Browse Source

Add IP expunge requests

spaghetti 2 years ago
parent
commit
afe4203024

+ 7
- 7
design/privateheader.php View File

@@ -502,14 +502,14 @@ if (check_perms('admin_reports')) {
502 502
 }
503 503
 
504 504
 if (check_perms('users_mod')) {
505
-  $NumEmailDeleteRequests = G::$Cache->get_value('num_email_delete_requests');
506
-  if ($NumEmailDeleteRequests === false) {
507
-    G::$DB->query("SELECT COUNT(*) FROM email_delete_requests");
508
-    list($NumEmailDeleteRequests) = G::$DB->next_record();
509
-    G::$Cache->cache_value('num_email_delete_requests', $NumEmailDeleteRequests);
505
+  $NumDeleteRequests = G::$Cache->get_value('num_deletion_requests');
506
+  if ($NumDeleteRequests === false) {
507
+    G::$DB->query("SELECT COUNT(*) FROM deletion_requests");
508
+    list($NumDeleteRequests) = G::$DB->next_record();
509
+    G::$Cache->cache_value('num_deletion_requests', $NumDeleteRequests);
510 510
   }
511
-  if ($NumEmailDeleteRequests > 0) {
512
-    $ModBar[] = '<a href="tools.php?action=delete_email">' . $NumEmailDeleteRequests . " Email deletion request(s)</a>";
511
+  if ($NumDeleteRequests > 0) {
512
+    $ModBar[] = '<a href="tools.php?action=expunge_requests">' . $NumDeleteRequests . " Expunge request".($NumDeleteRequests > 1 ? 's' : '')."</a>";
513 513
   }
514 514
 }
515 515
 

+ 4
- 3
gazelle.sql View File

@@ -325,12 +325,13 @@ CREATE TABLE `email_blacklist` (
325 325
   PRIMARY KEY (`ID`)
326 326
 ) ENGINE=InnoDB CHARSET=utf8;
327 327
 
328
-CREATE TABLE `email_delete_requests` (
328
+CREATE TABLE `deletion_requests` (
329 329
   `UserID` int(10) unsigned NOT NULL,
330
-  `Email` varchar(255) NOT NULL,
330
+  `Value` varchar(255) NOT NULL,
331
+  `Type` varchar(255) NOT NULL,
331 332
   `Reason` text,
332 333
   `Time` datetime,
333
-  PRIMARY KEY (`UserID`,`Email`)
334
+  PRIMARY KEY (`UserID`,`Value`)
334 335
 ) ENGINE=InnoDB CHARSET=utf8;
335 336
 
336 337
 CREATE TABLE `featured_albums` (

+ 3
- 3
sections/delete/delete_email.php View File

@@ -8,12 +8,12 @@ if (!apcu_exists('DBKEY')) {
8 8
   error(403);
9 9
 }
10 10
 
11
-View::show_header('Email Deletion Request');
11
+View::show_header('Email Expunge Request');
12 12
 
13 13
 ?>
14 14
 
15 15
 <div class="header">
16
-  <h2>Email deletion request</h2>
16
+  <h2>Email Expunge Request</h2>
17 17
 </div>
18 18
 <form class="create_form box pad" name="emaildelete" action="delete.php" method="post">
19 19
   <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
@@ -24,7 +24,7 @@ View::show_header('Email Deletion Request');
24 24
   <table cellspacing="1" cellpadding="3" border="0" class="layout" width="100%">
25 25
     <tr>
26 26
       <td class="label">Email:</td>
27
-      <td><input type="text" size="30" value="<?=DBCrypt::decrypt(urldecode($_GET['emails'][0]))?>" disabled /></td>
27
+      <td><input type="text" size="30" value="<?=DBCrypt::decrypt($_GET['emails'][0])?>" disabled /></td>
28 28
     </tr>
29 29
     <tr>
30 30
       <td class="label">Reason (Optional):</td>

+ 42
- 0
sections/delete/delete_ip.php View File

@@ -0,0 +1,42 @@
1
+<?
2
+
3
+if (!isset($_GET['ips']) || !is_array($_GET['ips'])) {
4
+  error("Stop that.");
5
+}
6
+
7
+if (!apcu_exists('DBKEY')) {
8
+  error(403);
9
+}
10
+
11
+View::show_header('IP Address Expunge Request');
12
+
13
+?>
14
+
15
+<div class="header">
16
+  <h2>IP Address Expunge Request</h2>
17
+</div>
18
+<form class="create_form box pad" name="ipdelete" action="delete.php" method="post">
19
+  <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
20
+  <? foreach($_GET['ips'] as $ip) { ?>
21
+  <input type="hidden" name="ips[]" value="<?=$ip?>" />
22
+  <? } ?>
23
+  <input type="hidden" name="action" value="takeip" />
24
+  <table cellspacing="1" cellpadding="3" border="0" class="layout" width="100%">
25
+    <tr>
26
+      <td class="label">IP:</td>
27
+      <td><input type="text" size="30" value="<?=DBCrypt::decrypt($_GET['ips'][0])?>" disabled /></td>
28
+    </tr>
29
+    <tr>
30
+      <td class="label">Reason (Optional):</td>
31
+      <td>
32
+        <textarea name="reason" rows="10"></textarea>
33
+      </td>
34
+    </tr>
35
+    <tr>
36
+      <td></td>
37
+      <td><input type="submit" value="Submit" /></td>
38
+    </tr>
39
+  </table>
40
+</form>
41
+
42
+<? View::show_footer(); ?>

+ 7
- 1
sections/delete/index.php View File

@@ -2,7 +2,7 @@
2 2
 
3 3
 enforce_login();
4 4
 
5
-if($_REQUEST['action']) {
5
+if ($_REQUEST['action']) {
6 6
   switch($_REQUEST['action']) {
7 7
     case 'email':
8 8
       include('delete_email.php');
@@ -11,10 +11,16 @@ if($_REQUEST['action']) {
11 11
       include('take_delete_email.php');
12 12
       break;
13 13
     case 'ip':
14
+      include('delete_ip.php');
15
+      break;
16
+    case 'takeip':
17
+      include('take_delete_ip.php');
14 18
       break;
15 19
     default:
16 20
       header('Location: index.php');
17 21
   }
22
+} else {
23
+  header('Location: index.php');
18 24
 }
19 25
 
20 26
 ?>

+ 4
- 4
sections/delete/take_delete_email.php View File

@@ -51,12 +51,12 @@ forEach ($EncEmails as $EncEmail) {
51 51
 //Okay I think everything checks out.
52 52
 
53 53
 $DB->query("
54
-  INSERT INTO email_delete_requests
55
-    (UserID, Email, Reason, Time)
54
+  INSERT INTO deletion_requests
55
+    (UserID, Type, Value, Reason, Time)
56 56
   VALUES
57
-    ('$UserID', '".db_string($EncEmails[0])."', '".db_string($Reason)."', '".sqltime()."')");
57
+    ('$UserID', 'Email', '".db_string($EncEmails[0])."', '".db_string($Reason)."', '".sqltime()."')");
58 58
 
59
-$Cache->delete_value('num_email_delete_requests');
59
+$Cache->delete_value('num_deletion_requests');
60 60
 
61 61
 View::show_header('Email Deletion Request');
62 62
 ?>

+ 72
- 0
sections/delete/take_delete_ip.php View File

@@ -0,0 +1,72 @@
1
+<?
2
+
3
+enforce_login();
4
+authorize();
5
+
6
+if (!isset($_POST['ips']) || !is_array($_POST['ips'])) {
7
+  error("Stop that.");
8
+}
9
+
10
+if (!apcu_exists('DBKEY')) {
11
+  error(403);
12
+}
13
+
14
+$EncIPs = $_POST['ips'];
15
+
16
+$Reason = $_POST['reason'] ?? '';
17
+
18
+forEach ($EncIPs as $EncIP) {
19
+  $DB->query("
20
+    SELECT UserID
21
+    FROM users_history_ips
22
+    WHERE IP = '".db_string($EncIP)."'");
23
+
24
+  if (!$DB->has_results()) {
25
+    error('IP not found');
26
+  }
27
+
28
+  list($UserID) = $DB->next_record();
29
+
30
+  if (!check_perms('users_mod') && ($UserID != $LoggedUser['ID'])) {
31
+    error(403);
32
+  }
33
+
34
+  $DB->query("
35
+    SELECT IP
36
+    FROM users_main
37
+    WHERE ID = '$UserID'");
38
+
39
+  if (!$DB->has_results()) {
40
+    error(404);
41
+  }
42
+
43
+  list($Curr) = $DB->next_record();
44
+  $Curr = DBCrypt::decrypt($Curr);
45
+
46
+  if ($Curr == DBCrypt::decrypt($EncIP)) {
47
+    error("You can't delete your current IP.");
48
+  }
49
+}
50
+
51
+//Okay I think everything checks out.
52
+
53
+$DB->query("
54
+  INSERT INTO deletion_requests
55
+    (UserID, Type, Value, Reason, Time)
56
+  VALUES
57
+    ('$UserID', 'IP', '".db_string($EncIPs[0])."', '".db_string($Reason)."', '".sqltime()."')");
58
+
59
+$Cache->delete_value('num_deletion_requests');
60
+
61
+View::show_header('IP Address Deletion Request');
62
+?>
63
+
64
+<div class="thin">
65
+  <h2 id="general">IP Address Deletion Request</h2>
66
+  <div class="box pad" style="padding: 10px 10px 10px 20px;">
67
+    <p>Your request has been sent. Please wait for it to be acknowledged.</p>
68
+    <p>After it's accepted or denied by staff, you will receive a PM response.</p>
69
+    <p><a href="/index.php">Return</a></p>
70
+  </div>
71
+</div>
72
+<? View::show_footer(); ?>

+ 2
- 2
sections/tools/index.php View File

@@ -81,8 +81,8 @@ switch ($_REQUEST['action']) {
81 81
     include(SERVER_ROOT.'/sections/tools/managers/enable_requests.php');
82 82
     break;
83 83
 
84
-  case 'delete_email':
85
-    include(SERVER_ROOT.'/sections/tools/managers/email_delete_requests.php');
84
+  case 'expunge_requests':
85
+    include(SERVER_ROOT.'/sections/tools/managers/expunge_requests.php');
86 86
     break;
87 87
 
88 88
   case 'ajax_take_enable_request':

+ 0
- 104
sections/tools/managers/email_delete_requests.php View File

@@ -1,104 +0,0 @@
1
-<?
2
-
3
-if (!check_perms('users_mod')) {
4
-  error(403);
5
-}
6
-
7
-$QueryID = $DB->query("
8
-  SELECT SQL_CALC_FOUND_ROWS *
9
-  FROM email_delete_requests");
10
-
11
-$DB->query("SELECT FOUND_ROWS()");
12
-list($NumResults) = $DB->next_record();
13
-$DB->set_query_id($QueryID);
14
-
15
-$Requests = $DB->to_array();
16
-
17
-if (isset($_GET['deny']) && isset($_GET['email'])) {
18
-  authorize();
19
-
20
-  $Deny = ($_GET['deny'] == "true");
21
-  $Email = db_string($_GET['email']);
22
-
23
-  $DB->query("
24
-    DELETE FROM email_delete_requests
25
-    WHERE Email = '$Email'");
26
-
27
-  $DB->query("
28
-    SELECT UserID
29
-    FROM users_history_emails
30
-    WHERE Email = '$Email'");
31
-  if ($DB->has_results()) {
32
-    list($UserID) = $DB->next_record();
33
-    if ($UserID != $_GET['userid']) {
34
-      $Err = "The UserID is incorrect?";
35
-    }
36
-  } else {
37
-    $Err = "That email doesn't exist.";
38
-  }
39
-
40
-  if (empty($Err)) {
41
-    if (!$Deny) {
42
-      $DB->query("
43
-        SELECT Email
44
-        FROM users_history_emails
45
-        WHERE UserID = '$UserID'");
46
-      $ToDelete = [];
47
-      while (list($EncEmail) = $DB->next_record()) {
48
-        if (DBCrypt::decrypt($Email) == DBCrypt::decrypt($EncEmail)) {
49
-          $ToDelete[] = $EncEmail;
50
-        }
51
-      }
52
-      forEach ($ToDelete as $DelEmail) {
53
-        $DB->query("
54
-          DELETE FROM users_history_emails
55
-          WHERE UserID = $UserID
56
-            AND Email = '$DelEmail'");
57
-      }
58
-      $Succ = "Email deleted.";
59
-      Misc::send_pm($UserID, 0, "Email Deletion Request Accepted.", "Your email deletion request has been accepted. What email? I don't know! We don't have it anymore!");
60
-    } else {
61
-      $Succ = "Request denied.";
62
-      Misc::send_pm($UserID, 0, "Email Deletion Request Denied.", "Your email deletion request has been denied.\n\nIf you wish to discuss this matter further, please create a staff PM, or join #oppaitime-help on IRC to speak with a staff member.");
63
-    }
64
-  }
65
-
66
-  $Cache->delete_value('num_email_delete_requests');
67
-}
68
-
69
-View::show_header("Email Deletion Requests");
70
-
71
-?>
72
-
73
-<div class="header">
74
-  <h2>Email Deletion Requests</h2>
75
-</div>
76
-
77
-<? if (isset($Err)) { ?>
78
-<span>Error: <?=$Err?></span>
79
-<? } elseif (isset($Succ)) { ?>
80
-<span>Success: <?=$Succ?></span>
81
-<? } ?>
82
-
83
-<div class="thin">
84
-  <table width="100%">
85
-    <tr class="colhead">
86
-      <td>User</td>
87
-      <td>Email</td>
88
-      <td>Reason</td>
89
-      <td>Accept</td>
90
-      <td>Deny</td>
91
-    </tr>
92
-<? foreach ($Requests as $Request) { ?>
93
-    <tr>
94
-      <td><?=Users::format_username($Request['UserID'])?></td>
95
-      <td><?=DBCrypt::decrypt($Request['Email'])?></td>
96
-      <td><?=display_str($Request['Reason'])?></td>
97
-      <td><a href="tools.php?action=delete_email&auth=<?=$LoggedUser['AuthKey']?>&email=<?=urlencode($Request['Email'])?>&userid=<?=$Request['UserID']?>&deny=false" class="brackets">Accept</a></td>
98
-      <td><a href="tools.php?action=delete_email&auth=<?=$LoggedUser['AuthKey']?>&email=<?=urlencode($Request['Email'])?>&userid=<?=$Request['UserID']?>&deny=true" class="brackets">Deny</a></td>
99
-    </tr>
100
-<? } ?>
101
-  </table>
102
-</div>
103
-
104
-<? View::show_footer(); ?>

+ 107
- 0
sections/tools/managers/expunge_requests.php View File

@@ -0,0 +1,107 @@
1
+<?
2
+
3
+if (!check_perms('users_mod')) {
4
+  error(403);
5
+}
6
+
7
+$QueryID = $DB->query("
8
+  SELECT SQL_CALC_FOUND_ROWS *
9
+  FROM deletion_requests");
10
+
11
+$DB->query("SELECT FOUND_ROWS()");
12
+list($NumResults) = $DB->next_record();
13
+$DB->set_query_id($QueryID);
14
+
15
+$Requests = $DB->to_array();
16
+
17
+if (isset($_GET['deny']) && isset($_GET['type']) && isset($_GET['value'])) {
18
+  authorize();
19
+
20
+  $Deny = ($_GET['deny'] == 'true');
21
+  $Type = $_GET['type'] == 'email' ? 'Email' : ($_GET['type'] == 'ip' ? 'IP' : '');
22
+  $Value = db_string($_GET['value']);
23
+
24
+  $DB->query("
25
+    DELETE FROM deletion_requests
26
+    WHERE Value = '$Value'");
27
+
28
+  $DB->query("
29
+    SELECT UserID
30
+    FROM users_history_".strtolower($Type)."s
31
+    WHERE $Type = '$Value'");
32
+  if ($DB->has_results()) {
33
+    list($UserID) = $DB->next_record();
34
+    if ($UserID != $_GET['userid']) {
35
+      $Err = "The specified UserID is incorrect.";
36
+    }
37
+  } else {
38
+    $Err = "That $Type doesn't exist.";
39
+  }
40
+
41
+  if (empty($Err)) {
42
+    if (!$Deny) {
43
+      $DB->query("
44
+        SELECT $Type
45
+        FROM users_history_".strtolower($Type)."s
46
+        WHERE UserID = '$UserID'");
47
+      $ToDelete = [];
48
+      while (list($EncValue) = $DB->next_record()) {
49
+        if (DBCrypt::decrypt($Value) == DBCrypt::decrypt($EncValue)) {
50
+          $ToDelete[] = $EncValue;
51
+        }
52
+      }
53
+      forEach ($ToDelete as $DelValue) {
54
+        $DB->query("
55
+          DELETE FROM users_history_".strtolower($Type)."s
56
+          WHERE UserID = $UserID
57
+            AND $Type = '$DelValue'");
58
+      }
59
+      $Succ = "$Type deleted.";
60
+      Misc::send_pm($UserID, 0, "$Type Deletion Request Accepted.", "Your deletion request has been accepted. What $Type? I don't know! We don't have it anymore!");
61
+    } else {
62
+      $Succ = "Request denied.";
63
+      Misc::send_pm($UserID, 0, "$Type Deletion Request Denied.", "Your deletion request has been denied.\n\nIf you wish to discuss this matter further, please create a staff PM, or join ".BOT_HELP_CHAN." on IRC to speak with a staff member.");
64
+    }
65
+  }
66
+
67
+  $Cache->delete_value('num_deletion_requests');
68
+}
69
+
70
+View::show_header("Expunge Requests");
71
+
72
+?>
73
+
74
+<div class="header">
75
+  <h2>Expunge Requests</h2>
76
+</div>
77
+
78
+<? if (isset($Err)) { ?>
79
+<span>Error: <?=$Err?></span>
80
+<? } elseif (isset($Succ)) { ?>
81
+<span>Success: <?=$Succ?></span>
82
+<? } ?>
83
+
84
+<div class="thin">
85
+  <table width="100%">
86
+    <tr class="colhead">
87
+      <td>User</td>
88
+      <td>Type</td>
89
+      <td>Value</td>
90
+      <td>Reason</td>
91
+      <td>Accept</td>
92
+      <td>Deny</td>
93
+    </tr>
94
+<? foreach ($Requests as $Request) { ?>
95
+    <tr>
96
+      <td><?=Users::format_username($Request['UserID'])?></td>
97
+      <td><?=$Request['Type']?></td>
98
+      <td><?=DBCrypt::decrypt($Request['Value'])?></td>
99
+      <td><?=display_str($Request['Reason'])?></td>
100
+      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=false" class="brackets">Accept</a></td>
101
+      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=true" class="brackets">Deny</a></td>
102
+    </tr>
103
+<? } ?>
104
+  </table>
105
+</div>
106
+
107
+<? View::show_footer(); ?>

+ 1
- 0
sections/user/user.php View File

@@ -224,6 +224,7 @@ if (check_perms('users_edit_profiles', $Class) || $LoggedUser['ID'] == $UserID)
224 224
 if ($LoggedUser['ID'] == $UserID) {
225 225
 ?>
226 226
     <a href="userhistory.php?action=useremail&userid=<?=$UserID?>" class="brackets">Email History</a>
227
+    <a href="userhistory.php?action=userip&userid=<?=$UserID?>" class="brackets">IP History</a>
227 228
 <?
228 229
 }
229 230
 if (check_perms('users_view_invites', $Class)) {

+ 7
- 7
sections/userhistory/email_history_userview.php View File

@@ -15,11 +15,11 @@ if (!apcu_exists('DBKEY')) {
15 15
 }
16 16
 
17 17
 $DB->query("
18
-  SELECT DISTINCT h.email
19
-  FROM users_history_emails AS h
20
-  WHERE h.UserID = '$UserID'");
18
+  SELECT DISTINCT Email
19
+  FROM users_history_emails
20
+  WHERE UserID = '$UserID'");
21 21
 
22
-$EncEmails = $DB->collect("email");
22
+$EncEmails = $DB->collect("Email");
23 23
 $Emails = [];
24 24
 
25 25
 foreach ($EncEmails as $Enc) {
@@ -30,14 +30,14 @@ foreach ($EncEmails as $Enc) {
30 30
 }
31 31
 
32 32
 $DB->query("
33
-  SELECT email
33
+  SELECT Email
34 34
   FROM users_main
35 35
   WHERE ID = '$UserID'");
36 36
 
37 37
 list($Curr) = $DB->next_record();
38 38
 $Curr = DBCrypt::decrypt($Curr);
39 39
 
40
-if ($Self) {
40
+if (!$Self) {
41 41
   $DB->query("SELECT Username FROM users_main WHERE ID = '$UserID'");
42 42
   list($Username) = $DB->next_record();
43 43
 
@@ -58,7 +58,7 @@ if ($Self) {
58 58
 <table width="100%">
59 59
   <tr class="colhead">
60 60
     <td>Email</td>
61
-    <td>Delete</td>
61
+    <td>Expunge</td>
62 62
   </tr>
63 63
 <? foreach ($Emails as $Email => $Encs) { ?>
64 64
   <tr class="row">

+ 3
- 0
sections/userhistory/index.php View File

@@ -37,6 +37,9 @@ if ($_GET['action']) {
37 37
     case 'useremail':
38 38
       include('email_history_userview.php');
39 39
       break;
40
+    case 'userip':
41
+      include('ip_history_userview.php');
42
+      break;
40 43
     case 'passkeys':
41 44
       //Load passkey history page
42 45
       include('passkey_history.php');

+ 74
- 0
sections/userhistory/ip_history_userview.php View File

@@ -0,0 +1,74 @@
1
+<?
2
+$UserID = $_GET['userid'];
3
+if (!is_number($UserID)) {
4
+  error(404);
5
+}
6
+
7
+$Self = ($UserID == $LoggedUser['ID']);
8
+
9
+if (!check_perms('users_mod') && !$Self) {
10
+  error(403);
11
+}
12
+
13
+if (!apcu_exists('DBKEY')) {
14
+  error('The site is currently running with partial database access. Please wait for staff to fully decrypt it');
15
+}
16
+
17
+$DB->query("
18
+  SELECT IP
19
+  FROM users_history_ips
20
+  WHERE UserID = '$UserID'");
21
+
22
+$EncIPs = $DB->collect("IP");
23
+$IPs = [];
24
+
25
+foreach ($EncIPs as $Enc) {
26
+  if (!isset($IPs[DBCrypt::decrypt($Enc)])) {
27
+    $IPs[DBCrypt::decrypt($Enc)] = [];
28
+  }
29
+  $IPs[DBCrypt::decrypt($Enc)][] = $Enc;
30
+}
31
+
32
+$DB->query("
33
+  SELECT IP
34
+  FROM users_main
35
+  WHERE ID = '$UserID'");
36
+
37
+list($Curr) = $DB->next_record();
38
+$Curr = DBCrypt::decrypt($Curr);
39
+
40
+if (!$Self) {
41
+  $DB->query("SELECT Username FROM users_main WHERE ID = '$UserID'");
42
+  list($Username) = $DB->next_record();
43
+
44
+  View::show_header("IP history for $Username");
45
+} else {
46
+  View::show_header("Your IP history");
47
+}
48
+
49
+?>
50
+
51
+<div class="header">
52
+<? if ($Self) { ?>
53
+  <h2>Your IP history</h2>
54
+<? } else { ?>
55
+  <h2>IP history for <a href="user.php?id=<?=$UserID?>"><?=$Username?></a></h2>
56
+<? } ?>
57
+</div>
58
+<table width="100%">
59
+  <tr class="colhead">
60
+    <td>IP</td>
61
+    <td>Expunge</td>
62
+  </tr>
63
+<? foreach ($IPs as $IP => $Encs) { ?>
64
+  <tr class="row">
65
+    <td><?=display_str($IP)?></td>
66
+    <td>
67
+    <? if ($IP != $Curr) { ?>
68
+      <a href="delete.php?action=ip&ips[]=<?=implode('&ips[]=', array_map('urlencode', $Encs))?>" class="brackets">X</a>
69
+    <? } ?>
70
+    </td>
71
+  </tr>
72
+<? } ?>
73
+</table>
74
+<? View::show_footer(); ?>

Loading…
Cancel
Save