278 lines
No EOL
10 KiB
PHP
278 lines
No EOL
10 KiB
PHP
<?php
|
|
define("SVRJS_MOD_DIRECTORY", null);
|
|
define("SVRJS_MOD_DIRECTORY_MODERATION", null);
|
|
include '../config.php';
|
|
$appModerationRoot = dirname($_SERVER['SCRIPT_NAME']);
|
|
if ($appModerationRoot[strlen($appModerationRoot) - 1] != "/") $appModerationRoot = $appModerationRoot . '/';
|
|
$appRoot = dirname($_SERVER['SCRIPT_NAME'], 2);
|
|
if ($appRoot[strlen($appRoot) - 1] != "/") $appRoot = $appRoot . '/';
|
|
define('APP_ROOT', $appRoot);
|
|
define('APP_FSROOT', dirname(__FILE__, 2));
|
|
define('APP_MODERATION_FILENAME', basename($_SERVER['SCRIPT_NAME']));
|
|
define('APP_MODERATION_ROOT', $appModerationRoot);
|
|
include '../vendor/autoload.php';
|
|
include '../includes/init.php';
|
|
include '../includes/moderation_init.php';
|
|
|
|
$errorMessage = null;
|
|
$categoryAdded = false;
|
|
$categoryRenamed = false;
|
|
$categoryRemoved = false;
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['moderation_csrf']) {
|
|
$errorMessage = "Potential CSRF attack detected.";
|
|
} elseif (!isset($_POST['action'])) {
|
|
$errorMessage = "No action specified.";
|
|
} elseif ($_POST['action'] == "add") {
|
|
if (!isset($_POST['categoryname']) || !$_POST['categoryname']) {
|
|
$errorMessage = "You need to specify the category name.";
|
|
} else {
|
|
$slug = null;
|
|
$slugError = false;
|
|
$tempSlug = null;
|
|
$tempSlugCount = 1;
|
|
while (is_null($slug)) {
|
|
if (!$tempSlug) {
|
|
$tempSlug = strtolower($_POST['categoryname']);
|
|
$tempSlug = preg_replace('/[^a-zA-Z0-9]+/', '-', $tempSlug);
|
|
$tempSlug = preg_replace('/^-+/', '', $tempSlug);
|
|
$tempSlug = preg_replace('/-+$/', '', $tempSlug);
|
|
}
|
|
|
|
$statement = $connection->prepare("SELECT slug FROM categories WHERE slug = ?");
|
|
if (!$statement) {
|
|
$slugError = true;
|
|
$errorMessage = "An unexpected error occurred while adding the category.";
|
|
break;
|
|
} else {
|
|
$tempSlug2 = $tempSlug . ($tempSlugCount > 1 ? '-' . strval($tempSlugCount) : '');
|
|
$statement->bind_param('s', $tempSlug2);
|
|
$statement->execute();
|
|
$slugExistsResult = $statement->get_result();
|
|
if (!$slugExistsResult) {
|
|
$slugError = true;
|
|
$errorMessage = "An unexpected error occurred while adding the category.";
|
|
$statement->close();
|
|
break;
|
|
} else {
|
|
$slugExists = boolval($slugExistsResult->fetch_assoc());
|
|
$statement->close();
|
|
if (!$slugExists) {
|
|
$slug = $tempSlug2;
|
|
} else {
|
|
$tempSlugCount++;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if (!$slugError) {
|
|
$statement = $connection->prepare('INSERT INTO categories (name, slug) VALUES (?, ?);');
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while adding the category.";
|
|
} else {
|
|
$statement->bind_param('ss', $_POST['categoryname'], $slug);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while adding the category.";
|
|
} else {
|
|
$categoryAdded = true;
|
|
}
|
|
$statement->close();
|
|
}
|
|
}
|
|
}
|
|
} elseif ($_POST['action'] == "rename") {
|
|
if (!isset($_POST['category'], $_POST['categoryname']) || !$_POST['category'] || !$_POST['categoryname']) {
|
|
$errorMessage = "You need to specify the category you want to rename and the new category name.";
|
|
} elseif (!filter_var($_POST['category'], FILTER_VALIDATE_INT)) {
|
|
$errorMessage = "Invalid category.";
|
|
} else {
|
|
$categoryID = intval($_POST['category']);
|
|
$statement = $connection->prepare("SELECT id FROM categories WHERE id = ?");
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while renaming the category.";
|
|
} else {
|
|
$statement->bind_param('i', $categoryID);
|
|
$statement->execute();
|
|
$result = $statement->get_result();
|
|
if (!$result) {
|
|
$errorMessage = "An unexpected error occurred while renaming the category.";
|
|
$statement->close();
|
|
} else {
|
|
$isCategoryPresent = boolval($result->fetch_assoc());
|
|
$statement->close();
|
|
if (!$isCategoryPresent) {
|
|
$errorMessage = "The selected category doesn't exist.";
|
|
} else {
|
|
$statement = $connection->prepare('UPDATE categories SET name = ? WHERE id = ?;');
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while renaming the category.";
|
|
} else {
|
|
$statement->bind_param('si', $_POST['categoryname'], $categoryID);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while renaming the category.";
|
|
} else {
|
|
$categoryRenamed = true;
|
|
}
|
|
$statement->close();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} elseif ($_POST['action'] == "remove") {
|
|
if (!isset($_POST['category']) || !$_POST['category']) {
|
|
$errorMessage = "You need to specify the category you want to remove.";
|
|
} elseif (!filter_var($_POST['category'], FILTER_VALIDATE_INT)) {
|
|
$errorMessage = "Invalid category.";
|
|
} else {
|
|
$categoryID = intval($_POST['category']);
|
|
$statement = $connection->prepare("SELECT id FROM categories WHERE id = ?");
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while removing the category.";
|
|
} else {
|
|
$statement->bind_param('i', $categoryID);
|
|
$statement->execute();
|
|
$result = $statement->get_result();
|
|
if (!$result) {
|
|
$errorMessage = "An unexpected error occurred while removing the category.";
|
|
$statement->close();
|
|
} else {
|
|
$isCategoryPresent = boolval($result->fetch_assoc());
|
|
$statement->close();
|
|
if (!$isCategoryPresent) {
|
|
$errorMessage = "The selected category doesn't exist.";
|
|
} else {
|
|
$statement = $connection->prepare('DELETE FROM categories WHERE id = ?;');
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while removing the category.";
|
|
} else {
|
|
$statement->bind_param('i', $categoryID);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while removing the category.";
|
|
} else {
|
|
$categoryRemoved = true;
|
|
}
|
|
$statement->close();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
$errorMessage = "Unknown action specified.";
|
|
}
|
|
}
|
|
|
|
$pageTitle = "Categories";
|
|
include '../includes/moderation_header.php';
|
|
?>
|
|
<h1>Categories</h1>
|
|
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
|
|
<?php
|
|
if ($categoryAdded) {
|
|
echo '<p>Category has been added.</p>';
|
|
} elseif ($categoryRenamed) {
|
|
echo '<p>Category has been renamed.</p>';
|
|
} elseif ($categoryRemoved) {
|
|
echo '<p>Category has been removed.</p>';
|
|
}
|
|
?>
|
|
<h2>Add category</h2>
|
|
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
|
|
<div class="form-block">
|
|
<label for="categoryname1">Category name:</label>
|
|
<input type="text" name="categoryname" id="categoryname1" required>
|
|
</div>
|
|
<div class="form-block">
|
|
<input type="submit" value="Add category">
|
|
</div>
|
|
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
|
|
<input type="hidden" name="action" value="add">
|
|
</form>
|
|
<h2>Rename category</h2>
|
|
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
|
|
<div class="form-block">
|
|
<label for="category1">Category:</label>
|
|
<select id="category1" name="category" required>
|
|
<?php
|
|
$result = $connection->query('SELECT id, name FROM categories');
|
|
if ($result) {
|
|
while ($row = $result->fetch_assoc()) {
|
|
echo '<option value="' . htmlspecialchars(strval($row['id'])) . '">' . htmlspecialchars($row['name']) . '</option>';
|
|
}
|
|
}
|
|
?>
|
|
</select>
|
|
</div>
|
|
<div class="form-block">
|
|
<label for="categoryname2">Category name:</label>
|
|
<input type="text" name="categoryname" id="categoryname2" required>
|
|
</div>
|
|
<div class="form-block">
|
|
<input type="submit" value="Rename category">
|
|
</div>
|
|
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
|
|
<input type="hidden" name="action" value="rename">
|
|
</form>
|
|
<h2>Remove category</h2>
|
|
<p>This will cause mods in the category you want to remove to be of invalid category.</p>
|
|
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
|
|
<div class="form-block">
|
|
<label for="category2">Category:</label>
|
|
<select id="category2" name="category" required>
|
|
<?php
|
|
$result = $connection->query('SELECT id, name FROM categories');
|
|
if ($result) {
|
|
while ($row = $result->fetch_assoc()) {
|
|
echo '<option value="' . htmlspecialchars(strval($row['id'])) . '">' . htmlspecialchars($row['name']) . '</option>';
|
|
}
|
|
}
|
|
?>
|
|
</select>
|
|
</div>
|
|
<div class="form-block">
|
|
<input type="submit" value="Remove category">
|
|
</div>
|
|
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
|
|
<input type="hidden" name="action" value="remove">
|
|
</form>
|
|
<h2>List of categories</h2>
|
|
<?php
|
|
$result = $connection->query("SELECT
|
|
categories.id AS id,
|
|
categories.name AS name,
|
|
categories.slug AS slug,
|
|
(
|
|
SELECT COUNT(mods.id)
|
|
FROM mods
|
|
JOIN users ON users.id = mods.user
|
|
WHERE mods.category = categories.id
|
|
AND mods.is_removed = 0
|
|
AND users.is_suspended = 0
|
|
AND users.is_verified = 1
|
|
AND users.is_deleted = 0
|
|
LIMIT 1
|
|
) AS count
|
|
FROM categories;");
|
|
if (!$result) {
|
|
echo "<p>An unexpected error occurred while fetching categories.</p>";
|
|
} else {
|
|
$categoriesPresent = false;
|
|
while ($category = $result->fetch_assoc()) {
|
|
$categoriesPresent = true;
|
|
echo '<div class="category">
|
|
<h3>' . htmlspecialchars($category['name']) . '</h3>
|
|
<p>Mods: ' . htmlspecialchars(number_format($category['count'], 0)) . '</p>
|
|
</div>';
|
|
}
|
|
if (!$categoriesPresent) {
|
|
echo '<p>No categories.</p>';
|
|
}
|
|
}
|
|
?>
|
|
<?php
|
|
include '../includes/moderation_footer.php';
|
|
include '../includes/moderation_final.php';
|
|
include '../includes/final.php';
|
|
?>
|