Add TINYIB_REQMOD setting, allowing moderation to be required for new posts

This commit is contained in:
Trevor Slocum 2014-10-16 18:12:52 -07:00
parent 4559c24236
commit 2f54b75570
11 changed files with 167 additions and 72 deletions

View file

@ -9,6 +9,8 @@ To allow new threads without requiring an image, see the [Text Board Mode](https
For demos see the [TinyIB Installations](https://github.com/tslocum/TinyIB/wiki) page. [![githalytics.com alpha](https://cruel-carlota.pagodabox.com/5135372febbc40bacddbb13c1f0a8333 "githalytics.com")](http://githalytics.com/tslocum/TinyIB)
**Note to those who have recently upgraded:** Are you unable to create new posts? Run the SQL on [this page](https://github.com/tslocum/TinyIB/wiki/NewSQLStructure) to finish the upgrade process.
Features
------------
- GIF, JPG, PNG, SWF and WebA/WebM upload.
@ -16,7 +18,7 @@ Features
- Delete post via password.
- Management panel:
- Administrators and moderators use separate passwords.
- Moderators are only able to delete posts.
- Moderators are only able to delete posts, or approve them when necessary. (See ``TINYIB_REQMOD``)
- Ban offensive/abusive posters across all boards.
- Post using raw HTML.
- Upgrade automatically when installed via git. (Tested on Linux only)
@ -38,6 +40,11 @@ Installing
- Ensure your web host is running Linux.
- Install [mediainfo](http://mediaarea.net/en/MediaInfo) and [ffmpegthumbnailer](https://code.google.com/p/ffmpegthumbnailer/). On Ubuntu, run ``sudo apt-get install mediainfo ffmpegthumbnailer``.
- Set ``TINYIB_WEBM`` to ``true``.
- To require moderation before displaying posts:
- Ensure your ``TINYIB_DBMODE`` is set to ``mysql``, ``mysqli``, or ``pdo``.
- Set ``TINYIB_REQMOD`` to ``files`` to require moderation for posts with files attached.
- Set ``TINYIB_REQMOD`` to ``all`` to require moderation for all posts.
- Moderate posts by visiting the management panel.
- When setting ``TINYIB_DBMODE`` to ``pdo``, note that PDO mode has been tested on **MySQL databases only**. Theoretically it will work with any applicable driver, but this is not guaranteed. If you use an alternative driver, please report back regarding how it works.
6. [CHMOD](http://en.wikipedia.org/wiki/Chmod) write permissions to these directories:
- ./ (the directory containing TinyIB)

View file

@ -238,28 +238,37 @@ if (isset($_POST['message']) || isset($_POST['file'])) {
echo $post['file_original'] . ' uploaded.<br>';
}
if (!$loggedin && (($post['file'] != '' && TINYIB_REQMOD == 'files') || TINYIB_REQMOD == 'all')) {
$post['moderated'] = '0';
echo 'Your ' . ($post['parent'] == TINYIB_NEWTHREAD ? 'thread' : 'post') . ' will be shown <b>once it has been approved</b>.<br>';
$slow_redirect = true;
}
$post['id'] = insertPost($post);
if (strtolower($post['email']) == 'noko') {
$redirect = 'res/' . ($post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent']) . '.html#' . $post['id'];
}
trimThreads();
echo 'Updating thread...<br>';
if ($post['parent'] != TINYIB_NEWTHREAD) {
rebuildThread($post['parent']);
if (strtolower($post['email']) != 'sage') {
if (TINYIB_MAXREPLIES == 0 || numRepliesToThreadByID($post['parent']) <= TINYIB_MAXREPLIES) {
bumpThreadByID($post['parent']);
}
if ($post['moderated'] == '1') {
if (strtolower($post['email']) == 'noko') {
$redirect = 'res/' . ($post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent']) . '.html#' . $post['id'];
}
} else {
rebuildThread($post['id']);
}
echo 'Updating index...<br>';
rebuildIndexes();
trimThreads();
echo 'Updating thread...<br>';
if ($post['parent'] != TINYIB_NEWTHREAD) {
rebuildThread($post['parent']);
if (strtolower($post['email']) != 'sage') {
if (TINYIB_MAXREPLIES == 0 || numRepliesToThreadByID($post['parent']) <= TINYIB_MAXREPLIES) {
bumpThreadByID($post['parent']);
}
}
} else {
rebuildThread($post['id']);
}
echo 'Updating index...<br>';
rebuildIndexes();
}
// Check if the request is to delete a post and/or its associated image
} elseif (isset($_GET['delete']) && !isset($_GET['manage'])) {
if (!isset($_POST['delete'])) {
@ -432,6 +441,23 @@ if (isset($_POST['message']) || isset($_POST['file'])) {
} else {
fancyDie("Sorry, there doesn't appear to be a post with that ID.");
}
} elseif (isset($_GET['approve'])) {
if ($_GET['approve'] > 0) {
$post = postByID($_GET['approve']);
if ($post) {
approvePostByID($post['id']);
$thread_id = $post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent'];
if (strtolower($post['email']) != 'sage' && (TINYIB_MAXREPLIES == 0 || numRepliesToThreadByID($thread_id) <= TINYIB_MAXREPLIES)) {
bumpThreadByID($thread_id);
}
threadUpdated($thread_id);
$text .= manageInfo('Post No.' . $post['id'] . ' approved.');
} else {
fancyDie("Sorry, there doesn't appear to be a post with that ID.");
}
}
} elseif (isset($_GET['moderate'])) {
if ($_GET['moderate'] > 0) {
$post = postByID($_GET['moderate']);
@ -466,5 +492,5 @@ if (isset($_POST['message']) || isset($_POST['file'])) {
}
if ($redirect) {
echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=' . (is_string($redirect) ? $redirect : 'index.html') . '">';
echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="' . (isset($slow_redirect) ? '3' : '0') . ';url=' . (is_string($redirect) ? $redirect : 'index.html') . '">';
}

View file

@ -150,7 +150,7 @@ function numRepliesToThreadByID($id) {
return count($rows);
}
function postsInThreadByID($id) {
function postsInThreadByID($id, $moderated_only = true) {
$compClause = new OrWhereClause();
$compClause->add(new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON));
$compClause->add(new SimpleWhereClause(POST_PARENT, '=', $id, INTEGER_COMPARISON));
@ -164,13 +164,13 @@ function postsByHex($hex) {
return convertPostsToSQLStyle($rows);
}
function latestPosts() {
function latestPosts($moderated = true) {
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, NULL, 10, new OrderBy(POST_TIMESTAMP, DESCENDING, INTEGER_COMPARISON));
return convertPostsToSQLStyle($rows);
}
function deletePostByID($id) {
$posts = postsInThreadByID($id);
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);

View file

@ -42,25 +42,29 @@ function postByID($id) {
}
function threadExistsByID($id) {
return mysql_result(mysql_query("SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = '" . mysql_real_escape_string($id) . "' AND `parent` = 0 LIMIT 1"), 0, 0) > 0;
return mysql_result(mysql_query("SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = '" . mysql_real_escape_string($id) . "' AND `parent` = 0 AND `moderated` = 1 LIMIT 1"), 0, 0) > 0;
}
function insertPost($post) {
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysql_insert_id();
}
function approvePostByID($id) {
mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = 1 WHERE `id` = " . $id . " LIMIT 1");
}
function bumpThreadByID($id) {
mysql_query("UPDATE `" . TINYIB_DBPOSTS . "` SET `bumped` = " . time() . " WHERE `id` = " . $id . " LIMIT 1");
}
function countThreads() {
return mysql_result(mysql_query("SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0"), 0, 0);
return mysql_result(mysql_query("SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1"), 0, 0);
}
function allThreads() {
$threads = array();
$result = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 ORDER BY `bumped` DESC");
$result = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `bumped` DESC");
if ($result) {
while ($thread = mysql_fetch_assoc($result)) {
$threads[] = $thread;
@ -70,12 +74,12 @@ function allThreads() {
}
function numRepliesToThreadByID($id) {
return mysql_result(mysql_query("SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = " . $id), 0, 0);
return mysql_result(mysql_query("SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = " . $id . " AND `moderated` = 1"), 0, 0);
}
function postsInThreadByID($id) {
function postsInThreadByID($id, $moderated_only = true) {
$posts = array();
$result = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $id . " OR `parent` = " . $id . " ORDER BY `id` ASC");
$result = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE (`id` = " . $id . " OR `parent` = " . $id . ")" . ($moderated_only ? " AND `moderated` = 1" : "") . " ORDER BY `id` ASC");
if ($result) {
while ($post = mysql_fetch_assoc($result)) {
$posts[] = $post;
@ -86,7 +90,7 @@ function postsInThreadByID($id) {
function postsByHex($hex) {
$posts = array();
$result = mysql_query("SELECT `id`, `parent` FROM `" . TINYIB_DBPOSTS . "` WHERE `file_hex` = '" . mysql_real_escape_string($hex) . "' LIMIT 1");
$result = mysql_query("SELECT `id`, `parent` FROM `" . TINYIB_DBPOSTS . "` WHERE `file_hex` = '" . mysql_real_escape_string($hex) . "' AND `moderated` = 1 LIMIT 1");
if ($result) {
while ($post = mysql_fetch_assoc($result)) {
$posts[] = $post;
@ -95,9 +99,9 @@ function postsByHex($hex) {
return $posts;
}
function latestPosts() {
function latestPosts($moderated = true) {
$posts = array();
$result = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` ORDER BY `timestamp` DESC LIMIT 10");
$result = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `moderated` = " . ($moderated ? '1' : '0') . " ORDER BY `timestamp` DESC LIMIT 10");
if ($result) {
while ($post = mysql_fetch_assoc($result)) {
$posts[] = $post;
@ -107,7 +111,7 @@ function latestPosts() {
}
function deletePostByID($id) {
$posts = postsInThreadByID($id);
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
@ -127,7 +131,7 @@ function deletePostByID($id) {
function trimThreads() {
if (TINYIB_MAXTHREADS > 0) {
$result = mysql_query("SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 ORDER BY `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
$result = mysql_query("SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
if ($result) {
while ($post = mysql_fetch_assoc($result)) {
deletePostByID($post['id']);

View file

@ -45,15 +45,20 @@ function postByID($id) {
function threadExistsByID($id) {
global $link;
return mysqli_result(mysqli_query($link, "SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = '" . mysqli_real_escape_string($link, $id) . "' AND `parent` = 0 LIMIT 1"), 0, 0) > 0;
return mysqli_result(mysqli_query($link, "SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = '" . mysqli_real_escape_string($link, $id) . "' AND `parent` = 0 AND `moderated` = 0 LIMIT 1"), 0, 0) > 0;
}
function insertPost($post) {
global $link;
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysqli_insert_id($link);
}
function approvePostByID($id) {
global $link;
mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `moderated` = 1 WHERE `id` = " . $id . " LIMIT 1");
}
function bumpThreadByID($id) {
global $link;
mysqli_query($link, "UPDATE `" . TINYIB_DBPOSTS . "` SET `bumped` = " . time() . " WHERE `id` = " . $id . " LIMIT 1");
@ -61,13 +66,13 @@ function bumpThreadByID($id) {
function countThreads() {
global $link;
return mysqli_result(mysqli_query($link, "SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0"), 0, 0);
return mysqli_result(mysqli_query($link, "SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1"), 0, 0);
}
function allThreads() {
global $link;
$threads = array();
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 ORDER BY `bumped` DESC");
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `bumped` DESC");
if ($result) {
while ($thread = mysqli_fetch_assoc($result)) {
$threads[] = $thread;
@ -78,13 +83,13 @@ function allThreads() {
function numRepliesToThreadByID($id) {
global $link;
return mysqli_result(mysqli_query($link, "SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = " . $id), 0, 0);
return mysqli_result(mysqli_query($link, "SELECT COUNT(*) FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = " . $id . " AND `moderated` = 1"), 0, 0);
}
function postsInThreadByID($id) {
function postsInThreadByID($id, $moderated_only = true) {
global $link;
$posts = array();
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $id . " OR `parent` = " . $id . " ORDER BY `id` ASC");
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE (`id` = " . $id . " OR `parent` = " . $id . ")" . ($moderated_only ? " AND `moderated` = 1" : "") . " ORDER BY `id` ASC");
if ($result) {
while ($post = mysqli_fetch_assoc($result)) {
$posts[] = $post;
@ -96,7 +101,7 @@ function postsInThreadByID($id) {
function postsByHex($hex) {
global $link;
$posts = array();
$result = mysqli_query($link, "SELECT `id`, `parent` FROM `" . TINYIB_DBPOSTS . "` WHERE `file_hex` = '" . mysqli_real_escape_string($link, $hex) . "' LIMIT 1");
$result = mysqli_query($link, "SELECT `id`, `parent` FROM `" . TINYIB_DBPOSTS . "` WHERE `file_hex` = '" . mysqli_real_escape_string($link, $hex) . "' AND `moderated` = 1 LIMIT 1");
if ($result) {
while ($post = mysqli_fetch_assoc($result)) {
$posts[] = $post;
@ -105,10 +110,10 @@ function postsByHex($hex) {
return $posts;
}
function latestPosts() {
function latestPosts($moderated = true) {
global $link;
$posts = array();
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` ORDER BY `timestamp` DESC LIMIT 10");
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `moderated` = " . ($moderated ? '1' : '0') . " ORDER BY `timestamp` DESC LIMIT 10");
if ($result) {
while ($post = mysqli_fetch_assoc($result)) {
$posts[] = $post;
@ -119,7 +124,7 @@ function latestPosts() {
function deletePostByID($id) {
global $link;
$posts = postsInThreadByID($id);
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
@ -140,7 +145,7 @@ function deletePostByID($id) {
function trimThreads() {
global $link;
if (TINYIB_MAXTHREADS > 0) {
$result = mysqli_query($link, "SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 ORDER BY `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
$result = mysqli_query($link, "SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
if ($result) {
while ($post = mysqli_fetch_assoc($result)) {
deletePostByID($post['id']);

View file

@ -63,35 +63,39 @@ function postByID($id) {
}
function threadExistsByID($id) {
$result = pdoQuery("SELECT COUNT(*) FROM " . TINYIB_DBPOSTS . " WHERE id = ? AND parent = 0", array($id));
$result = pdoQuery("SELECT COUNT(*) FROM " . TINYIB_DBPOSTS . " WHERE id = ? AND parent = 0 AND moderated = 1", array($id));
return $result->fetchColumn() != 0;
}
function insertPost($post) {
global $dbh;
$now = time();
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) " .
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stm->execute(array($post['parent'], $now, $now, $_SERVER['REMOTE_ADDR'], $post['name'], $post['tripcode'], $post['email'],
$post['nameblock'], $post['subject'], $post['message'], $post['password'],
$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height']));
$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
return $dbh->lastInsertId();
}
function approvePostByID($id) {
pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET moderated = ? WHERE id = ?", array('1', $id));
}
function bumpThreadByID($id) {
$now = time();
pdoQuery("UPDATE " . TINYIB_DBPOSTS . " SET bumped = ? WHERE id = ?", array($now, $id));
}
function countThreads() {
$result = pdoQuery("SELECT COUNT(*) FROM " . TINYIB_DBPOSTS . " WHERE parent = 0");
$result = pdoQuery("SELECT COUNT(*) FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 AND moderated = 1");
return (int)$result->fetchColumn();
}
function allThreads() {
$threads = array();
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY bumped DESC");
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 AND moderated = 1 ORDER BY bumped DESC");
while ($row = $results->fetch()) {
$threads[] = $row;
}
@ -99,13 +103,13 @@ function allThreads() {
}
function numRepliesToThreadByID($id) {
$result = pdoQuery("SELECT COUNT(*) FROM " . TINYIB_DBPOSTS . " WHERE parent = ?", array($id));
$result = pdoQuery("SELECT COUNT(*) FROM " . TINYIB_DBPOSTS . " WHERE parent = ? AND moderated = 1", array($id));
return (int)$result->fetchColumn();
}
function postsInThreadByID($id) {
function postsInThreadByID($id, $moderated_only = true) {
$posts = array();
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE id = ? OR parent = ? ORDER BY id ASC", array($id, $id));
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE (id = ? OR parent = ?)" . ($moderated_only ? " AND moderated = 1" : "") . " ORDER BY id ASC", array($id, $id));
while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
$posts[] = $row;
}
@ -114,16 +118,16 @@ function postsInThreadByID($id) {
function postsByHex($hex) {
$posts = array();
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE file_hex = ? LIMIT 1", array($hex));
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE file_hex = ? AND moderated = 1 LIMIT 1", array($hex));
while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
$posts[] = $row;
}
return $posts;
}
function latestPosts() {
function latestPosts($moderated = true) {
$posts = array();
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " ORDER BY timestamp DESC LIMIT 10");
$results = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE moderated = ? ORDER BY timestamp DESC LIMIT 10", array($moderated ? '1' : '0'));
while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
$posts[] = $row;
}
@ -131,7 +135,7 @@ function latestPosts() {
}
function deletePostByID($id) {
$posts = postsInThreadByID($id);
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
@ -152,7 +156,7 @@ function deletePostByID($id) {
function trimThreads() {
$limit = (int)TINYIB_MAXTHREADS;
if ($limit > 0) {
$results = pdoQuery("SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY bumped LIMIT 100 OFFSET " . $limit
$results = pdoQuery("SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 AND moderated = 1 ORDER BY bumped LIMIT 100 OFFSET " . $limit
);
# old mysql, sqlite3: SELECT id FROM $table ORDER BY bumped LIMIT $limit,100
# mysql, postgresql, sqlite3: SELECT id FROM $table ORDER BY bumped LIMIT 100 OFFSET $limit

View file

@ -94,7 +94,7 @@ function numRepliesToThreadByID($id) {
return sqlite_fetch_single(sqlite_query($GLOBALS["db"], "SELECT COUNT(*) FROM " . TINYIB_DBPOSTS . " WHERE parent = " . $id));
}
function postsInThreadByID($id) {
function postsInThreadByID($id, $moderated_only = true) {
$posts = array();
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE id = " . $id . " OR parent = " . $id . " ORDER BY id ASC"), SQLITE_ASSOC);
foreach ($result as $post) {
@ -112,7 +112,7 @@ function postsByHex($hex) {
return $posts;
}
function latestPosts() {
function latestPosts($moderated = true) {
$posts = array();
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " ORDER BY timestamp DESC LIMIT 10"), SQLITE_ASSOC);
foreach ($result as $post) {
@ -122,7 +122,7 @@ function latestPosts() {
}
function deletePostByID($id) {
$posts = postsInThreadByID($id);
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);

View file

@ -27,6 +27,9 @@ if (!defined('TINYIB_SWF')) {
if (!defined('TINYIB_WEBM')) {
define('TINYIB_WEBM', false);
}
if (!defined('TINYIB_REQMOD')) {
define('TINYIB_REQMOD', 'disable');
}
if (!defined('TINYIB_DBMIGRATE')) {
define('TINYIB_DBMIGRATE', false);
}

View file

@ -26,6 +26,8 @@ $posts_sql = "CREATE TABLE `" . TINYIB_DBPOSTS . "` (
`thumb` varchar(255) NOT NULL,
`thumb_width` smallint(5) unsigned NOT NULL default '0',
`thumb_height` smallint(5) unsigned NOT NULL default '0',
`stickied` tinyint(1) NOT NULL default '0',
`moderated` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`id`),
KEY `parent` (`parent`),
KEY `bumped` (`bumped`)
@ -81,7 +83,9 @@ function newPost($parent = TINYIB_NEWTHREAD) {
'image_height' => '0',
'thumb' => '',
'thumb_width' => '0',
'thumb_height' => '0');
'thumb_height' => '0',
'stickied' => '0',
'moderated' => '1');
}
function convertBytes($number) {

View file

@ -8,6 +8,12 @@ function pageHeader() {
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=UTF-8">
<meta http-equiv="cache-control" content="max-age=0">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT">
<meta http-equiv="pragma" content="no-cache">
<title>
EOF;
$return .= TINYIB_BOARDDESC . <<<EOF
@ -17,12 +23,6 @@ EOF;
<link rel="stylesheet" type="text/css" href="css/futaba.css" title="Futaba">
<link rel="alternate stylesheet" type="text/css" href="css/burichan.css" title="Burichan">
<script src="js/tinyib.js"></script>
<meta http-equiv="content-type" content="text/html;charset=UTF-8">
<meta http-equiv="cache-control" content="max-age=0">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT">
<meta http-equiv="pragma" content="no-cache">
</head>
EOF;
return $return;
@ -207,10 +207,15 @@ EOF;
$max_file_size_input_html = '';
$max_file_size_rules_html = '';
$reqmod_html = '';
$filetypes_html = '';
$file_input_html = '';
$unique_posts_html = '';
if (TINYIB_REQMOD != 'disable') {
$reqmod_html = '<li>All posts' . (TINYIB_REQMOD == 'files' ? ' with a file attached' : '') . ' will be moderated before being shown.</li>';
}
if (TINYIB_PIC || TINYIB_WEBM || TINYIB_SWF) {
if (TINYIB_MAXKB > 0) {
$max_file_size_input_html = '<input type="hidden" name="MAX_FILE_SIZE" value="' . strval(TINYIB_MAXKB * 1024) . '">';
@ -303,6 +308,7 @@ EOF;
<tr>
<td colspan="2" class="rules">
<ul>
$reqmod_html
$filetypes_html
$max_file_size_rules_html
$thumbnails_html
@ -642,8 +648,41 @@ function manageStatus() {
EOF;
}
$reqmod_html = '';
if (TINYIB_REQMOD != 'disable') {
$reqmod_post_html = '';
$reqmod_posts = latestPosts(false);
foreach ($reqmod_posts as $post) {
if ($reqmod_post_html != '') {
$reqmod_post_html .= '<tr><td colspan="2"><hr></td></tr>';
}
$reqmod_post_html .= '<tr><td>' . buildPost($post, TINYIB_INDEXPAGE) . '</td><td valign="top" align="right">
<table border="0"><tr><td>
<form method="get" action="?"><input type="hidden" name="manage" value=""><input type="hidden" name="approve" value="' . $post['id'] . '"><input type="submit" value="Approve" class="managebutton"></form>
</td><td>
<form method="get" action="?"><input type="hidden" name="manage" value=""><input type="hidden" name="moderate" value="' . $post['id'] . '"><input type="submit" value="More Info" class="managebutton"></form>
</td></tr><tr><td align="right" colspan="2">
<form method="get" action="?"><input type="hidden" name="manage" value=""><input type="hidden" name="delete" value="' . $post['id'] . '"><input type="submit" value="Delete" class="managebutton"></form>
</td></tr></table>
</td></tr>';
}
if ($reqmod_post_html != '') {
$reqmod_html = <<<EOF
<fieldset>
<legend>Pending posts</legend>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
$reqmod_post_html
</table>
</fieldset>
EOF;
}
}
$post_html = '';
$posts = latestPosts();
$posts = latestPosts(true);
$i = 0;
foreach ($posts as $post) {
if ($post_html != '') {
@ -680,6 +719,8 @@ EOF;
</tbody>
</table>
</fieldset>
$reqmod_html
<fieldset>
<legend>Recent posts</legend>

View file

@ -20,6 +20,7 @@ define('TINYIB_LOGO', ""); // Logo HTML
define('TINYIB_TRIPSEED', ""); // Enter some random text - Used when generating secure tripcodes - Must not change once set
define('TINYIB_ADMINPASS', ""); // Text entered at the manage prompt to gain administrator access
define('TINYIB_MODPASS', ""); // Moderators only have access to delete posts ["" to disable]
define('TINYIB_REQMOD', "disable"); // Require moderation before displaying posts: disable / files / all (see README for instructions, only MySQL is supported)
define('TINYIB_DBMODE', "flatfile"); // Choose: flatfile / mysql / mysqli / sqlite / pdo (flatfile is not recommended for popular sites)
define('TINYIB_DBMIGRATE', false); // Enable database migration tool (see README for instructions)