function processAnonymous($id, $action) { global $user, $table; if (!$user->isAdmin()) { invalid(); } if ($action == 'admin_comment') { $comment = get($_POST, 'admin_comment'); query("update {$table['ip_data']} set admin_comment = ? where id = ?", $comment, $id); } else { if ($action == 'ban') { $ban_date = strtotime(get($_POST, 'ban_date')); if (!$ban_date || $ban_date <= time()) { error(3); } $revert = get($_POST, 'ban_revert_all') == '1'; $ban_reason = get($_POST, 'ban_reason'); $ip = queryGetString("select ip from {$table['ip_data']} where id = ?", $id); banIp($ip, $ban_date, $ban_reason, $revert, true); } else { if ($action == 'unban') { $unban_reason = get($_POST, 'ban_reason'); query("update {$table['ip_data']} set ban_date = from_unixtime(1), banned_by = ?, ban_reason = ? where id = ?", $user->id, $unban_reason, $id); } else { invalid(); } } } }
function showLastSubmits() { global $table, $search; $by = (int) get($_GET, 'by'); $aby = (int) get($_GET, 'aby'); $res = ""; if ($search) { $head = "<h2>Search results</h2>"; } else { if ($by || $aby) { $head = "<h2>User submissions</h2>"; } } $res = ""; $max_id = (int) queryGetString("select max(id) from {$table['translation']}"); $skip = (int) get($_GET, 'skip'); if ($skip < 0) { $skip = 0; } $perpage = (int) get($_GET, 'perpage'); if ($perpage <= 0 || $perpage > 100) { $perpage = 20; } $to = $max_id - $skip; $from = $to - $perpage * 2; $qq = "select t1.id as id, t1.source_id as source_id, t2.source as source, t1.translation as translation, t1.revision as revision, t1.revert_to as revert_to, t1.comment as comment, t1.user_id as user_id, if(t1.user_id = 0, ip.id, u1.name) as name, unix_timestamp(t1.date) as _date\r\n from {$table['translation']} t1 left join {$table['ip_data']} ip on t1.user_ip = ip.ip left join {$table['user']} u1 on t1.user_id = u1.id inner join {$table['source']} t2 on t1.source_id = t2.id"; $num_rows = $max_id; if ($search) { $q = query("{$qq} where t2.source like ? order by t1.id desc limit {$perpage}", $search); } else { if ($by || $aby) { if ($aby) { $num_rows = (int) queryGetString("select count(*) from {$table['translation']} t1, {$table['ip_data']} ip where ip.id = ? and t1.user_id = 0 and t1.user_ip = ip.ip", $aby); $q = query("{$qq} where t1.user_id = 0 and ip.id = ? order by t1.id desc limit {$skip}, {$perpage}", $aby); } else { $num_rows = (int) queryGetString("select count(*) from {$table['translation']} where user_id = ?", $by); $q = query("{$qq} where t1.user_id = ? order by t1.id desc limit {$skip}, {$perpage}", $by); } } else { $q = query("{$qq} where t1.id > {$from} and t1.id <= {$to} order by t1.id desc limit {$perpage}"); if ($q->num_rows < $perpage && $to - $perpage >= 0) { $q->free(); $q = query("{$qq} where t1.id > {$from} order by t1.id desc limit {$perpage}"); } } } if (!$search && $num_rows > 0) { $res .= "<p>Pages: "; $pages_num = (int) (($num_rows + $perpage - 1) / $perpage); $ct = 0; for ($i = 0; $i < $pages_num; ++$i) { $num = $i + 1; if ($skip >= $ct && $skip < $ct + $perpage) { $num = "<b>{$num}</b>"; } $link = "<a href='index.php?{$qs}skip={$ct}&perpage={$perpage}'>{$num}</a>"; $res .= $link . ' '; $ct += $perpage; } $res .= '</p>'; } $res .= "<table id='submissions'>"; $i = 0; while ($row = $q->fetch(MYSQL_ASSOC)) { $comment = "<span class='comment'>" . e($row['comment']) . "</span>"; if ($row['revert_to']) { if ($row['revert_to'] == '-1') { $comment = "Deleted. {$comment}"; } else { $comment = "Reverted to revision {$row['revert_to']}. {$comment}"; } } $name = constructName($row['user_id'], $row['name']); $cl = $i++ % 2 ? 'c2' : 'c1'; $res .= "<tr class='{$cl}'>"; $res .= "<td><a href='index.php?p=view&id={$row['source_id']}'>" . e($row['source']) . "</a></td>"; $res .= "<td>" . e($row['translation']) . "</td>"; $res .= "<td>{$comment}</td>"; $res .= "<td>{$name}</td>"; $res .= "<td>{$row['revision']}</td>"; $res .= "<td>" . formatDate($row['_date']) . "</td>"; $res .= "</tr>"; } $res .= "</table>"; if (!$search) { if ($num_rows > 0) { $res .= "<p>Pages: "; $pages_num = (int) (($num_rows + $perpage - 1) / $perpage); $ct = 0; for ($i = 0; $i < $pages_num; ++$i) { $num = $i + 1; if ($skip >= $ct && $skip < $ct + $perpage) { $num = "<b>{$num}</b>"; } $link = "<a href='index.php?{$qs}skip={$ct}&perpage={$perpage}'>{$num}</a>"; $res .= $link . ' '; $ct += $perpage; } $res .= '</p>'; } } else { if ($q->num_rows == 0) { return $head . submitForm(); } } return $head . $res; }
redirect('index.php'); die; } else { die('User is banned.'); } } else { $src_id = get($_POST, 'src_id'); if (!$src_id) { $src = get($_POST, 'src'); if (!$src) { die('Source is not provided.'); } if (strlen($src) > 1000) { die('Source is too long!'); } $exist_id = queryGetString("select id from {$table['source']} where source = ?", $src); if ($exist_id) { if ($from == 'site') { redirect("index.php?p=view&id={$exist_id}"); die; } else { die('Source already exists.'); } } query("insert into {$table['source']} (id, source) values(0, ?)", $src); $src_id = mysql_insert_id(); if (!$src_id) { die('Cannot insert new source text!'); } } $revert_to = (int) get($_POST, 'revert_to');
$date = formatDate($row['_date']); if ($i > 1 && $row['revert_to'] != -1) { $revert = "\r\n <div style='display: inline'>\r\n <button class='revert'>Revert to this</button>\r\n <form class='revertform' method='post' action='submit.php'>\r\n <div class='fields'>\r\n <label>Why do you want to revert the translation?<br>\r\n <textarea name='comment'></textarea>\r\n </label><br>\r\n </div>\r\n <input type='submit' value='Revert translation' />\r\n <input type='hidden' name='src_id' value='{$id}' />\r\n <input type='hidden' name='revert_to' value='{$row['revision']}' />\r\n <input type='hidden' name='from' value='site' />\r\n </form> \r\n </div> \r\n "; } else { $revert = ""; } $res .= "\r\n <a name='{$row['revision']}'></a>\r\n <li value='{$row['revision']}'>\r\n {$revtype} by {$name} on {$date}. {$revert}\r\n {$text}\r\n {$comment}\r\n </li>\r\n "; if ($i == 1) { $res .= "</ol>" . constructSubmitForm($id) . "<ol id='revisions'>"; } } $res .= "</ol>"; if ($i == 0) { $res .= constructSubmitForm($id); } $res .= "</div>"; $res .= "\r\n <script>\r\n function toggleRevertForm(ev)\r\n {\r\n \$(this).parent().find('form.revertform').toggle();\r\n }\r\n \r\n \$(function()\r\n {\r\n \$('button.revert').click(toggleRevertForm);\r\n });\r\n </script>\r\n "; $doc->content = $res; } $id = (int) get($_GET, 'id'); $doc->title = "View translation #{$id}"; if (!$id) { displayNotExist(); } else { $src = queryGetString("select source from {$table['source']} where id = ?", $id); if (!$src) { displayNotExist(); } else { displayTranslation($id, $src); } }