diff options
| author | FChannel <=> | 2021-01-28 13:53:56 -0800 |
|---|---|---|
| committer | FChannel <=> | 2021-01-28 13:53:56 -0800 |
| commit | 3d480edaef645b91ee8d00733dccc59f7296df28 (patch) | |
| tree | 162be87968f72ec5ae5431ed85f1f33b23b3be99 | |
| parent | ee3c47a5b2251380ded1239b149fd1f6e6514bfb (diff) | |
reporting requires captcha
| -rw-r--r-- | Database.go | 4 | ||||
| -rw-r--r-- | client.go | 2 | ||||
| -rw-r--r-- | main.go | 62 | ||||
| -rw-r--r-- | static/bottom.html | 25 | ||||
| -rw-r--r-- | static/js/posts.js | 24 | ||||
| -rw-r--r-- | static/main.html | 2 | ||||
| -rw-r--r-- | static/posts.html | 4 |
7 files changed, 93 insertions, 30 deletions
diff --git a/Database.go b/Database.go index 4f29026..ac9ee27 100644 --- a/Database.go +++ b/Database.go @@ -982,7 +982,9 @@ func GetCaptchaCodeDB(db *sql.DB, verify string) string { rows.Next() err = rows.Scan(&code) - CheckError(err, "Could not get verification captcha") + if err != nil { + fmt.Println("Could not get verification captcha") + } return code } @@ -619,7 +619,7 @@ func GetLocalDeleteDB(db *sql.DB) []Removed { return deleted } -func CreateLocalReportDB(db *sql.DB, id string, board string) { +func CreateLocalReportDB(db *sql.DB, id string, board string, reason string) { query := fmt.Sprintf("select id, count from reported where id='%s' and board='%s'", id, board) rows, err := db.Query(query) @@ -290,8 +290,18 @@ func main() { } } + if(len(r.FormValue("comment")) > 2000) { + w.Write([]byte("Comment limit 2000 characters")) + return + } + + if(len(r.FormValue("subject")) > 100 || len(r.FormValue("name")) > 100) { + w.Write([]byte("Name or Subject limit 100 characters")) + return + } + if(r.FormValue("captcha") == "") { - w.Write([]byte("Captcha required")) + w.Write([]byte("Incorrect Captcha")) return } @@ -361,7 +371,7 @@ func main() { } if(resp.StatusCode == 403){ - w.Write([]byte("Wrong Captcha")) + w.Write([]byte("Incorrect Captcha")) return } @@ -741,19 +751,25 @@ func main() { }) http.HandleFunc("/report", func(w http.ResponseWriter, r *http.Request){ - - id := r.URL.Query().Get("id") - close := r.URL.Query().Get("close") - board := r.URL.Query().Get("board") + + r.ParseForm() + + id := r.FormValue("id") + board := r.FormValue("board") + reason := r.FormValue("comment") + close := r.FormValue("close") + actor := GetActorFromPath(db, id, "/") _, auth := GetPasswordFromSession(r) - if id == "" || auth == "" { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("")) - return - } + var captcha = r.FormValue("captchaCode") + ":" + r.FormValue("captcha") + if(!CheckCaptcha(db, captcha)) { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("captcha required")) + return + } + if close == "1" { if !HasAuth(db, auth, actor.Id) { w.WriteHeader(http.StatusBadRequest) @@ -780,12 +796,12 @@ func main() { if !IsIDLocal(db, id) { fmt.Println("not local") - CreateLocalReportDB(db, id, board) + CreateLocalReportDB(db, id, board, reason) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } - reported := ReportActivity(db, id) + reported := ReportActivity(db, id, reason) if reported { http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return @@ -1493,9 +1509,9 @@ func SupportedMIMEType(mime string) bool { func DeleteReportActivity(db *sql.DB, id string) bool { - query := fmt.Sprintf("delete from reported where id='%s'", id) + query := `delete from reported where id=$1` - _, err := db.Exec(query) + _, err := db.Exec(query, id) if err != nil { CheckError(err, "error closing reported activity") @@ -1505,17 +1521,17 @@ func DeleteReportActivity(db *sql.DB, id string) bool { return true } -func ReportActivity(db *sql.DB, id string) bool { +func ReportActivity(db *sql.DB, id string, reason string) bool { if !IsIDLocal(db, id) { return false } actor := GetActivityFromDB(db, id) - - query := fmt.Sprintf("select count from reported where id='%s'", id) - rows, err := db.Query(query) + query := `select count from reported where id=$1` + + rows, err := db.Query(query, id) CheckError(err, "could not select count from reported") @@ -1526,9 +1542,9 @@ func ReportActivity(db *sql.DB, id string) bool { } if count < 1 { - query = fmt.Sprintf("insert into reported (id, count, board) values ('%s', %d, '%s')", id, 1, actor.Actor.Id) + query = `insert into reported (id, count, board) values ($1, $2, $3)` - _, err := db.Exec(query) + _, err := db.Exec(query, id, 1, actor.Actor.Id) if err != nil { CheckError(err, "error inserting new reported activity") @@ -1537,9 +1553,9 @@ func ReportActivity(db *sql.DB, id string) bool { } else { count = count + 1 - query = fmt.Sprintf("update reported set count=%d where id='%s'", count, id) + query = `update reported set count=$1 where id=$2` - _, err := db.Exec(query) + _, err := db.Exec(query, count, id) if err != nil { CheckError(err, "error updating reported activity") diff --git a/static/bottom.html b/static/bottom.html index 0542c41..25339b5 100644 --- a/static/bottom.html +++ b/static/bottom.html @@ -1,10 +1,10 @@ {{ define "bottom" }} -<div id="reply-box" style="display: none; "> +<div id="reply-box" class="popup-box" style="display: none; "> <div id="reply-header" style="display: inline-block; width: 370px; z-index: 0; cursor: move;"></div><div id="reply-close" style="display: inline-block; float: right;"><a href="javascript:closeReply()">[X]</a></div> <form id="reply-post" action="/post" method="post" enctype="multipart/form-data"> <input id="reply-name" name="name" size="43" type="text" placeholder="Name"> <input id="reply-options" name="options" size="43" type="text" placeholder="Options"> - <textarea id="reply-comment" name="comment" rows="12" cols="54" style="width: 396px;"></textarea> + <textarea id="reply-comment" name="comment" rows="12" cols="54" style="width: 396px;" maxlength="2000"></textarea> <input id="reply-file" name="file" type="file"> <input id="reply-submit" type="submit" value="Reply" style="float: right;"> <input type="hidden" id="inReplyTo-box" name="inReplyTo" value="{{ .Board.InReplyTo }}"> @@ -20,4 +20,25 @@ </div> </form> </div> + +<div id="report-box" class="popup-box" style="display: none; "> + <div id="report-header" style="text-align: center; display: inline-block; width: 370px; z-index: 0; cursor: move;"></div><div id="report-close" style="display: inline-block; float: right;"><a href="javascript:closeReport()">[X]</a></div> + <form id="report-post" action="/report" method="post"> + <label for="comment">Reason:</label> + <textarea id="report-comment" name="comment" rows="12" cols="54" style="width: 396px;" maxlength="100"></textarea> + <input id="report-submit" type="submit" value="Report" style="float: right;"> + <input type="hidden" id="report-inReplyTo-box" name="id" value="{{ .Board.InReplyTo }}"> + <input type="hidden" id="sendTo" name="sendTo" value="{{ .Board.To }}"> + <input type="hidden" id="boardName" name="boardName" value="{{ .Board.Name }}"> + <input type="hidden" name="close" value="0"> + <input type="hidden" id="captchaCode" name="captchaCode" value="{{ .Board.CaptchaCode }}"> + <div style="width: 202px; margin: 0 auto; padding-top: 12px;"> + <label for="captcha">Captcha:</label><br> + <input style="display: inline-block;" type="text" id="captcha" name="captcha" autocomplete="off"><br> + </div> + <div style="width: 230px; margin: 0 auto;"> + <img src="{{ .Board.Captcha }}"> + </div> + </form> +</div> {{ end }} diff --git a/static/js/posts.js b/static/js/posts.js index a6963de..805c1c1 100644 --- a/static/js/posts.js +++ b/static/js/posts.js @@ -149,6 +149,12 @@ function closeReply() document.getElementById("reply-comment").value = ""; } +function closeReport() +{ + document.getElementById("report-box").style.display = "none"; + document.getElementById("report-comment").value = ""; +} + function previous(actorName, page) { @@ -192,6 +198,24 @@ function quote(actorName, opid, id) dragElement(header); +} + +function report(actorName, id) +{ + var box = document.getElementById("report-box"); + var header = document.getElementById("report-header"); + var comment = document.getElementById("report-comment"); + var inReplyTo = document.getElementById("report-inReplyTo-box"); + + var w = window.innerWidth / 2 - 200; + var h = document.getElementById(id + "-content").offsetTop - 448; + + box.setAttribute("style", "display: block; position: absolute; width: 400px; height: 480px; z-index: 9; top: " + h + "px; left: " + w + "px; padding: 5px;"); + + header.innerText = "Report Post No. " + shortURL(actorName, id); + inReplyTo.value = id; + + dragElement(header); } function dragElement(elmnt) { diff --git a/static/main.html b/static/main.html index 180e91f..fc3d5ed 100644 --- a/static/main.html +++ b/static/main.html @@ -27,7 +27,7 @@ {{ end }} } - #reply-box { + .popup-box { {{ if .Board.Restricted }} border: 4px solid #d3caf0; background-color: #eff5ff; diff --git a/static/posts.html b/static/posts.html index 9e3e8ce..a7b18a9 100644 --- a/static/posts.html +++ b/static/posts.html @@ -60,7 +60,7 @@ } </script> {{ end }} - <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/">No.</a> <a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="/report?id={{ .Id }}&board={{ $board.Name }}">[Report]</a>{{ end }}</span> + <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/">No.</a> <a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="javascript:report('{{ $board.Actor }}', '{{ .Id }}')">[Report]</a>{{ end }}</span> <p id="{{ .Id }}-content" style="white-space: pre-wrap; margin: 10px 30px 10px 30px;">{{.Content}}</p> {{ if .Replies }} {{ $replies := .Replies }} @@ -124,7 +124,7 @@ } </script> {{ end }} - <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/post/{{ $opId }}#{{ .Id }}">No. </a><a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="/report?id={{ .Id }}&board={{ $board.Name }}">[Report]</a>{{ end }}</span> + <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/post/{{ $opId }}#{{ .Id }}">No. </a><a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="javascript:report('{{ $board.Actor }}', '{{ .Id }}')">[Report]</a>{{ end }}</span> {{ $parentId := .Id }} {{ if .Replies.OrderedItems }} {{ range .Replies.OrderedItems }} |