working microcrud for ipbans

2019-11-27 21:06:14 +00:00 · 2019-11-27 21:06:14 +00:00 · a9993b47a8
commit a9993b47a8
parent 1edc4a37bf
5 changed files with 46 additions and 37 deletions
--- a/composer.lock
+++ b/composer.lock
@ -388,12 +388,12 @@
            "source": {
                "type": "git",
                "url": "https://github.com/shish/microcrud.git",
-                "reference": "415ef0d7cf54177783cceaf031e5b7a0e9b7aa11"
+                "reference": "8c468bf36554ae1d3cc24ddc4059ebac2e965ef1"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/shish/microcrud/zipball/415ef0d7cf54177783cceaf031e5b7a0e9b7aa11",
-                "reference": "415ef0d7cf54177783cceaf031e5b7a0e9b7aa11",
+                "url": "https://api.github.com/repos/shish/microcrud/zipball/8c468bf36554ae1d3cc24ddc4059ebac2e965ef1",
+                "reference": "8c468bf36554ae1d3cc24ddc4059ebac2e965ef1",
                "shasum": ""
            },
            "require": {
@ -429,7 +429,7 @@
                "crud",
                "generator"
            ],
-            "time": "2019-11-25T22:50:43+00:00"
+            "time": "2019-11-27T19:39:01+00:00"
        },
        {
            "name": "shish/microhtml",
@ -1853,12 +1853,12 @@
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "550ebaac289296ce228a706d0867afc34687e3f4"
+                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/550ebaac289296ce228a706d0867afc34687e3f4",
-                "reference": "550ebaac289296ce228a706d0867afc34687e3f4",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
+                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
                "shasum": ""
            },
            "require": {
@ -1870,7 +1870,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.12-dev"
+                    "dev-master": "1.13-dev"
                }
            },
            "autoload": {
@ -1903,7 +1903,7 @@
                "polyfill",
                "portable"
            ],
-            "time": "2019-08-06T08:03:45+00:00"
+            "time": "2019-11-27T13:56:44+00:00"
        },
        {
            "name": "theseer/tokenizer",
--- a/core/polyfills.php
+++ b/core/polyfills.php
@ -728,6 +728,8 @@ function validate_input(array $inputs): array
            $outputs[$key] = (int)$value;
        } elseif (in_array('bool', $flags)) {
            $outputs[$key] = bool_escape($value);
+        } elseif (in_array('date', $flags)) {
+            $outputs[$key] = date("Y-m-d H:i:s", strtotime(trim($value)));
        } elseif (in_array('string', $flags)) {
            if (in_array('trim', $flags)) {
                $value = trim($value);
--- a/core/user.php
+++ b/core/user.php
@ -242,5 +242,12 @@ class User
    public function check_auth_token(): bool
    {
        return (isset($_POST["auth_token"]) && $_POST["auth_token"] == $this->get_auth_token());
+	}
+
+	public function ensure_authed(): void
+	{
+		if(!$this->check_auth_token()) {
+			die("Invalid auth token");
+		}
    }
 }
--- a/core/util.php
+++ b/core/util.php
@ -639,7 +639,7 @@ function show_ip(string $ip, string $ban_reason): string
    global $user;
    $u_reason = url_escape($ban_reason);
    $u_end = url_escape("+1 week");
-    $ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : "";
+    $ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "c_ip=$ip&c_reason=$u_reason&c_expires=$u_end#create")."'>Ban</a>" : "";
    $ip = $user->can(Permissions::VIEW_IP) ? $ip.$ban : "";
    return $ip;
 }
--- a/ext/ipban/main.php
+++ b/ext/ipban/main.php
@ -1,5 +1,6 @@
 <?php

+use MicroCRUD\InetColumn;
 use MicroCRUD\StringColumn;
 use MicroCRUD\DateColumn;
 use MicroCRUD\TextColumn;
@ -14,13 +15,15 @@ class IPBanTable extends Table

        $this->table = "bans";
        $this->base_query = "
-			SELECT bans.*, users.name AS banner
-			FROM bans JOIN users ON banner_id=users.id
+			SELECT * FROM (
+				SELECT bans.*, users.name AS banner
+				FROM bans JOIN users ON banner_id=users.id
+			) AS tbl1
 		";

        $this->size = 10;
        $this->columns = [
-            new StringColumn("ip", "IP"),
+            new InetColumn("ip", "IP"),
            new EnumColumn("mode", "Mode", ["Block"=>"block", "Firewall"=>"firewall"]),
            new TextColumn("reason", "Reason"),
            new StringColumn("banner", "Banner"),
@ -31,8 +34,10 @@ class IPBanTable extends Table
        $this->flags = [
            "all" => ["((expires > CURRENT_TIMESTAMP) OR (expires IS NULL))", null],
        ];
-        $this->create_url = "/ip_ban/create";
-        $this->delete_url = "/ip_ban/remove";
+        $this->create_url = make_link("ip_ban/create");
+        $this->delete_url = make_link("ip_ban/delete");
+
+		$this->table_attrs = ["class" => "sortable zebra"];
    }
 }

@ -83,30 +88,25 @@ class IPBan extends Extension
    public function onPageRequest(PageRequestEvent $event)
    {
        if ($event->page_matches("ip_ban")) {
-            global $database, $page, $user;
+			global $database, $page, $user;
            if ($user->can(Permissions::BAN_IP)) {
-                if ($event->get_arg(0) == "create" && $user->check_auth_token()) {
-                    if (isset($_POST['c_ip']) && isset($_POST['c_reason']) && isset($_POST['c_expires'])) {
-                        if (empty($_POST['c_expires'])) {
-                            $end = null;
-                        } else {
-                            $end = date("Y-m-d H:i:s", strtotime(trim($_POST['c_expires'])));
-                        }
-                        send_event(new AddIPBanEvent($_POST['c_ip'], $_POST['c_reason'], $end));
-
-                        flash_message("Ban for {$_POST['c_ip']} added");
-                        $page->set_mode(PageMode::REDIRECT);
-                        $page->set_redirect(make_link("ip_ban/list"));
-                    }
-                } elseif ($event->get_arg(0) == "delete" && $user->check_auth_token()) {
-                    if (isset($_POST['d_id'])) {
-                        send_event(new RemoveIPBanEvent($_POST['d_id']));
-
-                        flash_message("Ban removed");
-                        $page->set_mode(PageMode::REDIRECT);
-                        $page->set_redirect(make_link("ip_ban/list"));
-                    }
+                if ($event->get_arg(0) == "create") {
+					$user->ensure_authed();
+					$input = validate_input(["c_ip"=>"string", "c_reason"=>"string", "c_expires"=>"optional,date"]);
+					send_event(new AddIPBanEvent($input['c_ip'], $input['c_reason'], $input['c_expires']));
+					flash_message("Ban for {$input['c_ip']} added");
+					$page->set_mode(PageMode::REDIRECT);
+					$page->set_redirect(make_link("ip_ban/list"));
+                } elseif ($event->get_arg(0) == "delete") {
+					$user->ensure_authed();
+					$input = validate_input(["d_id"=>"int"]);
+					send_event(new RemoveIPBanEvent($input['d_id']));
+					flash_message("Ban removed");
+					$page->set_mode(PageMode::REDIRECT);
+					$page->set_redirect(make_link("ip_ban/list"));
                } elseif ($event->get_arg(0) == "list") {
+					$_GET['c_banner'] = $user->name;
+					$_GET['c_added'] = date('Y-m-d');
                    $t = new IPBanTable($database->raw_db(), $user->get_auth_token());
                    $table = $t->table($t->query());
                    $this->theme->display_bans($page, $table, $t->paginator());