Merge pull request #42 from brunnopleffken/development

Merge 'development' (v0.7.0) into 'master'
brunnopleffken · Jul 17, 2015 · 05ee176 · 05ee176
2 parents 08c79a2 + ba9eec5
commit 05ee176
Show file tree

Hide file tree

Showing 27 changed files with 315 additions and 44 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,24 @@
 # Changelog
 
+## v0.7.0 (2015-07-16)
+
+#### Added
+- Member ranks/promotions given when a member reaches a certain number of posts.
+
+#### Fixes
+- Members were unable to log in anonymously (#41);
+- Users were unable to install Addictive Community in WAMP stack in certain scenarios;
+- Few other bug fixes and enhancements.
+
+#### Security
+- Added .php and .js files as forbidden extensions to avoid remote execution on server (users must now compress and send a ZIP file instead);
+- Improved numeric-only data validation to avoid SQL injection (#39).
+
+#### Changed
+- Check for system requirements comes before database settings (#27).
+
+
+
 ## v0.6.0 (2015-07-03)
 
 #### Added

diff --git a/admin/main.php b/admin/main.php
@@ -165,6 +165,7 @@ function CreateMenu($section)
 				<a href="main.php?act=members&amp;p=ban">Ban Member</a>
 				<a href="main.php?act=members&amp;p=manage">Manage Members</a>
 				<a href="main.php?act=members&amp;p=usergroups">User Groups</a>
+				<a href="main.php?act=members&amp;p=ranks">Ranks</a>
 			</div>
 HTML;
 		}

diff --git a/admin/process.php b/admin/process.php
@@ -453,5 +453,33 @@
 		header("Location: main.php?act=rooms&p=remove_mod&id=6&msg=1&m_id={$member_id}");
 		exit;
 
+		break;
+
+	case "new_rank";
+
+		$rank = array(
+			"title"     => Http::Request("title"),
+			"min_posts" => Http::Request("min_posts", true),
+			"pips"      => Http::Request("pips", true)
+		);
+
+		$Db->Insert("c_ranks", $rank);
+		$Admin->RegisterLog("Added new rank: " . $rank['title']);
+
+		header("Location: main.php?act=members&p=ranks&msg=2");
+		exit;
+
+		break;
+
+	case "delete_rank";
+
+		$rank_id = Http::Request("id", true);
+
+		$Db->Delete("c_ranks", "id = {$rank_id}");
+		$Admin->RegisterLog("Deleted rank #" . $rank_id);
+
+		header("Location: main.php?act=members&p=ranks&msg=3");
+		exit;
+
 		break;
 }
diff --git a/admin/sources/adm_dashboard_main.php b/admin/sources/adm_dashboard_main.php
@@ -107,7 +107,7 @@
 					</tr>
 					<tr>
 						<td class="title">Software Version</td>
-						<td>Addictive Community <?php echo VERSION . "-" . CHANNEL; ?> (<?php echo CODENAME; ?>)</td>
+						<td>Addictive Community <?php echo VERSION . "-" . CHANNEL; ?></td>
 					</tr>
 					<tr>
 						<td class="title">Software Updates</td>

diff --git a/admin/sources/adm_general_profiles.php b/admin/sources/adm_general_profiles.php
@@ -40,6 +40,10 @@
 						<td class="title-fixed">Enable photo upload <span class="title-desc">This will restrict the avatars only in 'Facebook' and 'Gravatar'. Photos already sent will not be deleted.</span></td>
 						<td><label><?php echo $Admin->SelectCheckbox("general_member_enable_avatar_upload") ?> Allow members to send their own photos as avatar.</label></td>
 					</tr>
+					<tr>
+						<td class="title-fixed">Enable ranks and promotions</td>
+						<td><?php echo $Admin->SelectCheckbox("general_member_enable_ranks") ?> Enable ranks for all members.</td>
+					</tr>
 				</table>
 				<div class="box fright"><input type="submit" value="Save Settings"></div>
 			</form>

diff --git a/admin/sources/adm_members_main.php b/admin/sources/adm_members_main.php
@@ -24,6 +24,7 @@
 				<tr><td><a href="main.php?act=members&p=ban"><b>Ban Member</b></a><br>Add or remove member bannishments.</td></tr>
 				<tr><td><a href="main.php?act=members&p=manage"><b>Manage Members</b></a><br>Manage, edit profiles and delete members from community.</td></tr>
 				<tr><td><a href="main.php?act=members&p=usergroups"><b>User Groups</b></a><br>Add and manage user groups and their settings.</td></tr>
+				<tr><td><a href="main.php?act=members&p=ranks"><b>Ranks</b></a><br>Add and manage member ranks and promotions.</td></tr>
 			</table>
 		</div>
 	</div>
diff --git a/admin/sources/adm_members_newrank.php b/admin/sources/adm_members_newrank.php
@@ -0,0 +1,47 @@
+<?php
+
+	## ---------------------------------------------------
+	#  ADDICTIVE COMMUNITY
+	## ---------------------------------------------------
+	#  Developed by Brunno Pleffken Hosti
+	#  File: adm_members_ranks.php
+	#  License: GPLv2
+	#  Copyright: (c) 2015 - Addictive Community
+	## ---------------------------------------------------
+
+?>
+
+	<h1>Add New Rank</h1>
+
+	<div id="content">
+		<div class="grid-row">
+			<form action="process.php?do=new_rank" method="post">
+				<table class="table-list">
+					<tr>
+						<th colspan="5">
+							<div class="fleft">New Rank</div>
+						</th>
+					</tr>
+					<tr>
+						<td class="title-fixed">Rank name</td>
+						<td><input type="text" name="title" class="small"></td>
+					</tr>
+					<tr>
+						<td class="title-fixed">Minimum posts</td>
+						<td><input type="text" name="min_posts" style="width: 40px"> posts</td>
+					</tr>
+					<tr>
+						<td class="title-fixed">Number of pips</td>
+						<td>
+							<select name="pips">
+								<?php for($i = 1; $i <= 9; $i++): ?>
+									<option value="<?php echo $i ?>"><?php echo $i ?></option>
+								<?php endfor; ?>
+							</select>
+						</td>
+					</tr>
+				</table>
+				<div class="fright"><input type="submit" value="Save Settings"></div>
+			</form>
+		</div>
+	</div>
diff --git a/admin/sources/adm_members_ranks.php b/admin/sources/adm_members_ranks.php
@@ -0,0 +1,91 @@
+<?php
+
+	## ---------------------------------------------------
+	#  ADDICTIVE COMMUNITY
+	## ---------------------------------------------------
+	#  Developed by Brunno Pleffken Hosti
+	#  File: adm_members_ranks.php
+	#  License: GPLv2
+	#  Copyright: (c) 2015 - Addictive Community
+	## ---------------------------------------------------
+
+	// Notification
+
+	$msg = (Http::Request("msg")) ? Http::Request("msg") : 0;
+
+	switch($msg) {
+		case 1:
+			$message = Html::Notification("The settings has been successfully changed.", "success");
+			break;
+		case 2:
+			$message = Html::Notification("The new rank has been successfully added.", "success");
+			break;
+		case 3:
+			$message = Html::Notification("The rank has been successfully removed.", "success");
+			break;
+		default:
+			$message = "";
+	}
+
+	// Get usergroup list
+	$Db->Query("SELECT * FROM c_ranks ORDER BY min_posts;");
+
+	while($rank = $Db->Fetch()) {
+		// Image has a higher priority than pip number
+		$symbol = "";
+		if($rank['pips'] != "") {
+			$symbol = $rank['pips'];
+		}
+		if($rank['image'] != "") {
+			$symbol = $rank['pips'];
+		}
+
+		Template::Add("<tr>
+				<td><b>{$rank['title']}</b></td>
+				<td>{$rank['min_posts']}</td>
+				<td>{$symbol}</td>
+				<td class='min'><a href='process.php?do=delete_rank&id={$rank['id']}'><i class='fa fa-fw fa-remove'></i></a></td>
+			</tr>");
+	}
+
+?>
+
+	<h1>Ranks</h1>
+
+	<div id="content">
+		<div class="grid-row">
+			<?php echo $message ?>
+			<form action="process.php?do=save" method="post">
+				<table class="table-list">
+					<tr>
+						<th colspan="5">
+							<div class="fleft">Ranks Overview</div>
+							<div class="fright"><a href="main.php?act=members&p=newrank" class="button-grey-default white transition">New Rank</a></div>
+						</th>
+					</tr>
+					<tr class="subtitle">
+						<td>Rank Name</td>
+						<td>Min. Posts</td>
+						<td>Image or # of Pips</td>
+						<td width="1%">Delete</td>
+					</tr>
+					<?php echo Template::Get() ?>
+				</table>
+
+				<form action="process.php?do=save" method="post">
+					<table class="table-list">
+						<tr>
+							<th colspan="5">
+								<div class="fleft">Settings</div>
+							</th>
+						</tr>
+						<tr>
+							<td class="title-fixed">Enable ranks and promotions</td>
+							<td><?php echo $Admin->SelectCheckbox("general_member_enable_ranks") ?> Enable ranks for all members.</td>
+						</tr>
+					</table>
+					<div class="fright"><input type="submit" value="Save Settings"></div>
+				</form>
+			</form>
+		</div>
+	</div>
diff --git a/controllers/Calendar.php b/controllers/Calendar.php
@@ -21,7 +21,7 @@ class Calendar extends Application
 	public function Main()
 	{
 		// Define messages
-		$message_id = Http::Request("m");
+		$message_id = Http::Request("m", true);
 		$notification = array("",
 			Html::Notification(i18n::Translate("C_MESSAGE_1"), "success")
 		);

diff --git a/controllers/Community.php b/controllers/Community.php
@@ -45,8 +45,7 @@ public function About()
 		$this->master = "Ajax";
 
 		$data = array(
-			"version"  => VERSION . "-" . CHANNEL,
-			"codename" => CODENAME
+			"version"  => VERSION . "-" . CHANNEL
 		);
 
 		// Return variables

diff --git a/controllers/Messenger.php b/controllers/Messenger.php
@@ -38,7 +38,7 @@ public function _BeforeAction()
 	public function Main()
 	{
 		// Define messages
-		$message_id = Http::Request("m");
+		$message_id = Http::Request("m", true);
 		$notification = array("",
 			Html::Notification(i18n::Translate("M_MESSAGE_1"), "success"),
 			Html::Notification(i18n::Translate("M_MESSAGE_2"), "failure")

diff --git a/controllers/Register.php b/controllers/Register.php
@@ -24,7 +24,7 @@ public function Main()
 		$step = (!Http::Request("step")) ? 1 : Http::Request("step");
 
 		// Notifications
-		$message_id = Http::Request("m");
+		$message_id = Http::Request("m", true);
 		$notification = array("",
 			Html::Notification(i18n::Translate("R_ERROR_1"), "failure", true),
 			Html::Notification(i18n::Translate("R_ERROR_2"), "failure", true),
@@ -172,7 +172,7 @@ public function Validate()
 		$this->layout = false;
 
 		// Get member ID
-		$member = Http::Request("m");
+		$member = Http::Request("m", true);
 		$token  = Http::Request("token");
 
 		// Check if user has already validated

diff --git a/controllers/Report.php b/controllers/Report.php
@@ -60,13 +60,13 @@ public function Save()
 		$this->layout = false;
 
 		// Check if user is reporting a post or a thread
-		if(!Http::Request("post_id")) {
+		if(!Http::Request("post_id", true)) {
 			$mode = "thread";
-			$thread_id = Http::Request("thread_id");
+			$thread_id = Http::Request("thread_id", true);
 		}
 		else {
 			$mode = "post";
-			$post_id = Http::Request("post_id");
+			$post_id = Http::Request("post_id", true);
 
 			$this->Db->Query("SELECT thread_id FROM c_posts WHERE p_id = {$post_id};");
 			$result = $this->Db->Fetch();
@@ -77,9 +77,9 @@ public function Save()
 		// Build report
 		$report_info = array(
 			"description" => Http::Request("description"),
-			"reason"      => Http::Request("reason"),
+			"reason"      => Http::Request("reason", true),
 			"date"        => time(),
-			"sender_id"   => Http::Request("member_id"),
+			"sender_id"   => Http::Request("member_id", true),
 			"ip_address"  => $_SERVER['REMOTE_ADDR'],
 			"post_id"     => ($post_id) ? $post_id : "0",
 			"thread_id"   => ($thread_id) ? $thread_id : "0",

diff --git a/controllers/Room.php b/controllers/Room.php
@@ -22,7 +22,7 @@ public function _BeforeAction()
 	{
 		if(Http::Request("act") == "load_more") {
 			// Update session table with room ID
-			$id = Http::Request("id");
+			$id = Http::Request("id", true);
 			$session = $this->Session->session_id;
 			$this->Db->Update("c_sessions", "location_room_id = {$id}", "s_id = '{$session}'");
 		}
@@ -79,7 +79,7 @@ public function LoadMore($id)
 		$this->layout = false;
 
 		// Threads per page
-		$page = Http::Request("page");
+		$page = Http::Request("page", true);
 		$threads_per_page = $this->Core->config['threads_per_page'];
 
 		// Calculate SQL offset
@@ -112,7 +112,7 @@ public function Unlock()
 		$this->layout = false;
 
 		$password = Http::Request("password");
-		$room_id  = Http::Request("room");
+		$room_id  = Http::Request("room", true);
 
 		$this->Db->Query("SELECT password FROM c_rooms WHERE r_id = {$room_id}");
 		$room_info = $this->Db->Fetch();