public static function new_ban($mask, $reason, $length = false, $ban_board = false, $mod_id = false, $post = false)
{
global $mod, $pdo, $board;
if ($mod_id === false) {
$mod_id = isset($mod['id']) ? $mod['id'] : -1;
}
$range = self::parse_range($mask);
$mask = self::range_to_string($range);
$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ipstart, :ipend, :time, :expires, :board, :mod, :reason, 0, :post)");
$query->bindValue(':ipstart', $range[0]);
if ($range[1] !== false && $range[1] != $range[0]) {
$query->bindValue(':ipend', $range[1]);
} else {
$query->bindValue(':ipend', null, PDO::PARAM_NULL);
}
$query->bindValue(':mod', $mod_id);
$query->bindValue(':time', time());
if ($reason !== '') {
$reason = escape_markup_modifiers($reason);
markup($reason);
$query->bindValue(':reason', $reason);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
if ($length) {
if (is_int($length) || ctype_digit($length)) {
$length = time() + $length;
} else {
$length = self::parse_time($length);
}
$query->bindValue(':expires', $length);
} else {
$query->bindValue(':expires', null, PDO::PARAM_NULL);
}
if ($ban_board) {
$query->bindValue(':board', $ban_board);
} else {
$query->bindValue(':board', null, PDO::PARAM_NULL);
}
if ($post) {
$post['board'] = $board['uri'];
$query->bindValue(':post', json_encode($post));
} else {
$query->bindValue(':post', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
if (isset($mod['id']) && $mod['id'] == $mod_id) {
modLog('Created a new ' . ($length > 0 ? preg_replace('/^(\\d+) (\\w+?)s?$/', '$1-$2', until($length)) : 'permanent') . ' ban on ' . ($ban_board ? '/' . $ban_board . '/' : 'all boards') . ' for ' . (filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/{$mask}\">{$mask}</a>" : $mask) . ' (<small>#' . $pdo->lastInsertId() . '</small>)' . ' with ' . ($reason ? 'reason: ' . utf8tohtml($reason) . '' : 'no reason'));
}
return $pdo->lastInsertId();
}
function unban($id)
{
$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
modLog("Removed ban #{$id}");
}
function clean($pid = false)
{
global $board, $config;
$offset = round($config['max_pages'] * $config['threads_per_page']);
// I too wish there was an easier way of doing this...
$query = prepare(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri']));
$query->bindValue(':offset', $offset, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
deletePost($post['id'], false, false);
if ($pid) {
modLog("Automatically deleting thread #{$post['id']} due to new thread #{$pid}");
}
}
// Bump off threads with X replies earlier, spam prevention method
if ($config['early_404']) {
$offset = round($config['early_404_page'] * $config['threads_per_page']);
$query = prepare(sprintf("SELECT `id` AS `thread_id`, (SELECT COUNT(`id`) FROM ``posts_%s`` WHERE `thread` = `thread_id`) AS `reply_count` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'], $board['uri']));
$query->bindValue(':offset', $offset, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
if ($post['reply_count'] < $config['early_404_replies']) {
deletePost($post['thread_id'], false, false);
if ($pid) {
modLog("Automatically deleting thread #{$post['thread_id']} due to new thread #{$pid} (early 404 is set, #{$post['thread_id']} had {$post['reply_count']} replies)");
}
}
}
}
}
if (!$options['quiet']) {
echo "Creating index pages...\n";
}
buildIndex();
if ($options['quick']) {
continue;
}
// do no more
if ($options['full']) {
$query = query(sprintf("SELECT `id` FROM ``posts_%s``", $board['uri'])) or error(db_error());
while ($post = $query->fetch()) {
if (!$options['quiet']) {
echo "Rebuilding #{$post['id']}...\n";
}
rebuildPost($post['id']);
}
}
$query = query(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
while ($post = $query->fetch()) {
if (!$options['quiet']) {
echo "Rebuilding #{$post['id']}...\n";
}
buildThread($post['id']);
}
}
if (!$options['quiet']) {
printf("Complete! Took %g seconds\n", microtime(true) - $start);
}
unset($board);
modLog('Rebuilt everything using tools/rebuild.php');
$xmlData = array('maintenance' => array('activeUser' => array('userId' => (int) $user['userId'], 'userName' => $user['userName']), 'errStr' => $errStr, 'errDesc' => $errDesc, 'response' => array()));
/* Start Processing */
if ($user['adminDefs']['modPrivs']) {
switch ($request['action']) {
case 'disableSystem':
if (file_exists('.tempStop')) {
echo container('Error', 'FIM has already been stopped.');
} else {
modLog('disable', '');
touch('.tempStop');
echo container('', 'FIM has been stopped.');
}
break;
case 'enableSystem':
if (file_exists('.tempStop')) {
modLog('enable', '');
unlink('.tempStop');
echo container('', 'FIM has been re-enabled.');
} else {
echo container('Error', 'FIM is already running.');
}
break;
case 'updatePostFormatCache':
echo container('Error', 'Not yet coded.');
break;
case 'updatePostCountCache':
$limit = 20;
$offset = intval($_GET['page']) * $limit;
$nextpage = intval($_GET['page']) + 1;
$records = dbRows("SELECT * FROM {$sqlPrefix}ping LIMIT {$limit} OFFSET {$offset}", 'id');
foreach ($records as $id => $record) {
$query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message'])));
$query->execute() or error(db_error($query));
// Rebuild thread
$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$thread = $query->fetch();
if ($thread['thread']) {
buildThread($thread['thread']);
} else {
buildThread($post);
}
// Rebuild board
buildIndex();
// Record the action
modLog("Attached a public ban message for post #{$post}: " . $_POST['message']);
}
// Redirect
if (isset($_POST['continue'])) {
header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
} elseif (isset($board)) {
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} else {
header('Location: ?/', true, $config['redirect_http']);
}
}
} elseif (preg_match('/^\\/' . $regex['board'] . 'move\\/(\\d+)$/', $query, $matches)) {
$boardName =& $matches[1];
$postID = $matches[2];
// Open board
if (!openBoard($boardName)) {
$thread = $thread_query->fetch(PDO::FETCH_ASSOC);
}
if ($password != '' && $post['password'] != $password && (!$thread || $thread['password'] != $password)) {
error($config['error']['invalidpassword']);
}
if ($post['time'] > time() - $config['delete_time'] && (!$thread || $thread['password'] != $password)) {
error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time'])));
}
if (isset($_POST['file'])) {
// Delete just the file
deleteFile($id);
modLog("User deleted file from his own post #{$id}");
} else {
// Delete entire post
deletePost($id);
modLog("User deleted his own post #{$id}");
}
_syslog(LOG_INFO, 'Deleted post: ' . '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $id) . ($post['thread'] ? '#' . $id : ''));
}
}
buildIndex();
$is_mod = isset($_POST['mod']) && $_POST['mod'];
$root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
if (!isset($_POST['json_response'])) {
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
} else {
header('Content-Type: text/json');
echo json_encode(array('success' => true));
}
// We are already done, let's continue our heavy-lifting work in the background (if we run off FastCGI)
if (function_exists('fastcgi_finish_request')) {
function mod_report_dismiss($id, $all = false)
{
global $config;
$query = prepare("SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
if ($report = $query->fetch(PDO::FETCH_ASSOC)) {
$ip = $report['ip'];
$board = $report['board'];
$post = $report['post'];
} else {
error($config['error']['404']);
}
if (!$all && !hasPermission($config['mod']['report_dismiss'], $board)) {
error($config['error']['noaccess']);
}
if ($all && !hasPermission($config['mod']['report_dismiss_ip'], $board)) {
error($config['error']['noaccess']);
}
if ($all) {
$query = prepare("DELETE FROM ``reports`` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
} else {
$query = prepare("DELETE FROM ``reports`` WHERE `id` = :id");
$query->bindValue(':id', $id);
}
$query->execute() or error(db_error($query));
if ($all) {
modLog("Dismissed all reports by <a href=\"?/IP/{$ip}\">{$ip}</a>");
} else {
modLog("Dismissed a report for post #{$id}", $board);
}
header('Location: ?/reports', true, $config['redirect_http']);
}
function mod_8_settings($b)
{
global $config, $mod;
//if ($b === 'infinity' && $mod['type'] !== ADMIN)
// error('Settings temporarily disabled for this board.');
if (!in_array($b, $mod['boards']) and $mod['boards'][0] != '*') {
error($config['error']['noaccess']);
}
if (!hasPermission($config['mod']['edit_settings'], $b)) {
error($config['error']['noaccess']);
}
if (!openBoard($b)) {
error("Could not open board!");
}
$possible_languages = array_diff(scandir('inc/locale/'), array('..', '.', '.tx', 'README.md'));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$board_type = $_POST['board_type'];
$imgboard = $board_type == 'imgboard';
$txtboard = $board_type == 'txtboard';
$fileboard = $board_type == 'fileboard';
$title = $_POST['title'];
$subtitle = $_POST['subtitle'];
$country_flags = isset($_POST['country_flags']) ? 'true' : 'false';
$field_disable_name = isset($_POST['field_disable_name']) ? 'true' : 'false';
$enable_embedding = isset($_POST['enable_embedding']) ? 'true' : 'false';
$force_image_op = $imgboard && isset($_POST['force_image_op']) ? 'true' : 'false';
$disable_images = $txtboard ? 'true' : 'false';
$poster_ids = isset($_POST['poster_ids']) ? 'true' : 'false';
$show_sages = isset($_POST['show_sages']) ? 'true' : 'false';
$auto_unicode = isset($_POST['auto_unicode']) ? 'true' : 'false';
$strip_combining_chars = isset($_POST['strip_combining_chars']) ? 'true' : 'false';
$allow_roll = isset($_POST['allow_roll']) ? 'true' : 'false';
$image_reject_repost = isset($_POST['image_reject_repost']) ? 'true' : 'false';
$image_reject_repost_in_thread = isset($_POST['image_reject_repost_in_thread']) ? 'true' : 'false';
$early_404 = isset($_POST['early_404']) ? 'true' : 'false';
$allow_delete = isset($_POST['allow_delete']) ? 'true' : 'false';
$allow_flash = $imgboard && isset($_POST['allow_flash']) ? '$config[\'allowed_ext_files\'][] = \'swf\';' : '';
$allow_pdf = $imgboard && isset($_POST['allow_pdf']) ? '$config[\'allowed_ext_files\'][] = \'pdf\';' : '';
$code_tags = isset($_POST['code_tags']) ? '$config[\'additional_javascript\'][] = \'js/code_tags/run_prettify.js\';$config[\'markup\'][] = array("/\\[code\\](.+?)\\[\\/code\\]/ms", "<code><pre class=\'prettyprint\' style=\'display:inline-block\'>\\$1</pre></code>");' : '';
$katex = isset($_POST['katex']) ? '$config[\'katex\'] = true;$config[\'additional_javascript\'][] = \'js/katex/katex.min.js\'; $config[\'markup\'][] = array("/\\[tex\\](.+?)\\[\\/tex\\]/ms", "<span class=\'tex\'>\\$1</span>"); $config[\'additional_javascript\'][] = \'js/katex-enable.js\';' : '';
$user_flags = isset($_POST['user_flags']) ? "if (file_exists('{$b}/flags.php')) { include 'flags.php'; }\n" : '';
$captcha = isset($_POST['captcha']) ? 'true' : 'false';
$force_subject_op = isset($_POST['force_subject_op']) ? 'true' : 'false';
$force_flag = isset($_POST['force_flag']) ? 'true' : 'false';
$tor_posting = isset($_POST['tor_posting']) ? 'true' : 'false';
$tor_image_posting = isset($_POST['tor_image_posting']) ? 'true' : 'false';
$robot_enable = isset($_POST['robot_enable']) ? 'true' : 'false';
$new_thread_capt = isset($_POST['new_thread_capt']) ? 'true' : 'false';
$oekaki = ($imgboard || $fileboard) && isset($_POST['oekaki']) ? 'true' : 'false';
$view_bumplock = isset($_POST['view_bumplock']) ? '-1' : 'MOD';
if ($tor_image_posting === 'true' && isset($_POST['meta_noindex'])) {
error('Please index your board to enable this.');
}
if ($_POST['locale'] !== 'en' && in_array($_POST['locale'], $possible_languages)) {
$locale = "\$config['locale'] = '{$_POST['locale']}.UTF-8';";
} else {
$locale = '';
}
if (isset($_POST['max_images']) && (int) $_POST['max_images'] && (int) $_POST['max_images'] <= 5) {
$_POST['max_images'] = (int) $_POST['max_images'];
$multiimage = "\$config['max_images'] = {$_POST['max_images']};\n\t\t\t\t\t \$config['additional_javascript'][] = 'js/multi-image.js';";
} else {
$multiimage = '';
}
if (isset($_POST['custom_assets'])) {
$assets = "\$config['custom_assets'] = true;\n\t\t\t\t \$config['spoiler_image'] = 'static/assets/{$b}/spoiler.png';\n\t\t\t\t \$config['image_deleted'] = 'static/assets/{$b}/deleted.png';\n\t\t\t\t \$config['no_file_image'] = 'static/assets/{$b}/no-file.png';\n\t\t\t\t";
} else {
$assets = '';
}
$file_board = '';
if ($fileboard) {
$force_image_op = true;
$file_board = "\$config['threads_per_page'] = 30;\n\t\t\t\t\t \$config['file_board'] = true;\n\t\t\t\t\t \$config['threads_preview'] = 0;\n\t\t\t\t \$config['threads_preview_sticky'] = 0;\n\t\t\t\t\t \$config['allowed_ext_files'] = array();\n";
if (isset($_POST['allowed_type'])) {
foreach ($_POST['allowed_type'] as $val) {
if (in_array($val, $config['fileboard_allowed_types'])) {
$file_board .= "\$config['allowed_ext_files'][] = '{$val}';\n";
}
}
}
if (isset($_POST['allowed_ext_op'])) {
$file_board .= "\$config['allowed_ext_op'] = \$config['allowed_ext_files'];\n";
if (isset($_POST['allowed_ext_op_video'])) {
$file_board .= "\$config['allowed_ext_op'][] = 'webm';\n\t\t\t\t\t\t\t\t\$config['allowed_ext_op'][] = 'mp4';\n";
}
}
if (isset($_POST['tag_id'])) {
$file_board .= "\$config['allowed_tags'] = array();\n";
foreach ($_POST['tag_id'] as $id => $v) {
$file_board .= "\$config['allowed_tags'][";
$file_board .= 'base64_decode("';
$file_board .= base64_encode($_POST['tag_id'][$id]);
$file_board .= '")';
$file_board .= "] = ";
$file_board .= 'base64_decode("';
$file_board .= base64_encode($_POST['tag_desc'][$id]);
$file_board .= '")';
$file_board .= ";\n";
}
}
}
$anal_filenames = $fileboard && isset($_POST['anal_filenames']) ? "\$config['filename_func'] = 'filename_func';\n" : '';
$anonymous = base64_encode($_POST['anonymous']);
$blotter = base64_encode(purify_html(html_entity_decode($_POST['blotter'])));
$add_to_config = @file_get_contents($b . '/extra_config.php');
$replace = '';
if (isset($_POST['replace'])) {
if (sizeof($_POST['replace']) > 200 || sizeof($_POST['with']) > 200) {
error(_('Sorry, max 200 wordfilters allowed.'));
}
if (count($_POST['replace']) == count($_POST['with'])) {
foreach ($_POST['replace'] as $i => $r) {
if ($r !== '') {
$w = $_POST['with'][$i];
if (strlen($w) > 255) {
error(sprintf(_('Sorry, %s is too long. Max replacement is 255 characters'), utf8tohtml($w)));
}
$replace .= '$config[\'wordfilters\'][] = array(base64_decode(\'' . base64_encode($r) . '\'), base64_decode(\'' . base64_encode($w) . '\'));';
}
}
}
if (is_billion_laughs($_POST['replace'], $_POST['with'])) {
error(_('Wordfilters may not wordfilter previous wordfilters. For example, if a filters to bb and b filters to cc, that is not allowed.'));
}
}
if (isset($_POST['hour_max_threads']) && (int) $_POST['hour_max_threads'] > 0 && (int) $_POST['hour_max_threads'] < 101) {
$hour_max_threads = (int) $_POST['hour_max_threads'];
} else {
$hour_max_threads = 'false';
}
if (isset($_POST['max_pages'])) {
$mp = (int) $_POST['max_pages'];
if ($mp > 25 || $mp < 1) {
$max_pages = 15;
} else {
$max_pages = $mp;
}
} else {
$max_pages = 15;
}
if (isset($_POST['reply_limit'])) {
$rl = (int) $_POST['reply_limit'];
if ($rl > 750 || $rl < 250 || $rl % 25) {
$reply_limit = 250;
} else {
$reply_limit = $rl;
}
} else {
$reply_limit = 250;
}
if (isset($_POST['max_newlines'])) {
$mn = (int) $_POST['max_newlines'];
if ($mn < 20 || $mn > 300) {
$max_newlines = 0;
} else {
$max_newlines = $mn;
}
} else {
$max_newlines = 0;
}
if (isset($_POST['min_body'])) {
$mb = (int) $_POST['min_body'];
if ($mb < 0 || $mb > 1024) {
$min_body = 0;
} else {
$min_body = $mb;
}
} else {
$min_body = 0;
}
if (!(strlen($title) < 40)) {
error('Invalid title');
}
if (!(strlen($subtitle) < 200)) {
error('Invalid subtitle');
}
$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle, `indexed` = :indexed, `public_bans` = :public_bans, `public_logs` = :public_logs, `8archive` = :8archive WHERE `uri` = :uri');
$query->bindValue(':title', $title);
$query->bindValue(':subtitle', $subtitle);
$query->bindValue(':uri', $b);
$query->bindValue(':indexed', !isset($_POST['meta_noindex']));
$query->bindValue(':public_bans', isset($_POST['public_bans']));
$query->bindValue(':public_logs', (int) $_POST['public_logs']);
$query->bindValue(':8archive', isset($_POST['8archive']));
$query->execute() or error(db_error($query));
$config_file = <<<EOT
<?php
\$config['country_flags'] = {$country_flags};
\$config['field_disable_name'] = {$field_disable_name};
\$config['enable_embedding'] = {$enable_embedding};
\$config['force_image_op'] = {$force_image_op};
\$config['disable_images'] = {$disable_images};
\$config['poster_ids'] = {$poster_ids};
\$config['show_sages'] = {$show_sages};
\$config['auto_unicode'] = {$auto_unicode};
\$config['strip_combining_chars'] = {$strip_combining_chars};
\$config['allow_roll'] = {$allow_roll};
\$config['image_reject_repost'] = {$image_reject_repost};
\$config['image_reject_repost_in_thread'] = {$image_reject_repost_in_thread};
\$config['early_404'] = {$early_404};
\$config['allow_delete'] = {$allow_delete};
\$config['anonymous'] = base64_decode('{$anonymous}');
\$config['blotter'] = base64_decode('{$blotter}');
\$config['stylesheets']['Custom'] = 'board/{$b}.css';
\$config['default_stylesheet'] = array('Custom', \$config['stylesheets']['Custom']);
\$config['captcha']['enabled'] = {$captcha};
\$config['force_subject_op'] = {$force_subject_op};
\$config['force_flag'] = {$force_flag};
\$config['tor_posting'] = {$tor_posting};
\$config['tor_image_posting'] = {$tor_image_posting};
\$config['robot_enable'] = {$robot_enable};
\$config['new_thread_capt'] = {$new_thread_capt};
\$config['hour_max_threads'] = {$hour_max_threads};
\$config['reply_limit'] = {$reply_limit};
\$config['max_pages'] = {$max_pages};
\$config['max_newlines'] = {$max_newlines};
\$config['oekaki'] = {$oekaki};
\$config['min_body'] = {$min_body};
\$config['mod']['view_bumplock'] = {$view_bumplock};
{$code_tags} {$katex} {$replace} {$multiimage} {$allow_flash} {$allow_pdf} {$user_flags}
{$assets}
{$locale}
{$anal_filenames}
{$file_board}
if (\$config['disable_images'])
\t\$config['max_pages'] = 10000;
{$add_to_config}
EOT;
// Clean up our CSS...no more expression() or off-site URLs.
$clean_css = preg_replace('/expression\\s*\\(/', '', $_POST['css']);
$matched = array();
preg_match_all("#{$config['link_regex']}#im", $clean_css, $matched);
if (isset($matched[0])) {
foreach ($matched[0] as $match) {
$match_okay = false;
foreach ($config['allowed_offsite_urls'] as $allowed_url) {
if (strpos($match, $allowed_url) !== false && strpos($match, '#') === false && strpos($match, '?') === false && strpos($match, ';') === false) {
$match_okay = true;
}
}
if ($match_okay !== true) {
error(sprintf(_("Off-site link \"%s\" is not allowed in the board stylesheet"), $match));
}
}
}
//Filter out imports from sites with potentially unsafe content
$match_imports = '@import[^;]*';
$matched = array();
preg_match_all("#{$match_imports}#im", $clean_css, $matched);
$unsafe_import_urls = array('https://a.pomf.se/');
if (isset($matched[0])) {
foreach ($matched[0] as $match) {
$match_okay = true;
foreach ($unsafe_import_urls as $unsafe_import_url) {
if (strpos($match, $unsafe_import_url) !== false && strpos($match, '#') === false) {
$match_okay = false;
}
}
if ($match_okay !== true) {
error(sprintf(_("Potentially unsafe import \"%s\" is not allowed in the board stylesheet"), $match));
}
}
}
$query = query('SELECT `uri`, `title`, `subtitle` FROM ``boards`` WHERE `8archive` = TRUE');
file_write('8archive.json', json_encode($query->fetchAll(PDO::FETCH_ASSOC)));
file_write($b . '/config.php', $config_file);
file_write('stylesheets/board/' . $b . '.css', $clean_css);
$_config = $config;
unset($config['wordfilters']);
// Faster than openBoard and bypasses cache...we're trusting the PHP output
// to be safe enough to run with every request, we can eval it here.
eval(str_replace('flags.php', "{$b}/flags.php", preg_replace('/^\\<\\?php$/m', '', $config_file)));
// czaks: maybe reconsider using it, now that config is cached?
// be smarter about rebuilds...only some changes really require us to rebuild all threads
if ($_config['captcha']['enabled'] != $config['captcha']['enabled'] || $_config['new_thread_capt'] != $config['new_thread_capt'] || $_config['captcha']['extra'] != $config['captcha']['extra'] || $_config['blotter'] != $config['blotter'] || $_config['field_disable_name'] != $config['field_disable_name'] || $_config['show_sages'] != (isset($config['show_sages']) && $config['show_sages'])) {
buildIndex();
$query = query(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL", $b)) or error(db_error());
while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
buildThread($post['id']);
}
}
modLog('Edited board settings', $b);
}
$query = prepare('SELECT * FROM boards WHERE uri = :board');
$query->bindValue(':board', $b);
$query->execute() or error(db_error($query));
$board = $query->fetchAll()[0];
// Clean the cache
if ($config['cache']['enabled']) {
cache::delete('board_' . $board['uri']);
cache::delete('all_boards');
cache::delete('config_' . $board['uri']);
cache::delete('events_' . $board['uri']);
unlink('tmp/cache/locale_' . $board['uri']);
}
$css = @file_get_contents('stylesheets/board/' . $board['uri'] . '.css');
mod_page(_('Board configuration'), 'mod/settings.html', array('board' => $board, 'css' => prettify_textarea($css), 'token' => make_secure_link_token('settings/' . $board['uri']), 'languages' => $possible_languages, 'allowed_urls' => $config['allowed_offsite_urls']));
}
function mod_edit_page($id)
{
global $config, $mod, $board;
$query = prepare('SELECT * FROM ``pages`` WHERE `id` = :id');
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
$page = $query->fetch();
if (!$page) {
error(_('Could not find the page you are trying to edit.'));
}
if (!$page['board'] && $mod['boards'][0] !== '*') {
error($config['error']['noaccess']);
}
if (!hasPermission($config['mod']['edit_pages'], $page['board'])) {
error($config['error']['noaccess']);
}
if ($page['board'] && !openBoard($page['board'])) {
error($config['error']['noboard']);
}
if (isset($_POST['method'], $_POST['content'])) {
$content = $_POST['content'];
$method = $_POST['method'];
$page['type'] = $method;
if (!in_array($method, array('markdown', 'html', 'infinity'))) {
error(_('Unrecognized page markup method.'));
}
switch ($method) {
case 'markdown':
$write = purify_html(markdown($content));
break;
case 'html':
if (hasPermission($config['mod']['rawhtml'])) {
$write = $content;
} else {
$write = purify_html($content);
}
break;
case 'infinity':
$c = $content;
markup($content);
$write = $content;
$content = $c;
}
if (!isset($write) or !$write) {
error(_('Failed to mark up your input for some reason...'));
}
$query = prepare('UPDATE ``pages`` SET `type` = :method, `content` = :content WHERE `id` = :id');
$query->bindValue(':method', $method);
$query->bindValue(':content', $content);
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
$fn = ($board['uri'] ? $board['uri'] . '/' : '') . $page['name'] . '.html';
$body = "<div class='ban'>{$write}</div>";
$html = Element('page.html', array('config' => $config, 'body' => $body, 'title' => utf8tohtml($page['title'])));
file_write($fn, $html);
modLog("Edited page {$page['name']} <span class='unimportant'>(#{$page['id']})</span>");
}
if (!isset($content)) {
$query = prepare('SELECT `content` FROM ``pages`` WHERE `id` = :id');
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
$content = $query->fetchColumn();
}
mod_page(sprintf(_('Editing static page: %s'), $page['name']), 'mod/edit_page.html', array('page' => $page, 'token' => make_secure_link_token("edit_page/{$id}"), 'content' => prettify_textarea($content), 'board' => $board));
}
public static function new_ban($mask, $reason, $length = false, $ban_board = false, $mod_id = false, $post = false)
{
global $config, $mod, $pdo, $board;
if ($mod_id === false) {
$mod_id = isset($mod['id']) ? $mod['id'] : -1;
}
if (!in_array($ban_board, $mod['boards']) && $mod['boards'][0] != '*') {
error($config['error']['noaccess']);
}
$range = self::parse_range($mask);
$mask = self::range_to_string($range);
$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ipstart, :ipend, :time, :expires, :board, :mod, :reason, 0, :post)");
$query->bindValue(':ipstart', $range[0]);
if ($range[1] !== false && $range[1] != $range[0]) {
$query->bindValue(':ipend', $range[1]);
} else {
$query->bindValue(':ipend', null, PDO::PARAM_NULL);
}
$query->bindValue(':mod', $mod_id);
$query->bindValue(':time', time());
if ($reason !== '') {
$reason = escape_markup_modifiers($reason);
markup($reason);
$query->bindValue(':reason', $reason);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
if ($length) {
if (is_int($length) || ctype_digit($length)) {
$length = time() + $length;
} else {
$length = self::parse_time($length);
}
$query->bindValue(':expires', $length);
} else {
$query->bindValue(':expires', null, PDO::PARAM_NULL);
}
if ($ban_board) {
$query->bindValue(':board', $ban_board);
} else {
$query->bindValue(':board', null, PDO::PARAM_NULL);
}
if ($post) {
$post['board'] = $board['uri'];
$match_urls = '(?xi)\\b((?:https?://|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}/)(?:[^\\s()<>]+|\\(([^\\s()<>]+|(\\([^\\s()<>]+\\)))*\\))+(?:\\(([^\\s()<>]+|(\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?«»“”‘’]))';
$matched = array();
preg_match_all("#{$match_urls}#im", $post['body_nomarkup'], $matched);
if (isset($matched[0]) && $matched[0]) {
$post['body'] = str_replace($matched[0], '###Link-Removed###', $post['body']);
$post['body_nomarkup'] = str_replace($matched[0], '###Link-Removed###', $post['body_nomarkup']);
}
$query->bindValue(':post', json_encode($post));
} else {
$query->bindValue(':post', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
if (isset($mod['id']) && $mod['id'] == $mod_id) {
modLog('Created a new ' . ($length > 0 ? preg_replace('/^(\\d+) (\\w+?)s?$/', '$1-$2', until($length)) : 'permanent') . ' ban on ' . ($ban_board ? '/' . $ban_board . '/' : 'all boards') . ' for ' . (filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/{$mask}\">{$mask}</a>" : $mask) . ' (<small>#' . $pdo->lastInsertId() . '</small>)' . ' with ' . ($reason ? 'reason: ' . utf8tohtml($reason) . '' : 'no reason'));
}
if (!$config['cron_bans']) {
rebuildThemes('bans');
}
return $pdo->lastInsertId();
}
)); TODO */
}
break;
case 'delete':
$fileData = $database->getFile($request['fileId']);
if ($user['adminDefs']['modImages'] || $user['userId'] == $fileData['userId']) {
$database->modLog('deleteImage', $request['fileId']);
$database->update("{$sqlPrefix}files", array('deleted' => 1), array('fileId' => $request['fileId']));
} else {
throw new Exception('noPerm');
}
break;
case 'undelete':
$fileData = $database->getFile($request['fileId']);
if ($user['adminDefs']['modImages']) {
modLog('undeleteImage', $request['fileId']);
$database->update("{$sqlPrefix}files", array('deleted' => 0), array('fileId' => $request['fileId']));
} else {
throw new Exception('noPerm');
}
break;
case 'flag':
// TODO: Allows users to flag images that are not appropriate for a room.
break;
}
$database->endTransaction();
/* Update Data for Errors */
if ($config['dev']) {
$xmlData['request'] = $request;
}
/* Output Data */