diff options
-rw-r--r-- | cgi/manage.py | 143 | ||||
-rw-r--r-- | cgi/templates/error.html | 20 | ||||
-rw-r--r-- | cgi/templates/manage/ipdelete.html | 28 | ||||
-rw-r--r-- | cgi/templates/manage/lockboard.html | 14 |
4 files changed, 112 insertions, 93 deletions
diff --git a/cgi/manage.py b/cgi/manage.py index 0abb832..03963e7 100644 --- a/cgi/manage.py +++ b/cgi/manage.py @@ -35,8 +35,8 @@ def manage(self, path_split): UpdateDb("DELETE FROM `logs` WHERE `timestamp` < %s", (timestamp() - Settings.MANAGE_LOG_TIME,)) else: page += _('Incorrect username/password.') - logAction('', 'Failed log-in. U:'+self.formdata['username']+' IP logged.') - logging.warn("Failed log-in. U:{} IP:{}".format(self.formdata['username'], self.environ["REMOTE_ADDR"])) + logAction('', 'Failed login. U:'+self.formdata['username']+' IP logged.') + logging.warn("Failed login. U:{} IP:{}".format(self.formdata['username'], self.environ["REMOTE_ADDR"])) else: # Validate existing session manage_cookie = getCookie(self, 'weabot_manage') @@ -373,8 +373,7 @@ def manage(self, path_split): # Nos vamos al board y ubicamos el post board = setBoard(path_split[3]) postid = int(path_split[4]) - post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1', - (board['id'], postid)) + post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1', (board['id'], pid) ) if not post: message = _('Unable to locate a post with that ID.') template_filename = "message.html" @@ -392,32 +391,30 @@ def manage(self, path_split): UpdateDb("UPDATE `posts` SET `locked` = %s WHERE `boardid` = %s AND `id` = %s LIMIT 1", (setLocked, board["id"], post["id"])) - threadUpdated(postid) + threadUpdated(pid) if setLocked == 1: message = _('Thread successfully closed.') - logAction(staff_account['username'], _('Closed thread %s') % ( - '/' + path_split[3] + '/' + path_split[4])) + logAction(staff_account['username'], _('Closed thread %s') % ('/' + board['dir'] + '/' + pid) ) else: message = _('Thread successfully opened.') - logAction(staff_account['username'], _('Opened thread %s') % ( - '/' + path_split[3] + '/' + path_split[4])) + logAction(staff_account['username'], _('Opened thread %s') % ('/' + board['dir'] + '/' + pid) ) template_filename = "message.html" elif path_split[2] == 'permasage': setPermasaged = 0 # Nos vamos al board y ubicamos el post board = setBoard(path_split[3]) - post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = ' + - board['id'] + ' AND `id` = \'' + _mysql.escape_string(path_split[4]) + '\' LIMIT 1') + pid = int(path_split[4]) + post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1', (board['id'], pid) ) if not post: - message = 'Unable to locate a post with that ID.' + message = 'No se encuentra un hilo con ese ID.' template_filename = "message.html" elif post['locked'] == '1': message = 'Solo se puede aplicar permasage en un hilo abierto.' template_filename = "message.html" else: if post['parentid']: - message = 'Post is not a thread opener.' + message = 'El post indicado es una respuesta a un hilo.' template_filename = "message.html" else: if post['locked'] == 2: @@ -427,19 +424,16 @@ def manage(self, path_split): # Colocar permasage setPermasaged = 2 - UpdateDb("UPDATE `posts` SET `locked` = %d WHERE `boardid` = '%s' AND `id` = '%s' LIMIT 1" % ( - setPermasaged, board["id"], _mysql.escape_string(path_split[4]))) + UpdateDb("UPDATE `posts` SET `locked` = %s WHERE `boardid` = '%s' AND `id` = '%s' LIMIT 1" % (setPermasaged, board["id"], pid) ) regenerateFrontPages() - threadUpdated(path_split[4]) + threadUpdated(pid) if setPermasaged == 2: message = 'Thread successfully permasaged.' - logAction( - staff_account['username'], 'Enabled permasage in thread /' + path_split[3] + '/' + path_split[4]) + logAction(staff_account['username'], 'Activado permasage en el hilo /%s/%s' % (board['dir'], pid) ) else: message = 'Thread successfully un-permasaged.' - logAction( - staff_account['username'], 'Disabled permasage in thread /' + path_split[3] + '/' + path_split[4]) + logAction(staff_account['username'], 'Desactivado permasage en el hilo /%s/%s' % (board['dir'], pid) ) template_filename = "message.html" elif path_split[2] == 'move': raise NotImplementedError @@ -640,8 +634,7 @@ def manage(self, path_split): if len(path_split) > 4: board = setBoard(path_split[3]) - post = FetchOne('SELECT INET6_NTOA(`ip`) AS `ip` FROM `posts` WHERE `boardid` = ' + - board['id'] + ' AND `id` = \'' + _mysql.escape_string(path_split[4]) + '\' LIMIT 1') + post = FetchOne('SELECT INET6_NTOA(`ip`) AS `ip` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1' % (board['id'], int(path_split[4])) ) if not post: message = _('Unable to locate a post with that ID.') @@ -704,8 +697,7 @@ def manage(self, path_split): return if 'edit' in self.formdata: - UpdateDb("DELETE FROM `bans` WHERE `id` = '" + - _mysql.escape_string(self.formdata['edit']) + "' LIMIT 1") + UpdateDb("DELETE FROM `bans` WHERE `id` = '" + _mysql.escape_string(self.formdata['edit']) + "' LIMIT 1") """else: # TODO : Duplicate check ban = FetchOne("SELECT `id` FROM `bans` WHERE `ip` = '" + _mysql.escape_string( ip) + "' AND `boards` = '" + _mysql.escape_string(where) + "' LIMIT 1") @@ -748,8 +740,7 @@ def manage(self, path_split): edit_id = 0 if 'edit' in self.formdata: edit_id = self.formdata['edit'] - ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = %s ORDER BY `added` DESC", - (edit_id,)) + ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = %s ORDER BY `added` DESC", (edit_id) ) if ban: if ban['boards'] == '': where = '' @@ -1043,11 +1034,9 @@ def manage(self, path_split): postid = key[2:].split('/')[1] # Post to delete # Delete post start - post = FetchOne('SELECT `parentid`, `dir` FROM `posts` INNER JOIN `boards` ON posts.boardid = boards.id WHERE `dir` = \'' + - _mysql.escape_string(dir) + '\' AND posts.id = \'' + _mysql.escape_string(postid) + '\' LIMIT 1') + post = FetchOne('SELECT `parentid`, `dir` FROM `posts` INNER JOIN `boards` ON posts.boardid = boards.id WHERE `dir` = \'' + _mysql.escape_string(dir) + '\' AND posts.id = \'' + _mysql.escape_string(postid) + '\' LIMIT 1') if not post: - message = _( - 'Unable to locate a post with that ID.') + message = _('Unable to locate a post with that ID.') else: board = setBoard(dir) deletePost(int(postid), None) @@ -1077,8 +1066,7 @@ def manage(self, path_split): type = 0 # Generate board list - boards = FetchAll( - 'SELECT `name`, `dir` FROM `boards` ORDER BY `dir`') + boards = FetchAll('SELECT `name`, `dir` FROM `boards` ORDER BY `dir`') for board in boards: if 'board' in self.formdata and self.formdata['board'] == board['dir']: board['checked'] = True @@ -1093,18 +1081,15 @@ def manage(self, path_split): # Table if 'board' in self.formdata and self.formdata['board'] != 'all': - cboard = self.formdata['board'] - posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir, boardid FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE `dir` = '%s' AND IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % ( - _mysql.escape_string(self.formdata['board']), _mysql.escape_string(type_condition), currentpage*pagesize, pagesize)) + cboard = setBoard(self.formdata['board'])['dir'] + posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir, boardid FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE `dir` = '%s' AND IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % (cboard, type_condition, currentpage*pagesize, pagesize)) try: - totals = FetchOne("SELECT COUNT(id) FROM `posts` WHERE IS_DELETED %s AND `boardid` = %s" % ( - _mysql.escape_string(type_condition), _mysql.escape_string(posts[0]['boardid'])), 0) + totals = FetchOne("SELECT COUNT(id) AS count FROM `posts` WHERE IS_DELETED %s AND `boardid` = %s LIMIT 1" % (type_condition, posts[0]['boardid']) ) except: skip = True else: cboard = 'all' - posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % ( - type_condition, currentpage*pagesize, pagesize)) + posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % (type_condition, currentpage*pagesize, pagesize)) totals = FetchOne("SELECT COUNT(id) AS count FROM `posts` WHERE IS_DELETED %s" % type_condition) template_filename = "recyclebin.html" @@ -1119,8 +1104,8 @@ def manage(self, path_split): pages = int(math.ceil(total / pagesize)) # Create delete form - if 'board' in self.formdata: - board = self.formdata['board'] + if 'board' in self.formdata and self.formdata['board'] != 'all': + board = setBoard(self.formdata['board'])['dir'] else: board = None @@ -1678,15 +1663,13 @@ def manage(self, path_split): template_filename = 'message.html' elif path_split[2] == 'recent_images': try: - if int(self.formdata['images']) > 100: - images = '100' + if int(self.formdata['images']) > 256: + images = '256' else: images = self.formdata['images'] - posts = FetchAll( - 'SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT ' + _mysql.escape_string(images)) + posts = FetchAll('SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT %s' % (images) ) except: - posts = FetchAll( - 'SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT 10') + posts = FetchAll('SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT 32') template_filename = "recent_images.html" template_values = {'posts': posts} elif path_split[2] == 'news': @@ -1786,7 +1769,7 @@ def manage(self, path_split): if path_split[3] == 'delete': if not administrator: # We check that if he's not admin, he shouldn't be able to delete other people's posts - post = FetchOne("SELECT `staffid` FROM `news` WHERE id = '" + _mysql.escape_string(path_split[4]) +"' AND type = '0'") + post = FetchOne("SELECT `staffid` FROM `news` WHERE id = %s AND type = '0'" % (int(path_split[4])) ) if post['staffid'] != staff_account['id']: self.error(_('That post is not yours.')) return @@ -1923,30 +1906,35 @@ def manage(self, path_split): if not moderator: return - # Delete by IP + # Delete posts by IP if 'ip' in self.formdata: # If an IP was given... if self.formdata['ip'] != '': where = [] if 'board_all' not in self.formdata: - # If he chose boards separately, add them to a list - boards = FetchAll( - 'SELECT `id`, `dir` FROM `boards`') + # If multiple boards, add them to a list + boards = FetchAll('SELECT `id`, `dir` FROM `boards`') for board in boards: keyname = 'board_' + board['dir'] if keyname in self.formdata: if self.formdata[keyname] == "1": where.append(board) else: - # If all boards were selected="selected", all them all to the list - where = FetchAll( - 'SELECT `id`, `dir` FROM `boards`') + # If all boards were selected, add them all to the list + where = FetchAll('SELECT `id`, `dir` FROM `boards`') # If no board was chosen if len(where) <= 0: self.error(_("Select a board first.")) return + try: + secs = int(self.formdata['seconds']) + except: + secs = 0 + if secs > 0: + since = round(time.time() - secs) + deletedPostsTotal = 0 ip = self.formdata['ip'] deletedPosts = 0 @@ -1955,44 +1943,44 @@ def manage(self, path_split): isDeletedOP = False # delete all starting posts first - op_posts = FetchAll( - "SELECT `id`, `message` FROM posts WHERE parentid = 0 AND boardid = %s AND ip = INET6_ATON(%s)", - (board['id'], ip)) + if secs == 0: + op_posts = FetchAll("SELECT `id`, `message` FROM posts WHERE parentid = 0 AND boardid = %s AND ip = INET6_ATON(%s)", (board['id'], ip) ) + else: + op_posts = FetchAll("SELECT `id`, `message` FROM posts WHERE parentid = 0 AND boardid = %s AND ip = INET6_ATON(%s) AND timestamp > %s", (board['id'], ip, since) ) + for post in op_posts: deletePost(post['id'], None) - deletedPosts += 1 deletedPostsTotal += 1 - replies = FetchAll( - "SELECT `id`, `message`, `parentid` FROM posts WHERE parentid != 0 AND boardid = %s AND ip = INET6_ATON(%s)", - (board['id'], ip)) + if secs == 0: + replies = FetchAll("SELECT `id`, `message`, `parentid` FROM posts WHERE parentid != 0 AND boardid = %s AND ip = INET6_ATON(%s)", (board['id'], ip) ) + else: + replies = FetchAll("SELECT `id`, `message`, `parentid` FROM posts WHERE parentid != 0 AND boardid = %s AND ip = INET6_ATON(%s) AND timestamp > %s", (board['id'], ip, since) ) + for post in replies: deletePost(post['id'], None, '2') - deletedPosts += 1 deletedPostsTotal += 1 regenerateHome() - - if deletedPosts > 0: - message = '%(posts)s post(s) were deleted from %(board)s.' % { - 'posts': str(deletedPosts), 'board': '/' + board['dir'] + '/'} - template_filename = "message.html" - # logAction(staff_account['username'], '%(posts)s post(s) were deleted from %(board)s. IP: %(ip)s' % \ - # {'posts': str(deletedPosts), - # 'board': '/' + board['dir'] + '/', - # 'ip': self.formdata['ip']}) else: self.error(_("Please enter an IP first.")) return - message = 'In total %(posts)s from IP %(ip)s were deleted.' % { - 'posts': str(deletedPosts), 'ip': self.formdata['ip']} - logAction(staff_account['username'], message) + if deletedPosts > 0: + message = 'En total se eliminaron %(posts)s post(s) de %(ip)s.' % {'posts': str(deletedPosts), 'ip': self.formdata['ip']} + logAction(staff_account['username'], '%(posts)s post(s) eliminado(s) de IP: %(ip)s' % {'posts': str(deletedPosts), 'ip': self.formdata['ip']}) + #logAction(staff_account['username'], '%(posts)s post(s) were deleted from %(board)s. IP: %(ip)s' % \ + # {'posts': str(deletedPosts), + # 'board': '/' + board['dir'] + '/', + # 'ip': self.formdata['ip']}) + else: + message = "No se encontraron posts" + template_filename = "message.html" else: - # Generate form... + # Show form template_filename = "ipdelete.html" template_values = {'boards': boardlist()} elif path_split[2] == 'goto': @@ -2160,8 +2148,7 @@ def cleanSessions(): def logAction(staff, action): - InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (%s, %s, %s)", - (timestamp(), staff, action)) + InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (%s, %s, %s)", (timestamp(), staff, action)) def genPasswdHash(string): diff --git a/cgi/templates/error.html b/cgi/templates/error.html index 47ef529..4e254b0 100644 --- a/cgi/templates/error.html +++ b/cgi/templates/error.html @@ -1,7 +1,17 @@ <?py include('templates/base_top.html') ?> -<br /><br /><hr size="1"> -<br /><br /><div style="text-align:center;color:red;font-size:x-large;font-weight:bold;">#{error} -<br /><br /><a href="#{boards_url}#{board}/">Volver</a></div> -<br /><br /><hr size="1"> +<br /> +<br /> +<hr size="1"> +<br /> +<br /> +<div style="text-align:center;color:red;font-size:x-large;font-weight:bold;"> + #{error} + <br /> + <br /> + <a href="#{boards_url}#{board}/">Volver</a> +</div> +<br /> +<br /> +<hr size="1"> </body> -</html>
\ No newline at end of file +</html> diff --git a/cgi/templates/manage/ipdelete.html b/cgi/templates/manage/ipdelete.html index 71c043a..cd7591a 100644 --- a/cgi/templates/manage/ipdelete.html +++ b/cgi/templates/manage/ipdelete.html @@ -9,7 +9,8 @@ <td> <input type="checkbox" name="board_all" id="all" value="1" /><label for="all" style="font-weight:bold">Todos los boards</label><hr /> <?py for board in boards: ?> - <input type="checkbox" name="board_#{board['dir']}" id="#{board['dir']}" value="1" /><label for="#{board['dir']}">#{board['name']} <span style="opacity:0.5">(/#{board['dir']}/)</span></label><br /> + <input type="checkbox" name="board_#{board['dir']}" id="#{board['dir']}" value="1" /><label for="#{board['dir']}">#{board['name']} <span style="opacity:0.5;">(/#{board['dir']}/)</span></label> + <br /> <?py #endfor ?> </td> </tr> @@ -17,8 +18,29 @@ <td class="postblock">Dirección IP</td> <td><input type="text" name="ip" style="width:100%;" /></td> </tr> - <tr><td colspan="2"><input type="submit" style="width:100%;" value="Eliminar posts" /></td></tr> + <tr> + <td class="postblock">Desde hace<br /><span style="font-weight:normal;">(segundos)</span></td> + <td> + <input type="text" id="seconds" name="seconds" value="0" style="width:100%;" /> + <br /> + <div id="timelist"> + <a href="#" data-secs="0">Siempre</a> + <a href="#" data-secs="3600">1h</a> + <a href="#" data-secs="21600">6h</a> + <a href="#" data-secs="43200">12h</a> + <a href="#" data-secs="86400">1d</a> + <a href="#" data-secs="259200">3d</a> + <a href="#" data-secs="604800">1w</a> + <a href="#" data-secs="2592000">30d</a> + <a href="#" data-secs="31536000">1y</a> + </div> + </td> + </tr> + <tr> + <td colspan="2"><input type="submit" style="width:100%;" value="Eliminar posts" /></td> + </tr> </table> </form> -</center><hr /> +</center> +<hr /> <?py include('templates/base_bottom.html') ?> diff --git a/cgi/templates/manage/lockboard.html b/cgi/templates/manage/lockboard.html index cebf061..49559f6 100644 --- a/cgi/templates/manage/lockboard.html +++ b/cgi/templates/manage/lockboard.html @@ -3,15 +3,15 @@ <center> <div class="replymode">Cerrar o abrir board</div> <table class="managertable"> - <tr><th colspan="2">Sección</th><th>Acción</th></tr> + <tr> + <th colspan="2">Sección</th> + <th>Acción</th> + </tr> <?py for board in boards: ?> <tr> - <td>/#{board['dir']}/</td><td>#{board['name']}</td> - <?py if board['locked'] == '0': ?> - <td style="text-align:center;">[<a href="#{cgi_url}manage/boardlock/#{board['dir']}">Cerrar</a>]</td> - <?py elif board['locked'] == '1': ?> - <td style="text-align:center;">[<a href="#{cgi_url}manage/boardlock/#{board['dir']}">Abrir</a>]</td> - <?py #endif ?> + <td>#{board['dir']}</td> + <td>#{board['name']}</td> + <td style="text-align:center;">[<a href="#{cgi_url}manage/boardlock/#{board['dir']}">#{'Abrir' if board['locked'] else 'Cerrar'}</a>]</td> </tr> <?py #endfor ?> </table> |