From 8ae35190766216a740587739d36e145cdb46220b Mon Sep 17 00:00:00 2001
From: Trevor Slocum <trevor@rocketnine.space>
Date: Sun, 18 Apr 2021 01:10:52 -0700
Subject: [PATCH] Support bulk moderation

Resolves #46.
---
 README.md    |   7 +--
 imgboard.php | 130 ++++++++++++++++++++++++++++++--------------
 inc/html.php | 148 +++++++++++++++++++++++++++++++++++++++------------
 3 files changed, 210 insertions(+), 75 deletions(-)

diff --git a/README.md b/README.md
index 3c99199..01d1134 100644
--- a/README.md
+++ b/README.md
@@ -106,10 +106,11 @@ support in mind.
 ## Moderate
 
  1. If you are not logged in already, log in to the management panel by clicking **[Manage]**.
- 2. On the board, tick the checkbox next to the offending post.
+ 2. On the board, tick the checkbox next to one or more offending posts.
  3. Scroll to the bottom of the page.
- 4. Click **Delete** with the password field blank.
-    - From this page you are able to delete the post and/or ban the author.
+ 4. Click **Delete**.
+    - You will be redirected to the management panel.
+    - From this page you are able to delete the post(s) and/or ban the author(s).
 
 ## Update
 
diff --git a/imgboard.php b/imgboard.php
index fb40542..409318f 100644
--- a/imgboard.php
+++ b/imgboard.php
@@ -38,7 +38,7 @@ while (ob_get_level() > 0) {
 	ob_end_flush();
 }
 
-function fancyDie($message, $go_back=1) {
+function fancyDie($message, $go_back = 1) {
 	$go_back_text = 'Click here to go back';
 	if (function_exists('__')) {
 		$go_back_text = __('Click here to go back');
@@ -652,26 +652,33 @@ EOF;
 		fancyDie(__('Post deletion is currently disabled.<br>Please try again in a few moments.'));
 	}
 
-	$post = postByID($_POST['delete']);
-	if ($post) {
-		list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
-
-		if (!empty($account) && $_POST['password'] == '') {
-			// Redirect to post moderation page
-			echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . $_POST['delete'] . '">';
-		} elseif ($post['password'] != '' && (hashData($_POST['password']) == $post['password'] || md5(md5($_POST['password'])) == $post['password'])) {
-			deletePost($post['id']);
-			if ($post['parent'] == TINYIB_NEWTHREAD) {
-				threadUpdated($post['id']);
-			} else {
-				threadUpdated($post['parent']);
-			}
-			fancyDie(__('Post deleted.'));
-		} else {
-			fancyDie(__('Invalid password.'));
-		}
+	$post_ids = array();
+	if (is_array($_POST['delete'])) {
+		$post_ids = $_POST['delete'];
 	} else {
+		$post_ids = array($_POST['delete']);
+	}
+
+	list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
+	if (!empty($account)) {
+		// Redirect to post moderation page
+		echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . implode(',', $post_ids) . '">';
+		die();
+	}
+
+	$post = postByID($post_ids[0]);
+	if (!$post) {
 		fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
+	} else if ($post['password'] != '' && (hashData($_POST['password']) == $post['password'] || md5(md5($_POST['password'])) == $post['password'])) {
+		deletePost($post['id']);
+		if ($post['parent'] == TINYIB_NEWTHREAD) {
+			threadUpdated($post['id']);
+		} else {
+			threadUpdated($post['parent']);
+		}
+		fancyDie(__('Post deleted.'));
+	} else {
+		fancyDie(__('Invalid password.'));
 	}
 
 	$redirect = false;
@@ -791,19 +798,20 @@ EOF;
 			} elseif (isset($_GET['bans'])) {
 				clearExpiredBans();
 
-				if (isset($_POST['ip'])) {
-					if ($_POST['ip'] != '') {
-						$banexists = banByIP($_POST['ip']);
+				if (isset($_POST['ip']) && $_POST['ip'] != '') {
+					$ips = explode(',', $_POST['ip']);
+					foreach ($ips as $ip) {
+						$banexists = banByIP($ip);
 						if ($banexists) {
 							fancyDie(__('Sorry, there is already a ban on record for that IP address.'));
 						}
 
 						if (TINYIB_REPORT) {
-							deleteReportsByIP($_POST['ip']);
+							deleteReportsByIP($ip);
 						}
 
 						$ban = array();
-						$ban['ip'] = $_POST['ip'];
+						$ban['ip'] = $ip;
 						$ban['expire'] = ($_POST['expire'] > 0) ? (time() + $_POST['expire']) : 0;
 						$ban['reason'] = $_POST['reason'];
 
@@ -818,14 +826,19 @@ EOF;
 
 						insertBan($ban);
 						manageLogAction($action);
-						$text .= manageInfo(sprintf(__('Ban record added for %s'), $ban['ip']));
+					}
+					if (count($ips) == 1) {
+						$text .= manageInfo(__('Banned 1 IP address'));
+					} else {
+						$text .= manageInfo(sprintf(__('Banned %d IP addresses'), count($ips)));
 					}
 				} elseif (isset($_GET['lift'])) {
 					$ban = banByID($_GET['lift']);
 					if ($ban) {
 						deleteBanByID($_GET['lift']);
-						manageLogAction(sprintf(__('Lifted ban on %s'), htmlentities($ban['ip'])));
-						$text .= manageInfo(sprintf(__('Ban record lifted for %s'), $ban['ip']));
+						$info = sprintf(__('Lifted ban on %s'), htmlentities($ban['ip']));
+						manageLogAction($info);
+						$text .= manageInfo($info);
 					}
 				}
 
@@ -956,19 +969,34 @@ EOF;
 		}
 
 		if (isset($_GET['delete'])) {
-			$post = postByID($_GET['delete']);
-			if ($post) {
+			$post_ids = explode(',', $_GET['delete']);
+			$posts = array();
+			foreach ($post_ids as $post_id) {
+				$post = postByID($post_id);
+				if (!$post) {
+					fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
+
+				}
+
+				$posts[$post_id] = $post;
+			}
+			foreach ($post_ids as $post_id) {
+				$post = $posts[$post_id];
+
 				deletePost($post['id']);
 				if ($post['parent'] == TINYIB_NEWTHREAD) {
-					threadUpdated($post['id']);
+					rebuildThread($post['id']);
 				} else {
-					threadUpdated($post['parent']);
+					rebuildThread($post['parent']);
 				}
 
 				manageLogAction(__('Deleted') . ' &gt;&gt;' . $post['id']);
-				$text .= manageInfo(sprintf(__('Post No.%d deleted.'), $post['id']));
+			}
+			rebuildIndexes();
+			if (count($post_ids) == 1) {
+				$text .= manageInfo(__('Deleted 1 post'));
 			} else {
-				fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
+				$text .= manageInfo(sprintf(__('Deleted %d posts'), count($post_ids)));
 			}
 		} elseif (isset($_GET['approve'])) {
 			if ($_GET['approve'] > 0) {
@@ -989,12 +1017,36 @@ EOF;
 				}
 			}
 		} elseif (isset($_GET['moderate'])) {
-			if ($_GET['moderate'] > 0) {
-				$post = postByID($_GET['moderate']);
-				if ($post) {
-					$text .= manageModeratePost($post);
-				} else {
-					fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
+			if ($_GET['moderate'] != '' && $_GET['moderate'] != '0') {
+				$post_ids = explode(',', $_GET['moderate']);
+				$compact = count($post_ids) > 1;
+				$posts = array();
+				$threads = 0;
+				$replies = 0;
+				$ips = array();
+
+				foreach ($post_ids as $post_id) {
+					$post = postByID($post_id);
+					if (!$post) {
+						fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
+					}
+					if ($post['parent'] == TINYIB_NEWTHREAD) {
+						$threads++;
+					} else {
+						$replies++;
+					}
+					$ips[] = $post['ip'];
+
+					$posts[$post_id] = $post;
+				}
+
+				$ips = array_unique($ips);
+
+				if (count($post_ids) > 1) {
+					$text .= manageModerateAll($post_ids, $threads, $replies, $ips);
+				}
+				foreach ($post_ids as $post_id) {
+					$text .= manageModeratePost($posts[$post_id], $compact);
 				}
 			} else {
 				$onload = manageOnLoad('moderate');
diff --git a/inc/html.php b/inc/html.php
index 714a069..29b6c98 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -498,7 +498,7 @@ EOF;
 	$return .= <<<EOF
 <a id="${post['id']}"></a>
 <label>
-	<input type="checkbox" name="delete" value="${post['id']}"> 
+	<input type="checkbox" name="delete[]" value="${post['id']}"> 
 EOF;
 
 	if ($post['subject'] != '') {
@@ -642,7 +642,7 @@ EOF;
 		$htmlposts
 		</div>
 		<hr>
-		<table class	="userdelete">
+		<table class="userdelete">
 			<tbody>
 				<tr>
 					<td>
@@ -1097,6 +1097,7 @@ function manageAccountsTable() {
 
 function manageBanForm() {
 	$txt_ban = __('Add a ban');
+	$txt_ban_help = __('Multiple IP addresses may be banned at once by separating each address with a comma.');
 	$txt_ban_ip = __('IP Address');
 	$txt_ban_expire = __('Expire(sec)');
 	$txt_ban_reason = __('Reason');
@@ -1115,7 +1116,9 @@ function manageBanForm() {
 	<legend>$txt_ban</legend>
 	<label for="ip">$txt_ban_ip</label> <input type="text" name="ip" id="ip" value="${_GET['bans']}"> <input type="submit" value="$txt_submit" class="managebutton"><br>
 	<label for="expire">$txt_ban_expire</label> <input type="text" name="expire" id="expire" value="0">&nbsp;&nbsp;<small><a href="#" onclick="document.tinyib.expire.value='3600';return false;">$txt_1h</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='86400';return false;">$txt_1d</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='172800';return false;">$txt_2d</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='604800';return false;">$txt_1w</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='1209600';return false;">$txt_2w</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='2592000';return false;">$txt_1m</a>&nbsp;<a href="#" onclick="document.tinyib.expire.value='0';return false;">$txt_ban_never</a></small><br>
-	<label for="reason">$txt_ban_reason&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</label> <input type="text" name="reason" id="reason">&nbsp;&nbsp;<small>$txt_ban_optional</small>
+	<label for="reason">$txt_ban_reason&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</label> <input type="text" name="reason" id="reason">&nbsp;&nbsp;<small>$txt_ban_optional</small><br>
+	<br>
+	<small>$txt_ban_help</small>
 	<legend>
 	</fieldset>
 	</form><br>
@@ -1157,7 +1160,72 @@ function manageModeratePostForm() {
 EOF;
 }
 
-function manageModeratePost($post) {
+function manageModerateAll($post_ids, $threads, $replies, $ips) {
+	global $isadmin;
+	$txt_moderate = sprintf(__('Moderate %d posts'), count($post_ids));
+	$txt_delete_all = __('Delete all');
+	$txt_ban_all = __('Ban all');
+	if ($threads == 1 && $replies == 1) {
+		$delete_info = __('1 thread and 1 reply will be deleted.');
+	} else if ($threads == 1) {
+		$delete_info = sprintf(__('1 thread and %d replies will be deleted.'), $replies);
+	} else if ($replies == 1) {
+		$delete_info = sprintf(__('%d threads and 1 reply will be deleted.'), $threads);
+	} else {
+		$delete_info = sprintf(__('%1$d threads and %2$d replies will be deleted.'), $threads, $replies);
+	}
+	if (count($ips) == 1) {
+		$ban_info = __('1 IP address will be banned.');
+	} else {
+		$ban_info = sprintf(__('%d IP addresses will be banned.'), count($ips));
+	}
+	$ban_disabled = 'disabled';
+	if ($isadmin) {
+		$ban_disabled = '';
+	}
+	$post_ids_quoted = htmlentities(implode(',', $post_ids), ENT_QUOTES);
+	$ips_comma = implode(',', $ips);
+	return <<<EOF
+<table border="0" cellspacing="0" cellpadding="0" width="100%">
+<tr><td width="50%">
+&nbsp;
+</td><td width="50%">
+
+<fieldset>
+<legend>$txt_moderate</legend>
+<table border="0" cellspacing="0" cellpadding="0" width="100%">
+<tr><td>
+&nbsp;
+</td><td valign="top">
+
+<form method="get" action="?">
+<input type="hidden" name="manage" value="">
+<input type="hidden" name="delete" value="{$post_ids_quoted}">
+<input type="submit" value="$txt_delete_all" class="managebutton">
+</form>
+
+</td><td><small>$delete_info</small></td></tr>
+<tr><td>
+&nbsp;
+</td><td valign="top">
+
+<form method="get" action="?">
+<input type="hidden" name="manage" value="">
+<input type="hidden" name="bans" value="{$ips_comma}">
+<input type="submit" value="$txt_ban_all" class="managebutton" $ban_disabled>
+</form>
+
+</td><td><small>$ban_info</small></td></tr>
+</table>
+</fieldset>
+
+</td></tr>
+</table>
+EOF;
+
+}
+
+function manageModeratePost($post, $compact=false) {
 	global $isadmin;
 	$ban = banByIP($post['ip']);
 	$ban_disabled = (!$ban && $isadmin) ? '' : ' disabled';
@@ -1170,23 +1238,36 @@ function manageModeratePost($post) {
 			$ban_info = sprintf(__('IP address: %s'), $post['ip']);
 		}
 	}
-	$delete_info = ($post['parent'] == TINYIB_NEWTHREAD) ? __('This will delete the entire thread below.') : __('This will delete the post below.');
-	$post_or_thread = ($post['parent'] == TINYIB_NEWTHREAD) ? __('Thread') : __('Post');
+
+	$thread_or_reply = ($post['parent'] == TINYIB_NEWTHREAD) ? __('Thread') : __('Reply');
+
+	$delete_info = '';
+	if ($post['parent'] == TINYIB_NEWTHREAD) {
+		$allPosts = postsInThreadByID($post['id']);
+		if (count($allPosts) > 1) {
+			if (count($allPosts) == 2) {
+				$delete_info = __('1 reply will be deleted.');
+			} else {
+				$delete_info = sprintf(__('%d replies will be deleted.'), count($allPosts) - 1);
+			}
+		}
+	} else {
+		$delete_info = __('Belongs to ' . postLink('&gt;&gt;' . $post['id']) . '.');
+	}
 
 	$sticky_html = "";
 	$lock_html = "";
-	if ($post['parent'] == TINYIB_NEWTHREAD) {
+	if ($post['parent'] == TINYIB_NEWTHREAD && !$compact) {
 		$sticky_set = $post['stickied'] == 1 ? '0' : '1';
 		$sticky_unsticky = $post['stickied'] == 1 ? __('Un-sticky') : __('Sticky');
 		$sticky_unsticky_help = $post['stickied'] == 1 ? __('Return this thread to a normal state.') : __('Keep this thread at the top of the board.');
 		$sticky_html = <<<EOF
-	<tr><td colspan="2">&nbsp;</td></tr>
-	<tr><td align="right" width="50%;">
+	<tr><td>
 		<form method="get" action="?">
 		<input type="hidden" name="manage" value="">
 		<input type="hidden" name="sticky" value="${post['id']}">
 		<input type="hidden" name="setsticky" value="$sticky_set">
-		<input type="submit" value="$sticky_unsticky" class="managebutton" style="width: 50%;">
+		<input type="submit" value="$sticky_unsticky" class="managebutton">
 		</form>
 	</td><td><small>$sticky_unsticky_help</small></td></tr>
 EOF;
@@ -1195,46 +1276,39 @@ EOF;
 		$lock_label = $post['locked'] == 1 ? __('Unlock') : __('Lock');
 		$lock_help = $post['locked'] == 1 ? __('Allow replying to this thread.') : __('Disallow replying to this thread.');
 		$lock_html = <<<EOF
-	<tr><td align="right" width="50%;">
+	<tr><td>
 		<form method="get" action="?">
 		<input type="hidden" name="manage" value="">
 		<input type="hidden" name="lock" value="${post['id']}">
 		<input type="hidden" name="setlock" value="$lock_set">
-		<input type="submit" value="$lock_label" class="managebutton" style="width: 50%;">
+		<input type="submit" value="$lock_label" class="managebutton">
 		</form>
 	</td><td><small>$lock_help</small></td></tr>
 EOF;
-
-		$post_html = "";
-		$posts = postsInThreadByID($post["id"]);
-		foreach ($posts as $post_temp) {
-			$post_html .= buildPost($post_temp, TINYIB_INDEXPAGE);
-		}
-	} else {
-		$post_html = buildPost($post, TINYIB_INDEXPAGE);
 	}
+	$post_html = buildPost($post, TINYIB_INDEXPAGE);
 
 	$txt_moderating = sprintf(__('Moderating No.%d'), $post['id']);
 	$txt_action = __('Action');
 	if ($post['parent'] == TINYIB_NEWTHREAD) {
 		$txt_delete = __('Delete thread');
 	} else {
-		$txt_delete = __('Delete post');
+		$txt_delete = __('Delete reply');
 	}
 	$txt_ban = __('Ban poster');
 
 	$report_html = '';
 	$reports = reportsByPost($post['id']);
-	if (TINYIB_REPORT && count($reports) > 0) {
+	if (TINYIB_REPORT && count($reports) > 0 && !$compact) {
 		$txt_clear_reports = __('Approve');
 		$report_info = count($reports) . ' ' . plural(count($reports), __('report'), __('reports'));
 		$report_html = <<<EOF
-<tr><td align="right" width="50%;">
+<tr><td>
 	
 <form method="get" action="?">
 <input type="hidden" name="manage" value="">
 <input type="hidden" name="clearreports" value="${post['id']}">
-<input type="submit" value="$txt_clear_reports" class="managebutton" style="width: 50%;">
+<input type="submit" value="$txt_clear_reports" class="managebutton">
 </form>
 
 </td><td><small>$report_info</small></td></tr>
@@ -1244,25 +1318,35 @@ EOF;
 	<fieldset>
 	<legend>$txt_moderating</legend>
 	
+	<table border="0" cellspacing="0" cellpadding="0" width="100%">
+	<tr><td width="50%" valign="top">
+	
+	<fieldset>
+	<legend>$thread_or_reply</legend>	
+	$post_html
+	</fieldset>
+	
+	</td><td width="50%" valign="top">
+	
 	<fieldset>
 	<legend>$txt_action</legend>
 	
 	<table border="0" cellspacing="0" cellpadding="0" width="100%">
-	<tr><td align="right" width="50%;">
+	<tr><td>
 	
 	<form method="get" action="?">
 	<input type="hidden" name="manage" value="">
 	<input type="hidden" name="delete" value="${post['id']}">
-	<input type="submit" value="$txt_delete" class="managebutton" style="width: 50%;">
+	<input type="submit" value="$txt_delete" class="managebutton">
 	</form>
 	
 	</td><td><small>$delete_info</small></td></tr>
-	<tr><td align="right" width="50%;">
+	<tr><td>
 	
 	<form method="get" action="?">
 	<input type="hidden" name="manage" value="">
 	<input type="hidden" name="bans" value="${post['ip']}">
-	<input type="submit" value="$txt_ban" class="managebutton" style="width: 50%;"$ban_disabled>
+	<input type="submit" value="$txt_ban" class="managebutton" $ban_disabled>
 	</form>
 	
 	</td><td><small>$ban_info</small></td></tr>
@@ -1276,11 +1360,9 @@ EOF;
 	</table>
 	
 	</fieldset>
-	
-	<fieldset>
-	<legend>$post_or_thread</legend>	
-	$post_html
-	</fieldset>
+
+	</td></tr>
+	</table>
 	
 	</fieldset>
 	<br>