2016-12-07 09:34:09 +00:00
|
|
|
package main
|
|
|
|
|
2017-05-11 13:04:43 +00:00
|
|
|
import (
|
2017-06-16 10:41:30 +00:00
|
|
|
//"log"
|
|
|
|
//"fmt"
|
2017-09-03 04:50:31 +00:00
|
|
|
"html"
|
2017-05-11 13:04:43 +00:00
|
|
|
"net"
|
|
|
|
"net/http"
|
2017-09-03 04:50:31 +00:00
|
|
|
"strconv"
|
|
|
|
"time"
|
2017-05-11 13:04:43 +00:00
|
|
|
)
|
2016-12-07 09:34:09 +00:00
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Update the stats after edits so that we don't under or over decrement stats during deletes
|
|
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeEditTopic(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
err := r.ParseForm()
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("Bad Form", w, r)
|
2017-06-06 14:41:06 +00:00
|
|
|
return
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
isJs := (r.PostFormValue("js") == "1")
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-22 02:21:17 +00:00
|
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):])
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreErrorJSQ("The provided TopicID is not a valid number.", w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-28 22:16:34 +00:00
|
|
|
topic, err := topics.Get(tid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreErrorJSQ("The topic you tried to edit doesn't exist.", w, r, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Add hooks to make use of headerLite
|
2017-09-28 22:16:34 +00:00
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
2017-02-05 16:36:54 +00:00
|
|
|
if !ok {
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-02-05 16:36:54 +00:00
|
|
|
if !user.Perms.ViewTopic || !user.Perms.EditTopic {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
topicName := r.PostFormValue("topic_name")
|
|
|
|
topicContent := html.EscapeString(r.PostFormValue("topic_content"))
|
2017-09-28 22:16:34 +00:00
|
|
|
err = topic.Update(topicName, topicContent)
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-28 22:16:34 +00:00
|
|
|
err = fstore.UpdateLastTopic(topic.ID, user.ID, topic.ParentID)
|
2017-09-22 02:21:17 +00:00
|
|
|
if err != nil && err != ErrNoRows {
|
2017-09-28 22:16:34 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2017-04-02 13:00:40 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
if !isJs {
|
|
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
2016-12-07 09:34:09 +00:00
|
|
|
} else {
|
2017-09-03 04:50:31 +00:00
|
|
|
_, _ = w.Write(successJSONBytes)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
// TODO: Add support for soft-deletion and add a permission just for hard delete
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeDeleteTopic(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
topic, err := topics.Get(tid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("The topic you tried to delete doesn't exist.", w, r)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Add hooks to make use of headerLite
|
2017-09-10 17:39:16 +00:00
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
2017-02-05 16:36:54 +00:00
|
|
|
if !ok {
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-02-05 16:36:54 +00:00
|
|
|
if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissions(w, r, user)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
// We might be able to handle this err better
|
|
|
|
err = topics.Delete(topic.CreatedBy)
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-04-05 14:05:37 +00:00
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad IP", w, r, user)
|
2017-04-05 14:05:37 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
err = addModLog("delete", tid, "topic", ipaddress, user.ID)
|
2017-04-05 14:05:37 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-05 14:05:37 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
// ? - We might need to add soft-delete before we can do an action reply for this
|
2017-09-18 17:03:52 +00:00
|
|
|
/*_, err = createActionReplyStmt.Exec(tid,"delete",ipaddress,user.ID)
|
2017-04-05 14:05:37 +00:00
|
|
|
if err != nil {
|
2017-08-13 11:22:34 +00:00
|
|
|
InternalError(err,w)
|
2017-04-05 14:05:37 +00:00
|
|
|
return
|
|
|
|
}*/
|
2017-06-06 14:41:06 +00:00
|
|
|
|
|
|
|
//log.Print("Topic #" + strconv.Itoa(tid) + " was deleted by User #" + strconv.Itoa(user.ID))
|
2017-09-03 04:50:31 +00:00
|
|
|
http.Redirect(w, r, "/", http.StatusSeeOther)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeStickTopic(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
topic, err := topics.Get(tid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("The topic you tried to pin doesn't exist.", w, r)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Add hooks to make use of headerLite
|
2017-09-10 17:39:16 +00:00
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
2017-02-05 16:36:54 +00:00
|
|
|
if !ok {
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-02-05 16:36:54 +00:00
|
|
|
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissions(w, r, user)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-22 02:21:17 +00:00
|
|
|
err = topic.Stick()
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-22 02:21:17 +00:00
|
|
|
// ! - Can we use user.LastIP here? It might be racey, if another thread mutates it... We need to fix this.
|
2017-04-06 17:37:32 +00:00
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad IP", w, r, user)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
err = addModLog("stick", tid, "topic", ipaddress, user.ID)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-22 02:21:17 +00:00
|
|
|
err = topic.CreateActionReply("stick", ipaddress, user)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeUnstickTopic(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
topic, err := topics.Get(tid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("The topic you tried to unpin doesn't exist.", w, r)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Add hooks to make use of headerLite
|
2017-09-10 17:39:16 +00:00
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
2017-02-05 16:36:54 +00:00
|
|
|
if !ok {
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-02-05 16:36:54 +00:00
|
|
|
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissions(w, r, user)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-22 02:21:17 +00:00
|
|
|
err = topic.Unstick()
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-04-06 17:37:32 +00:00
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad IP", w, r, user)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
err = addModLog("unstick", tid, "topic", ipaddress, user.ID)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-22 02:21:17 +00:00
|
|
|
err = topic.CreateActionReply("unstick", ipaddress, user)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-22 02:21:17 +00:00
|
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-22 02:21:17 +00:00
|
|
|
func routeLockTopic(w http.ResponseWriter, r *http.Request, user User) {
|
|
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/lock/submit/"):])
|
2017-02-16 06:47:55 +00:00
|
|
|
if err != nil {
|
2017-09-22 02:21:17 +00:00
|
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
topic, err := topics.Get(tid)
|
|
|
|
if err == ErrNoRows {
|
|
|
|
PreError("The topic you tried to pin doesn't exist.", w, r)
|
|
|
|
return
|
|
|
|
} else if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !user.Perms.ViewTopic || !user.Perms.CloseTopic {
|
|
|
|
NoPermissions(w, r, user)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
err = topic.Lock()
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// ! - Can we use user.LastIP here? It might be racey, if another thread mutates it... We need to fix this.
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
|
|
|
LocalError("Bad IP", w, r, user)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = addModLog("lock", tid, "topic", ipaddress, user.ID)
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = topic.CreateActionReply("lock", ipaddress, user)
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
|
|
|
}
|
|
|
|
|
|
|
|
func routeUnlockTopic(w http.ResponseWriter, r *http.Request, user User) {
|
|
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/unlock/submit/"):])
|
|
|
|
if err != nil {
|
|
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
topic, err := topics.Get(tid)
|
|
|
|
if err == ErrNoRows {
|
|
|
|
PreError("The topic you tried to pin doesn't exist.", w, r)
|
|
|
|
return
|
|
|
|
} else if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, topic.ParentID)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !user.Perms.ViewTopic || !user.Perms.CloseTopic {
|
|
|
|
NoPermissions(w, r, user)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
err = topic.Unlock()
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// ! - Can we use user.LastIP here? It might be racey, if another thread mutates it... We need to fix this.
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
|
|
|
LocalError("Bad IP", w, r, user)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = addModLog("unlock", tid, "topic", ipaddress, user.ID)
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = topic.CreateActionReply("unlock", ipaddress, user)
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
2017-02-16 06:47:55 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
|
|
|
// TODO: Update the stats after edits so that we don't under or over decrement stats during deletes
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeReplyEditSubmit(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
err := r.ParseForm()
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("Bad Form", w, r)
|
2017-06-06 14:41:06 +00:00
|
|
|
return
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
isJs := (r.PostFormValue("js") == "1")
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-07 09:34:09 +00:00
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreErrorJSQ("The provided Reply ID is not a valid number.", w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-07 09:34:09 +00:00
|
|
|
// Get the Reply ID..
|
|
|
|
var tid int
|
2017-09-18 17:03:52 +00:00
|
|
|
err = getReplyTIDStmt.QueryRow(rid).Scan(&tid)
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-01-31 05:13:38 +00:00
|
|
|
var fid int
|
2017-09-18 17:03:52 +00:00
|
|
|
err = getTopicFIDStmt.QueryRow(tid).Scan(&fid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreErrorJSQ("The parent topic doesn't exist.", w, r, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Add hooks to make use of headerLite
|
2017-09-10 17:39:16 +00:00
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, fid)
|
2017-02-05 16:36:54 +00:00
|
|
|
if !ok {
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-02-05 16:36:54 +00:00
|
|
|
if !user.Perms.ViewTopic || !user.Perms.EditReply {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
Added Quick Topic.
Added Attachments.
Added Attachment Media Embeds.
Renamed a load of *Store and *Cache methods to reduce the amount of unneccesary typing.
Added petabytes as a unit and cleaned up a few of the friendly units.
Refactored the username change logic to make it easier to maintain.
Refactored the avatar change logic to make it easier to maintain.
Shadow now uses CSS Variables for most of it's colours. We have plans to transpile this to support older browsers later on!
Snuck some CSS Variables into Tempra Conflux.
Added the GroupCache interface to MemoryGroupStore.
Added the Length method to MemoryGroupStore.
Added support for a site short name.
Added the UploadFiles permission.
Renamed more functions.
Fixed the background for the left gutter on the postbit for Tempra Simple and Shadow.
Added support for if statements operating on int8, int16, int32, int32, int64, uint, uint8, uint16, uint32, uint64, float32, and float64 for the template compiler.
Added support for if statements operating on slices and maps for the template compiler.
Fixed a security exploit in reply editing.
Fixed a bug in the URL detector in the parser where it couldn't find URLs with non-standard ports.
Fixed buttons having blue outlines on focus on Shadow.
Refactored the topic creation logic to make it easier to maintain.
Made a few responsive fixes, but there's still more to do in the following commits!
2017-10-05 10:20:28 +00:00
|
|
|
content := html.EscapeString(preparseMessage(r.PostFormValue("edit_item")))
|
|
|
|
_, err = editReplyStmt.Exec(content, parseMessage(content, fid, "forums"), rid)
|
|
|
|
if err != nil {
|
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
if !isJs {
|
|
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
|
2016-12-07 09:34:09 +00:00
|
|
|
} else {
|
2017-09-03 04:50:31 +00:00
|
|
|
w.Write(successJSONBytes)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-10-12 03:24:14 +00:00
|
|
|
// TODO: Refactor this
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
err := r.ParseForm()
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreError("Bad Form", w, r)
|
2017-06-06 14:41:06 +00:00
|
|
|
return
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
isJs := (r.PostFormValue("isJs") == "1")
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-07 09:34:09 +00:00
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreErrorJSQ("The provided Reply ID is not a valid number.", w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-10-12 03:24:14 +00:00
|
|
|
reply, err := rstore.Get(rid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreErrorJSQ("The reply you tried to delete doesn't exist.", w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-01-31 05:13:38 +00:00
|
|
|
var fid int
|
2017-09-18 17:03:52 +00:00
|
|
|
err = getTopicFIDStmt.QueryRow(reply.ParentID).Scan(&fid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
PreErrorJSQ("The parent topic doesn't exist.", w, r, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: Add hooks to make use of headerLite
|
2017-09-10 17:39:16 +00:00
|
|
|
_, ok := SimpleForumUserCheck(w, r, &user, fid)
|
2017-02-05 16:36:54 +00:00
|
|
|
if !ok {
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-02-05 16:36:54 +00:00
|
|
|
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
2017-01-31 05:13:38 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-10-12 03:24:14 +00:00
|
|
|
err = reply.Delete()
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-10-12 03:24:14 +00:00
|
|
|
|
2017-06-06 14:41:06 +00:00
|
|
|
//log.Print("Reply #" + strconv.Itoa(rid) + " was deleted by User #" + strconv.Itoa(user.ID))
|
2017-09-03 04:50:31 +00:00
|
|
|
if !isJs {
|
2016-12-07 09:34:09 +00:00
|
|
|
//http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
|
|
|
|
} else {
|
2017-09-03 04:50:31 +00:00
|
|
|
w.Write(successJSONBytes)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
replyCreator, err := users.Get(reply.CreatedBy)
|
2017-09-10 16:57:22 +00:00
|
|
|
if err == nil {
|
|
|
|
wcount := wordCount(reply.Content)
|
|
|
|
err = replyCreator.decreasePostStats(wcount, false)
|
|
|
|
if err != nil {
|
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
} else if err != ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2017-01-12 02:55:08 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-04-06 17:37:32 +00:00
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
2017-10-12 03:24:14 +00:00
|
|
|
LocalErrorJSQ("Bad IP", w, r, user, isJs)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
err = addModLog("delete", reply.ParentID, "reply", ipaddress, user.ID)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-10-12 03:24:14 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2017-02-15 10:49:30 +00:00
|
|
|
}
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
err := r.ParseForm()
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad Form", w, r, user)
|
2017-06-06 14:41:06 +00:00
|
|
|
return
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
isJs := (r.PostFormValue("js") == "1")
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-07 09:34:09 +00:00
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/profile/reply/edit/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-07 13:46:14 +00:00
|
|
|
// Get the Reply ID..
|
|
|
|
var uid int
|
2017-09-18 17:03:52 +00:00
|
|
|
err = getUserReplyUIDStmt.QueryRow(rid).Scan(&uid)
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-21 02:30:32 +00:00
|
|
|
if user.ID != uid && !user.Perms.EditReply {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
2016-12-07 13:46:14 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
content := html.EscapeString(preparseMessage(r.PostFormValue("edit_item")))
|
Added Quick Topic.
Added Attachments.
Added Attachment Media Embeds.
Renamed a load of *Store and *Cache methods to reduce the amount of unneccesary typing.
Added petabytes as a unit and cleaned up a few of the friendly units.
Refactored the username change logic to make it easier to maintain.
Refactored the avatar change logic to make it easier to maintain.
Shadow now uses CSS Variables for most of it's colours. We have plans to transpile this to support older browsers later on!
Snuck some CSS Variables into Tempra Conflux.
Added the GroupCache interface to MemoryGroupStore.
Added the Length method to MemoryGroupStore.
Added support for a site short name.
Added the UploadFiles permission.
Renamed more functions.
Fixed the background for the left gutter on the postbit for Tempra Simple and Shadow.
Added support for if statements operating on int8, int16, int32, int32, int64, uint, uint8, uint16, uint32, uint64, float32, and float64 for the template compiler.
Added support for if statements operating on slices and maps for the template compiler.
Fixed a security exploit in reply editing.
Fixed a bug in the URL detector in the parser where it couldn't find URLs with non-standard ports.
Fixed buttons having blue outlines on focus on Shadow.
Refactored the topic creation logic to make it easier to maintain.
Made a few responsive fixes, but there's still more to do in the following commits!
2017-10-05 10:20:28 +00:00
|
|
|
_, err = editProfileReplyStmt.Exec(content, parseMessage(content, 0, ""), rid)
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
if !isJs {
|
|
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
|
2016-12-07 09:34:09 +00:00
|
|
|
} else {
|
2017-09-03 04:50:31 +00:00
|
|
|
w.Write(successJSONBytes)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeProfileReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-07 09:34:09 +00:00
|
|
|
err := r.ParseForm()
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad Form", w, r, user)
|
2017-06-06 14:41:06 +00:00
|
|
|
return
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
isJs := (r.PostFormValue("isJs") == "1")
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-07 09:34:09 +00:00
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/profile/reply/delete/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-07 09:34:09 +00:00
|
|
|
var uid int
|
2017-09-18 17:03:52 +00:00
|
|
|
err = getUserReplyUIDStmt.QueryRow(rid).Scan(&uid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalErrorJSQ("The reply you tried to delete doesn't exist.", w, r, user, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 13:46:14 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-21 02:30:32 +00:00
|
|
|
if user.ID != uid && !user.Perms.DeleteReply {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-18 17:03:52 +00:00
|
|
|
_, err = deleteProfileReplyStmt.Exec(rid)
|
2016-12-07 09:34:09 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalErrorJSQ(err, w, r, isJs)
|
2016-12-07 09:34:09 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
//log.Print("The profile post '" + strconv.Itoa(rid) + "' was deleted by User #" + strconv.Itoa(user.ID))
|
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
if !isJs {
|
2016-12-07 09:34:09 +00:00
|
|
|
//http.Redirect(w,r, "/user/" + strconv.Itoa(uid), http.StatusSeeOther)
|
|
|
|
} else {
|
2017-09-03 04:50:31 +00:00
|
|
|
w.Write(successJSONBytes)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeIps(w http.ResponseWriter, r *http.Request, user User) {
|
2017-09-10 17:39:16 +00:00
|
|
|
headerVars, ok := UserCheck(w, r, &user)
|
2017-09-03 04:50:31 +00:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !user.Perms.ViewIPs {
|
|
|
|
NoPermissions(w, r, user)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-10-12 03:24:14 +00:00
|
|
|
var ip = r.FormValue("ip")
|
2017-09-03 04:50:31 +00:00
|
|
|
var uid int
|
2017-09-10 16:57:22 +00:00
|
|
|
var reqUserList = make(map[int]bool)
|
2017-09-03 04:50:31 +00:00
|
|
|
|
2017-09-18 17:03:52 +00:00
|
|
|
rows, err := findUsersByIPUsersStmt.Query(ip)
|
2017-09-03 04:50:31 +00:00
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
for rows.Next() {
|
|
|
|
err := rows.Scan(&uid)
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
reqUserList[uid] = true
|
|
|
|
}
|
|
|
|
err = rows.Err()
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-09-18 17:03:52 +00:00
|
|
|
rows2, err := findUsersByIPTopicsStmt.Query(ip)
|
2017-09-03 04:50:31 +00:00
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer rows2.Close()
|
|
|
|
|
|
|
|
for rows2.Next() {
|
|
|
|
err := rows2.Scan(&uid)
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
reqUserList[uid] = true
|
|
|
|
}
|
|
|
|
err = rows2.Err()
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-09-18 17:03:52 +00:00
|
|
|
rows3, err := findUsersByIPRepliesStmt.Query(ip)
|
2017-09-03 04:50:31 +00:00
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer rows3.Close()
|
|
|
|
|
|
|
|
for rows3.Next() {
|
|
|
|
err := rows3.Scan(&uid)
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
reqUserList[uid] = true
|
|
|
|
}
|
|
|
|
err = rows3.Err()
|
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Convert the user ID map to a slice, then bulk load the users
|
2017-09-10 16:57:22 +00:00
|
|
|
var idSlice = make([]int, len(reqUserList))
|
2017-09-03 04:50:31 +00:00
|
|
|
var i int
|
|
|
|
for userID := range reqUserList {
|
|
|
|
idSlice[i] = userID
|
|
|
|
i++
|
|
|
|
}
|
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: What if a user is deleted via the Control Panel?
|
2017-09-15 22:20:01 +00:00
|
|
|
userList, err := users.BulkGetMap(idSlice)
|
2017-09-03 04:50:31 +00:00
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
pi := IPSearchPage{"IP Search", user, headerVars, userList, ip}
|
|
|
|
if preRenderHooks["pre_render_ips"] != nil {
|
|
|
|
if runPreRenderHook("pre_render_ips", w, r, &user, &pi) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2017-09-23 20:46:28 +00:00
|
|
|
err = templates.ExecuteTemplate(w, "ip-search.html", pi)
|
2017-09-03 04:50:31 +00:00
|
|
|
if err != nil {
|
|
|
|
InternalError(err, w)
|
2016-12-07 09:34:09 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-10 16:57:22 +00:00
|
|
|
// TODO: This is being replaced with the new ban route system
|
2017-09-11 10:24:03 +00:00
|
|
|
/*func routeBan(w http.ResponseWriter, r *http.Request, user User) {
|
2017-09-10 17:39:16 +00:00
|
|
|
headerVars, ok := UserCheck(w,r,&user)
|
2016-12-16 10:37:42 +00:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
2016-12-21 02:30:32 +00:00
|
|
|
if !user.Perms.BanUsers {
|
2016-12-08 14:11:18 +00:00
|
|
|
NoPermissions(w,r,user)
|
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-08 14:11:18 +00:00
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/ban/"):])
|
|
|
|
if err != nil {
|
|
|
|
LocalError("The provided User ID is not a valid number.",w,r,user)
|
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-08 14:11:18 +00:00
|
|
|
var uname string
|
2017-06-12 09:03:14 +00:00
|
|
|
err = get_user_name_stmt.QueryRow(uid).Scan(&uname)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2016-12-08 14:11:18 +00:00
|
|
|
LocalError("The user you're trying to ban no longer exists.",w,r,user)
|
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-08-13 11:22:34 +00:00
|
|
|
InternalError(err,w)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-08 14:11:18 +00:00
|
|
|
confirm_msg := "Are you sure you want to ban '" + uname + "'?"
|
|
|
|
yousure := AreYouSure{"/users/ban/submit/" + strconv.Itoa(uid),confirm_msg}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-06-16 10:41:30 +00:00
|
|
|
pi := Page{"Ban User",user,headerVars,tList,yousure}
|
2017-09-03 04:50:31 +00:00
|
|
|
if preRenderHooks["pre_render_ban"] != nil {
|
|
|
|
if runPreRenderHook("pre_render_ban", w, r, &user, &pi) {
|
Added the Social Groups plugin. This is still under construction.
Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places.
The auth interface now handles all the authentication stuff.
Renamed the debug config variable to debug_mode.
Added the PluginPerms API.
Internal Errors will now dump the stack trace in the console.
Added support for installable plugins.
Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/)
Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems.
Added the same CreateTable method to the query builder.
Began work on PostgreSQL support.
Added the string-string hook type
Added the pre_render hook type.
Added the ParentID and ParentType fields to forums.
Added the get_forum_url_prefix function.
Added a more generic build_slug function.
Added the get_topic_url_prefix function.
Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions.
Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there.
Plugins can now see the router instance.
The plugin initialisation handlers can now throw errors.
Plugins are now initialised after all the forum's subsystems are.
Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases.
Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code.
Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start.
Fixed an issue with forum creation where the forum permissions didn't get cached.
Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora.
Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests.
Revamped the phrase system to make it easier for us to add language pack related features in the future.
Added the WidgetMenu widget type.
Revamped the theme again. I'm experimenting to see which approach I like most.
- Excuse the little W3C rage. Some things about CSS drive me crazy :p
Tests:
Added 22 bbcode_full_parse tests.
Added 19 bbcode_regex_parse tests.
Added 27 markdown_parse tests.
Added four UserStore tests. More to come when the test database functionality is added.
Added 18 name_to_slug tests.
Hooks:
Added the pre_render hook.
Added the pre_render_forum_list hook.
Added the pre_render_view_forum hook.
Added the pre_render_topic_list hook.
Added the pre_render_view_topic hook.
Added the pre_render_profile hook.
Added the pre_render_custom_page hook.
Added the pre_render_overview hook.
Added the pre_render_create_topic hook.
Added the pre_render_account_own_edit_critical hook.
Added the pre_render_account_own_edit_avatar hook.
Added the pre_render_account_own_edit_username hook.
Added the pre_render_account_own_edit_email hook.
Added the pre_render_login hook.
Added the pre_render_register hook.
Added the pre_render_ban hook.
Added the pre_render_panel_dashboard hook.
Added the pre_render_panel_forums hook.
Added the pre_render_panel_delete_forum hook.
Added the pre_render_panel_edit_forum hook.
Added the pre_render_panel_settings hook.
Added the pre_render_panel_setting hook.
Added the pre_render_panel_plugins hook.
Added the pre_render_panel_users hook.
Added the pre_render_panel_edit_user hook.
Added the pre_render_panel_groups hook.
Added the pre_render_panel_edit_group hook.
Added the pre_render_panel_edit_group_perms hook.
Added the pre_render_panel_themes hook.
Added the pre_render_panel_mod_log hook.
Added the pre_render_error hook.
Added the pre_render_security_error hook.
Added the create_group_preappend hook.
Added the intercept_build_widgets hook.
Added the simple_forum_check_pre_perms hook.
Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2017-02-04 06:19:55 +00:00
|
|
|
templates.ExecuteTemplate(w,"areyousure.html",pi)
|
2017-08-27 09:33:45 +00:00
|
|
|
}*/
|
2016-12-08 14:11:18 +00:00
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeBanSubmit(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-21 02:30:32 +00:00
|
|
|
if !user.Perms.BanUsers {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissions(w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
if r.FormValue("session") != user.Session {
|
2017-09-03 04:50:31 +00:00
|
|
|
SecurityError(w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-08 14:11:18 +00:00
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/ban/submit/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The provided User ID is not a valid number.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-12 09:03:14 +00:00
|
|
|
/*if uid == -2 {
|
2017-08-27 09:33:45 +00:00
|
|
|
LocalError("Stop trying to ban Merlin! Ban admin! Bad! No!",w,r,user)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
2017-06-12 09:03:14 +00:00
|
|
|
}*/
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
targetUser, err := users.Get(uid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The user you're trying to ban no longer exists.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
if targetUser.IsSuperAdmin || targetUser.IsAdmin || targetUser.IsMod {
|
|
|
|
LocalError("You may not ban another staff member.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
if uid == user.ID {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Why are you trying to ban yourself? Stop that.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
if targetUser.IsBanned {
|
|
|
|
LocalError("The user you're trying to unban is already banned.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
durationDays, err := strconv.Atoi(r.FormValue("ban-duration-days"))
|
2017-08-27 09:33:45 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("You can only use whole numbers for the number of days", w, r, user)
|
2017-08-27 09:33:45 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
durationWeeks, err := strconv.Atoi(r.FormValue("ban-duration-weeks"))
|
2017-08-27 09:33:45 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("You can only use whole numbers for the number of weeks", w, r, user)
|
2017-08-27 09:33:45 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
durationMonths, err := strconv.Atoi(r.FormValue("ban-duration-months"))
|
2016-12-08 14:11:18 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("You can only use whole numbers for the number of months", w, r, user)
|
2017-08-27 09:33:45 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var duration time.Duration
|
2017-09-03 04:50:31 +00:00
|
|
|
if durationDays > 1 && durationWeeks > 1 && durationMonths > 1 {
|
2017-08-27 09:33:45 +00:00
|
|
|
duration, _ = time.ParseDuration("0")
|
|
|
|
} else {
|
|
|
|
var seconds int
|
2017-09-03 04:50:31 +00:00
|
|
|
seconds += durationDays * day
|
|
|
|
seconds += durationWeeks * week
|
|
|
|
seconds += durationMonths * month
|
2017-08-27 09:33:45 +00:00
|
|
|
duration, _ = time.ParseDuration(strconv.Itoa(seconds) + "s")
|
|
|
|
}
|
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
err = targetUser.Ban(duration, user.ID)
|
2017-08-27 09:33:45 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The user you're trying to ban no longer exists.", w, r, user)
|
2017-08-27 09:33:45 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-04-06 17:37:32 +00:00
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad IP", w, r, user)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
err = addModLog("ban", uid, "user", ipaddress, user.ID)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
|
2016-12-08 14:11:18 +00:00
|
|
|
}
|
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeUnban(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-21 02:30:32 +00:00
|
|
|
if !user.Perms.BanUsers {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissions(w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2016-12-23 12:35:22 +00:00
|
|
|
if r.FormValue("session") != user.Session {
|
2017-09-03 04:50:31 +00:00
|
|
|
SecurityError(w, r, user)
|
2016-12-23 12:35:22 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-08 14:11:18 +00:00
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/unban/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The provided User ID is not a valid number.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-15 22:20:01 +00:00
|
|
|
targetUser, err := users.Get(uid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The user you're trying to unban no longer exists.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
if !targetUser.IsBanned {
|
|
|
|
LocalError("The user you're trying to unban isn't banned.", w, r, user)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-08-27 09:33:45 +00:00
|
|
|
err = targetUser.Unban()
|
2017-10-21 00:27:47 +00:00
|
|
|
if err == ErrNoTempGroup {
|
|
|
|
LocalError("The user you're trying to unban is not banned", w, r, user)
|
|
|
|
return
|
|
|
|
} else if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The user you're trying to unban no longer exists.", w, r, user)
|
2017-08-27 09:33:45 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-08 14:11:18 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-04-06 17:37:32 +00:00
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad IP", w, r, user)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-03 04:50:31 +00:00
|
|
|
err = addModLog("unban", uid, "user", ipaddress, user.ID)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-03 04:50:31 +00:00
|
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
|
2016-12-08 14:11:18 +00:00
|
|
|
}
|
|
|
|
|
2017-09-11 10:24:03 +00:00
|
|
|
func routeActivate(w http.ResponseWriter, r *http.Request, user User) {
|
2016-12-21 02:30:32 +00:00
|
|
|
if !user.Perms.ActivateUsers {
|
2017-09-03 04:50:31 +00:00
|
|
|
NoPermissions(w, r, user)
|
2016-12-18 12:56:06 +00:00
|
|
|
return
|
|
|
|
}
|
2016-12-23 12:35:22 +00:00
|
|
|
if r.FormValue("session") != user.Session {
|
2017-09-03 04:50:31 +00:00
|
|
|
SecurityError(w, r, user)
|
2016-12-23 12:35:22 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2016-12-18 12:56:06 +00:00
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/activate/"):])
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The provided User ID is not a valid number.", w, r, user)
|
2016-12-18 12:56:06 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-22 02:21:17 +00:00
|
|
|
targetUser, err := users.Get(uid)
|
2017-06-28 12:05:26 +00:00
|
|
|
if err == ErrNoRows {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The account you're trying to activate no longer exists.", w, r, user)
|
2016-12-18 12:56:06 +00:00
|
|
|
return
|
|
|
|
} else if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-18 12:56:06 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-09-22 02:21:17 +00:00
|
|
|
if targetUser.Active {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("The account you're trying to activate has already been activated.", w, r, user)
|
2016-12-18 12:56:06 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-22 02:21:17 +00:00
|
|
|
err = targetUser.Activate()
|
2016-12-21 02:30:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2016-12-21 02:30:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-06-06 14:41:06 +00:00
|
|
|
|
2017-04-06 17:37:32 +00:00
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
LocalError("Bad IP", w, r, user)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-22 02:21:17 +00:00
|
|
|
err = addModLog("activate", targetUser.ID, "user", ipaddress, user.ID)
|
2017-04-06 17:37:32 +00:00
|
|
|
if err != nil {
|
2017-09-03 04:50:31 +00:00
|
|
|
InternalError(err, w)
|
2017-04-06 17:37:32 +00:00
|
|
|
return
|
|
|
|
}
|
2017-09-22 02:21:17 +00:00
|
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(targetUser.ID), http.StatusSeeOther)
|
2016-12-18 12:56:06 +00:00
|
|
|
}
|