2016-12-07 09:34:09 +00:00
package main
import "log"
import "fmt"
2016-12-13 02:14:14 +00:00
import "strings"
2016-12-07 09:34:09 +00:00
import "strconv"
import "net/http"
import "html"
import "database/sql"
import _ "github.com/go-sql-driver/mysql"
func route_edit_topic ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-07 09:34:09 +00:00
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
is_js := r . PostFormValue ( "js" )
if is_js == "" {
is_js = "0"
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . ViewTopic || ! user . Perms . EditTopic {
2016-12-07 09:34:09 +00:00
NoPermissionsJSQ ( w , r , user , is_js )
return
}
var tid int
tid , err = strconv . Atoi ( r . URL . Path [ len ( "/topic/edit/submit/" ) : ] )
if err != nil {
LocalErrorJSQ ( "The provided TopicID is not a valid number." , w , r , user , is_js )
return
}
topic_name := r . PostFormValue ( "topic_name" )
topic_status := r . PostFormValue ( "topic_status" )
2017-01-12 02:55:08 +00:00
is_closed := ( topic_status == "closed" )
2016-12-07 09:34:09 +00:00
topic_content := html . EscapeString ( r . PostFormValue ( "topic_content" ) )
2016-12-08 14:11:18 +00:00
_ , err = edit_topic_stmt . Exec ( topic_name , preparse_message ( topic_content ) , parse_message ( html . EscapeString ( preparse_message ( topic_content ) ) ) , is_closed , tid )
2016-12-07 09:34:09 +00:00
if err != nil {
InternalErrorJSQ ( err , w , r , user , is_js )
return
}
if is_js == "0" {
http . Redirect ( w , r , "/topic/" + strconv . Itoa ( tid ) , http . StatusSeeOther )
} else {
fmt . Fprintf ( w , "{'success': '1'}" )
}
}
func route_delete_topic ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . ViewTopic || ! user . Perms . DeleteTopic {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
tid , err := strconv . Atoi ( r . URL . Path [ len ( "/topic/delete/submit/" ) : ] )
if err != nil {
LocalError ( "The provided TopicID is not a valid number." , w , r , user )
return
}
2017-01-12 02:55:08 +00:00
var content string
var createdBy int
err = db . QueryRow ( "select tid, content, createdBy from topics where tid = ?" , tid ) . Scan ( & tid , & content , & createdBy )
2016-12-07 09:34:09 +00:00
if err == sql . ErrNoRows {
LocalError ( "The topic you tried to delete doesn't exist." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
_ , err = delete_topic_stmt . Exec ( tid )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-16 10:37:42 +00:00
log . Print ( "The topic '" + strconv . Itoa ( tid ) + "' was deleted by User ID #" + strconv . Itoa ( user . ID ) + "." )
2017-01-12 02:55:08 +00:00
http . Redirect ( w , r , "/" , http . StatusSeeOther )
wcount := word_count ( content )
err = decrease_post_user_stats ( wcount , createdBy , true , user )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-07 09:34:09 +00:00
}
func route_stick_topic ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . ViewTopic || ! user . Perms . PinTopic {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
tid , err := strconv . Atoi ( r . URL . Path [ len ( "/topic/stick/submit/" ) : ] )
if err != nil {
LocalError ( "The provided TopicID is not a valid number." , w , r , user )
return
}
_ , err = stick_topic_stmt . Exec ( tid )
if err != nil {
InternalError ( err , w , r , user )
return
}
http . Redirect ( w , r , "/topic/" + strconv . Itoa ( tid ) , http . StatusSeeOther )
}
func route_unstick_topic ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . ViewTopic || ! user . Perms . PinTopic {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
tid , err := strconv . Atoi ( r . URL . Path [ len ( "/topic/unstick/submit/" ) : ] )
if err != nil {
LocalError ( "The provided TopicID is not a valid number." , w , r , user )
return
}
_ , err = unstick_topic_stmt . Exec ( tid )
if err != nil {
InternalError ( err , w , r , user )
return
}
http . Redirect ( w , r , "/topic/" + strconv . Itoa ( tid ) , http . StatusSeeOther )
}
func route_reply_edit_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-07 09:34:09 +00:00
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
is_js := r . PostFormValue ( "js" )
if is_js == "" {
is_js = "0"
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . ViewTopic || ! user . Perms . EditReply {
2016-12-07 09:34:09 +00:00
NoPermissionsJSQ ( w , r , user , is_js )
return
}
rid , err := strconv . Atoi ( r . URL . Path [ len ( "/reply/edit/submit/" ) : ] )
if err != nil {
LocalError ( "The provided Reply ID is not a valid number." , w , r , user )
return
}
2016-12-08 14:11:18 +00:00
content := html . EscapeString ( preparse_message ( r . PostFormValue ( "edit_item" ) ) )
2016-12-07 09:34:09 +00:00
_ , err = edit_reply_stmt . Exec ( content , parse_message ( content ) , rid )
if err != nil {
InternalError ( err , w , r , user )
return
}
// Get the Reply ID..
var tid int
err = db . QueryRow ( "select tid from replies where rid = ?" , rid ) . Scan ( & tid )
if err != nil {
InternalError ( err , w , r , user )
return
}
if is_js == "0" {
http . Redirect ( w , r , "/topic/" + strconv . Itoa ( tid ) + "#reply-" + strconv . Itoa ( rid ) , http . StatusSeeOther )
} else {
fmt . Fprintf ( w , "{'success': '1'}" )
}
}
func route_reply_delete_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-07 09:34:09 +00:00
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
is_js := r . PostFormValue ( "is_js" )
if is_js == "" {
is_js = "0"
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . ViewTopic || ! user . Perms . DeleteReply {
2016-12-07 09:34:09 +00:00
NoPermissionsJSQ ( w , r , user , is_js )
return
}
rid , err := strconv . Atoi ( r . URL . Path [ len ( "/reply/delete/submit/" ) : ] )
if err != nil {
LocalErrorJSQ ( "The provided Reply ID is not a valid number." , w , r , user , is_js )
return
}
var tid int
2017-01-12 02:55:08 +00:00
var content string
var createdBy int
err = db . QueryRow ( "SELECT tid, content, createdBy from replies where rid = ?" , rid ) . Scan ( & tid , & content , & createdBy )
2016-12-07 09:34:09 +00:00
if err == sql . ErrNoRows {
LocalErrorJSQ ( "The reply you tried to delete doesn't exist." , w , r , user , is_js )
return
} else if err != nil {
InternalErrorJSQ ( err , w , r , user , is_js )
return
}
_ , err = delete_reply_stmt . Exec ( rid )
if err != nil {
InternalErrorJSQ ( err , w , r , user , is_js )
return
}
log . Print ( "The reply '" + strconv . Itoa ( rid ) + "' was deleted by User ID #" + strconv . Itoa ( user . ID ) + "." )
if is_js == "0" {
//http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
} else {
fmt . Fprintf ( w , "{'success': '1'}" )
}
2017-01-12 02:55:08 +00:00
wcount := word_count ( content )
err = decrease_post_user_stats ( wcount , createdBy , false , user )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-07 09:34:09 +00:00
}
func route_profile_reply_edit_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-07 09:34:09 +00:00
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
is_js := r . PostFormValue ( "js" )
if is_js == "" {
is_js = "0"
}
rid , err := strconv . Atoi ( r . URL . Path [ len ( "/profile/reply/edit/submit/" ) : ] )
if err != nil {
LocalError ( "The provided Reply ID is not a valid number." , w , r , user )
return
}
2016-12-07 13:46:14 +00:00
// Get the Reply ID..
var uid int
err = db . QueryRow ( "select uid from users_replies where rid = ?" , rid ) . Scan ( & uid )
2016-12-07 09:34:09 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-21 02:30:32 +00:00
if user . ID != uid && ! user . Perms . EditReply {
2016-12-07 13:46:14 +00:00
NoPermissionsJSQ ( w , r , user , is_js )
return
}
2016-12-08 14:11:18 +00:00
content := html . EscapeString ( preparse_message ( r . PostFormValue ( "edit_item" ) ) )
2016-12-07 13:46:14 +00:00
_ , err = edit_profile_reply_stmt . Exec ( content , parse_message ( content ) , rid )
2016-12-07 09:34:09 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
if is_js == "0" {
http . Redirect ( w , r , "/user/" + strconv . Itoa ( uid ) + "#reply-" + strconv . Itoa ( rid ) , http . StatusSeeOther )
} else {
fmt . Fprintf ( w , "{'success': '1'}" )
}
}
func route_profile_reply_delete_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-07 09:34:09 +00:00
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
is_js := r . PostFormValue ( "is_js" )
if is_js == "" {
is_js = "0"
}
rid , err := strconv . Atoi ( r . URL . Path [ len ( "/profile/reply/delete/submit/" ) : ] )
if err != nil {
LocalErrorJSQ ( "The provided Reply ID is not a valid number." , w , r , user , is_js )
return
}
var uid int
err = db . QueryRow ( "SELECT uid from users_replies where rid = ?" , rid ) . Scan ( & uid )
if err == sql . ErrNoRows {
LocalErrorJSQ ( "The reply you tried to delete doesn't exist." , w , r , user , is_js )
return
} else if err != nil {
InternalErrorJSQ ( err , w , r , user , is_js )
2016-12-07 13:46:14 +00:00
return
}
2016-12-21 02:30:32 +00:00
if user . ID != uid && ! user . Perms . DeleteReply {
2016-12-07 13:46:14 +00:00
NoPermissionsJSQ ( w , r , user , is_js )
2016-12-07 09:34:09 +00:00
return
}
_ , err = delete_profile_reply_stmt . Exec ( rid )
if err != nil {
InternalErrorJSQ ( err , w , r , user , is_js )
return
}
log . Print ( "The reply '" + strconv . Itoa ( rid ) + "' was deleted by User ID #" + strconv . Itoa ( user . ID ) + "." )
if is_js == "0" {
//http.Redirect(w,r, "/user/" + strconv.Itoa(uid), http.StatusSeeOther)
} else {
fmt . Fprintf ( w , "{'success': '1'}" )
}
}
2016-12-08 14:11:18 +00:00
func route_ban ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . BanUsers {
2016-12-08 14:11:18 +00:00
NoPermissions ( w , r , user )
return
}
uid , err := strconv . Atoi ( r . URL . Path [ len ( "/users/ban/" ) : ] )
if err != nil {
LocalError ( "The provided User ID is not a valid number." , w , r , user )
return
}
var uname string
err = db . QueryRow ( "SELECT name from users where uid = ?" , uid ) . Scan ( & uname )
if err == sql . ErrNoRows {
LocalError ( "The user you're trying to ban no longer exists." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
confirm_msg := "Are you sure you want to ban '" + uname + "'?"
yousure := AreYouSure { "/users/ban/submit/" + strconv . Itoa ( uid ) , confirm_msg }
2017-01-17 07:55:46 +00:00
pi := Page { "Ban User" , user , noticeList , tList , yousure }
2016-12-08 14:11:18 +00:00
templates . ExecuteTemplate ( w , "areyousure.html" , pi )
}
func route_ban_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . BanUsers {
2016-12-08 14:11:18 +00:00
NoPermissions ( w , r , user )
return
}
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
uid , err := strconv . Atoi ( r . URL . Path [ len ( "/users/ban/submit/" ) : ] )
if err != nil {
LocalError ( "The provided User ID is not a valid number." , w , r , user )
return
}
var group int
var is_super_admin bool
err = db . QueryRow ( "SELECT `group`, `is_super_admin` from `users` where `uid` = ?" , uid ) . Scan ( & group , & is_super_admin )
if err == sql . ErrNoRows {
LocalError ( "The user you're trying to ban no longer exists." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
if is_super_admin || groups [ group ] . Is_Admin || groups [ group ] . Is_Mod {
LocalError ( "You may not ban another staff member." , w , r , user )
return
}
if uid == user . ID {
LocalError ( "You may not ban yourself." , w , r , user )
return
}
if uid == - 2 {
LocalError ( "You may not ban me. Fine, I will offer up some guidance unto thee. Come to my lair, young one. /arcane-tower/" , w , r , user )
return
}
if groups [ group ] . Is_Banned {
LocalError ( "The user you're trying to unban is already banned." , w , r , user )
return
}
_ , err = change_group_stmt . Exec ( 4 , uid )
if err != nil {
InternalError ( err , w , r , user )
return
}
http . Redirect ( w , r , "/users/" + strconv . Itoa ( uid ) , http . StatusSeeOther )
}
func route_unban ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . BanUsers {
2016-12-08 14:11:18 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-23 12:35:22 +00:00
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
2016-12-08 14:11:18 +00:00
uid , err := strconv . Atoi ( r . URL . Path [ len ( "/users/unban/" ) : ] )
if err != nil {
LocalError ( "The provided User ID is not a valid number." , w , r , user )
return
}
var uname string
var group int
err = db . QueryRow ( "SELECT `name`, `group` from users where `uid` = ?" , uid ) . Scan ( & uname , & group )
if err == sql . ErrNoRows {
LocalError ( "The user you're trying to unban no longer exists." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
if ! groups [ group ] . Is_Banned {
LocalError ( "The user you're trying to unban isn't banned." , w , r , user )
return
}
_ , err = change_group_stmt . Exec ( default_group , uid )
if err != nil {
InternalError ( err , w , r , user )
return
}
http . Redirect ( w , r , "/users/" + strconv . Itoa ( uid ) , http . StatusSeeOther )
}
2016-12-18 12:56:06 +00:00
func route_activate ( w http . ResponseWriter , r * http . Request ) {
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Perms . ActivateUsers {
2016-12-18 12:56:06 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-23 12:35:22 +00:00
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
2016-12-18 12:56:06 +00:00
uid , err := strconv . Atoi ( r . URL . Path [ len ( "/users/activate/" ) : ] )
if err != nil {
LocalError ( "The provided User ID is not a valid number." , w , r , user )
return
}
var uname string
var active bool
err = db . QueryRow ( "SELECT `name`, `active` from users where `uid` = ?" , uid ) . Scan ( & uname , & active )
if err == sql . ErrNoRows {
LocalError ( "The account you're trying to activate no longer exists." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
if active {
LocalError ( "The account you're trying to activate has already been activated." , w , r , user )
return
}
_ , err = activate_user_stmt . Exec ( uid )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-21 02:30:32 +00:00
_ , err = change_group_stmt . Exec ( default_group , uid )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-18 12:56:06 +00:00
http . Redirect ( w , r , "/users/" + strconv . Itoa ( uid ) , http . StatusSeeOther )
}
2016-12-24 13:14:40 +00:00
/* Control Panel*/
func route_panel ( w http . ResponseWriter , r * http . Request ) {
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
if ! user . Is_Super_Mod {
NoPermissions ( w , r , user )
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "Control Panel Dashboard" , user , noticeList , tList , 0 }
2016-12-24 13:14:40 +00:00
templates . ExecuteTemplate ( w , "panel-dashboard.html" , pi )
}
2016-12-07 09:34:09 +00:00
func route_panel_forums ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManageForums {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-18 12:56:06 +00:00
var forumList [ ] interface { }
2016-12-07 09:34:09 +00:00
for _ , forum := range forums {
if forum . ID > - 1 {
2016-12-18 12:56:06 +00:00
forumList = append ( forumList , forum )
2016-12-07 09:34:09 +00:00
}
}
2017-01-17 07:55:46 +00:00
pi := Page { "Forum Manager" , user , noticeList , forumList , 0 }
2016-12-07 09:34:09 +00:00
templates . ExecuteTemplate ( w , "panel-forums.html" , pi )
}
func route_panel_forums_create_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManageForums {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
fname := r . PostFormValue ( "forum-name" )
res , err := create_forum_stmt . Exec ( fname )
if err != nil {
InternalError ( err , w , r , user )
return
}
lastId , err := res . LastInsertId ( )
if err != nil {
InternalError ( err , w , r , user )
return
}
forums [ int ( lastId ) ] = Forum { int ( lastId ) , fname , true , "" , 0 , "" , 0 , "" }
http . Redirect ( w , r , "/panel/forums/" , http . StatusSeeOther )
}
func route_panel_forums_delete ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManageForums {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-21 02:30:32 +00:00
2016-12-07 09:34:09 +00:00
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
fid , err := strconv . Atoi ( r . URL . Path [ len ( "/panel/forums/delete/" ) : ] )
if err != nil {
LocalError ( "The provided Forum ID is not a valid number." , w , r , user )
return
}
2016-12-16 10:37:42 +00:00
_ , ok = forums [ fid ] ;
2016-12-07 09:34:09 +00:00
if ! ok {
LocalError ( "The forum you're trying to delete doesn't exist." , w , r , user )
return
}
confirm_msg := "Are you sure you want to delete the '" + forums [ fid ] . Name + "' forum?"
yousure := AreYouSure { "/panel/forums/delete/submit/" + strconv . Itoa ( fid ) , confirm_msg }
2017-01-17 07:55:46 +00:00
pi := Page { "Delete Forum" , user , noticeList , tList , yousure }
2016-12-07 09:34:09 +00:00
templates . ExecuteTemplate ( w , "areyousure.html" , pi )
}
func route_panel_forums_delete_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManageForums {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-21 02:30:32 +00:00
2016-12-07 09:34:09 +00:00
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
fid , err := strconv . Atoi ( r . URL . Path [ len ( "/panel/forums/delete/submit/" ) : ] )
if err != nil {
LocalError ( "The provided Forum ID is not a valid number." , w , r , user )
return
}
2016-12-16 10:37:42 +00:00
_ , ok = forums [ fid ] ;
2016-12-07 09:34:09 +00:00
if ! ok {
LocalError ( "The forum you're trying to delete doesn't exist." , w , r , user )
return
}
_ , err = delete_forum_stmt . Exec ( fid )
if err != nil {
InternalError ( err , w , r , user )
return
}
// Remove this forum from the forum cache
delete ( forums , fid ) ;
http . Redirect ( w , r , "/panel/forums/" , http . StatusSeeOther )
}
func route_panel_forums_edit_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManageForums {
2016-12-07 09:34:09 +00:00
NoPermissions ( w , r , user )
return
}
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
fid , err := strconv . Atoi ( r . URL . Path [ len ( "/panel/forums/edit/submit/" ) : ] )
if err != nil {
LocalError ( "The provided Forum ID is not a valid number." , w , r , user )
return
}
forum_name := r . PostFormValue ( "edit_item" )
forum , ok := forums [ fid ] ;
if ! ok {
LocalError ( "The forum you're trying to edit doesn't exist." , w , r , user )
return
}
_ , err = update_forum_stmt . Exec ( forum_name , fid )
if err != nil {
InternalError ( err , w , r , user )
return
}
forum . Name = forum_name
forums [ fid ] = forum
http . Redirect ( w , r , "/panel/forums/" , http . StatusSeeOther )
}
2016-12-09 13:46:29 +00:00
func route_panel_settings ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . EditSettings {
2016-12-09 13:46:29 +00:00
NoPermissions ( w , r , user )
return
}
var settingList map [ string ] interface { } = make ( map [ string ] interface { } )
2016-12-21 02:30:32 +00:00
rows , err := db . Query ( "SELECT name, content, type FROM settings" )
if err != nil {
InternalError ( err , w , r , user )
return
}
defer rows . Close ( )
var sname string
var scontent string
var stype string
for rows . Next ( ) {
err := rows . Scan ( & sname , & scontent , & stype )
if err != nil {
InternalError ( err , w , r , user )
return
}
if stype == "list" {
llist := settingLabels [ sname ]
labels := strings . Split ( llist , "," )
conv , err := strconv . Atoi ( scontent )
if err != nil {
LocalError ( "The setting '" + sname + "' can't be converted to an integer" , w , r , user )
return
}
scontent = labels [ conv - 1 ]
} else if stype == "bool" {
if scontent == "1" {
scontent = "Yes"
} else {
scontent = "No"
}
}
settingList [ sname ] = scontent
}
err = rows . Err ( )
if err != nil {
InternalError ( err , w , r , user )
return
2016-12-09 13:46:29 +00:00
}
2017-01-17 07:55:46 +00:00
pi := Page { "Setting Manager" , user , noticeList , tList , settingList }
2016-12-09 13:46:29 +00:00
templates . ExecuteTemplate ( w , "panel-settings.html" , pi )
}
func route_panel_setting ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . EditSettings {
2016-12-09 13:46:29 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-21 02:30:32 +00:00
setting := Setting { "" , "" , "" , "" }
2016-12-09 13:46:29 +00:00
setting . Name = r . URL . Path [ len ( "/panel/settings/edit/" ) : ]
err := db . QueryRow ( "SELECT content, type from settings where name = ?" , setting . Name ) . Scan ( & setting . Content , & setting . Type )
if err == sql . ErrNoRows {
LocalError ( "The setting you want to edit doesn't exist." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-21 02:30:32 +00:00
var itemList [ ] interface { }
if setting . Type == "list" {
llist , ok := settingLabels [ setting . Name ]
if ! ok {
LocalError ( "The labels for this setting don't exist" , w , r , user )
return
}
conv , err := strconv . Atoi ( setting . Content )
if err != nil {
LocalError ( "The value of this setting couldn't be converted to an integer" , w , r , user )
return
}
labels := strings . Split ( llist , "," )
for index , label := range labels {
2016-12-23 12:35:22 +00:00
itemList = append ( itemList , OptionLabel {
2016-12-21 02:30:32 +00:00
Label : label ,
Value : index + 1 ,
Selected : conv == ( index + 1 ) ,
} )
}
}
2017-01-17 07:55:46 +00:00
pi := Page { "Edit Setting" , user , noticeList , itemList , setting }
2016-12-09 13:46:29 +00:00
templates . ExecuteTemplate ( w , "panel-setting.html" , pi )
}
func route_panel_setting_edit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . EditSettings {
2016-12-09 13:46:29 +00:00
NoPermissions ( w , r , user )
return
}
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
var stype string
2016-12-21 02:30:32 +00:00
var sconstraints string
2016-12-09 13:46:29 +00:00
sname := r . URL . Path [ len ( "/panel/settings/edit/submit/" ) : ]
scontent := r . PostFormValue ( "setting-value" )
2016-12-21 02:30:32 +00:00
err = db . QueryRow ( "SELECT name, type, constraints from settings where name = ?" , sname ) . Scan ( & sname , & stype , & sconstraints )
2016-12-09 13:46:29 +00:00
if err == sql . ErrNoRows {
LocalError ( "The setting you want to edit doesn't exist." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
if stype == "bool" {
if scontent == "on" || scontent == "1" {
scontent = "1"
} else {
scontent = "0"
}
}
_ , err = update_setting_stmt . Exec ( scontent , sname )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-21 02:30:32 +00:00
errmsg := parseSetting ( sname , scontent , stype , sconstraints )
2016-12-09 13:46:29 +00:00
if errmsg != "" {
LocalError ( errmsg , w , r , user )
return
}
http . Redirect ( w , r , "/panel/settings/" , http . StatusSeeOther )
2016-12-11 16:06:17 +00:00
}
func route_panel_plugins ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManagePlugins {
2016-12-11 16:06:17 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-18 12:56:06 +00:00
var pluginList [ ] interface { }
2016-12-11 16:06:17 +00:00
for _ , plugin := range plugins {
2016-12-18 12:56:06 +00:00
pluginList = append ( pluginList , plugin )
2016-12-11 16:06:17 +00:00
}
2017-01-17 07:55:46 +00:00
pi := Page { "Plugin Manager" , user , noticeList , pluginList , 0 }
2016-12-11 16:06:17 +00:00
templates . ExecuteTemplate ( w , "panel-plugins.html" , pi )
}
func route_panel_plugins_activate ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManagePlugins {
2016-12-11 16:06:17 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-23 12:35:22 +00:00
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
2016-12-11 16:06:17 +00:00
uname := r . URL . Path [ len ( "/panel/plugins/activate/" ) : ]
plugin , ok := plugins [ uname ]
if ! ok {
LocalError ( "The plugin isn't registered in the system" , w , r , user )
return
}
var active bool
err := db . QueryRow ( "SELECT active from plugins where uname = ?" , uname ) . Scan ( & active )
if err != nil && err != sql . ErrNoRows {
InternalError ( err , w , r , user )
return
}
2016-12-16 10:37:42 +00:00
if plugins [ uname ] . Activate != nil {
err = plugins [ uname ] . Activate ( )
if err != nil {
LocalError ( err . Error ( ) , w , r , user )
return
}
}
2016-12-11 16:06:17 +00:00
has_plugin := err != sql . ErrNoRows
if has_plugin {
if active {
LocalError ( "The plugin is already active" , w , r , user )
return
}
2016-12-13 02:14:14 +00:00
_ , err = update_plugin_stmt . Exec ( 1 , uname )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-11 16:06:17 +00:00
} else {
_ , err := add_plugin_stmt . Exec ( uname , 1 )
if err != nil {
InternalError ( err , w , r , user )
return
}
}
2016-12-16 10:37:42 +00:00
log . Print ( "Activating plugin '" + plugin . Name + "'" )
2016-12-11 16:06:17 +00:00
plugin . Active = true
plugins [ uname ] = plugin
plugins [ uname ] . Init ( )
http . Redirect ( w , r , "/panel/plugins/" , http . StatusSeeOther )
2016-12-13 02:14:14 +00:00
}
func route_panel_plugins_deactivate ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-24 13:14:40 +00:00
if ! user . Is_Super_Mod || ! user . Perms . ManagePlugins {
2016-12-13 02:14:14 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-23 12:35:22 +00:00
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
2016-12-13 02:14:14 +00:00
uname := r . URL . Path [ len ( "/panel/plugins/deactivate/" ) : ]
plugin , ok := plugins [ uname ]
if ! ok {
LocalError ( "The plugin isn't registered in the system" , w , r , user )
return
}
var active bool
err := db . QueryRow ( "SELECT active from plugins where uname = ?" , uname ) . Scan ( & active )
if err == sql . ErrNoRows {
LocalError ( "The plugin you're trying to deactivate isn't active" , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
if ! active {
LocalError ( "The plugin you're trying to deactivate isn't active" , w , r , user )
return
}
_ , err = update_plugin_stmt . Exec ( 0 , uname )
if err != nil {
InternalError ( err , w , r , user )
return
}
plugin . Active = false
plugins [ uname ] = plugin
plugins [ uname ] . Deactivate ( )
http . Redirect ( w , r , "/panel/plugins/" , http . StatusSeeOther )
}
func route_panel_users ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Is_Super_Mod {
2016-12-13 02:14:14 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-18 12:56:06 +00:00
var userList [ ] interface { }
2016-12-23 12:35:22 +00:00
rows , err := db . Query ( "SELECT `uid`,`name`,`group`,`active`,`is_super_admin`,`avatar` FROM users" )
2016-12-13 02:14:14 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
defer rows . Close ( )
for rows . Next ( ) {
2016-12-21 02:30:32 +00:00
puser := User { ID : 0 , }
2016-12-13 02:14:14 +00:00
err := rows . Scan ( & puser . ID , & puser . Name , & puser . Group , & puser . Active , & puser . Is_Super_Admin , & puser . Avatar )
if err != nil {
InternalError ( err , w , r , user )
return
}
puser . Is_Admin = puser . Is_Super_Admin || groups [ puser . Group ] . Is_Admin
puser . Is_Super_Mod = puser . Is_Admin || groups [ puser . Group ] . Is_Mod
puser . Is_Mod = puser . Is_Super_Mod
puser . Is_Banned = groups [ puser . Group ] . Is_Banned
if puser . Is_Banned && puser . Is_Super_Mod {
puser . Is_Banned = false
}
if puser . Avatar != "" {
if puser . Avatar [ 0 ] == '.' {
puser . Avatar = "/uploads/avatar_" + strconv . Itoa ( puser . ID ) + puser . Avatar
}
} else {
puser . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( puser . ID ) , 1 )
}
if groups [ puser . Group ] . Tag != "" {
puser . Tag = groups [ puser . Group ] . Tag
} else {
puser . Tag = ""
}
2016-12-18 12:56:06 +00:00
userList = append ( userList , puser )
2016-12-13 02:14:14 +00:00
}
err = rows . Err ( )
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "User Manager" , user , noticeList , userList , 0 }
2016-12-13 02:14:14 +00:00
err = templates . ExecuteTemplate ( w , "panel-users.html" , pi )
if err != nil {
InternalError ( err , w , r , user )
}
2016-12-21 02:30:32 +00:00
}
func route_panel_users_edit ( w http . ResponseWriter , r * http . Request ) {
2016-12-23 12:35:22 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
// Even if they have the right permissions, the control panel is only open to supermods+. There are many areas without subpermissions which assume that the current user is a supermod+ and admins are extremely unlikely to give these permissions to someone who isn't at-least a supermod to begin with
if ! user . Is_Super_Mod || ! user . Perms . EditUser {
NoPermissions ( w , r , user )
return
}
var err error
targetUser := User { ID : 0 , }
targetUser . ID , err = strconv . Atoi ( r . URL . Path [ len ( "/panel/users/edit/" ) : ] )
if err != nil {
LocalError ( "The provided User ID is not a valid number." , w , r , user )
return
}
err = db . QueryRow ( "SELECT `name`, `email`, `group` from `users` where `uid` = ?" , targetUser . ID ) . Scan ( & targetUser . Name , & targetUser . Email , & targetUser . Group )
if err == sql . ErrNoRows {
LocalError ( "The user you're trying to edit doesn't exist." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
targetUser . Is_Admin = targetUser . Is_Super_Admin || groups [ targetUser . Group ] . Is_Admin
targetUser . Is_Super_Mod = groups [ targetUser . Group ] . Is_Mod || targetUser . Is_Admin
if targetUser . Is_Admin && ! user . Is_Admin {
LocalError ( "Only administrators can edit the account of an administrator." , w , r , user )
return
}
2016-12-21 02:30:32 +00:00
2016-12-23 12:35:22 +00:00
var groupList [ ] interface { }
for _ , group := range groups {
if ! user . Perms . EditUserGroupAdmin && group . Is_Admin {
continue
}
if ! user . Perms . EditUserGroupSuperMod && group . Is_Mod {
continue
}
groupList = append ( groupList , group )
}
2017-01-17 07:55:46 +00:00
pi := Page { "User Editor" , user , noticeList , groupList , targetUser }
2016-12-23 12:35:22 +00:00
err = templates . ExecuteTemplate ( w , "panel-user-edit.html" , pi )
if err != nil {
InternalError ( err , w , r , user )
}
2016-12-21 02:30:32 +00:00
}
2016-12-23 12:35:22 +00:00
func route_panel_users_edit_submit ( w http . ResponseWriter , r * http . Request ) {
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
if ! user . Is_Super_Mod || ! user . Perms . EditUser {
NoPermissions ( w , r , user )
return
}
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
var err error
targetUser := User { ID : 0 , }
targetUser . ID , err = strconv . Atoi ( r . URL . Path [ len ( "/panel/users/edit/submit/" ) : ] )
if err != nil {
LocalError ( "The provided User ID is not a valid number." , w , r , user )
return
}
err = db . QueryRow ( "SELECT `name`, `email`, `group` from `users` where `uid` = ?" , targetUser . ID ) . Scan ( & targetUser . Name , & targetUser . Email , & targetUser . Group )
if err == sql . ErrNoRows {
LocalError ( "The user you're trying to edit doesn't exist." , w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
targetUser . Is_Admin = targetUser . Is_Super_Admin || groups [ targetUser . Group ] . Is_Admin
targetUser . Is_Super_Mod = groups [ targetUser . Group ] . Is_Mod || targetUser . Is_Admin
if targetUser . Is_Admin && ! user . Is_Admin {
LocalError ( "Only administrators can edit the account of an administrator." , w , r , user )
return
}
newname := html . EscapeString ( r . PostFormValue ( "user-name" ) )
if newname == "" {
LocalError ( "You didn't put in a username." , w , r , user )
return
}
newemail := html . EscapeString ( r . PostFormValue ( "user-email" ) )
if newemail == "" {
LocalError ( "You didn't put in an email address." , w , r , user )
return
}
if ( newemail != targetUser . Email ) && ! user . Perms . EditUserEmail {
LocalError ( "You need the EditUserEmail permission to edit the email address of a user." , w , r , user )
return
}
newpassword := r . PostFormValue ( "user-password" )
if newpassword != "" && ! user . Perms . EditUserPassword {
LocalError ( "You need the EditUserPassword permission to edit the password of a user." , w , r , user )
return
}
newgroup , err := strconv . Atoi ( r . PostFormValue ( "user-group" ) )
if err != nil {
LocalError ( "The provided GroupID is not a valid number." , w , r , user )
return
}
_ , ok = groups [ newgroup ]
if ! ok {
LocalError ( "The group you're trying to place this user in doesn't exist." , w , r , user )
return
}
if ! user . Perms . EditUserGroupAdmin && groups [ newgroup ] . Is_Admin {
LocalError ( "You need the EditUserGroupAdmin permission to assign someone to an administrator group." , w , r , user )
return
}
if ! user . Perms . EditUserGroupSuperMod && groups [ newgroup ] . Is_Mod {
LocalError ( "You need the EditUserGroupAdmin permission to assign someone to a super mod group." , w , r , user )
return
}
_ , err = update_user_stmt . Exec ( newname , newemail , newgroup , targetUser . ID )
if err != nil {
InternalError ( err , w , r , user )
return
}
if newpassword != "" {
SetPassword ( targetUser . ID , newpassword )
}
http . Redirect ( w , r , "/panel/users/edit/" + strconv . Itoa ( targetUser . ID ) , http . StatusSeeOther )
2016-12-24 13:14:40 +00:00
}
2016-12-26 04:44:07 +00:00
func route_panel_groups ( w http . ResponseWriter , r * http . Request ) {
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
if ! user . Is_Super_Mod {
NoPermissions ( w , r , user )
return
}
var groupList [ ] interface { }
for _ , group := range groups {
groupList = append ( groupList , group )
}
2017-01-17 07:55:46 +00:00
pi := Page { "Group Manager" , user , noticeList , groupList , 0 }
2016-12-26 04:44:07 +00:00
templates . ExecuteTemplate ( w , "panel-groups.html" , pi )
}
2017-01-01 15:45:43 +00:00
func route_panel_themes ( w http . ResponseWriter , r * http . Request ) {
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
if ! user . Is_Super_Mod || ! user . Perms . ManageThemes {
NoPermissions ( w , r , user )
return
}
var themeList [ ] interface { }
for _ , theme := range themes {
themeList = append ( themeList , theme )
}
2017-01-17 07:55:46 +00:00
pi := Page { "Theme Manager" , user , noticeList , themeList , 0 }
2017-01-07 06:31:04 +00:00
err := templates . ExecuteTemplate ( w , "panel-themes.html" , pi )
if err != nil {
log . Print ( err )
}
2017-01-01 15:45:43 +00:00
}
func route_panel_themes_default ( w http . ResponseWriter , r * http . Request ) {
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
if ! user . Is_Super_Mod || ! user . Perms . ManageThemes {
NoPermissions ( w , r , user )
return
}
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
uname := r . URL . Path [ len ( "/panel/themes/default/" ) : ]
theme , ok := themes [ uname ]
if ! ok {
LocalError ( "The theme isn't registered in the system" , w , r , user )
return
}
var isDefault bool
err := db . QueryRow ( "SELECT `default` from `themes` where `uname` = ?" , uname ) . Scan ( & isDefault )
if err != nil && err != sql . ErrNoRows {
InternalError ( err , w , r , user )
return
}
has_theme := err != sql . ErrNoRows
if has_theme {
if isDefault {
LocalError ( "The theme is already active" , w , r , user )
return
}
_ , err = update_theme_stmt . Exec ( 1 , uname )
if err != nil {
InternalError ( err , w , r , user )
return
}
} else {
_ , err := add_theme_stmt . Exec ( uname , 1 )
if err != nil {
InternalError ( err , w , r , user )
return
}
}
_ , err = update_theme_stmt . Exec ( 0 , defaultTheme )
if err != nil {
InternalError ( err , w , r , user )
return
}
log . Print ( "Setting theme '" + theme . Name + "' as the default theme" )
theme . Active = true
themes [ uname ] = theme
dTheme , ok := themes [ defaultTheme ]
if ! ok {
log . Fatal ( "The default theme is missing" )
return
}
dTheme . Active = false
themes [ defaultTheme ] = dTheme
defaultTheme = uname
reset_template_overrides ( )
add_theme_static_files ( uname )
map_theme_templates ( theme )
http . Redirect ( w , r , "/panel/themes/" , http . StatusSeeOther )
}