misuzu/public/manage/index.php

<?php
require_once '../../misuzu.php';

$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, user_session_current('user_id', 0));

switch ($_GET['v'] ?? null) {
    default:
    case 'overview':
        echo tpl_render('manage.general.overview');
        break;

    case 'logs':
        if (!perms_check($generalPerms, MSZ_PERM_GENERAL_VIEW_LOGS)) {
            echo render_error(403);
            break;
        }

        $logsPagination = pagination_create(audit_log_count(), 50);
        $logsOffset = pagination_offset($logsPagination, pagination_param());

        if (!pagination_is_valid_offset($logsOffset)) {
            echo render_error(404);
            break;
        }

        $logs = audit_log_list($logsOffset, $logsPagination['range']);

        echo tpl_render('manage.general.logs', [
            'global_logs' => $logs,
            'global_logs_pagination' => $logsPagination,
            'global_logs_strings' => MSZ_AUDIT_LOG_STRINGS,
        ]);
        break;

    case 'quotes':
        if (!perms_check($generalPerms, MSZ_PERM_GENERAL_VIEW_LOGS)) {
            echo render_error(403);
            break;
        }

        $setId = (int)($_GET['s'] ?? '');
        $quoteId = (int)($_GET['q'] ?? '');

        if (!empty($_POST['quote']) && csrf_verify('add_quote', $_POST['csrf'] ?? '')) {
            $quoteTime = strtotime($_POST['quote']['time'] ?? '');
            $parentId = empty($_POST['quote']['parent']) ? null : (int)($_POST['quote']['parent']);

            $quoteId = chat_quotes_add(
                $_POST['quote']['text'] ?? null,
                $_POST['quote']['user']['name'] ?? null,
                empty($_POST['quote']['user']['colour']) ? MSZ_COLOUR_INHERIT : (int)($_POST['quote']['user']['colour']),
                empty($_POST['quote']['user']['id']) ? null : (int)($_POST['quote']['user']['id']),
                empty($_POST['quote']['parent']) || $_POST['quote']['id'] == $parentId ? null : (int)($_POST['quote']['parent']),
                $quoteTime ? $quoteTime : null,
                empty($_POST['quote']['id']) ? null : (int)($_POST['quote']['id'])
            );

            header('Location: ?v=quotes' . ($setId ? '&s=' . $setId : '&q=' . $quoteId));
            break;
        }

        if ($quoteId) {
            tpl_vars([
                'current_quote' => chat_quotes_single($quoteId),
                'quote_parent' => $setId,
            ]);
        } elseif ($setId > 0) {
            tpl_var('quote_set', chat_quotes_set($setId));
        }

        $quotesPagination = pagination_create(chat_quotes_count(true), 15);
        $quotesOffset = pagination_offset($quotesPagination, pagination_param());

        if (!pagination_is_valid_offset($quotesOffset)) {
            echo render_error(404);
            break;
        }

        $quotes = chat_quotes_parents($quotesPagination['offset']);

        echo tpl_render('manage.general.quotes', [
            'quote_parents' => $quotes,
            'quotes_pagination' => $quotesPagination,
        ]);
        break;

    case 'emoticons':
        if (!perms_check($generalPerms, MSZ_PERM_GENERAL_MANAGE_EMOTICONS)) {
            echo render_error(403);
            break;
        }

        echo tpl_render('manage.general.emoticons');
        break;

    case 'settings':
        if (!perms_check($generalPerms, MSZ_PERM_GENERAL_MANAGE_SETTINGS)) {
            echo render_error(403);
            break;
        }

        echo tpl_render('manage.general.settings');
        break;

    case 'blacklist':
        if (!perms_check($generalPerms, MSZ_PERM_GENERAL_MANAGE_BLACKLIST)) {
            echo render_error(403);
            break;
        }

        $notices = [];

        if (!empty($_POST)) {
            if (!csrf_verify('ip_blacklist', $_POST['csrf'] ?? '')) {
                $notices[] = 'Verification failed.';
            } else {
                header(csrf_http_header('ip_blacklist'));

                if (!empty($_POST['blacklist']['remove']) && is_array($_POST['blacklist']['remove'])) {
                    foreach ($_POST['blacklist']['remove'] as $cidr) {
                        if (!ip_blacklist_remove($cidr)) {
                            $notices[] = sprintf('Failed to remove "%s" from the blacklist.', $cidr);
                        }
                    }
                }

                if (!empty($_POST['blacklist']['add']) && is_string($_POST['blacklist']['add'])) {
                    $cidrs = explode("\n", $_POST['blacklist']['add']);

                    foreach ($cidrs as $cidr) {
                        $cidr = trim($cidr);

                        if (empty($cidr)) {
                            continue;
                        }

                        if (!ip_blacklist_add($cidr)) {
                            $notices[] = sprintf('Failed to add "%s" to the blacklist.', $cidr);
                        }
                    }
                }
            }
        }

        echo tpl_render('manage.general.blacklist', [
            'notices' => $notices,
            'blacklist' => ip_blacklist_list(),
        ]);
        break;
}
Now with functional pagination! 2018-03-28 00:35:37 +00:00			`<?php`
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 20:30:55 +00:00			`require_once '../../misuzu.php';`
Now with functional pagination! 2018-03-28 00:35:37 +00:00
Made imperative bits of the session system procedural like the rest. 2018-10-02 22:34:05 +00:00			`$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, user_session_current('user_id', 0));`
Smol optimisations and fixes a few things, mainly auth.php. 2018-04-26 15:01:59 +00:00
Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`switch ($_GET['v'] ?? null) {`
Made manage sections default to their actual default pages. 2018-07-10 01:04:44 +00:00			`default:`
Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`case 'overview':`
Restructure templating system. 2018-08-15 01:12:58 +00:00			`echo tpl_render('manage.general.overview');`
Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`break;`

			`case 'logs':`
Rename global permission constants to make more sense. 2018-08-18 02:31:46 +00:00			`if (!perms_check($generalPerms, MSZ_PERM_GENERAL_VIEW_LOGS)) {`
Add audit log backend stuff. 2018-07-17 17:17:57 +00:00			`echo render_error(403);`
			`break;`
			`}`

Rewrote the pagination system. 2019-01-03 00:33:02 +00:00			`$logsPagination = pagination_create(audit_log_count(), 50);`
			`$logsOffset = pagination_offset($logsPagination, pagination_param());`

			`if (!pagination_is_valid_offset($logsOffset)) {`
			`echo render_error(404);`
			`break;`
			`}`

			`$logs = audit_log_list($logsOffset, $logsPagination['range']);`
Improved look of global audit log. 2018-12-15 18:14:23 +00:00
			`echo tpl_render('manage.general.logs', [`
			`'global_logs' => $logs,`
Rewrote the pagination system. 2019-01-03 00:33:02 +00:00			`'global_logs_pagination' => $logsPagination,`
Improved look of global audit log. 2018-12-15 18:14:23 +00:00			`'global_logs_strings' => MSZ_AUDIT_LOG_STRINGS,`
			`]);`
Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`break;`

Added horribad quote administration thing. 2018-10-09 22:36:54 +00:00			`case 'quotes':`
Improved look of global audit log. 2018-12-15 18:14:23 +00:00			`if (!perms_check($generalPerms, MSZ_PERM_GENERAL_VIEW_LOGS)) {`
			`echo render_error(403);`
			`break;`
			`}`

Added horribad quote administration thing. 2018-10-09 22:36:54 +00:00			`$setId = (int)($_GET['s'] ?? '');`
			`$quoteId = (int)($_GET['q'] ?? '');`

			`if (!empty($_POST['quote']) && csrf_verify('add_quote', $_POST['csrf'] ?? '')) {`
			`$quoteTime = strtotime($_POST['quote']['time'] ?? '');`
			`$parentId = empty($_POST['quote']['parent']) ? null : (int)($_POST['quote']['parent']);`

			`$quoteId = chat_quotes_add(`
			`$_POST['quote']['text'] ?? null,`
			`$_POST['quote']['user']['name'] ?? null,`
			`empty($_POST['quote']['user']['colour']) ? MSZ_COLOUR_INHERIT : (int)($_POST['quote']['user']['colour']),`
			`empty($_POST['quote']['user']['id']) ? null : (int)($_POST['quote']['user']['id']),`
			`empty($_POST['quote']['parent']) \|\| $_POST['quote']['id'] == $parentId ? null : (int)($_POST['quote']['parent']),`
			`$quoteTime ? $quoteTime : null,`
			`empty($_POST['quote']['id']) ? null : (int)($_POST['quote']['id'])`
			`);`

			`header('Location: ?v=quotes' . ($setId ? '&s=' . $setId : '&q=' . $quoteId));`
			`break;`
			`}`

			`if ($quoteId) {`
			`tpl_vars([`
			`'current_quote' => chat_quotes_single($quoteId),`
			`'quote_parent' => $setId,`
			`]);`
			`} elseif ($setId > 0) {`
			`tpl_var('quote_set', chat_quotes_set($setId));`
			`}`

Rewrote the pagination system. 2019-01-03 00:33:02 +00:00			`$quotesPagination = pagination_create(chat_quotes_count(true), 15);`
			`$quotesOffset = pagination_offset($quotesPagination, pagination_param());`

			`if (!pagination_is_valid_offset($quotesOffset)) {`
			`echo render_error(404);`
			`break;`
			`}`

			`$quotes = chat_quotes_parents($quotesPagination['offset']);`
Added horribad quote administration thing. 2018-10-09 22:36:54 +00:00
			`echo tpl_render('manage.general.quotes', [`
			`'quote_parents' => $quotes,`
Rewrote the pagination system. 2019-01-03 00:33:02 +00:00			`'quotes_pagination' => $quotesPagination,`
Added horribad quote administration thing. 2018-10-09 22:36:54 +00:00			`]);`
			`break;`

Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`case 'emoticons':`
Rename global permission constants to make more sense. 2018-08-18 02:31:46 +00:00			`if (!perms_check($generalPerms, MSZ_PERM_GENERAL_MANAGE_EMOTICONS)) {`
More manage stuff. 2018-08-15 20:29:18 +00:00			`echo render_error(403);`
			`break;`
			`}`

			`echo tpl_render('manage.general.emoticons');`
Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`break;`

			`case 'settings':`
Rename global permission constants to make more sense. 2018-08-18 02:31:46 +00:00			`if (!perms_check($generalPerms, MSZ_PERM_GENERAL_MANAGE_SETTINGS)) {`
More manage stuff. 2018-08-15 20:29:18 +00:00			`echo render_error(403);`
			`break;`
			`}`

			`echo tpl_render('manage.general.settings');`
Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`break;`
Added a UI for managing the IP blacklist. 2018-12-26 16:03:26 +00:00
			`case 'blacklist':`
			`if (!perms_check($generalPerms, MSZ_PERM_GENERAL_MANAGE_BLACKLIST)) {`
			`echo render_error(403);`
			`break;`
			`}`

			`$notices = [];`

// not really much reason to use the while workaround for this with only a single pyramid level 2018-12-26 16:07:14 +00:00			`if (!empty($_POST)) {`
Added a UI for managing the IP blacklist. 2018-12-26 16:03:26 +00:00			`if (!csrf_verify('ip_blacklist', $_POST['csrf'] ?? '')) {`
			`$notices[] = 'Verification failed.';`
// not really much reason to use the while workaround for this with only a single pyramid level 2018-12-26 16:07:14 +00:00			`} else {`
			`header(csrf_http_header('ip_blacklist'));`

			`if (!empty($_POST['blacklist']['remove']) && is_array($_POST['blacklist']['remove'])) {`
			`foreach ($_POST['blacklist']['remove'] as $cidr) {`
			`if (!ip_blacklist_remove($cidr)) {`
			`$notices[] = sprintf('Failed to remove "%s" from the blacklist.', $cidr);`
			`}`
Added a UI for managing the IP blacklist. 2018-12-26 16:03:26 +00:00			`}`
			`}`

// not really much reason to use the while workaround for this with only a single pyramid level 2018-12-26 16:07:14 +00:00			`if (!empty($_POST['blacklist']['add']) && is_string($_POST['blacklist']['add'])) {`
			`$cidrs = explode("\n", $_POST['blacklist']['add']);`
Added a UI for managing the IP blacklist. 2018-12-26 16:03:26 +00:00
// not really much reason to use the while workaround for this with only a single pyramid level 2018-12-26 16:07:14 +00:00			`foreach ($cidrs as $cidr) {`
			`$cidr = trim($cidr);`
Added a UI for managing the IP blacklist. 2018-12-26 16:03:26 +00:00
// not really much reason to use the while workaround for this with only a single pyramid level 2018-12-26 16:07:14 +00:00			`if (empty($cidr)) {`
			`continue;`
			`}`
Added a UI for managing the IP blacklist. 2018-12-26 16:03:26 +00:00
// not really much reason to use the while workaround for this with only a single pyramid level 2018-12-26 16:07:14 +00:00			`if (!ip_blacklist_add($cidr)) {`
			`$notices[] = sprintf('Failed to add "%s" to the blacklist.', $cidr);`
			`}`
Added a UI for managing the IP blacklist. 2018-12-26 16:03:26 +00:00			`}`
			`}`
			`}`
			`}`

			`echo tpl_render('manage.general.blacklist', [`
			`'notices' => $notices,`
			`'blacklist' => ip_blacklist_list(),`
			`]);`
			`break;`
Management stuff (also pagination in places). 2018-04-23 03:00:55 +00:00			`}`