aboutsummaryrefslogtreecommitdiff
path: root/cgi/manage.py
diff options
context:
space:
mode:
Diffstat (limited to 'cgi/manage.py')
-rw-r--r--cgi/manage.py235
1 files changed, 146 insertions, 89 deletions
diff --git a/cgi/manage.py b/cgi/manage.py
index f30674a..9818247 100644
--- a/cgi/manage.py
+++ b/cgi/manage.py
@@ -24,8 +24,7 @@ def manage(self, path_split):
if 'username' in self.formdata and 'password' in self.formdata:
# If no admin accounts available, create admin:admin
- first_admin = FetchOne(
- "SELECT 1 FROM `staff` WHERE `rights` = 0 LIMIT 1", 0)
+ first_admin = FetchOne("SELECT 1 FROM `staff` WHERE `rights` = 0 LIMIT 1", 0)
if not first_admin:
InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('admin', '" +
_mysql.escape_string(genPasswdHash("admin")) + "', 0, 0)")
@@ -178,17 +177,18 @@ def manage(self, path_split):
template_values = {"mode": 1, 'boards': boardlist()}
elif len(path_split) > 4:
parentid = int(path_split[4])
- posts = FetchAll('SELECT id, timestamp, timestamp_formatted, name, message, file, thumb, IS_DELETED, locked, subject, length, INET6_NTOA(ip) AS ip FROM `posts` WHERE (parentid = %d OR id = %d) AND boardid = %s ORDER BY `id` ASC' % (
- parentid, parentid, board['id']))
+ # make sure it's the full thread
+ check = FetchOne("SELECT `parentid` FROM `posts` WHERE `id` = %s AND `boardid` = %s LIMIT 1" % (parentid, board['id']))
+ if check['parentid'] != "0":
+ parentid = int(check['parentid'])
+
+ posts = FetchAll('SELECT id, timestamp, timestamp_formatted, name, message, file, thumb, IS_DELETED, locked, subject, length, INET6_NTOA(ip) AS ip FROM `posts` WHERE (parentid = %d OR id = %d) AND boardid = %s ORDER BY `id` ASC' % (parentid, parentid, board['id']))
template_filename = "mod.html"
- template_values = {"mode": 3,
- "dir": board["dir"], "posts": posts}
+ template_values = {"mode": 3, "dir": board["dir"], "posts": posts}
else:
- threads = FetchAll(
- "SELECT * FROM `posts` WHERE boardid = %s AND parentid = 0 ORDER BY `bumped` DESC" % board["id"])
+ threads = FetchAll("SELECT * FROM `posts` WHERE boardid = %s AND parentid = 0 ORDER BY `bumped` DESC" % board["id"])
template_filename = "mod.html"
- template_values = {"mode": 2,
- "dir": board["dir"], "threads": threads}
+ template_values = {"mode": 2, "dir": board["dir"], "threads": threads}
elif path_split[2] == "recent":
posts = FetchAll("SELECT posts.id, posts.subject, dir, boards.board_type, parentid, file, thumb, timestamp_formatted, timestamp, posts.message, INET6_NTOA(ip) AS ip, posts.name, email, tripcode, boards.name AS board_name FROM posts INNER JOIN boards ON posts.boardid = boards.id WHERE posts.timestamp > UNIX_TIMESTAMP() - 86400 ORDER BY timestamp DESC")
template_filename = "recent.html"
@@ -205,28 +205,27 @@ def manage(self, path_split):
member_rights = '3'
if path_split[3] == 'edit':
- if len(path_split) > 4:
- member = FetchOne(
- 'SELECT * FROM `staff` WHERE `id` = ' + _mysql.escape_string(path_split[4]) + ' LIMIT 1')
- if member:
- member_username = member['username']
- member_rights = member['rights']
- action = 'edit/' + member['id']
-
- try:
- if self.formdata.get('user'):
- if self.formdata['rights'] in ['0', '1', '2', '3']:
- action_taken = True
-
- UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(
- self.formdata['user']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1")
- message = _(
- 'Staff member updated.')
- logAction(staff_account['username'], _(
- 'Updated staff account for %s') % self.formdata['user'])
- template_filename = "message.html"
- except:
- pass
+ if len(path_split) > 4:
+ member = FetchOne('SELECT * FROM `staff` WHERE `id` = ' + _mysql.escape_string(path_split[4]) + ' LIMIT 1')
+ if member:
+ member_username = member['username']
+ member_rights = member['rights']
+ action = 'edit/' + member['id']
+
+ try:
+ if self.formdata.get('user'):
+ if self.formdata['rights'] in ['0', '1', '2', '3']:
+ action_taken = True
+
+ UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(
+ self.formdata['user']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1")
+ message = _(
+ 'Staff member updated.')
+ logAction(staff_account['username'], _(
+ 'Updated staff account for %s') % self.formdata['user'])
+ template_filename = "message.html"
+ except:
+ pass
else:
action = 'add'
try:
@@ -275,8 +274,7 @@ def manage(self, path_split):
action_taken = True
message = '<a href="' + Settings.CGI_URL + 'manage/staff/delete_confirmed/' + \
- path_split[4] + '">' + _(
- 'Click here to confirm the deletion of that staff member') + '</a>'
+ path_split[4] + '">' + _('Click here to confirm the deletion of that staff member') + '</a>'
template_filename = "message.html"
elif path_split[3] == 'delete_confirmed':
if not moderator:
@@ -332,8 +330,7 @@ def manage(self, path_split):
pass
template_filename = "delete.html"
- template_values = {
- 'do_ban': do_ban, 'curboard': path_split[3], 'postid': path_split[4]}
+ template_values = {'do_ban': do_ban, 'curboard': path_split[3], 'postid': path_split[4]}
elif path_split[2] == 'delete_confirmed':
if not moderator:
return
@@ -453,7 +450,8 @@ def manage(self, path_split):
elif path_split[2] == 'move':
raise NotImplementedError
- if not moderator:
+ #if not moderator:
+ if not administrator:
return
oldboardid = ""
@@ -532,15 +530,13 @@ def manage(self, path_split):
post['name'] = board['anonymous']
# fix date and (re)add post ID if necessary
- post['timestamp_formatted'] = formatTimestamp(
- post['timestamp'])
+ post['timestamp_formatted'] = formatTimestamp(post['timestamp'])
if board["useid"] != '0':
if post["parentid"]:
tym = parent_time
else:
tym = post["timestamp"]
- post['timestamp_formatted'] += ' ID:' + iphash(inet_ntoa(long(
- post['ip'])), post, tym, board["useid"], False, '', False, False, (board["countrycode"] in ['1', '2']))
+ post['timestamp_formatted'] += ' ID:' + iphash(post['ip'], post, tym, board["useid"], False, '', False, False, (board["countrycode"] in ['1', '2']))
# insert new post and get its new ID
new_id = post.insert()
@@ -604,10 +600,8 @@ def manage(self, path_split):
# lock original, set expiration to 1 day
exp = timestamp()+86400
- exp_format = datetime.datetime.fromtimestamp(
- exp).strftime("%d/%m")
- sql = "UPDATE `posts` SET `locked`=1, `expires`={exp}, `expires_formatted`=\"{exp_format}\" WHERE `boardid`=\"{oldboard}\" AND id=\"{oldthread}\"".format(
- exp=exp, exp_format=exp_format, oldboard=oldboardid, oldthread=oldthread)
+ exp_format = datetime.datetime.fromtimestamp(exp).strftime("%d/%m")
+ sql = "UPDATE `posts` SET `locked`=1, `expires`={exp}, `expires_formatted`=\"{exp_format}\" WHERE `boardid`=\"{oldboard}\" AND id=\"{oldthread}\"".format(exp=exp, exp_format=exp_format, oldboard=oldboardid, oldthread=oldthread)
UpdateDb(sql)
# insert notice message
@@ -616,11 +610,9 @@ def manage(self, path_split):
board = setBoard(oldboard)
if board['board_type'] == '1':
- thread_url = "/{newboard}/read/{newthread}".format(
- newboard=newboard, newthread=newthread)
+ thread_url = "/{newboard}/read/{newthread}".format(newboard=newboard, newthread=newthread)
else:
- thread_url = "/{newboard}/res/{newthread}.html".format(
- newboard=newboard, newthread=newthread)
+ thread_url = "/{newboard}/res/{newthread}.html".format(newboard=newboard, newthread=newthread)
notice_post = Post(board["id"])
notice_post["parentid"] = oldthread
@@ -643,8 +635,7 @@ def manage(self, path_split):
message += "done"
- logAction(staff_account['username'], "Movido hilo %s/%s a %s/%s." %
- (oldboard, oldthread, newboard, newthread))
+ logAction(staff_account['username'], "Movido hilo %s/%s a %s/%s." % (oldboard, oldthread, newboard, newthread))
else:
template_filename = "move.html"
template_values = {'boards': boardlist(
@@ -1048,10 +1039,8 @@ def manage(self, path_split):
else:
regenerateFrontPages()
- message = "Eliminado post %s permanentemente." % (
- '/' + board['dir'] + '/' + post['id'])
- logAction(
- staff_account['username'], message + ' Contenido: ' + post['message'] + ' IP: ' + post['ip'])
+ message = "Post %s eliminado permanentemente" % ('/' + board['dir'] + '/' + post['id'])
+ logAction(staff_account['username'], message + ' desde papelera. Contenido: ' + post['message'] + ' IP: ' + post['ip'])
# Delete more than 1 post
if 'deleteall' in self.formdata.keys():
@@ -1073,14 +1062,13 @@ def manage(self, path_split):
board = setBoard(dir)
deletePost(int(postid), None)
if post['parentid'] != '0':
- threadUpdated(post['parentid'])
+ threadUpdated(post['parentid'])
else:
- regenerateFrontPages()
+ regenerateFrontPages()
deleted += 1
# Delete post end
- logAction(staff_account['username'], _(
- 'Permadeleted %s post(s).') % str(deleted))
+ logAction(staff_account['username'], _('Permadeleted %s post(s).') % str(deleted))
message = _('Permadeleted %s post(s).') % str(deleted)
# Start
@@ -1257,11 +1245,15 @@ def manage(self, path_split):
elif path_split[2] == 'trim':
if not administrator:
return
+
board = setBoard(path_split[3])
trimThreads()
self.output = "done trimming"
return
elif path_split[2] == 'setexpires':
+ if not administrator:
+ return
+
board = setBoard(path_split[3])
parentid = int(path_split[4])
days = int(path_split[5])
@@ -1281,18 +1273,25 @@ def manage(self, path_split):
elif path_split[2] == 'fixflood':
if not administrator:
return
+
board = setBoard('zonavip')
threads = FetchAll(
"SELECT * FROM posts WHERE boardid = %s AND parentid = 0 AND subject LIKE 'querido mod%%'" % board['id'])
+
for thread in threads:
self.output += "%s<br>" % thread['id']
#deletePost(thread['id'], None)
return
elif path_split[2] == 'fixico':
+ if not administrator:
+ return
+
board = setBoard(path_split[3])
+
+ if board['dir'] != 'noticias':
+ return
- threads = FetchAll(
- "SELECT * FROM posts WHERE boardid = %s AND parentid = 0 AND message NOT LIKE '<img%%'" % board['id'])
+ threads = FetchAll("SELECT * FROM posts WHERE boardid = %s AND parentid = 0 AND message NOT LIKE '<img%%'" % board['id'])
for t in threads:
img_src = '<img src="%s" alt="ico" /><br />' % getRandomIco()
newmessage = img_src + t["message"]
@@ -1301,6 +1300,9 @@ def manage(self, path_split):
self.output = repr(threads)
return
elif path_split[2] == 'fixkako':
+ if not administrator:
+ return
+
board = setBoard(path_split[3])
threads = FetchAll(
@@ -1330,6 +1332,9 @@ def manage(self, path_split):
else:
self.output += 'El hilo no existe.<br />'
elif path_split[2] == 'fixexpires':
+ if not administrator:
+ return
+
board = setBoard(path_split[3])
if int(board["maxage"]):
@@ -1354,6 +1359,9 @@ def manage(self, path_split):
self.output = "done"
return
elif path_split[2] == 'fixid':
+ if not administrator:
+ return
+
board = setBoard(path_split[3])
posts = FetchAll(
'SELECT * FROM `posts` WHERE `boardid` = %s' % board['id'])
@@ -1373,10 +1381,11 @@ def manage(self, path_split):
UpdateDb(query)
return
elif path_split[2] == 'fixname':
+ return
board = setBoard(path_split[3])
#posts = FetchAll('SELECT * FROM `posts` WHERE `boardid` = %s' % board['id'])
- posts = FetchAll(
- 'SELECT * FROM `posts` WHERE `name` LIKE \'%s\'' % '%%')
+ #posts = FetchAll('SELECT * FROM `posts` WHERE `name` LIKE \'%s\'' % '%%')
+ #posts = FetchAll('SELECT * FROM `posts` WHERE `name` = \'%s\'' % path_split[4])
new_name = board['anonymous']
self.output = new_name + "<br />"
for post in posts:
@@ -1386,6 +1395,9 @@ def manage(self, path_split):
UpdateDb(query)
return
elif path_split[2] == 'setsub':
+ if not administrator:
+ return
+
board = setBoard(path_split[3])
thread = FetchOne(
'SELECT * FROM `posts` WHERE `parentid` = 0 AND `boardid` = %s' % board['id'])
@@ -1396,6 +1408,9 @@ def manage(self, path_split):
UpdateDb(query)
return
elif path_split[2] == 'fixlength':
+ if not administrator:
+ return
+
board = setBoard(path_split[3])
threads = FetchAll(
'SELECT * FROM `posts` WHERE parentid = 0 AND `boardid` = %s' % board['id'])
@@ -1407,6 +1422,9 @@ def manage(self, path_split):
self.output = 'done'
return
elif path_split[2] == 'archive':
+ if not administrator:
+ return
+
t = time.time()
board = setBoard(path_split[3])
postid = int(path_split[4])
@@ -1736,14 +1754,11 @@ def manage(self, path_split):
to_name = "%s ★" % staff_account['username']
timestamp_formatted = formatDate(t)
if type > 0:
- timestamp_formatted = re.sub(
- r"\(.+", "", timestamp_formatted)
+ timestamp_formatted = re.sub(r"\(.+", "", timestamp_formatted)
else:
- timestamp_formatted = re.sub(
- r"\(...\)", " ", timestamp_formatted)
+ timestamp_formatted = re.sub(r"\(...\)", " ", timestamp_formatted)
- UpdateDb("INSERT INTO `news` (type, staffid, staff_name, title, message, name, timestamp, timestamp_formatted) VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%d', '%s')" % (
- type, staff_account['id'], staff_account['username'], _mysql.escape_string(title), _mysql.escape_string(message), to_name, timestamp(t), timestamp_formatted))
+ UpdateDb("INSERT INTO `news` (type, staffid, staff_name, title, message, name, timestamp, timestamp_formatted) VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%d', '%s')" % (type, staff_account['id'], staff_account['username'], _mysql.escape_string(title), _mysql.escape_string(message), to_name, timestamp(t), timestamp_formatted))
regenerateNews()
regenerateHome()
@@ -1752,8 +1767,7 @@ def manage(self, path_split):
if path_split[3] == 'delete':
# Eliminar un post
id = int(path_split[4])
- UpdateDb(
- "DELETE FROM `news` WHERE id = %d AND type = %d" % (id, type))
+ UpdateDb("DELETE FROM `news` WHERE id = %d AND type = %d" % (id, type))
regenerateNews()
regenerateHome()
message = _("Deleted successfully.")
@@ -1780,8 +1794,7 @@ def manage(self, path_split):
try:
# Cut long lines
message = self.formdata["message"]
- message = clickableURLs(
- cgi.escape(message).rstrip()[0:8000])
+ message = clickableURLs(cgi.escape(message).rstrip()[0:8000])
message = onlyAllowedHTML(message)
if Settings.USE_MARKDOWN:
message = markdown(message)
@@ -1805,25 +1818,21 @@ def manage(self, path_split):
if path_split[3] == 'delete':
if not administrator:
# We check that if he's not admin, he shouldn't be able to delete other people's posts
- post = FetchOne("SELECT `staffid` FROM `news` WHERE id = '" +
- _mysql.escape_string(path_split[4])+"' AND type = '0'")
+ post = FetchOne("SELECT `staffid` FROM `news` WHERE id = '" + _mysql.escape_string(path_split[4]) +"' AND type = '0'")
if post['staffid'] != staff_account['id']:
self.error(_('That post is not yours.'))
return
# Delete!
- UpdateDb("DELETE FROM `news` WHERE id = '" +
- _mysql.escape_string(path_split[4]) + "' AND type = '0'")
+ UpdateDb("DELETE FROM `news` WHERE id = '" + _mysql.escape_string(path_split[4]) + "' AND type = '0'")
message = _("Deleted successfully.")
template_filename = "message.html"
else:
# If he's not admin, show only his own posts
if administrator:
- posts = FetchAll(
- "SELECT * FROM `news` WHERE type = '0' ORDER BY `timestamp` DESC")
+ posts = FetchAll("SELECT * FROM `news` WHERE type = '0' ORDER BY `timestamp` DESC")
else:
- posts = FetchAll("SELECT * FROM `news` WHERE staffid = '" +
- staff_account['id']+"' AND type = '0' ORDER BY `timestamp` DESC")
+ posts = FetchAll("SELECT * FROM `news` WHERE staffid = '" + staff_account['id']+"' AND type = '0' ORDER BY `timestamp` DESC")
template_filename = "news.html"
template_values = {'action': 'newschannel', 'posts': posts}
@@ -2016,15 +2025,66 @@ def manage(self, path_split):
# Generate form...
template_filename = "ipdelete.html"
template_values = {'boards': boardlist()}
+ elif path_split[2] == 'goto':
+ board = setBoard(path_split[3])
+ board_type = board['board_type']
+
+ try:
+ pid = int(path_split[4])
+ except ValueError:
+ raise UserError, "ID no válida."
+
+ if board_type == '1':
+ first = get_parent_post(pid, board['id'])
+ url = "/" + board['dir'] + "/read/" + first['timestamp'] + "/"
+ else:
+ url = "/" + board['dir'] + "/res/" + str(pid) + ".html"
+
+ self.output = '<meta http-equiv="refresh" content="0;url=%s" />' % url
+ elif path_split[2] == 'fixquote':
+ # when a mod deletes a post permanently messing with quote numbers
+ if not administrator:
+ return
+
+ board = setBoard(path_split[3])
+ if board['board_type'] == 1:
+ return
+
+ pid = int(path_split[4])
+ parent = FetchOne("SELECT `parentid` FROM `posts` \
+ WHERE `id` = %s AND `boardid` = %s LIMIT 1" % (pid, board['id']))
+ parent = parent['parentid']
+
+ ranges = '`id` >= ' + str(pid)
+ if len(path_split) > 5:
+ ranges += ' AND `id` <= ' + path_split[5]
+
+ posts = FetchAll('SELECT `id`, `message` FROM `posts` \
+ WHERE `boardid` = %s AND %s AND `parentid` = %s AND \
+ `message` LIKE \'%%">&gt;&gt;%%\'' % (board['id'], ranges, parent))
+
+ def fix_num(capture):
+ qnum = str(int(capture.group(2)) - 1)
+ return '/'+board['dir']+'/read/' + capture.group(1) + '/' + qnum + '">&gt;&gt;' + qnum
+
+ for post in posts:
+ rx = r'/'+board['dir']+'/read/(\d+)/(\d+)">&gt;&gt;(\d+)'
+ new_msg = re.sub(rx, fix_num, post['message'])
+ self.output += post['message'] + '<hr>' + new_msg + '<hr><hr>'
+
+ query = "UPDATE `posts` SET `message` = '%s' WHERE `boardid` = %s AND `id` = %s" % (new_msg, board['id'], post['id'])
+ UpdateDb(query)
+
+ # reflect changes
+ threadUpdated(parent)
elif path_split[2] == 'search':
if not administrator:
return
search_logs = FetchAll(
- 'SELECT `id`,`timestamp`,`keyword`,`ita`,INET_NTOA(`ip`) AS `ip`,`res` FROM `search_log` ORDER BY `timestamp` DESC LIMIT 250')
+ 'SELECT `id`,`timestamp`,`keyword`,`ita`,INET_NTOA(`ip`) AS `ip`,`res` FROM `search_log` ORDER BY `timestamp` DESC LIMIT 256')
for log in search_logs:
#log['ip'] = str(inet_ntoa(log['ip']))
- log['timestamp_formatted'] = formatTimestamp(
- log['timestamp'])
+ log['timestamp_formatted'] = formatTimestamp(log['timestamp'])
if log['keyword'].startswith('k '):
log['keyword'] = log['keyword'][2:]
log['archive'] = True
@@ -2035,9 +2095,7 @@ def manage(self, path_split):
else:
# Main page.
reports = FetchOne("SELECT COUNT(1) FROM `reports`", 0)[0]
- posts = FetchAll(
- "SELECT * FROM `news` WHERE type = '0' ORDER BY `timestamp` DESC")
-
+ posts = FetchAll("SELECT * FROM `news` WHERE type = '0' ORDER BY `timestamp` DESC")
template_filename = "manage.html"
template_values = {'reports': reports, 'posts': posts}
@@ -2064,8 +2122,7 @@ def manage(self, path_split):
'added': formatTimestamp(staff_account['added']),
})
- self.output += renderTemplate("manage/" +
- template_filename, template_values)
+ self.output += renderTemplate("manage/" + template_filename, template_values)
def switchBoard(new_type):
generated by cgit v1.2.1-18-gbd029 (git 2.20.0) at 2025-10-31 19:21:40 +0000