYIB_REQMOD', ''); // Require moderation before displaying posts: files / all ['' to disable]
define('TINYIB_BANMESSAGE', true); // Allow staff to append a custom message to posts when banning users
define('TINYIB_SPOILERTEXT', false); // Allow users to hide text until it is hovered over using the tags <s>text here</s> or <spoiler>text here</spoiler>
define('TINYIB_SPOILERIMAGE', false); // Allow users to blur thumbnails via a "Spoiler" checkbox
define('TINYIB_AUTOREFRESH', 30); // Delay (in seconds) between attempts to refresh a thread automatically [0 to disable]
@ -45,12 +48,10 @@ define('TINYIB_PREVIEWREPLIES', 3); // Amount of replies previewed on index pa
define('TINYIB_TRUNCATE', 15); // Messages are truncated to this many lines on board index pages [0 to disable]
define('TINYIB_WORDBREAK', 80); // Words longer than this many characters will be broken apart [0 to disable]
define('TINYIB_EXPANDWIDTH', 85); // Expanded content size as a percentage of the screen's width
define('TINYIB_TIMEZONE', 'UTC'); // See https://secure.php.net/manual/en/timezones.php - e.g. America/Los_Angeles
define('TINYIB_BACKLINKS', true); // Display reflinks to replies that reference a post
define('TINYIB_CATALOG', true); // Generate catalog page
define('TINYIB_JSON', true); // Generate JSON files
define('TINYIB_DEFAULTSTYLE', 'futaba'); // Default page style
define('TINYIB_DATEFMT', '%g/%m/%d(%a)%H:%M:%S'); // Date and time format (see php.net/strftime)
$tinyib_hidefieldsop = array(); // Fields to hide when creating a new thread - e.g. array('name', 'email', 'subject', 'message', 'file', 'embed', 'password')
$tinyib_hidefields = array(); // Fields to hide when replying
$tinyib_anonymous = array('Anonymous'); // Default name (or names)