Add TINYIB_BANMESSAGE

Allow staff to append a custom message to posts when banning users.
2021-06-23 19:08:22 -07:00 · 2021-06-23 19:08:22 -07:00 · 088353c25c
commit 088353c25c
parent 8ba54d87f0
12 changed files with 95 additions and 22 deletions
--- a/css/global.css
+++ b/css/global.css
@ -116,6 +116,11 @@ hr {
 	margin: 0.2em;
 }
 .banmessage {
 	color: red;
 	font-weight: bold;
 }
 .footer {
 	clear: both;
 	text-align: center;
--- a/imgboard.php
+++ b/imgboard.php
@ -842,7 +842,7 @@ EOF;
 					foreach ($ips as $ip) {
 						$banexists = banByIP($ip);
 						if ($banexists) {
-							fancyDie(__('Sorry, there is already a ban on record for that IP address.'));
+							continue;
 						}
 						if (TINYIB_REPORT) {
@ -866,6 +866,25 @@ EOF;
 						insertBan($ban);
 						manageLogAction($action);
 					}
 					if (TINYIB_BANMESSAGE && isset($_POST['message']) && $_POST['message'] != '' && isset($_GET['posts']) && $_GET['posts'] != '') {
 						$post_ids = explode(',', $_GET['posts']);
 						foreach ($post_ids as $post_id) {
 							$post = postByID($post_id);
 							if (!$post) {
 								continue; // The post has been deleted
 							}
 							updatePostMessage($post['id'], $post['message'] . '<br>' . "\n" . '<span class="banmessage">(' . htmlentities($_POST['message']) . ')</span><br>');
 							manageLogAction('Added ban message to ' . postLink('&gt;&gt;' . $post['id']));
 						}
 						clearPostCache();
 						foreach ($post_ids as $post_id) {
 							$post = postByID($post_id);
 							if (!$post) {
 								continue; // The post has been deleted
 							}
 							threadUpdated(getParent($post));
 						}
 					}
 					if (count($ips) == 1) {
 						$text .= manageInfo(__('Banned 1 IP address'));
 					} else {
@ -1024,10 +1043,8 @@ EOF;
 			foreach ($post_ids as $post_id) {
 				$post = postByID($post_id);
 				if (!$post) {
-					fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
+					continue; // The post has already been deleted
 				}
 				$posts[$post_id] = $post;
 			}
 			foreach ($post_ids as $post_id) {
--- a/inc/database/database.php
+++ b/inc/database/database.php
@ -39,3 +39,9 @@ function postsInThreadByID($id, $moderated_only = true) {
 	}
 	return $cache[$id];
 }
 function clearPostCache() {
 	global $cache_all, $cache_moderated;
 	$cache_all = array();
 	$cache_moderated = array();
 }
--- a/inc/database/flatfile.php
+++ b/inc/database/flatfile.php
@ -259,6 +259,16 @@ function insertPost($newpost) {
 	return $GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
 }
 function updatePostMessage($id, $message) {
 	$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON), 1);
 	if (count($rows) > 0) {
 		foreach ($rows as $post) {
 			$post[POST_MESSAGE] = $message;
 			$GLOBALS['db']->updateRowById(POSTS_FILE, POST_ID, $post);
 		}
 	}
 }
 function approvePostByID($id, $moderated) {
 	$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON), 1);
 	if (count($rows) > 0) {
--- a/inc/database/mysql.php
+++ b/inc/database/mysql.php
@ -173,6 +173,10 @@ function insertPost($post) {
 	return mysql_insert_id();
 }
 function updatePostMessage($id, $message) {
 	mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `message` = '" . mysql_real_escape_string($message) . "' WHERE `id` = " . $id . " LIMIT 1");
 }
 function approvePostByID($id, $moderated) {
 	mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = $moderated WHERE `id` = " . $id . " LIMIT 1");
 }
--- a/inc/database/mysqli.php
+++ b/inc/database/mysqli.php
@ -199,6 +199,11 @@ function insertPost($post) {
 	return mysqli_insert_id($link);
 }
 function updatePostMessage($id, $message) {
 	global $link;
 	mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `message` = '" .  mysqli_real_escape_string($link, $message) . "' WHERE `id` = " . $id . " LIMIT 1");
 }
 function approvePostByID($id, $moderated) {
 	global $link;
 	mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = " . $moderated . " WHERE `id` = " . $id . " LIMIT 1");
--- a/inc/database/pdo.php
+++ b/inc/database/pdo.php
@ -159,8 +159,12 @@ function insertPost($post) {
 	return $dbh->lastInsertId();
 }
 function updatePostMessage($id, $message) {
 	pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET message = ? WHERE id = ?", array($message, $id));
 }
 function approvePostByID($id, $moderated) {
-	pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET moderated = ? WHERE id = ?", array($id, $moderated));
+	pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET moderated = ? WHERE id = ?", array($moderated, $id));
 }
 function bumpThreadByID($id) {
--- a/inc/database/sqlite.php
+++ b/inc/database/sqlite.php
@ -33,11 +33,11 @@ function insertAccount($account) {
 }
 function updateAccount($account) {
-	sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . sqlite_escape_string($account['username']) . "', password = '" . sqlite_escape_string(hashData($account['password'])) . "', role = '" . sqlite_escape_string($account['role']) . "', lastactive = '" . sqlite_escape_string($account['lastactive']) . "' WHERE id = " . sqlite_escape_string($account['id']));
+	sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . sqlite_escape_string($account['username']) . "', password = '" . sqlite_escape_string(hashData($account['password'])) . "', role = '" . sqlite_escape_string($account['role']) . "', lastactive = '" . sqlite_escape_string($account['lastactive']) . "' WHERE id = '" . sqlite_escape_string($account['id']) . "'");
 }
 function deleteAccountByID($id) {
-	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = " . sqlite_escape_string($id));
+	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = '" . sqlite_escape_string($id) . "'");
 }
 // Ban functions
@ -77,7 +77,7 @@ function clearExpiredBans() {
 }
 function deleteBanByID($id) {
-	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . sqlite_escape_string($id));
+	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = '" . sqlite_escape_string($id) . "'");
 }
 // Keyword functions
@ -113,7 +113,7 @@ function insertKeyword($keyword) {
 }
 function deleteKeyword($id) {
-	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = " . sqlite_escape_string($id));
+	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = '" . sqlite_escape_string($id) . "'");
 }
 // Log functions
@ -151,6 +151,10 @@ function insertPost($post) {
 	return sqlite_last_insert_rowid($GLOBALS["db"]);
 }
 function updatePostMessage($id, $message) {
 	sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBPOSTS . " SET message = '" . sqlite_escape_string($message) . "' WHERE id = " . $id);
 }
 function approvePostByID($id, $moderated) {
 	sqlite_query($GLOBALS["db"], "UPDATE " . TINYIB_DBPOSTS . " SET moderated = " . $moderated . " WHERE id = " . $id);
 }
@ -223,7 +227,7 @@ function latestPosts($moderated = true) {
 }
 function deletePostByID($id) {
-	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . sqlite_escape_string($id));
+	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = '" . sqlite_escape_string($id) . "'");
 }
 function trimThreads() {
@ -273,7 +277,7 @@ function insertReport($report) {
 }
 function deleteReportsByPost($post) {
-	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . sqlite_escape_string($post));
+	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "'");
 }
 function deleteReportsByIP($ip) {
--- a/inc/database/sqlite3.php
+++ b/inc/database/sqlite3.php
@ -38,13 +38,13 @@ function insertAccount($account) {
 function updateAccount($account) {
 	global $db;
-	$db->exec("UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . $db->escapeString($account['username']) . "', password = '" . $db->escapeString(hashData($account['password'])) . "', role = '" . $db->escapeString($account['role']) . "', lastactive = '" . $db->escapeString($account['lastactive']) . "'  WHERE id = " . $db->escapeString($account['id']));
+	$db->exec("UPDATE " . TINYIB_DBACCOUNTS . " SET username = '" . $db->escapeString($account['username']) . "', password = '" . $db->escapeString(hashData($account['password'])) . "', role = '" . $db->escapeString($account['role']) . "', lastactive = '" . $db->escapeString($account['lastactive']) . "'  WHERE id = '" . $db->escapeString($account['id']) . "'");
 	return $db->lastInsertRowID();
 }
 function deleteAccountByID($id) {
 	global $db;
-	$db->exec("DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = " . $db->escapeString($id));
+	$db->exec("DELETE FROM " . TINYIB_DBACCOUNTS . " WHERE id = '" . $db->escapeString($id) . "'");
 }
 // Ban functions
@ -90,7 +90,7 @@ function clearExpiredBans() {
 function deleteBanByID($id) {
 	global $db;
-	$db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . $db->escapeString($id));
+	$db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = '" . $db->escapeString($id) . "'");
 }
 // Keyword functions
@ -131,7 +131,7 @@ function insertKeyword($keyword) {
 function deleteKeyword($id) {
 	global $db;
-	$db->exec("DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = " . $db->escapeString($id));
+	$db->exec("DELETE FROM " . TINYIB_DBKEYWORDS . " WHERE id = '" . $db->escapeString($id) . "'");
 }
 // Log functions
@ -175,6 +175,11 @@ function insertPost($post) {
 	return $db->lastInsertRowID();
 }
 function updatePostMessage($id, $message) {
 	global $db;
 	$db->exec("UPDATE " . TINYIB_DBPOSTS . " SET message = '" . $db->escapeString($message) . "' WHERE id = " . $id);
 }
 function approvePostByID($id, $moderated) {
 	global $db;
 	$db->exec("UPDATE " . TINYIB_DBPOSTS . " SET moderated = " . $moderated . " WHERE id = " . $id);
@ -258,7 +263,7 @@ function latestPosts($moderated = true) {
 function deletePostByID($id) {
 	global $db;
-	$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $db->escapeString($id));
+	$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = '" . $db->escapeString($id) . "'");
 }
 function trimThreads() {
@ -315,7 +320,7 @@ function insertReport($report) {
 function deleteReportsByPost($post) {
 	global $db;
-	$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . $db->escapeString($post));
+	$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "'");
 }
 function deleteReportsByIP($ip) {
--- a/inc/defines.php
+++ b/inc/defines.php
@ -79,6 +79,9 @@ if (!defined('TINYIB_AUTOHIDE')) {
 if (!defined('TINYIB_REQMOD')) {
 	define('TINYIB_REQMOD', '');
 }
 if (!defined('TINYIB_BANMESSAGE')) {
 	define('TINYIB_BANMESSAGE', true);
 }
 if (!defined('TINYIB_SPOILERTEXT')) {
 	define('TINYIB_SPOILERTEXT', false);
 }
--- a/inc/html.php
+++ b/inc/html.php
@ -1206,7 +1206,7 @@ function manageBanForm() {
 	$txt_ban_expire = __('Expire(sec)');
 	$txt_ban_reason = __('Reason');
 	$txt_ban_never = __('never');
-	$txt_ban_optional = __('optional');
+	$txt_ban_optional = __('Optional.');
 	$txt_submit = __('Submit');
 	$txt_1h = __('1 hour');
 	$txt_1d = __('1 day');
@ -1214,14 +1214,21 @@ function manageBanForm() {
 	$txt_1w = __('1 week');
 	$txt_2w = __('2 weeks');
 	$txt_1m = __('1 month');
 	$banmessage_html = '';
 	$post_ids = '';
 	if (TINYIB_BANMESSAGE && isset($_GET['posts']) && $_GET['posts'] != '') {
 		$post_ids = htmlentities($_GET['posts'], ENT_QUOTES);
 		$banmessage_html = '<tr><td><label for="message">' . __('Message') . '</label></td><td><input type="text" name="message" id="message"></td><td><small>' . __("Append a message to the post. Optional.") . '</small></td></tr>';
 	}
 	return <<<EOF
-	<form id="tinyib" name="tinyib" method="post" action="?manage&bans">
+	<form id="tinyib" name="tinyib" method="post" action="?manage&bans&posts=$post_ids">
 	<fieldset>
 	<legend>$txt_ban</legend>
 	<table border="0">
 	<tr><td><label for="ip">$txt_ban_ip</label></td><td><input type="text" name="ip" id="ip" value="${_GET['bans']}"></td><td><input type="submit" value="$txt_submit" class="managebutton"></td></tr>
 	<tr><td><label for="expire">$txt_ban_expire</label></td><td><input type="text" name="expire" id="expire" value="0"></td><td><small><a href="#" onclick="document.tinyib.expire.value='3600';return false;">$txt_1h</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='86400';return false;">$txt_1d</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='172800';return false;">$txt_2d</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='604800';return false;">$txt_1w</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='1209600';return false;">$txt_2w</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='2592000';return false;">$txt_1m</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='0';return false;">$txt_ban_never</a></small></td></tr>
 	<tr><td><label for="reason">$txt_ban_reason</label></td><td><input type="text" name="reason" id="reason"></td><td><small>$txt_ban_optional</small></td></tr>
 	$banmessage_html
 	</table><br>
 	<small>$txt_ban_help</small>
 	<legend>
@ -1317,6 +1324,7 @@ function manageModerateAll($post_ids, $threads, $replies, $ips) {
 <form method="get" action="?">
 <input type="hidden" name="manage" value="">
 <input type="hidden" name="bans" value="{$ips_comma}">
 <input type="hidden" name="posts" value="{$post_ids_quoted}">
 <input type="submit" value="$txt_ban_all" class="managebutton" $ban_disabled>
 </form>
@ -1451,6 +1459,7 @@ EOF;
 	<form method="get" action="?">
 	<input type="hidden" name="manage" value="">
 	<input type="hidden" name="bans" value="${post['ip']}">
 	<input type="hidden" name="posts" value="${post['id']}">
 	<input type="submit" value="$txt_ban" class="managebutton" $ban_disabled>
 	</form>
--- a/settings.default.php
+++ b/settings.default.php
@ -16,7 +16,9 @@ click Rebuild All in the management panel.
 */
 // Internationalization
-define('TINYIB_LOCALE', '');          // Locale  (see README for instructions)
+define('TINYIB_LOCALE', '');                      // See README for instructions  ['' to run in English]
 define('TINYIB_TIMEZONE', 'UTC');                 // See https://secure.php.net/manual/en/timezones.php - e.g. America/Los_Angeles
 define('TINYIB_DATEFMT', '%g/%m/%d(%a)%H:%M:%S'); // Date and time format  (see php.net/strftime)
 // Board description and behavior
 //   Warning: Enabling reCAPTCHA will cause all visitors to be tracked by Google.  See https://nearcyan.com/you-probably-dont-need-recaptcha/
@ -30,6 +32,7 @@ define('TINYIB_MANAGECAPTCHA', '');   // Improve security by requiring users to
 define('TINYIB_REPORT', false);       // Allow users to report posts
 define('TINYIB_AUTOHIDE', 0);         // Amount of reports which will cause a post to be hidden until it is approved  [0 to disable]
 define('TINYIB_REQMOD', '');          // Require moderation before displaying posts: files / all  ['' to disable]
 define('TINYIB_BANMESSAGE', true);    // Allow staff to append a custom message to posts when banning users
 define('TINYIB_SPOILERTEXT', false);  // Allow users to hide text until it is hovered over using the tags <s>text here</s> or <spoiler>text here</spoiler>
 define('TINYIB_SPOILERIMAGE', false); // Allow users to blur thumbnails via a "Spoiler" checkbox
 define('TINYIB_AUTOREFRESH', 30);     // Delay (in seconds) between attempts to refresh a thread automatically  [0 to disable]
@ -45,12 +48,10 @@ define('TINYIB_PREVIEWREPLIES', 3);   // Amount of replies previewed on index pa
 define('TINYIB_TRUNCATE', 15);        // Messages are truncated to this many lines on board index pages  [0 to disable]
 define('TINYIB_WORDBREAK', 80);       // Words longer than this many characters will be broken apart  [0 to disable]
 define('TINYIB_EXPANDWIDTH', 85);     // Expanded content size as a percentage of the screen's width
 define('TINYIB_TIMEZONE', 'UTC');     // See https://secure.php.net/manual/en/timezones.php - e.g. America/Los_Angeles
 define('TINYIB_BACKLINKS', true);     // Display reflinks to replies that reference a post
 define('TINYIB_CATALOG', true);       // Generate catalog page
 define('TINYIB_JSON', true);          // Generate JSON files
 define('TINYIB_DEFAULTSTYLE', 'futaba'); // Default page style
 define('TINYIB_DATEFMT', '%g/%m/%d(%a)%H:%M:%S'); // Date and time format  (see php.net/strftime)
 $tinyib_hidefieldsop = array();       // Fields to hide when creating a new thread - e.g. array('name', 'email', 'subject', 'message', 'file', 'embed', 'password')
 $tinyib_hidefields = array();         // Fields to hide when replying
 $tinyib_anonymous = array('Anonymous'); // Default name (or names)