public static function new_ban($mask, $reason, $length = false, $ban_board = false, $mod_id = false, $post = false)
{
global $mod, $pdo, $board;
if ($mod_id === false) {
$mod_id = isset($mod['id']) ? $mod['id'] : -1;
}
$range = self::parse_range($mask);
$mask = self::range_to_string($range);
$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ipstart, :ipend, :time, :expires, :board, :mod, :reason, 0, :post)");
$query->bindValue(':ipstart', $range[0]);
if ($range[1] !== false && $range[1] != $range[0]) {
$query->bindValue(':ipend', $range[1]);
} else {
$query->bindValue(':ipend', null, PDO::PARAM_NULL);
}
$query->bindValue(':mod', $mod_id);
$query->bindValue(':time', time());
if ($reason !== '') {
$reason = escape_markup_modifiers($reason);
markup($reason);
$query->bindValue(':reason', $reason);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
if ($length) {
if (is_int($length) || ctype_digit($length)) {
$length = time() + $length;
} else {
$length = self::parse_time($length);
}
$query->bindValue(':expires', $length);
} else {
$query->bindValue(':expires', null, PDO::PARAM_NULL);
}
if ($ban_board) {
$query->bindValue(':board', $ban_board);
} else {
$query->bindValue(':board', null, PDO::PARAM_NULL);
}
if ($post) {
$post['board'] = $board['uri'];
$query->bindValue(':post', json_encode($post));
} else {
$query->bindValue(':post', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
if (isset($mod['id']) && $mod['id'] == $mod_id) {
modLog('Created a new ' . ($length > 0 ? preg_replace('/^(\\d+) (\\w+?)s?$/', '$1-$2', until($length)) : 'permanent') . ' ban on ' . ($ban_board ? '/' . $ban_board . '/' : 'all boards') . ' for ' . (filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/{$mask}\">{$mask}</a>" : $mask) . ' (<small>#' . $pdo->lastInsertId() . '</small>)' . ' with ' . ($reason ? 'reason: ' . utf8tohtml($reason) . '' : 'no reason'));
}
return $pdo->lastInsertId();
}
error($config['error']['toolong_body']);
}
if (mb_strlen($post['body']) < $config['min_body'] && $post['op']) {
error(sprintf(_('OP must be at least %d chars on this board.'), $config['min_body']));
}
if (mb_strlen($post['password']) > 20) {
error(sprintf($config['error']['toolong'], 'password'));
}
wordfilters($post['body']);
if ($config['max_newlines'] > 0) {
preg_match_all("/\n/", $post['body'], $nlmatches);
if (isset($nlmatches[0]) && sizeof($nlmatches[0]) > $config['max_newlines']) {
error(sprintf(_('Your post contains too many lines. This board only allows %d maximum.'), $config['max_newlines']));
}
}
$post['body'] = escape_markup_modifiers($post['body']);
if ($mod && isset($post['raw']) && $post['raw']) {
$post['body'] .= "\n<tinyboard raw html>1</tinyboard>";
}
if ($config['country_flags'] && (!$config['allow_no_country'] || $config['force_flag']) || $config['country_flags'] && $config['allow_no_country'] && !isset($_POST['no_country'])) {
require 'inc/lib/geoip/geoip.inc';
$gi = geoip\geoip_open('inc/lib/geoip/GeoIPv6.dat', GEOIP_STANDARD);
function ipv4to6($ip)
{
if (strpos($ip, ':') !== false) {
if (strpos($ip, '.') > 0) {
$ip = substr($ip, strrpos($ip, ':') + 1);
} else {
return $ip;
}
//native ipv6
function mod_new_pm($username)
{
global $config, $mod;
if (!hasPermission($config['mod']['create_pm'])) {
error($config['error']['noaccess']);
}
$query = prepare("SELECT `id`, `boards` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
if (!($row = $query->fetch())) {
error($config['error']['404']);
}
// Rate limit for PMs
if (!hasPermission($config['mod']['bypass_pm_ratelimit'])) {
$ratelimit = prepare('SELECT `id` FROM ``pms`` WHERE FROM_UNIXTIME(`time`) > DATE_SUB(NOW(), INTERVAL 1 HOUR) AND `sender` = :sender');
$ratelimit->bindValue(':sender', $mod['id']);
$ratelimit->execute() or error(db_error($ratelimit));
if ($ratelimit->rowCount() >= $config['mod']['pm_ratelimit']) {
error(_('You are sending too many PMs per hour. Try again later.'));
}
}
// Lock users into only being able to message users assigned to their board.
if (!hasPermission($config['mod']['pm_all'])) {
if ($mod['boards'][0] != $row['boards'] && !($row['boards'] === '*')) {
error(_('You may only PM users assigned to your board'));
}
if ($row['boards'] === '*') {
// If the global user PM'd them first within the last month, they can reply.
$check = prepare('SELECT * FROM ``pms`` WHERE FROM_UNIXTIME(`time`) > DATE_SUB(NOW(), INTERVAL 1 MONTH) AND `sender` = :sender AND `to` = :to');
$check->bindValue(':sender', $row['id']);
$check->bindValue(':to', $mod['id']);
$check->execute() or error(db_error($check));
if (!$check->rowCount()) {
error(_('You may not PM a member of global staff who did not PM you within the last month. Try posting on /operate/ or emailing us instead: admin@8chan.co'));
}
}
}
if (isset($_POST['message'])) {
$id = $row['id'];
if (strlen($_POST['message']) > $config['mod']['pm_maxsize']) {
error(sprintf(_('Your message exceeds %d characters, please shorten it.'), $config['mod']['pm_maxsize']));
}
$_POST['message'] = escape_markup_modifiers($_POST['message']);
markup($_POST['message']);
$query = prepare("INSERT INTO ``pms`` VALUES (NULL, :me, :id, :message, :time, 1)");
$query->bindValue(':me', $mod['id']);
$query->bindValue(':id', $id);
$query->bindValue(':message', $_POST['message']);
$query->bindValue(':time', time());
$query->execute() or error(db_error($query));
if ($config['cache']['enabled']) {
cache::delete('pm_unread_' . $id);
cache::delete('pm_unreadcount_' . $id);
}
modLog('Sent a PM to ' . utf8tohtml($username));
header('Location: ?/', true, $config['redirect_http']);
}
mod_page(sprintf('%s %s', _('New PM for'), $username), 'mod/new_pm.html', array('username' => $username, 'id' => $row['id'], 'token' => make_secure_link_token('new_PM/' . $username)));
}
function mod_new_pm($username)
{
global $config, $mod;
if (!hasPermission($config['mod']['create_pm'])) {
error($config['error']['noaccess']);
}
$query = prepare("SELECT `id` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
if (!($id = $query->fetchColumn())) {
// Old style ?/PM: by user ID
$query = prepare("SELECT `username` FROM ``mods`` WHERE `id` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
if ($username = $query->fetchColumn()) {
header('Location: ?/new_PM/' . $username, true, $config['redirect_http']);
} else {
error($config['error']['404']);
}
}
if (isset($_POST['message'])) {
$_POST['message'] = escape_markup_modifiers($_POST['message']);
markup($_POST['message']);
$query = prepare("INSERT INTO ``pms`` VALUES (NULL, :me, :id, :message, :time, 1)");
$query->bindValue(':me', $mod['id']);
$query->bindValue(':id', $id);
$query->bindValue(':message', $_POST['message']);
$query->bindValue(':time', time());
$query->execute() or error(db_error($query));
if ($config['cache']['enabled']) {
cache::delete('pm_unread_' . $id);
cache::delete('pm_unreadcount_' . $id);
}
modLog('Sent a PM to ' . utf8tohtml($username));
header('Location: ?/', true, $config['redirect_http']);
}
mod_page(sprintf('%s %s', _('New PM for'), $username), 'mod/new_pm.html', array('username' => $username, 'id' => $id, 'token' => make_secure_link_token('new_PM/' . $username)));
}
public static function new_ban($mask, $reason, $length = false, $ban_board = false, $mod_id = false, $post = false)
{
global $config, $mod, $pdo, $board;
if ($mod_id === false) {
$mod_id = isset($mod['id']) ? $mod['id'] : -1;
}
if (!in_array($ban_board, $mod['boards']) && $mod['boards'][0] != '*') {
error($config['error']['noaccess']);
}
$range = self::parse_range($mask);
$mask = self::range_to_string($range);
$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ipstart, :ipend, :time, :expires, :board, :mod, :reason, 0, :post)");
$query->bindValue(':ipstart', $range[0]);
if ($range[1] !== false && $range[1] != $range[0]) {
$query->bindValue(':ipend', $range[1]);
} else {
$query->bindValue(':ipend', null, PDO::PARAM_NULL);
}
$query->bindValue(':mod', $mod_id);
$query->bindValue(':time', time());
if ($reason !== '') {
$reason = escape_markup_modifiers($reason);
markup($reason);
$query->bindValue(':reason', $reason);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
if ($length) {
if (is_int($length) || ctype_digit($length)) {
$length = time() + $length;
} else {
$length = self::parse_time($length);
}
$query->bindValue(':expires', $length);
} else {
$query->bindValue(':expires', null, PDO::PARAM_NULL);
}
if ($ban_board) {
$query->bindValue(':board', $ban_board);
} else {
$query->bindValue(':board', null, PDO::PARAM_NULL);
}
if ($post) {
$post['board'] = $board['uri'];
$match_urls = '(?xi)\\b((?:https?://|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}/)(?:[^\\s()<>]+|\\(([^\\s()<>]+|(\\([^\\s()<>]+\\)))*\\))+(?:\\(([^\\s()<>]+|(\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?«»“”‘’]))';
$matched = array();
preg_match_all("#{$match_urls}#im", $post['body_nomarkup'], $matched);
if (isset($matched[0]) && $matched[0]) {
$post['body'] = str_replace($matched[0], '###Link-Removed###', $post['body']);
$post['body_nomarkup'] = str_replace($matched[0], '###Link-Removed###', $post['body_nomarkup']);
}
$query->bindValue(':post', json_encode($post));
} else {
$query->bindValue(':post', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
if (isset($mod['id']) && $mod['id'] == $mod_id) {
modLog('Created a new ' . ($length > 0 ? preg_replace('/^(\\d+) (\\w+?)s?$/', '$1-$2', until($length)) : 'permanent') . ' ban on ' . ($ban_board ? '/' . $ban_board . '/' : 'all boards') . ' for ' . (filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/{$mask}\">{$mask}</a>" : $mask) . ' (<small>#' . $pdo->lastInsertId() . '</small>)' . ' with ' . ($reason ? 'reason: ' . utf8tohtml($reason) . '' : 'no reason'));
}
if (!$config['cron_bans']) {
rebuildThemes('bans');
}
return $pdo->lastInsertId();
}
