91f70d2a4a
Added basic support for server sync. Re-added a few missing defers. Renamed TO-DO to TODO across the entire codebase. Renamed StaticForumStore to MemoryForumStore. The ForumStore is now built on a sync.Map with a view slice for generating /forums rather than a slice. Renamed many more functions and variables to satisfy the linter. increase_post_user_stats() and decrease_post_user_stats() are now methods on the User struct. We also fix a bug where they take the moderator's score rather than the target user's into account when recalculating their level after a post / topic is deleted. Transitioned the topic list to CSS Grid for Tempra Simple, with a float fallback. Cosmo and Cosmo Conflux are now hidden from the theme list. Fixed more data races. Added more debug data to the template compiler logs.
884 lines
21 KiB
Go
884 lines
21 KiB
Go
package main
|
|
|
|
import (
|
|
//"log"
|
|
//"fmt"
|
|
"html"
|
|
"net"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
// TODO: Update the stats after edits so that we don't under or over decrement stats during deletes
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
|
func route_edit_topic(w http.ResponseWriter, r *http.Request, user User) {
|
|
//log.Print("in route_edit_topic")
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
PreError("Bad Form", w, r)
|
|
return
|
|
}
|
|
isJs := (r.PostFormValue("js") == "1")
|
|
|
|
var tid int
|
|
tid, err = strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):])
|
|
if err != nil {
|
|
PreErrorJSQ("The provided TopicID is not a valid number.", w, r, isJs)
|
|
return
|
|
}
|
|
|
|
oldTopic, err := topics.CascadeGet(tid)
|
|
if err == ErrNoRows {
|
|
PreErrorJSQ("The topic you tried to edit doesn't exist.", w, r, isJs)
|
|
return
|
|
} else if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ok := SimpleForumSessionCheck(w, r, &user, oldTopic.ParentID)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.EditTopic {
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
|
return
|
|
}
|
|
|
|
topicName := r.PostFormValue("topic_name")
|
|
topicStatus := r.PostFormValue("topic_status")
|
|
isClosed := (topicStatus == "closed")
|
|
|
|
topicContent := html.EscapeString(r.PostFormValue("topic_content"))
|
|
_, err = edit_topic_stmt.Exec(topicName, preparseMessage(topicContent), parseMessage(html.EscapeString(preparseMessage(topicContent))), isClosed, tid)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
|
|
if oldTopic.IsClosed != isClosed {
|
|
var action string
|
|
if isClosed {
|
|
action = "lock"
|
|
} else {
|
|
action = "unlock"
|
|
}
|
|
|
|
err = addModLog(action, tid, "topic", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
_, err = create_action_reply_stmt.Exec(tid, action, ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
_, err = add_replies_to_topic_stmt.Exec(1, user.ID, tid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
err = fstore.UpdateLastTopic(topicName, tid, user.Name, user.ID, time.Now().Format("2006-01-02 15:04:05"), oldTopic.ParentID)
|
|
if err != nil && err != ErrNoRows {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
}
|
|
|
|
err = topics.Load(tid)
|
|
if err == ErrNoRows {
|
|
LocalErrorJSQ("This topic no longer exists!", w, r, user, isJs)
|
|
return
|
|
} else if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
if !isJs {
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
|
} else {
|
|
_, _ = w.Write(successJSONBytes)
|
|
}
|
|
}
|
|
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
|
func route_delete_topic(w http.ResponseWriter, r *http.Request, user User) {
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):])
|
|
if err != nil {
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
|
return
|
|
}
|
|
|
|
topic, err := topics.CascadeGet(tid)
|
|
if err == ErrNoRows {
|
|
PreError("The topic you tried to delete doesn't exist.", w, r)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ok := SimpleForumSessionCheck(w, r, &user, topic.ParentID)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
|
|
NoPermissions(w, r, user)
|
|
return
|
|
}
|
|
|
|
_, err = delete_topic_stmt.Exec(tid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
err = addModLog("delete", tid, "topic", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
// Might need soft-delete before we can do an action reply for this
|
|
/*_, err = create_action_reply_stmt.Exec(tid,"delete",ipaddress,user.ID)
|
|
if err != nil {
|
|
InternalError(err,w)
|
|
return
|
|
}*/
|
|
|
|
//log.Print("Topic #" + strconv.Itoa(tid) + " was deleted by User #" + strconv.Itoa(user.ID))
|
|
http.Redirect(w, r, "/", http.StatusSeeOther)
|
|
|
|
topicCreator, err := users.CascadeGet(topic.CreatedBy)
|
|
if err == nil {
|
|
wcount := wordCount(topic.Content)
|
|
err = topicCreator.decreasePostStats(wcount, true)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
} else if err != ErrNoRows {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
err = fstore.DecrementTopicCount(topic.ParentID)
|
|
if err != nil && err != ErrNoRows {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
topics.Remove(tid)
|
|
}
|
|
|
|
func route_stick_topic(w http.ResponseWriter, r *http.Request, user User) {
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):])
|
|
if err != nil {
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
|
return
|
|
}
|
|
|
|
topic, err := topics.CascadeGet(tid)
|
|
if err == ErrNoRows {
|
|
PreError("The topic you tried to pin doesn't exist.", w, r)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ok := SimpleForumSessionCheck(w, r, &user, topic.ParentID)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
|
NoPermissions(w, r, user)
|
|
return
|
|
}
|
|
|
|
_, err = stick_topic_stmt.Exec(tid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
err = addModLog("stick", tid, "topic", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
_, err = create_action_reply_stmt.Exec(tid, "stick", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
err = topics.Load(tid)
|
|
if err != nil {
|
|
LocalError("This topic doesn't exist!", w, r, user)
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
|
}
|
|
|
|
func route_unstick_topic(w http.ResponseWriter, r *http.Request, user User) {
|
|
tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):])
|
|
if err != nil {
|
|
PreError("The provided TopicID is not a valid number.", w, r)
|
|
return
|
|
}
|
|
|
|
topic, err := topics.CascadeGet(tid)
|
|
if err == ErrNoRows {
|
|
PreError("The topic you tried to unpin doesn't exist.", w, r)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ok := SimpleForumSessionCheck(w, r, &user, topic.ParentID)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
|
NoPermissions(w, r, user)
|
|
return
|
|
}
|
|
|
|
_, err = unstick_topic_stmt.Exec(tid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
err = addModLog("unstick", tid, "topic", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
_, err = create_action_reply_stmt.Exec(tid, "unstick", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
err = topics.Load(tid)
|
|
if err != nil {
|
|
LocalError("This topic doesn't exist!", w, r, user)
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid), http.StatusSeeOther)
|
|
}
|
|
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
|
// TODO: Update the stats after edits so that we don't under or over decrement stats during deletes
|
|
func route_reply_edit_submit(w http.ResponseWriter, r *http.Request, user User) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
PreError("Bad Form", w, r)
|
|
return
|
|
}
|
|
isJs := (r.PostFormValue("js") == "1")
|
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):])
|
|
if err != nil {
|
|
PreErrorJSQ("The provided Reply ID is not a valid number.", w, r, isJs)
|
|
return
|
|
}
|
|
|
|
content := html.EscapeString(preparseMessage(r.PostFormValue("edit_item")))
|
|
_, err = edit_reply_stmt.Exec(content, parseMessage(content), rid)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
// Get the Reply ID..
|
|
var tid int
|
|
err = get_reply_tid_stmt.QueryRow(rid).Scan(&tid)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
var fid int
|
|
err = get_topic_fid_stmt.QueryRow(tid).Scan(&fid)
|
|
if err == ErrNoRows {
|
|
PreErrorJSQ("The parent topic doesn't exist.", w, r, isJs)
|
|
return
|
|
} else if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ok := SimpleForumSessionCheck(w, r, &user, fid)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.EditReply {
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
|
return
|
|
}
|
|
|
|
if !isJs {
|
|
http.Redirect(w, r, "/topic/"+strconv.Itoa(tid)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
}
|
|
|
|
// TODO: Disable stat updates in posts handled by plugin_socialgroups
|
|
func route_reply_delete_submit(w http.ResponseWriter, r *http.Request, user User) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
PreError("Bad Form", w, r)
|
|
return
|
|
}
|
|
isJs := (r.PostFormValue("isJs") == "1")
|
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):])
|
|
if err != nil {
|
|
PreErrorJSQ("The provided Reply ID is not a valid number.", w, r, isJs)
|
|
return
|
|
}
|
|
|
|
reply, err := getReply(rid)
|
|
if err == ErrNoRows {
|
|
PreErrorJSQ("The reply you tried to delete doesn't exist.", w, r, isJs)
|
|
return
|
|
} else if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
var fid int
|
|
err = get_topic_fid_stmt.QueryRow(reply.ParentID).Scan(&fid)
|
|
if err == ErrNoRows {
|
|
PreErrorJSQ("The parent topic doesn't exist.", w, r, isJs)
|
|
return
|
|
} else if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
// TODO: Add hooks to make use of headerLite
|
|
_, ok := SimpleForumSessionCheck(w, r, &user, fid)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
|
return
|
|
}
|
|
|
|
_, err = delete_reply_stmt.Exec(rid)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
//log.Print("Reply #" + strconv.Itoa(rid) + " was deleted by User #" + strconv.Itoa(user.ID))
|
|
if !isJs {
|
|
//http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
|
|
replyCreator, err := users.CascadeGet(reply.CreatedBy)
|
|
if err == nil {
|
|
wcount := wordCount(reply.Content)
|
|
err = replyCreator.decreasePostStats(wcount, false)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
} else if err != ErrNoRows {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
_, err = remove_replies_from_topic_stmt.Exec(1, reply.ParentID)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
err = addModLog("delete", reply.ParentID, "reply", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
err = topics.Load(reply.ParentID)
|
|
if err != nil {
|
|
LocalError("This topic no longer exists!", w, r, user)
|
|
return
|
|
}
|
|
}
|
|
|
|
func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request, user User) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
LocalError("Bad Form", w, r, user)
|
|
return
|
|
}
|
|
isJs := (r.PostFormValue("js") == "1")
|
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/profile/reply/edit/submit/"):])
|
|
if err != nil {
|
|
LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, isJs)
|
|
return
|
|
}
|
|
|
|
// Get the Reply ID..
|
|
var uid int
|
|
err = get_user_reply_uid_stmt.QueryRow(rid).Scan(&uid)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
if user.ID != uid && !user.Perms.EditReply {
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
|
return
|
|
}
|
|
|
|
content := html.EscapeString(preparseMessage(r.PostFormValue("edit_item")))
|
|
_, err = edit_profile_reply_stmt.Exec(content, parseMessage(content), rid)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
if !isJs {
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid)+"#reply-"+strconv.Itoa(rid), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
}
|
|
|
|
func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request, user User) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
LocalError("Bad Form", w, r, user)
|
|
return
|
|
}
|
|
isJs := (r.PostFormValue("isJs") == "1")
|
|
|
|
rid, err := strconv.Atoi(r.URL.Path[len("/profile/reply/delete/submit/"):])
|
|
if err != nil {
|
|
LocalErrorJSQ("The provided Reply ID is not a valid number.", w, r, user, isJs)
|
|
return
|
|
}
|
|
|
|
var uid int
|
|
err = get_user_reply_uid_stmt.QueryRow(rid).Scan(&uid)
|
|
if err == ErrNoRows {
|
|
LocalErrorJSQ("The reply you tried to delete doesn't exist.", w, r, user, isJs)
|
|
return
|
|
} else if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
|
|
if user.ID != uid && !user.Perms.DeleteReply {
|
|
NoPermissionsJSQ(w, r, user, isJs)
|
|
return
|
|
}
|
|
|
|
_, err = delete_profile_reply_stmt.Exec(rid)
|
|
if err != nil {
|
|
InternalErrorJSQ(err, w, r, isJs)
|
|
return
|
|
}
|
|
//log.Print("The profile post '" + strconv.Itoa(rid) + "' was deleted by User #" + strconv.Itoa(user.ID))
|
|
|
|
if !isJs {
|
|
//http.Redirect(w,r, "/user/" + strconv.Itoa(uid), http.StatusSeeOther)
|
|
} else {
|
|
w.Write(successJSONBytes)
|
|
}
|
|
}
|
|
|
|
func route_ips(w http.ResponseWriter, r *http.Request, user User) {
|
|
headerVars, ok := SessionCheck(w, r, &user)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.ViewIPs {
|
|
NoPermissions(w, r, user)
|
|
return
|
|
}
|
|
|
|
ip := html.EscapeString(r.URL.Path[len("/users/ips/"):])
|
|
var uid int
|
|
var reqUserList = make(map[int]bool)
|
|
|
|
rows, err := find_users_by_ip_users_stmt.Query(ip)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
defer rows.Close()
|
|
|
|
for rows.Next() {
|
|
err := rows.Scan(&uid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
reqUserList[uid] = true
|
|
}
|
|
err = rows.Err()
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
rows2, err := find_users_by_ip_topics_stmt.Query(ip)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
defer rows2.Close()
|
|
|
|
for rows2.Next() {
|
|
err := rows2.Scan(&uid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
reqUserList[uid] = true
|
|
}
|
|
err = rows2.Err()
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
rows3, err := find_users_by_ip_replies_stmt.Query(ip)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
defer rows3.Close()
|
|
|
|
for rows3.Next() {
|
|
err := rows3.Scan(&uid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
reqUserList[uid] = true
|
|
}
|
|
err = rows3.Err()
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
// Convert the user ID map to a slice, then bulk load the users
|
|
var idSlice = make([]int, len(reqUserList))
|
|
var i int
|
|
for userID := range reqUserList {
|
|
idSlice[i] = userID
|
|
i++
|
|
}
|
|
|
|
// TODO: What if a user is deleted via the Control Panel?
|
|
userList, err := users.BulkCascadeGetMap(idSlice)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
pi := IPSearchPage{"IP Search", user, headerVars, userList, ip}
|
|
if preRenderHooks["pre_render_ips"] != nil {
|
|
if runPreRenderHook("pre_render_ips", w, r, &user, &pi) {
|
|
return
|
|
}
|
|
}
|
|
err = templates.ExecuteTemplate(w, "ip-search.html", pi)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
}
|
|
}
|
|
|
|
// TODO: This is being replaced with the new ban route system
|
|
/*func route_ban(w http.ResponseWriter, r *http.Request, user User) {
|
|
headerVars, ok := SessionCheck(w,r,&user)
|
|
if !ok {
|
|
return
|
|
}
|
|
if !user.Perms.BanUsers {
|
|
NoPermissions(w,r,user)
|
|
return
|
|
}
|
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/ban/"):])
|
|
if err != nil {
|
|
LocalError("The provided User ID is not a valid number.",w,r,user)
|
|
return
|
|
}
|
|
|
|
var uname string
|
|
err = get_user_name_stmt.QueryRow(uid).Scan(&uname)
|
|
if err == ErrNoRows {
|
|
LocalError("The user you're trying to ban no longer exists.",w,r,user)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err,w)
|
|
return
|
|
}
|
|
|
|
confirm_msg := "Are you sure you want to ban '" + uname + "'?"
|
|
yousure := AreYouSure{"/users/ban/submit/" + strconv.Itoa(uid),confirm_msg}
|
|
|
|
pi := Page{"Ban User",user,headerVars,tList,yousure}
|
|
if preRenderHooks["pre_render_ban"] != nil {
|
|
if runPreRenderHook("pre_render_ban", w, r, &user, &pi) {
|
|
return
|
|
}
|
|
}
|
|
templates.ExecuteTemplate(w,"areyousure.html",pi)
|
|
}*/
|
|
|
|
func route_ban_submit(w http.ResponseWriter, r *http.Request, user User) {
|
|
if !user.Perms.BanUsers {
|
|
NoPermissions(w, r, user)
|
|
return
|
|
}
|
|
if r.FormValue("session") != user.Session {
|
|
SecurityError(w, r, user)
|
|
return
|
|
}
|
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/ban/submit/"):])
|
|
if err != nil {
|
|
LocalError("The provided User ID is not a valid number.", w, r, user)
|
|
return
|
|
}
|
|
/*if uid == -2 {
|
|
LocalError("Stop trying to ban Merlin! Ban admin! Bad! No!",w,r,user)
|
|
return
|
|
}*/
|
|
|
|
targetUser, err := users.CascadeGet(uid)
|
|
if err == ErrNoRows {
|
|
LocalError("The user you're trying to ban no longer exists.", w, r, user)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
if targetUser.IsSuperAdmin || targetUser.IsAdmin || targetUser.IsMod {
|
|
LocalError("You may not ban another staff member.", w, r, user)
|
|
return
|
|
}
|
|
if uid == user.ID {
|
|
LocalError("Why are you trying to ban yourself? Stop that.", w, r, user)
|
|
return
|
|
}
|
|
|
|
if targetUser.IsBanned {
|
|
LocalError("The user you're trying to unban is already banned.", w, r, user)
|
|
return
|
|
}
|
|
|
|
durationDays, err := strconv.Atoi(r.FormValue("ban-duration-days"))
|
|
if err != nil {
|
|
LocalError("You can only use whole numbers for the number of days", w, r, user)
|
|
return
|
|
}
|
|
|
|
durationWeeks, err := strconv.Atoi(r.FormValue("ban-duration-weeks"))
|
|
if err != nil {
|
|
LocalError("You can only use whole numbers for the number of weeks", w, r, user)
|
|
return
|
|
}
|
|
|
|
durationMonths, err := strconv.Atoi(r.FormValue("ban-duration-months"))
|
|
if err != nil {
|
|
LocalError("You can only use whole numbers for the number of months", w, r, user)
|
|
return
|
|
}
|
|
|
|
var duration time.Duration
|
|
if durationDays > 1 && durationWeeks > 1 && durationMonths > 1 {
|
|
duration, _ = time.ParseDuration("0")
|
|
} else {
|
|
var seconds int
|
|
seconds += durationDays * day
|
|
seconds += durationWeeks * week
|
|
seconds += durationMonths * month
|
|
duration, _ = time.ParseDuration(strconv.Itoa(seconds) + "s")
|
|
}
|
|
|
|
err = targetUser.Ban(duration, user.ID)
|
|
if err == ErrNoRows {
|
|
LocalError("The user you're trying to ban no longer exists.", w, r, user)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
err = addModLog("ban", uid, "user", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
|
|
}
|
|
|
|
func route_unban(w http.ResponseWriter, r *http.Request, user User) {
|
|
if !user.Perms.BanUsers {
|
|
NoPermissions(w, r, user)
|
|
return
|
|
}
|
|
if r.FormValue("session") != user.Session {
|
|
SecurityError(w, r, user)
|
|
return
|
|
}
|
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/unban/"):])
|
|
if err != nil {
|
|
LocalError("The provided User ID is not a valid number.", w, r, user)
|
|
return
|
|
}
|
|
|
|
targetUser, err := users.CascadeGet(uid)
|
|
if err == ErrNoRows {
|
|
LocalError("The user you're trying to unban no longer exists.", w, r, user)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
if !targetUser.IsBanned {
|
|
LocalError("The user you're trying to unban isn't banned.", w, r, user)
|
|
return
|
|
}
|
|
|
|
err = targetUser.Unban()
|
|
if err == ErrNoRows {
|
|
LocalError("The user you're trying to unban no longer exists.", w, r, user)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
err = addModLog("unban", uid, "user", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
|
|
}
|
|
|
|
func route_activate(w http.ResponseWriter, r *http.Request, user User) {
|
|
if !user.Perms.ActivateUsers {
|
|
NoPermissions(w, r, user)
|
|
return
|
|
}
|
|
if r.FormValue("session") != user.Session {
|
|
SecurityError(w, r, user)
|
|
return
|
|
}
|
|
|
|
uid, err := strconv.Atoi(r.URL.Path[len("/users/activate/"):])
|
|
if err != nil {
|
|
LocalError("The provided User ID is not a valid number.", w, r, user)
|
|
return
|
|
}
|
|
|
|
var active bool
|
|
err = get_user_active_stmt.QueryRow(uid).Scan(&active)
|
|
if err == ErrNoRows {
|
|
LocalError("The account you're trying to activate no longer exists.", w, r, user)
|
|
return
|
|
} else if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
if active {
|
|
LocalError("The account you're trying to activate has already been activated.", w, r, user)
|
|
return
|
|
}
|
|
_, err = activate_user_stmt.Exec(uid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
_, err = change_group_stmt.Exec(config.DefaultGroup, uid)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
LocalError("Bad IP", w, r, user)
|
|
return
|
|
}
|
|
err = addModLog("activate", uid, "user", ipaddress, user.ID)
|
|
if err != nil {
|
|
InternalError(err, w)
|
|
return
|
|
}
|
|
|
|
err = users.Load(uid)
|
|
if err != nil {
|
|
LocalError("This user no longer exists!", w, r, user)
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/user/"+strconv.Itoa(uid), http.StatusSeeOther)
|
|
}
|