This commit is contained in:
Shish 2019-12-01 19:15:40 +00:00
commit ecb6266617
11 changed files with 305 additions and 388 deletions

18
composer.lock generated
View file

@ -342,16 +342,16 @@
}, },
{ {
"name": "shish/ffsphp", "name": "shish/ffsphp",
"version": "v0.0.1", "version": "v0.0.2",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/shish/ffsphp.git", "url": "https://github.com/shish/ffsphp.git",
"reference": "6b1874cf05b0b6bbdf7b118ca081097d1f830cd7" "reference": "16c98d57c80bb4848f20253c8c1e5fe7f6c5823f"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/shish/ffsphp/zipball/6b1874cf05b0b6bbdf7b118ca081097d1f830cd7", "url": "https://api.github.com/repos/shish/ffsphp/zipball/16c98d57c80bb4848f20253c8c1e5fe7f6c5823f",
"reference": "6b1874cf05b0b6bbdf7b118ca081097d1f830cd7", "reference": "16c98d57c80bb4848f20253c8c1e5fe7f6c5823f",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -380,7 +380,7 @@
], ],
"description": "A collection of workarounds for stupid PHP things", "description": "A collection of workarounds for stupid PHP things",
"homepage": "https://github.com/shish/ffsphp", "homepage": "https://github.com/shish/ffsphp",
"time": "2019-11-25T15:37:09+00:00" "time": "2019-11-29T12:00:09+00:00"
}, },
{ {
"name": "shish/microcrud", "name": "shish/microcrud",
@ -429,7 +429,15 @@
"crud", "crud",
"generator" "generator"
], ],
<<<<<<< HEAD
"time": "2019-11-29T02:11:55+00:00" "time": "2019-11-29T02:11:55+00:00"
=======
<<<<<<< HEAD
"time": "2019-11-29T21:15:17+00:00"
=======
"time": "2019-11-29T10:55:02+00:00"
>>>>>>> e926b15d5ffeb6f7c0510acacaaa846294212f5c
>>>>>>> 0a330cd0baebc7f9387fd63a36a88c38d4338a0f
}, },
{ {
"name": "shish/microhtml", "name": "shish/microhtml",

View file

@ -13,6 +13,7 @@ abstract class Permissions
public const VIEW_IP = "view_ip"; # view IP addresses associated with things public const VIEW_IP = "view_ip"; # view IP addresses associated with things
public const BAN_IP = "ban_ip"; public const BAN_IP = "ban_ip";
public const CREATE_USER = "create_user";
public const EDIT_USER_NAME = "edit_user_name"; public const EDIT_USER_NAME = "edit_user_name";
public const EDIT_USER_PASSWORD = "edit_user_password"; public const EDIT_USER_PASSWORD = "edit_user_password";
public const EDIT_USER_INFO = "edit_user_info"; # email address, etc public const EDIT_USER_INFO = "edit_user_info"; # email address, etc

View file

@ -83,6 +83,7 @@ new UserClass("base", null, [
Permissions::VIEW_IP => false, # view IP addresses associated with things Permissions::VIEW_IP => false, # view IP addresses associated with things
Permissions::BAN_IP => false, Permissions::BAN_IP => false,
Permissions::CREATE_USER => false,
Permissions::EDIT_USER_NAME => false, Permissions::EDIT_USER_NAME => false,
Permissions::EDIT_USER_PASSWORD => false, Permissions::EDIT_USER_PASSWORD => false,
Permissions::EDIT_USER_INFO => false, # email address, etc Permissions::EDIT_USER_INFO => false, # email address, etc
@ -163,6 +164,7 @@ new UserClass("ghost", "base", [
// Anonymous users can't do anything by default, but // Anonymous users can't do anything by default, but
// the admin might grant them some permissions // the admin might grant them some permissions
new UserClass("anonymous", "base", [ new UserClass("anonymous", "base", [
Permissions::CREATE_USER => true,
]); ]);
new UserClass("user", "base", [ new UserClass("user", "base", [

View file

@ -1,5 +1,27 @@
<?php <?php
use MicroCRUD\TextColumn;
use MicroCRUD\Table;
class AliasTable extends Table
{
public function __construct(\FFSPHP\PDO $db)
{
parent::__construct($db);
$this->table = "aliases";
$this->base_query = "SELECT * FROM aliases";
$this->primary_key = "oldtag";
$this->size = 100;
$this->limit = 1000000;
$this->columns = [
new TextColumn("oldtag", "Old Tag"),
new TextColumn("newtag", "New Tag"),
];
$this->order_by = ["oldtag"];
$this->table_attrs = ["class" => "zebra"];
}
}
class AddAliasEvent extends Event class AddAliasEvent extends Event
{ {
/** @var string */ /** @var string */
@ -27,9 +49,10 @@ class AliasEditor extends Extension
if ($event->page_matches("alias")) { if ($event->page_matches("alias")) {
if ($event->get_arg(0) == "add") { if ($event->get_arg(0) == "add") {
if ($user->can(Permissions::MANAGE_ALIAS_LIST)) { if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
if (isset($_POST['oldtag']) && isset($_POST['newtag'])) { $user->ensure_authed();
$input = validate_input(["c_oldtag"=>"string", "c_newtag"=>"string"]);
try { try {
$aae = new AddAliasEvent($_POST['oldtag'], $_POST['newtag']); $aae = new AddAliasEvent($input['c_oldtag'], $input['c_newtag']);
send_event($aae); send_event($aae);
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("alias/list")); $page->set_redirect(make_link("alias/list"));
@ -37,42 +60,25 @@ class AliasEditor extends Extension
$this->theme->display_error(500, "Error adding alias", $ex->getMessage()); $this->theme->display_error(500, "Error adding alias", $ex->getMessage());
} }
} }
}
} elseif ($event->get_arg(0) == "remove") { } elseif ($event->get_arg(0) == "remove") {
if ($user->can(Permissions::MANAGE_ALIAS_LIST)) { if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
if (isset($_POST['oldtag'])) { $user->ensure_authed();
$database->execute("DELETE FROM aliases WHERE oldtag=:oldtag", ["oldtag" => $_POST['oldtag']]); $input = validate_input(["d_oldtag"=>"string"]);
log_info("alias_editor", "Deleted alias for ".$_POST['oldtag'], "Deleted alias"); $database->execute("DELETE FROM aliases WHERE oldtag=:oldtag", ["oldtag" => $input['d_oldtag']]);
log_info("alias_editor", "Deleted alias for ".$input['d_oldtag'], "Deleted alias");
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("alias/list")); $page->set_redirect(make_link("alias/list"));
} }
}
} elseif ($event->get_arg(0) == "list") { } elseif ($event->get_arg(0) == "list") {
if ($event->count_args() == 2) { $t = new AliasTable($database->raw_db());
$page_number = $event->get_arg(1); $t->token = $user->get_auth_token();
if (!is_numeric($page_number)) { $t->inputs = $_GET;
$page_number = 0; $t->size = $config->get_int('alias_items_per_page', 30);
} elseif ($page_number <= 0) { if($user->can(Permissions::MANAGE_ALIAS_LIST)) {
$page_number = 0; $t->create_url = make_link("alias/add");
} else { $t->delete_url = make_link("alias/remove");
$page_number--;
} }
} else { $this->theme->display_aliases($t->table($t->query()), $t->paginator());
$page_number = 0;
}
$alias_per_page = $config->get_int('alias_items_per_page', 30);
$query = "SELECT oldtag, newtag FROM aliases ORDER BY newtag ASC LIMIT :limit OFFSET :offset";
$alias = $database->get_pairs(
$query,
["limit"=>$alias_per_page, "offset"=>$page_number * $alias_per_page]
);
$total_pages = ceil($database->get_one("SELECT COUNT(*) FROM aliases") / $alias_per_page);
$this->theme->display_aliases($alias, $page_number + 1, $total_pages);
} elseif ($event->get_arg(0) == "export") { } elseif ($event->get_arg(0) == "export") {
$page->set_mode(PageMode::DATA); $page->set_mode(PageMode::DATA);
$page->set_type("text/csv"); $page->set_type("text/csv");

View file

@ -7,51 +7,14 @@ class AliasEditorTheme extends Themelet
* *
* Note: $can_manage = whether things like "add new alias" should be shown * Note: $can_manage = whether things like "add new alias" should be shown
*/ */
public function display_aliases(array $aliases, int $pageNumber, int $totalPages): void public function display_aliases($table, $paginator): void
{ {
global $page, $user; global $page, $user;
$can_manage = $user->can(Permissions::MANAGE_ALIAS_LIST); $can_manage = $user->can(Permissions::MANAGE_ALIAS_LIST);
if ($can_manage) {
$h_action = "<th width='10%'>Action</th>";
$h_add = "
<tr>
".make_form(make_link("alias/add"))."
<td><input type='text' name='oldtag' class='autocomplete_tags' autocomplete='off'></td>
<td><input type='text' name='newtag' class='autocomplete_tags' autocomplete='off'></td>
<td><input type='submit' value='Add'></td>
</form>
</tr>
";
} else {
$h_action = "";
$h_add = "";
}
$h_aliases = "";
foreach ($aliases as $old => $new) {
$h_old = html_escape($old);
$h_new = "<a href='".make_link("post/list/".url_escape($new)."/1")."'>".html_escape($new)."</a>";
$h_aliases .= "<tr><td>$h_old</td><td>$h_new</td>";
if ($can_manage) {
$h_aliases .= "
<td>
".make_form(make_link("alias/remove"))."
<input type='hidden' name='oldtag' value='$h_old'>
<input type='submit' value='Remove'>
</form>
</td>
";
}
$h_aliases .= "</tr>";
}
$html = " $html = "
<table id='aliases' class='sortable zebra'> $table
<thead><tr><th>From</th><th>To</th>$h_action</tr></thead> $paginator
<tbody>$h_aliases</tbody>
<tfoot>$h_add</tfoot>
</table>
<p><a href='".make_link("alias/export/aliases.csv")."' download='aliases.csv'>Download as CSV</a></p> <p><a href='".make_link("alias/export/aliases.csv")."' download='aliases.csv'>Download as CSV</a></p>
"; ";
@ -69,7 +32,5 @@ class AliasEditorTheme extends Themelet
if ($can_manage) { if ($can_manage) {
$page->add_block(new Block("Bulk Upload", $bulk_html, "main", 51)); $page->add_block(new Block("Bulk Upload", $bulk_html, "main", 51));
} }
$this->display_paginator($page, "alias/list", null, $pageNumber, $totalPages);
} }
} }

View file

@ -23,7 +23,12 @@ class IPBanTable extends Table
$this->limit = 1000000; $this->limit = 1000000;
$this->columns = [ $this->columns = [
new InetColumn("ip", "IP"), new InetColumn("ip", "IP"),
new EnumColumn("mode", "Mode", ["Block"=>"block", "Firewall"=>"firewall", "Ghost"=>"ghost"]), new EnumColumn("mode", "Mode", [
"Block"=>"block",
"Firewall"=>"firewall",
"Ghost"=>"ghost",
"Anon Ghost"=>"anon-ghost"
]),
new TextColumn("reason", "Reason"), new TextColumn("reason", "Reason"),
new StringColumn("banner", "Banner"), new StringColumn("banner", "Banner"),
new DateColumn("added", "Added"), new DateColumn("added", "Added"),
@ -108,8 +113,8 @@ class IPBan extends Extension
} }
} }
$cache->set("ip_bans", $ips, 600); $cache->set("ip_bans", $ips, 60);
$cache->set("network_bans", $networks, 600); $cache->set("network_bans", $networks, 60);
} }
// Check if our current IP is in either of the ban lists // Check if our current IP is in either of the ban lists
@ -117,8 +122,7 @@ class IPBan extends Extension
$active_ban_id = null; $active_ban_id = null;
if (isset($ips[$remote])) { if (isset($ips[$remote])) {
$active_ban_id = $ips[$remote]; $active_ban_id = $ips[$remote];
} } else {
else {
foreach ($networks as $range => $ban_id) { foreach ($networks as $range => $ban_id) {
if (ip_in_range($remote, $range)) { if (ip_in_range($remote, $range)) {
$active_ban_id = $ban_id; $active_ban_id = $ban_id;
@ -127,12 +131,15 @@ class IPBan extends Extension
} }
// If an active ban is found, act on it // If an active ban is found, act on it
if(!is_null($active_ban_id)) { if (!is_null($active_ban_id)) {
$row = $database->get_row("SELECT * FROM bans WHERE id=:id", ["id"=>$active_ban_id]); $row = $database->get_row("SELECT * FROM bans WHERE id=:id", ["id"=>$active_ban_id]);
if (empty($row)) {
return;
}
$msg = $config->get_string("ipban_message"); $msg = $config->get_string("ipban_message_{$row['mode']}") ?? $config->get_string("ipban_message");
$msg = str_replace('$IP', $row["ip"], $msg); $msg = str_replace('$IP', $row["ip"], $msg);
$msg = str_replace('$DATE', $row['expires'], $msg); $msg = str_replace('$DATE', $row['expires'] ?? 'the end of time', $msg);
$msg = str_replace('$ADMIN', User::by_id($row['banner_id'])->name, $msg); $msg = str_replace('$ADMIN', User::by_id($row['banner_id'])->name, $msg);
$msg = str_replace('$REASON', $row['reason'], $msg); $msg = str_replace('$REASON', $row['reason'], $msg);
$contact_link = contact_link(); $contact_link = contact_link();
@ -141,12 +148,22 @@ class IPBan extends Extension
} else { } else {
$msg = str_replace('$CONTACT', "", $msg); $msg = str_replace('$CONTACT', "", $msg);
} }
$msg .= "<!-- $active_ban_id / {$row["mode"]} -->";
if($row["mode"] == "ghost") { if ($row["mode"] == "ghost") {
$b = new Block(null, $msg, "main", 0); $b = new Block(null, $msg, "main", 0);
$b->is_content = false; $b->is_content = false;
$page->add_block($b); $page->add_block($b);
$page->add_cookie("nocache", "Ghost Banned", time()+60*60*2, "/");
$event->user->class = $_shm_user_classes["ghost"]; $event->user->class = $_shm_user_classes["ghost"];
} elseif ($row["mode"] == "anon-ghost") {
if ($event->user->is_anonymous()) {
$b = new Block(null, $msg, "main", 0);
$b->is_content = false;
$page->add_block($b);
$page->add_cookie("nocache", "Ghost Banned", time()+60*60*2, "/");
$event->user->class = $_shm_user_classes["ghost"];
}
} else { } else {
header("HTTP/1.0 403 Forbidden"); header("HTTP/1.0 403 Forbidden");
print "$msg"; print "$msg";
@ -190,8 +207,16 @@ class IPBan extends Extension
public function onSetupBuilding(SetupBuildingEvent $event) public function onSetupBuilding(SetupBuildingEvent $event)
{ {
global $config;
$sb = new SetupBlock("IP Ban"); $sb = new SetupBlock("IP Ban");
$sb->add_longtext_option("ipban_message", 'Message to show to banned users:<br>(with $IP, $DATE, $ADMIN, $REASON, and $CONTACT)'); $sb->add_longtext_option("ipban_message", 'Message to show to banned users:<br>(with $IP, $DATE, $ADMIN, $REASON, and $CONTACT)');
if ($config->get_string("ipban_message_ghost")) {
$sb->add_longtext_option("ipban_message_ghost", 'Message to show to ghost users:');
}
if ($config->get_string("ipban_message_anon-ghost")) {
$sb->add_longtext_option("ipban_message_anon-ghost", 'Message to show to ghost anons:');
}
$event->panel->add_block($sb); $event->panel->add_block($sb);
} }
@ -218,7 +243,8 @@ class IPBan extends Extension
global $cache, $user, $database; global $cache, $user, $database;
$sql = "INSERT INTO bans (ip, mode, reason, expires, banner_id) VALUES (:ip, :mode, :reason, :expires, :admin_id)"; $sql = "INSERT INTO bans (ip, mode, reason, expires, banner_id) VALUES (:ip, :mode, :reason, :expires, :admin_id)";
$database->Execute($sql, ["ip"=>$event->ip, "mode"=>$event->mode, "reason"=>$event->reason, "expires"=>$event->expires, "admin_id"=>$user->id]); $database->Execute($sql, ["ip"=>$event->ip, "mode"=>$event->mode, "reason"=>$event->reason, "expires"=>$event->expires, "admin_id"=>$user->id]);
$cache->delete("ip_bans_sorted"); $cache->delete("ip_bans");
$cache->delete("network_bans");
log_info("ipban", "Banned {$event->ip} because '{$event->reason}' until {$event->expires}"); log_info("ipban", "Banned {$event->ip} because '{$event->reason}' until {$event->expires}");
} }
@ -228,7 +254,8 @@ class IPBan extends Extension
$ban = $database->get_row("SELECT * FROM bans WHERE id = :id", ["id"=>$event->id]); $ban = $database->get_row("SELECT * FROM bans WHERE id = :id", ["id"=>$event->id]);
if ($ban) { if ($ban) {
$database->Execute("DELETE FROM bans WHERE id = :id", ["id"=>$event->id]); $database->Execute("DELETE FROM bans WHERE id = :id", ["id"=>$event->id]);
$cache->delete("ip_bans_sorted"); $cache->delete("ip_bans");
$cache->delete("network_bans");
log_info("ipban", "Removed {$ban['ip']}'s ban"); log_info("ipban", "Removed {$ban['ip']}'s ban");
} }
} }

View file

@ -1,5 +1,74 @@
<?php <?php
use function MicroHTML\{A,SPAN};
use MicroCRUD\Column;
use MicroCRUD\DateTimeColumn;
use MicroCRUD\TextColumn;
use MicroCRUD\Table;
class ActorColumn extends Column {
public function __construct($name, $title)
{
parent::__construct($name, $title, "((username=:$name) OR (address=:$name))");
}
public function display($row)
{
if ($row['username'] == "Anonymous") {
return $row["address"];
} else {
return A(["href"=>make_link("user/{$row['username']}"), "title"=>$row['address']], $row['username']);
}
}
}
class MessageColumn extends TextColumn {
public function display($row)
{
$c = "#000";
switch ($row['priority']) {
case SCORE_LOG_DEBUG: $c = "#999"; break;
case SCORE_LOG_INFO: $c = "#000"; break;
case SCORE_LOG_WARNING: $c = "#800"; break;
case SCORE_LOG_ERROR: $c = "#C00"; break;
case SCORE_LOG_CRITICAL: $c = "#F00"; break;
}
return SPAN(["style"=>"color: $c"], $this->scan_entities($row[$this->name]));
}
protected function scan_entities($line)
{
return preg_replace_callback("/Image #(\d+)/s", [$this, "link_image"], $line);
}
protected function link_image($id)
{
$iid = int_escape($id[1]);
return "<a href='".make_link("post/view/$iid")."'>Image #$iid</a>";
}
}
class LogTable extends Table
{
public function __construct(\FFSPHP\PDO $db)
{
parent::__construct($db);
$this->table = "score_log";
$this->base_query = "SELECT * FROM score_log";
$this->size = 100;
$this->limit = 1000000;
$this->columns = [
new DateTimeColumn("date_sent", "Time"),
new TextColumn("section", "Module"),
new ActorColumn("username_or_address", "User"),
new MessageColumn("message", "Message")
];
$this->order_by = ["date_sent DESC"];
$this->table_attrs = ["class" => "zebra"];
}
}
class LogDatabase extends Extension class LogDatabase extends Extension
{ {
public function onInitExt(InitExtEvent $event) public function onInitExt(InitExtEvent $event)

View file

@ -2,133 +2,12 @@
class LogDatabaseTheme extends Themelet class LogDatabaseTheme extends Themelet
{ {
protected function heie($var) public function display_events($table, $paginator)
{ {
if (isset($_GET[$var])) {
return html_escape($_GET[$var]);
} else {
return "";
}
}
protected function ueie($var)
{
if (isset($_GET[$var])) {
return $var."=".url_escape($_GET[$var]);
} else {
return "";
}
}
public function display_events($events, $page_num, $page_total)
{
$table = "
<style>
.sizedinputs TD INPUT {
width: 100%;
}
</style>
<table class='zebra'>
<thead>
<tr><th>Time</th><th>Module</th><th>User</th><th colspan='3'>Message</th></tr>
".make_form("log/view", "GET")."
<tr class='sizedinputs'>
<td><input type='date' name='time-start' value='".$this->heie("time-start")."'>
<br><input type='date' name='time-end' value='".$this->heie("time-end")."'></td>
<td><input type='text' name='module' value='".$this->heie("module")."'></td>
<td><input type='text' name='user' value='".$this->heie("user")."'></td>
<td><input type='text' name='message' value='".$this->heie("message")."'></td>
<td>
<select name='priority'>
<option value='".SCORE_LOG_DEBUG."' ".($this->heie("priority")==SCORE_LOG_DEBUG ? "selected" : "").">Debug</option>
<option value='".SCORE_LOG_INFO."' ".($this->heie("priority")==SCORE_LOG_INFO ? "selected" : "").">Info</option>
<option value='".SCORE_LOG_WARNING."' ".($this->heie("priority")==SCORE_LOG_WARNING ? "selected" : "").">Warning</option>
<option value='".SCORE_LOG_ERROR."' ".($this->heie("priority")==SCORE_LOG_ERROR ? "selected" : "").">Error</option>
<option value='".SCORE_LOG_CRITICAL."' ".($this->heie("priority")==SCORE_LOG_CRITICAL ? "selected" : "").">Critical</option>
</select>
</td>
<td><input type='submit' value='Search'></td>
</tr>
</form>
</thead>
<tbody>\n";
reset($events); // rewind to first element in array.
foreach ($events as $event) {
$c = $this->pri_to_col($event['priority']);
$table .= "<tr style='color: $c'>";
$table .= "<td>".str_replace(" ", "&nbsp;", substr($event['date_sent'], 0, 19))."</td>";
$table .= "<td>".$event['section']."</td>";
if ($event['username'] == "Anonymous") {
$table .= "<td>".$event['address']."</td>";
} else {
$table .= "<td><span title='".$event['address']."'>".
"<a href='".make_link("user/".url_escape($event['username']))."'>".html_escape($event['username'])."</a>".
"</span></td>";
}
$table .= "<td colspan='3'>".$this->scan_entities(html_escape($event['message']))."</td>";
$table .= "</tr>\n";
}
$table .= "</tbody></table>";
global $page; global $page;
$page->set_title("Event Log"); $page->set_title("Event Log");
$page->set_heading("Event Log"); $page->set_heading("Event Log");
$page->add_block(new NavBlock()); $page->add_block(new NavBlock());
$page->add_block(new Block("Events", $table)); $page->add_block(new Block("Events", $table . $paginator));
$this->display_paginator($page, "log/view", $this->get_args(), $page_num, $page_total);
}
protected function get_args()
{
$args = "";
// Check if each arg is actually empty and skip it if so
if (strlen($this->ueie("time-start"))) {
$args .= $this->ueie("time-start")."&";
}
if (strlen($this->ueie("time-end"))) {
$args .= $this->ueie("time-end")."&";
}
if (strlen($this->ueie("module"))) {
$args .= $this->ueie("module")."&";
}
if (strlen($this->ueie("user"))) {
$args .= $this->ueie("user")."&";
}
if (strlen($this->ueie("message"))) {
$args .= $this->ueie("message")."&";
}
if (strlen($this->ueie("priority"))) {
$args .= $this->ueie("priority");
}
// If there are no args at all, set $args to null to prevent an unnecessary ? at the end of the paginator url
if (strlen($args) == 0) {
$args = null;
}
return $args;
}
protected function pri_to_col($pri)
{
switch ($pri) {
case SCORE_LOG_DEBUG: return "#999";
case SCORE_LOG_INFO: return "#000";
case SCORE_LOG_WARNING: return "#800";
case SCORE_LOG_ERROR: return "#C00";
case SCORE_LOG_CRITICAL: return "#F00";
default: return "";
}
}
protected function scan_entities($line)
{
$line = preg_replace_callback("/Image #(\d+)/s", [$this, "link_image"], $line);
return $line;
}
protected function link_image($id)
{
$iid = int_escape($id[1]);
return "<a href='".make_link("post/view/$iid")."'>Image #$iid</a>";
} }
} }

View file

@ -373,7 +373,7 @@ class SourceHistory extends Extension
" "
INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set) INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set)
VALUES (:image_id, :source, :user_id, :user_ip, now())", VALUES (:image_id, :source, :user_id, :user_ip, now())",
["image_id"=>$image->id, "source"=>$old_tags, "user_id"=>$config->get_int('anon_id'), "user_ip"=>'127.0.0.1'] ["image_id"=>$image->id, "source"=>$old_source, "user_id"=>$config->get_int('anon_id'), "user_ip"=>'127.0.0.1']
); );
$entries++; $entries++;
} }

View file

@ -2,6 +2,61 @@
require_once "events.php"; require_once "events.php";
use function MicroHTML\A;
use MicroCRUD\Column;
use MicroCRUD\EnumColumn;
use MicroCRUD\TextColumn;
use MicroCRUD\Table;
class UserNameColumn extends TextColumn {
public function display(array $row) {
return A(["href"=>make_link("user/{$row[$this->name]}")], $row[$this->name]);
}
}
class UserLinksColumn extends Column {
public function __construct() {
parent::__construct("links", "User Links", "(1=1)");
$this->sortable = false;
}
public function create_input(array $inputs) {
return "";
}
public function read_input(array $inputs) {
return "";
}
public function display(array $row) {
return A(["href"=>make_link("post/list/user_id={$row['id']}/1")], "Posts");
}
}
class UserTable extends Table
{
public function __construct(\FFSPHP\PDO $db)
{
global $_shm_user_classes;
$classes = [];
foreach($_shm_user_classes as $cls) {
$classes[$cls->name] = $cls->name;
}
ksort($classes);
parent::__construct($db);
$this->table = "users";
$this->base_query = "SELECT * FROM users";
$this->size = 100;
$this->limit = 1000000;
$this->columns = [
new UserNameColumn("name", "Name"),
new EnumColumn("class", "Class", $classes),
// Added later, for admins only
// new TextColumn("email", "Email"),
new UserLinksColumn(),
];
$this->order_by = ["name"];
$this->table_attrs = ["class" => "zebra"];
}
}
class UserCreationException extends SCoreException class UserCreationException extends SCoreException
{ {
} }
@ -51,36 +106,15 @@ class UserPage extends Extension
} elseif ($event->get_arg(0) == "create") { } elseif ($event->get_arg(0) == "create") {
$this->page_create(); $this->page_create();
} elseif ($event->get_arg(0) == "list") { } elseif ($event->get_arg(0) == "list") {
$limit = 50; $t = new UserTable($database->raw_db());
$t->token = $user->get_auth_token();
$page_num = $event->try_page_num(1); $t->inputs = $_GET;
$offset = ($page_num-1) * $limit; if ($user->can(Permissions::DELETE_USER)) {
$col = new TextColumn("email", "Email");
$q = "WHERE 1=1"; // $t->columns[] = $col;
$a = []; array_splice($t->columns, 2, 0, [$col]);
if (@$_GET['username']) {
$q .= " AND SCORE_STRNORM(name) LIKE SCORE_STRNORM(:name)";
$a["name"] = '%' . $_GET['username'] . '%';
} }
$this->theme->display_user_list($page, $t->table($t->query()), $t->paginator());
if ($user->can(Permissions::DELETE_USER) && @$_GET['email']) {
$q .= " AND SCORE_STRNORM(email) LIKE SCORE_STRNORM(:email)";
$a["email"] = '%' . $_GET['email'] . '%';
}
if (@$_GET['class']) {
$q .= " AND class LIKE :class";
$a["class"] = $_GET['class'];
}
$where = $database->scoreql_to_sql($q);
$count = $database->get_one("SELECT count(*) FROM users $where", $a);
$a["offset"] = $offset;
$a["limit"] = $limit;
$rows = $database->get_all("SELECT * FROM users $where LIMIT :limit OFFSET :offset", $a);
$users = array_map("_new_user", $rows);
$this->theme->display_user_list($page, $users, $user, $page_num, $count/$limit);
} elseif ($event->get_arg(0) == "logout") { } elseif ($event->get_arg(0) == "logout") {
$this->page_logout(); $this->page_logout();
} }
@ -156,6 +190,9 @@ class UserPage extends Extension
} }
$event->add_stats("Joined: $h_join_date", 10); $event->add_stats("Joined: $h_join_date", 10);
if($user->name == $event->display_user->name) {
$event->add_stats("Current IP: {$_SERVER['REMOTE_ADDR']}", 80);
}
$event->add_stats("Class: $h_class", 90); $event->add_stats("Class: $h_class", 90);
$av = $event->display_user->get_avatar_html(); $av = $event->display_user->get_avatar_html();
@ -184,7 +221,6 @@ class UserPage extends Extension
} }
} }
private function display_stats(UserPageBuildingEvent $event) private function display_stats(UserPageBuildingEvent $event)
{ {
global $user, $page, $config; global $user, $page, $config;
@ -201,7 +237,6 @@ class UserPage extends Extension
} }
} }
if ($user->id == $event->display_user->id) { if ($user->id == $event->display_user->id) {
$ubbe = new UserBlockBuildingEvent(); $ubbe = new UserBlockBuildingEvent();
send_event($ubbe); send_event($ubbe);
@ -397,7 +432,12 @@ class UserPage extends Extension
private function page_create() private function page_create()
{ {
global $config, $page; global $config, $page, $user;
if ($user->can(Permissions::CREATE_USER)) {
$this->theme->display_error(403, "Account creation blocked", "Account creation is currently disabled");
return;
}
if (!$config->get_bool("login_signup_enabled")) { if (!$config->get_bool("login_signup_enabled")) {
$this->theme->display_signups_disabled($page); $this->theme->display_signups_disabled($page);
} elseif (!isset($_POST['name'])) { } elseif (!isset($_POST['name'])) {

View file

@ -13,88 +13,12 @@ class UserPageTheme extends Themelet
)); ));
} }
/** public function display_user_list(Page $page, $table, $paginator)
* #param User[] $users
*/
public function display_user_list(Page $page, array $users, User $user, int $page_num, int $page_total)
{ {
$page->set_title("User List"); $page->set_title("User List");
$page->set_heading("User List"); $page->set_heading("User List");
$page->add_block(new NavBlock()); $page->add_block(new NavBlock());
$page->add_block(new Block("Users", $table . $paginator));
$html = "<table class='zebra'>";
$html .= "<tr>";
$html .= "<td>Name</td>";
if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td>Email</td>";
}
$html .= "<td>Class</td>";
$html .= "<td>Action</td>";
$html .= "</tr>";
$h_username = html_escape(@$_GET['username']);
$h_email = html_escape(@$_GET['email']);
$h_class = html_escape(@$_GET['class']);
$html .= "<tr>" . make_form("user_admin/list", "GET");
$html .= "<td><input type='text' name='username' value='$h_username'/></td>";
if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td><input type='text' name='email' value='$h_email'/></td>";
}
$html .= "<td><input type='text' name='class' value='$h_class'/></td>";
$html .= "<td><input type='submit' value='Search'/></td>";
$html .= "</form></tr>";
foreach ($users as $duser) {
$h_name = html_escape($duser->name);
$h_email = html_escape($duser->email);
$h_class = html_escape($duser->class->name);
$u_link = make_link("user/" . url_escape($duser->name));
$u_posts = make_link("post/list/user_id=" . url_escape($duser->id) . "/1");
$html .= "<tr>";
$html .= "<td><a href='$u_link'>$h_name</a></td>";
if ($user->can(Permissions::DELETE_USER)) {
$html .= "<td>$h_email</td>";
}
$html .= "<td>$h_class</td>";
$html .= "<td><a href='$u_posts'>Show Posts</a></td>";
$html .= "</tr>";
}
$html .= "</table>";
$page->add_block(new Block("Users", $html));
$this->display_paginator($page, "user_admin/list", $this->get_args(), $page_num, $page_total);
}
protected function ueie($var)
{
if (isset($_GET[$var])) {
return $var."=".url_escape($_GET[$var]);
} else {
return "";
}
}
protected function get_args()
{
$args = "";
// Check if each arg is actually empty and skip it if so
if (strlen($this->ueie("username"))) {
$args .= $this->ueie("username")."&";
}
if (strlen($this->ueie("email"))) {
$args .= $this->ueie("email")."&";
}
if (strlen($this->ueie("class"))) {
$args .= $this->ueie("class")."&";
}
// If there are no args at all, set $args to null to prevent an unnecessary ? at the end of the paginator url
if (strlen($args) == 0) {
$args = null;
}
return $args;
} }
public function display_user_links(Page $page, User $user, $parts) public function display_user_links(Page $page, User $user, $parts)
@ -167,7 +91,7 @@ class UserPageTheme extends Themelet
public function display_login_block(Page $page) public function display_login_block(Page $page)
{ {
global $config; global $config, $user;
$html = ' $html = '
'.make_form(make_link("user_admin/login"))." '.make_form(make_link("user_admin/login"))."
<table style='width: 100%;' class='form'> <table style='width: 100%;' class='form'>
@ -187,7 +111,7 @@ class UserPageTheme extends Themelet
</table> </table>
</form> </form>
"; ";
if ($config->get_bool("login_signup_enabled")) { if ($config->get_bool("login_signup_enabled") && $user->can(Permissions::CREATE_USER)) {
$html .= "<small><a href='".make_link("user_admin/create")."'>Create Account</a></small>"; $html .= "<small><a href='".make_link("user_admin/create")."'>Create Account</a></small>";
} }
$page->add_block(new Block("Login", $html, "left", 90)); $page->add_block(new Block("Login", $html, "left", 90));