svrjs/svrjs-mods-directory
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
svrjs-mods-directory/moderation/categories.php

278 lines
10 KiB
PHP
Raw Permalink Normal View History

chore: init
2024-12-27 15:05:54 +01:00
<?php
define("SVRJS_MOD_DIRECTORY", null);
define("SVRJS_MOD_DIRECTORY_MODERATION", null);
include '../config.php';
$appModerationRoot = dirname($_SERVER['SCRIPT_NAME']);
if ($appModerationRoot[strlen($appModerationRoot) - 1] != "/") $appModerationRoot = $appModerationRoot . '/';
$appRoot = dirname($_SERVER['SCRIPT_NAME'], 2);
if ($appRoot[strlen($appRoot) - 1] != "/") $appRoot = $appRoot . '/';
define('APP_ROOT', $appRoot);
define('APP_FSROOT', dirname(__FILE__, 2));
define('APP_MODERATION_FILENAME', basename($_SERVER['SCRIPT_NAME']));
define('APP_MODERATION_ROOT', $appModerationRoot);
include '../vendor/autoload.php';
include '../includes/init.php';
include '../includes/moderation_init.php';
$errorMessage = null;
$categoryAdded = false;
$categoryRenamed = false;
$categoryRemoved = false;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['moderation_csrf']) {
$errorMessage = "Potential CSRF attack detected.";
} elseif (!isset($_POST['action'])) {
$errorMessage = "No action specified.";
} elseif ($_POST['action'] == "add") {
if (!isset($_POST['categoryname']) || !$_POST['categoryname']) {
$errorMessage = "You need to specify the category name.";
} else {
$slug = null;
$slugError = false;
$tempSlug = null;
$tempSlugCount = 1;
while (is_null($slug)) {
if (!$tempSlug) {
$tempSlug = strtolower($_POST['categoryname']);
$tempSlug = preg_replace('/[^a-zA-Z0-9]+/', '-', $tempSlug);
$tempSlug = preg_replace('/^-+/', '', $tempSlug);
$tempSlug = preg_replace('/-+$/', '', $tempSlug);
}
$statement = $connection->prepare("SELECT slug FROM categories WHERE slug = ?");
if (!$statement) {
$slugError = true;
$errorMessage = "An unexpected error occurred while adding the category.";
break;
} else {
$tempSlug2 = $tempSlug . ($tempSlugCount > 1 ? '-' . strval($tempSlugCount) : '');
$statement->bind_param('s', $tempSlug2);
$statement->execute();
$slugExistsResult = $statement->get_result();
if (!$slugExistsResult) {
$slugError = true;
$errorMessage = "An unexpected error occurred while adding the category.";
$statement->close();
break;
} else {
$slugExists = boolval($slugExistsResult->fetch_assoc());
$statement->close();
if (!$slugExists) {
$slug = $tempSlug2;
} else {
$tempSlugCount++;
}
}
}
}
if (!$slugError) {
$statement = $connection->prepare('INSERT INTO categories (name, slug) VALUES (?, ?);');
if (!$statement) {
$errorMessage = "An unexpected error occurred while adding the category.";
} else {
$statement->bind_param('ss', $_POST['categoryname'], $slug);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while adding the category.";
} else {
$categoryAdded = true;
}
$statement->close();
}
}
}
} elseif ($_POST['action'] == "rename") {
if (!isset($_POST['category'], $_POST['categoryname']) || !$_POST['category'] || !$_POST['categoryname']) {
$errorMessage = "You need to specify the category you want to rename and the new category name.";
} elseif (!filter_var($_POST['category'], FILTER_VALIDATE_INT)) {
$errorMessage = "Invalid category.";
} else {
$categoryID = intval($_POST['category']);
$statement = $connection->prepare("SELECT id FROM categories WHERE id = ?");
if (!$statement) {
$errorMessage = "An unexpected error occurred while renaming the category.";
} else {
$statement->bind_param('i', $categoryID);
$statement->execute();
$result = $statement->get_result();
if (!$result) {
$errorMessage = "An unexpected error occurred while renaming the category.";
$statement->close();
} else {
$isCategoryPresent = boolval($result->fetch_assoc());
$statement->close();
if (!$isCategoryPresent) {
$errorMessage = "The selected category doesn't exist.";
} else {
$statement = $connection->prepare('UPDATE categories SET name = ? WHERE id = ?;');
if (!$statement) {
$errorMessage = "An unexpected error occurred while renaming the category.";
} else {
$statement->bind_param('si', $_POST['categoryname'], $categoryID);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while renaming the category.";
} else {
$categoryRenamed = true;
}
$statement->close();
}
}
}
}
}
} elseif ($_POST['action'] == "remove") {
if (!isset($_POST['category']) || !$_POST['category']) {
$errorMessage = "You need to specify the category you want to remove.";
} elseif (!filter_var($_POST['category'], FILTER_VALIDATE_INT)) {
$errorMessage = "Invalid category.";
} else {
$categoryID = intval($_POST['category']);
$statement = $connection->prepare("SELECT id FROM categories WHERE id = ?");
if (!$statement) {
$errorMessage = "An unexpected error occurred while removing the category.";
} else {
$statement->bind_param('i', $categoryID);
$statement->execute();
$result = $statement->get_result();
if (!$result) {
$errorMessage = "An unexpected error occurred while removing the category.";
$statement->close();
} else {
$isCategoryPresent = boolval($result->fetch_assoc());
$statement->close();
if (!$isCategoryPresent) {
$errorMessage = "The selected category doesn't exist.";
} else {
$statement = $connection->prepare('DELETE FROM categories WHERE id = ?;');
if (!$statement) {
$errorMessage = "An unexpected error occurred while removing the category.";
} else {
$statement->bind_param('i', $categoryID);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while removing the category.";
} else {
$categoryRemoved = true;
}
$statement->close();
}
}
}
}
}
} else {
$errorMessage = "Unknown action specified.";
}
}
$pageTitle = "Categories";
include '../includes/moderation_header.php';
?>
<h1>Categories</h1>
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
<?php
if ($categoryAdded) {
echo '<p>Category has been added.</p>';
} elseif ($categoryRenamed) {
echo '<p>Category has been renamed.</p>';
} elseif ($categoryRemoved) {
echo '<p>Category has been removed.</p>';
}
?>
<h2>Add category</h2>
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
<div class="form-block">
<label for="categoryname1">Category name:</label>
<input type="text" name="categoryname" id="categoryname1" required>
</div>
<div class="form-block">
<input type="submit" value="Add category">
</div>
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
<input type="hidden" name="action" value="add">
</form>
<h2>Rename category</h2>
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
<div class="form-block">
<label for="category1">Category:</label>
<select id="category1" name="category" required>
<?php
$result = $connection->query('SELECT id, name FROM categories');
if ($result) {
while ($row = $result->fetch_assoc()) {
echo '<option value="' . htmlspecialchars(strval($row['id'])) . '">' . htmlspecialchars($row['name']) . '</option>';
}
}
?>
</select>
</div>
<div class="form-block">
<label for="categoryname2">Category name:</label>
<input type="text" name="categoryname" id="categoryname2" required>
</div>
<div class="form-block">
<input type="submit" value="Rename category">
</div>
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
<input type="hidden" name="action" value="rename">
</form>
<h2>Remove category</h2>
<p>This will cause mods in the category you want to remove to be of invalid category.</p>
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
<div class="form-block">
<label for="category2">Category:</label>
<select id="category2" name="category" required>
<?php
$result = $connection->query('SELECT id, name FROM categories');
if ($result) {
while ($row = $result->fetch_assoc()) {
echo '<option value="' . htmlspecialchars(strval($row['id'])) . '">' . htmlspecialchars($row['name']) . '</option>';
}
}
?>
</select>
</div>
<div class="form-block">
<input type="submit" value="Remove category">
</div>
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
<input type="hidden" name="action" value="remove">
</form>
<h2>List of categories</h2>
<?php
$result = $connection->query("SELECT
categories.id AS id,
categories.name AS name,
categories.slug AS slug,
(
SELECT COUNT(mods.id)
FROM mods
JOIN users ON users.id = mods.user
WHERE mods.category = categories.id
AND mods.is_removed = 0
AND users.is_suspended = 0
AND users.is_verified = 1
AND users.is_deleted = 0
LIMIT 1
) AS count
FROM categories;");
if (!$result) {
echo "<p>An unexpected error occurred while fetching categories.</p>";
} else {
$categoriesPresent = false;
while ($category = $result->fetch_assoc()) {
$categoriesPresent = true;
echo '<div class="category">
<h3>' . htmlspecialchars($category['name']) . '</h3>
<p>Mods: ' . htmlspecialchars(number_format($category['count'], 0)) . '</p>
</div>';
}
if (!$categoriesPresent) {
echo '<p>No categories.</p>';
}
}
?>
<?php
include '../includes/moderation_footer.php';
include '../includes/moderation_final.php';
include '../includes/final.php';
?>
Reference in a new issue Copy permalink