From 2767ab7add47272192d78ac92592e4d3d18878a3 Mon Sep 17 00:00:00 2001
From: Choom
Date: Thu, 15 Dec 2022 04:33:13 -0300
Subject: Fix manage
Fix manage
---
cgi/manage.py | 143 ++++++++++++++++--------------------
cgi/templates/error.html | 20 +++--
cgi/templates/manage/ipdelete.html | 28 ++++++-
cgi/templates/manage/lockboard.html | 14 ++--
4 files changed, 112 insertions(+), 93 deletions(-)
(limited to 'cgi')
diff --git a/cgi/manage.py b/cgi/manage.py
index 0abb832..03963e7 100644
--- a/cgi/manage.py
+++ b/cgi/manage.py
@@ -35,8 +35,8 @@ def manage(self, path_split):
UpdateDb("DELETE FROM `logs` WHERE `timestamp` < %s", (timestamp() - Settings.MANAGE_LOG_TIME,))
else:
page += _('Incorrect username/password.')
- logAction('', 'Failed log-in. U:'+self.formdata['username']+' IP logged.')
- logging.warn("Failed log-in. U:{} IP:{}".format(self.formdata['username'], self.environ["REMOTE_ADDR"]))
+ logAction('', 'Failed login. U:'+self.formdata['username']+' IP logged.')
+ logging.warn("Failed login. U:{} IP:{}".format(self.formdata['username'], self.environ["REMOTE_ADDR"]))
else:
# Validate existing session
manage_cookie = getCookie(self, 'weabot_manage')
@@ -373,8 +373,7 @@ def manage(self, path_split):
# Nos vamos al board y ubicamos el post
board = setBoard(path_split[3])
postid = int(path_split[4])
- post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1',
- (board['id'], postid))
+ post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1', (board['id'], pid) )
if not post:
message = _('Unable to locate a post with that ID.')
template_filename = "message.html"
@@ -392,32 +391,30 @@ def manage(self, path_split):
UpdateDb("UPDATE `posts` SET `locked` = %s WHERE `boardid` = %s AND `id` = %s LIMIT 1",
(setLocked, board["id"], post["id"]))
- threadUpdated(postid)
+ threadUpdated(pid)
if setLocked == 1:
message = _('Thread successfully closed.')
- logAction(staff_account['username'], _('Closed thread %s') % (
- '/' + path_split[3] + '/' + path_split[4]))
+ logAction(staff_account['username'], _('Closed thread %s') % ('/' + board['dir'] + '/' + pid) )
else:
message = _('Thread successfully opened.')
- logAction(staff_account['username'], _('Opened thread %s') % (
- '/' + path_split[3] + '/' + path_split[4]))
+ logAction(staff_account['username'], _('Opened thread %s') % ('/' + board['dir'] + '/' + pid) )
template_filename = "message.html"
elif path_split[2] == 'permasage':
setPermasaged = 0
# Nos vamos al board y ubicamos el post
board = setBoard(path_split[3])
- post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = ' +
- board['id'] + ' AND `id` = \'' + _mysql.escape_string(path_split[4]) + '\' LIMIT 1')
+ pid = int(path_split[4])
+ post = FetchOne('SELECT `parentid`, `locked` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1', (board['id'], pid) )
if not post:
- message = 'Unable to locate a post with that ID.'
+ message = 'No se encuentra un hilo con ese ID.'
template_filename = "message.html"
elif post['locked'] == '1':
message = 'Solo se puede aplicar permasage en un hilo abierto.'
template_filename = "message.html"
else:
if post['parentid']:
- message = 'Post is not a thread opener.'
+ message = 'El post indicado es una respuesta a un hilo.'
template_filename = "message.html"
else:
if post['locked'] == 2:
@@ -427,19 +424,16 @@ def manage(self, path_split):
# Colocar permasage
setPermasaged = 2
- UpdateDb("UPDATE `posts` SET `locked` = %d WHERE `boardid` = '%s' AND `id` = '%s' LIMIT 1" % (
- setPermasaged, board["id"], _mysql.escape_string(path_split[4])))
+ UpdateDb("UPDATE `posts` SET `locked` = %s WHERE `boardid` = '%s' AND `id` = '%s' LIMIT 1" % (setPermasaged, board["id"], pid) )
regenerateFrontPages()
- threadUpdated(path_split[4])
+ threadUpdated(pid)
if setPermasaged == 2:
message = 'Thread successfully permasaged.'
- logAction(
- staff_account['username'], 'Enabled permasage in thread /' + path_split[3] + '/' + path_split[4])
+ logAction(staff_account['username'], 'Activado permasage en el hilo /%s/%s' % (board['dir'], pid) )
else:
message = 'Thread successfully un-permasaged.'
- logAction(
- staff_account['username'], 'Disabled permasage in thread /' + path_split[3] + '/' + path_split[4])
+ logAction(staff_account['username'], 'Desactivado permasage en el hilo /%s/%s' % (board['dir'], pid) )
template_filename = "message.html"
elif path_split[2] == 'move':
raise NotImplementedError
@@ -640,8 +634,7 @@ def manage(self, path_split):
if len(path_split) > 4:
board = setBoard(path_split[3])
- post = FetchOne('SELECT INET6_NTOA(`ip`) AS `ip` FROM `posts` WHERE `boardid` = ' +
- board['id'] + ' AND `id` = \'' + _mysql.escape_string(path_split[4]) + '\' LIMIT 1')
+ post = FetchOne('SELECT INET6_NTOA(`ip`) AS `ip` FROM `posts` WHERE `boardid` = %s AND `id` = %s LIMIT 1' % (board['id'], int(path_split[4])) )
if not post:
message = _('Unable to locate a post with that ID.')
@@ -704,8 +697,7 @@ def manage(self, path_split):
return
if 'edit' in self.formdata:
- UpdateDb("DELETE FROM `bans` WHERE `id` = '" +
- _mysql.escape_string(self.formdata['edit']) + "' LIMIT 1")
+ UpdateDb("DELETE FROM `bans` WHERE `id` = '" + _mysql.escape_string(self.formdata['edit']) + "' LIMIT 1")
"""else: # TODO : Duplicate check
ban = FetchOne("SELECT `id` FROM `bans` WHERE `ip` = '" + _mysql.escape_string(
ip) + "' AND `boards` = '" + _mysql.escape_string(where) + "' LIMIT 1")
@@ -748,8 +740,7 @@ def manage(self, path_split):
edit_id = 0
if 'edit' in self.formdata:
edit_id = self.formdata['edit']
- ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = %s ORDER BY `added` DESC",
- (edit_id,))
+ ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = %s ORDER BY `added` DESC", (edit_id) )
if ban:
if ban['boards'] == '':
where = ''
@@ -1043,11 +1034,9 @@ def manage(self, path_split):
postid = key[2:].split('/')[1] # Post to delete
# Delete post start
- post = FetchOne('SELECT `parentid`, `dir` FROM `posts` INNER JOIN `boards` ON posts.boardid = boards.id WHERE `dir` = \'' +
- _mysql.escape_string(dir) + '\' AND posts.id = \'' + _mysql.escape_string(postid) + '\' LIMIT 1')
+ post = FetchOne('SELECT `parentid`, `dir` FROM `posts` INNER JOIN `boards` ON posts.boardid = boards.id WHERE `dir` = \'' + _mysql.escape_string(dir) + '\' AND posts.id = \'' + _mysql.escape_string(postid) + '\' LIMIT 1')
if not post:
- message = _(
- 'Unable to locate a post with that ID.')
+ message = _('Unable to locate a post with that ID.')
else:
board = setBoard(dir)
deletePost(int(postid), None)
@@ -1077,8 +1066,7 @@ def manage(self, path_split):
type = 0
# Generate board list
- boards = FetchAll(
- 'SELECT `name`, `dir` FROM `boards` ORDER BY `dir`')
+ boards = FetchAll('SELECT `name`, `dir` FROM `boards` ORDER BY `dir`')
for board in boards:
if 'board' in self.formdata and self.formdata['board'] == board['dir']:
board['checked'] = True
@@ -1093,18 +1081,15 @@ def manage(self, path_split):
# Table
if 'board' in self.formdata and self.formdata['board'] != 'all':
- cboard = self.formdata['board']
- posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir, boardid FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE `dir` = '%s' AND IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % (
- _mysql.escape_string(self.formdata['board']), _mysql.escape_string(type_condition), currentpage*pagesize, pagesize))
+ cboard = setBoard(self.formdata['board'])['dir']
+ posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir, boardid FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE `dir` = '%s' AND IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % (cboard, type_condition, currentpage*pagesize, pagesize))
try:
- totals = FetchOne("SELECT COUNT(id) FROM `posts` WHERE IS_DELETED %s AND `boardid` = %s" % (
- _mysql.escape_string(type_condition), _mysql.escape_string(posts[0]['boardid'])), 0)
+ totals = FetchOne("SELECT COUNT(id) AS count FROM `posts` WHERE IS_DELETED %s AND `boardid` = %s LIMIT 1" % (type_condition, posts[0]['boardid']) )
except:
skip = True
else:
cboard = 'all'
- posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % (
- type_condition, currentpage*pagesize, pagesize))
+ posts = FetchAll("SELECT posts.id, posts.timestamp, timestamp_formatted, IS_DELETED, INET6_NTOA(posts.ip) AS ip, posts.message, dir FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE IS_DELETED %s ORDER BY `timestamp` DESC LIMIT %d, %d" % (type_condition, currentpage*pagesize, pagesize))
totals = FetchOne("SELECT COUNT(id) AS count FROM `posts` WHERE IS_DELETED %s" % type_condition)
template_filename = "recyclebin.html"
@@ -1119,8 +1104,8 @@ def manage(self, path_split):
pages = int(math.ceil(total / pagesize))
# Create delete form
- if 'board' in self.formdata:
- board = self.formdata['board']
+ if 'board' in self.formdata and self.formdata['board'] != 'all':
+ board = setBoard(self.formdata['board'])['dir']
else:
board = None
@@ -1678,15 +1663,13 @@ def manage(self, path_split):
template_filename = 'message.html'
elif path_split[2] == 'recent_images':
try:
- if int(self.formdata['images']) > 100:
- images = '100'
+ if int(self.formdata['images']) > 256:
+ images = '256'
else:
images = self.formdata['images']
- posts = FetchAll(
- 'SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT ' + _mysql.escape_string(images))
+ posts = FetchAll('SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT %s' % (images) )
except:
- posts = FetchAll(
- 'SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT 10')
+ posts = FetchAll('SELECT * FROM `posts` INNER JOIN `boards` ON boardid = boards.id WHERE CHAR_LENGTH(`thumb`) > 0 ORDER BY `timestamp` DESC LIMIT 32')
template_filename = "recent_images.html"
template_values = {'posts': posts}
elif path_split[2] == 'news':
@@ -1786,7 +1769,7 @@ def manage(self, path_split):
if path_split[3] == 'delete':
if not administrator:
# We check that if he's not admin, he shouldn't be able to delete other people's posts
- post = FetchOne("SELECT `staffid` FROM `news` WHERE id = '" + _mysql.escape_string(path_split[4]) +"' AND type = '0'")
+ post = FetchOne("SELECT `staffid` FROM `news` WHERE id = %s AND type = '0'" % (int(path_split[4])) )
if post['staffid'] != staff_account['id']:
self.error(_('That post is not yours.'))
return
@@ -1923,30 +1906,35 @@ def manage(self, path_split):
if not moderator:
return
- # Delete by IP
+ # Delete posts by IP
if 'ip' in self.formdata:
# If an IP was given...
if self.formdata['ip'] != '':
where = []
if 'board_all' not in self.formdata:
- # If he chose boards separately, add them to a list
- boards = FetchAll(
- 'SELECT `id`, `dir` FROM `boards`')
+ # If multiple boards, add them to a list
+ boards = FetchAll('SELECT `id`, `dir` FROM `boards`')
for board in boards:
keyname = 'board_' + board['dir']
if keyname in self.formdata:
if self.formdata[keyname] == "1":
where.append(board)
else:
- # If all boards were selected="selected", all them all to the list
- where = FetchAll(
- 'SELECT `id`, `dir` FROM `boards`')
+ # If all boards were selected, add them all to the list
+ where = FetchAll('SELECT `id`, `dir` FROM `boards`')
# If no board was chosen
if len(where) <= 0:
self.error(_("Select a board first."))
return
+ try:
+ secs = int(self.formdata['seconds'])
+ except:
+ secs = 0
+ if secs > 0:
+ since = round(time.time() - secs)
+
deletedPostsTotal = 0
ip = self.formdata['ip']
deletedPosts = 0
@@ -1955,44 +1943,44 @@ def manage(self, path_split):
isDeletedOP = False
# delete all starting posts first
- op_posts = FetchAll(
- "SELECT `id`, `message` FROM posts WHERE parentid = 0 AND boardid = %s AND ip = INET6_ATON(%s)",
- (board['id'], ip))
+ if secs == 0:
+ op_posts = FetchAll("SELECT `id`, `message` FROM posts WHERE parentid = 0 AND boardid = %s AND ip = INET6_ATON(%s)", (board['id'], ip) )
+ else:
+ op_posts = FetchAll("SELECT `id`, `message` FROM posts WHERE parentid = 0 AND boardid = %s AND ip = INET6_ATON(%s) AND timestamp > %s", (board['id'], ip, since) )
+
for post in op_posts:
deletePost(post['id'], None)
-
deletedPosts += 1
deletedPostsTotal += 1
- replies = FetchAll(
- "SELECT `id`, `message`, `parentid` FROM posts WHERE parentid != 0 AND boardid = %s AND ip = INET6_ATON(%s)",
- (board['id'], ip))
+ if secs == 0:
+ replies = FetchAll("SELECT `id`, `message`, `parentid` FROM posts WHERE parentid != 0 AND boardid = %s AND ip = INET6_ATON(%s)", (board['id'], ip) )
+ else:
+ replies = FetchAll("SELECT `id`, `message`, `parentid` FROM posts WHERE parentid != 0 AND boardid = %s AND ip = INET6_ATON(%s) AND timestamp > %s", (board['id'], ip, since) )
+
for post in replies:
deletePost(post['id'], None, '2')
-
deletedPosts += 1
deletedPostsTotal += 1
regenerateHome()
-
- if deletedPosts > 0:
- message = '%(posts)s post(s) were deleted from %(board)s.' % {
- 'posts': str(deletedPosts), 'board': '/' + board['dir'] + '/'}
- template_filename = "message.html"
- # logAction(staff_account['username'], '%(posts)s post(s) were deleted from %(board)s. IP: %(ip)s' % \
- # {'posts': str(deletedPosts),
- # 'board': '/' + board['dir'] + '/',
- # 'ip': self.formdata['ip']})
else:
self.error(_("Please enter an IP first."))
return
- message = 'In total %(posts)s from IP %(ip)s were deleted.' % {
- 'posts': str(deletedPosts), 'ip': self.formdata['ip']}
- logAction(staff_account['username'], message)
+ if deletedPosts > 0:
+ message = 'En total se eliminaron %(posts)s post(s) de %(ip)s.' % {'posts': str(deletedPosts), 'ip': self.formdata['ip']}
+ logAction(staff_account['username'], '%(posts)s post(s) eliminado(s) de IP: %(ip)s' % {'posts': str(deletedPosts), 'ip': self.formdata['ip']})
+ #logAction(staff_account['username'], '%(posts)s post(s) were deleted from %(board)s. IP: %(ip)s' % \
+ # {'posts': str(deletedPosts),
+ # 'board': '/' + board['dir'] + '/',
+ # 'ip': self.formdata['ip']})
+ else:
+ message = "No se encontraron posts"
+
template_filename = "message.html"
else:
- # Generate form...
+ # Show form
template_filename = "ipdelete.html"
template_values = {'boards': boardlist()}
elif path_split[2] == 'goto':
@@ -2160,8 +2148,7 @@ def cleanSessions():
def logAction(staff, action):
- InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (%s, %s, %s)",
- (timestamp(), staff, action))
+ InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (%s, %s, %s)", (timestamp(), staff, action))
def genPasswdHash(string):
diff --git a/cgi/templates/error.html b/cgi/templates/error.html
index 47ef529..4e254b0 100644
--- a/cgi/templates/error.html
+++ b/cgi/templates/error.html
@@ -1,7 +1,17 @@
-