From 3d480edaef645b91ee8d00733dccc59f7296df28 Mon Sep 17 00:00:00 2001
From: FChannel <=>
Date: Thu, 28 Jan 2021 13:53:56 -0800
Subject: reporting requires captcha

---
 Database.go        |  4 +++-
 client.go          |  2 +-
 main.go            | 62 ++++++++++++++++++++++++++++++++++--------------------
 static/bottom.html | 25 ++++++++++++++++++++--
 static/js/posts.js | 24 +++++++++++++++++++++
 static/main.html   |  2 +-
 static/posts.html  |  4 ++--
 7 files changed, 93 insertions(+), 30 deletions(-)

diff --git a/Database.go b/Database.go
index 4f29026..ac9ee27 100644
--- a/Database.go
+++ b/Database.go
@@ -982,7 +982,9 @@ func GetCaptchaCodeDB(db *sql.DB, verify string) string {
 	rows.Next()
 	err = rows.Scan(&code)
 
-	CheckError(err, "Could not get verification captcha")
+	if err != nil {
+		fmt.Println("Could not get verification captcha")
+	}
 
 	return code
 }
diff --git a/client.go b/client.go
index beddcad..e46ff8a 100644
--- a/client.go
+++ b/client.go
@@ -619,7 +619,7 @@ func GetLocalDeleteDB(db *sql.DB) []Removed {
 	return deleted
 }
 
-func CreateLocalReportDB(db *sql.DB, id string, board string) {
+func CreateLocalReportDB(db *sql.DB, id string, board string, reason string) {
 	query := fmt.Sprintf("select id, count from reported where id='%s' and board='%s'", id, board)
 
 	rows, err := db.Query(query)
diff --git a/main.go b/main.go
index b49d6d8..551fce9 100644
--- a/main.go
+++ b/main.go
@@ -290,8 +290,18 @@ func main() {
 			}
 		}
 
+		if(len(r.FormValue("comment")) > 2000) {
+			w.Write([]byte("Comment limit 2000 characters"))
+			return
+		}
+
+		if(len(r.FormValue("subject")) > 100 || len(r.FormValue("name")) > 100) {
+			w.Write([]byte("Name or Subject limit 100 characters"))
+			return
+		}		
+
 		if(r.FormValue("captcha") == "") {
-			w.Write([]byte("Captcha required"))
+			w.Write([]byte("Incorrect Captcha"))
 			return
 		}			
 		
@@ -361,7 +371,7 @@ func main() {
 		}
 
 		if(resp.StatusCode == 403){
-			w.Write([]byte("Wrong Captcha"))
+			w.Write([]byte("Incorrect Captcha"))
 			return
 		}
 		
@@ -741,19 +751,25 @@ func main() {
 	})
 
 	http.HandleFunc("/report", func(w http.ResponseWriter, r *http.Request){
-		
-		id := r.URL.Query().Get("id")
-		close := r.URL.Query().Get("close")
-		board := r.URL.Query().Get("board")		
+
+		r.ParseForm()
+
+		id := r.FormValue("id")
+		board := r.FormValue("board")
+		reason := r.FormValue("comment")
+		close := r.FormValue("close")
+
 		actor := GetActorFromPath(db, id, "/")
 		_, auth := GetPasswordFromSession(r)
 
-		if id == "" || auth == "" {
-			w.WriteHeader(http.StatusBadRequest)
-			w.Write([]byte(""))					
-			return				
-		}		
+		var captcha = r.FormValue("captchaCode") + ":" + r.FormValue("captcha")
 
+		if(!CheckCaptcha(db, captcha)) {
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte("captcha required"))					
+			return							
+		}
+		
 		if close == "1" {
 			if !HasAuth(db, auth, actor.Id) {
 				w.WriteHeader(http.StatusBadRequest)
@@ -780,12 +796,12 @@ func main() {
 
 		if !IsIDLocal(db, id) {
 			fmt.Println("not local")
-			CreateLocalReportDB(db, id, board)
+			CreateLocalReportDB(db, id, board, reason)
 			http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 			return			
 		}
 		
-		reported := ReportActivity(db, id)
+		reported := ReportActivity(db, id, reason)
 		if reported {
 			http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)			
 			return
@@ -1493,9 +1509,9 @@ func SupportedMIMEType(mime string) bool {
 
 func DeleteReportActivity(db *sql.DB, id string) bool {
 
-	query := fmt.Sprintf("delete from reported where id='%s'", id)
+	query := `delete from reported where id=$1`
 
-	_, err := db.Exec(query)
+	_, err := db.Exec(query, id)
 
 	if err != nil {
 		CheckError(err, "error closing reported activity")
@@ -1505,17 +1521,17 @@ func DeleteReportActivity(db *sql.DB, id string) bool {
 	return true
 }
 
-func ReportActivity(db *sql.DB, id string) bool {
+func ReportActivity(db *sql.DB, id string, reason string) bool {
 
 	if !IsIDLocal(db, id) {
 		return false
 	}
 
 	actor := GetActivityFromDB(db, id)
-	
-	query := fmt.Sprintf("select count from reported where id='%s'", id)
 
-	rows, err := db.Query(query)
+	query := `select count from reported where id=$1`
+	
+	rows, err := db.Query(query, id)
 
 	CheckError(err, "could not select count from reported")
 
@@ -1526,9 +1542,9 @@ func ReportActivity(db *sql.DB, id string) bool {
 	}
 
 	if count < 1 {
-		query = fmt.Sprintf("insert into reported (id, count, board) values ('%s', %d, '%s')", id, 1, actor.Actor.Id)
+		query = `insert into reported (id, count, board) values ($1, $2, $3)`
 
-		_, err := db.Exec(query)
+		_, err := db.Exec(query, id, 1, actor.Actor.Id)
 
 		if err != nil {
 			CheckError(err, "error inserting new reported activity")
@@ -1537,9 +1553,9 @@ func ReportActivity(db *sql.DB, id string) bool {
 		
 	} else {
 		count = count + 1
-		query = fmt.Sprintf("update reported set count=%d where id='%s'", count, id)
+		query = `update reported set count=$1 where id=$2`
 
-		_, err := db.Exec(query)
+		_, err := db.Exec(query, count, id)
 		
 		if err != nil {
 			CheckError(err, "error updating reported activity")
diff --git a/static/bottom.html b/static/bottom.html
index 0542c41..25339b5 100644
--- a/static/bottom.html
+++ b/static/bottom.html
@@ -1,10 +1,10 @@
 {{ define "bottom" }}
-<div id="reply-box" style="display: none; ">
+<div id="reply-box" class="popup-box" style="display: none; ">
   <div id="reply-header" style="display: inline-block; width: 370px; z-index: 0; cursor: move;"></div><div id="reply-close" style="display: inline-block; float: right;"><a href="javascript:closeReply()">[X]</a></div>
   <form id="reply-post" action="/post" method="post" enctype="multipart/form-data">
     <input id="reply-name" name="name" size="43" type="text" placeholder="Name">
     <input id="reply-options" name="options" size="43" type="text" placeholder="Options">
-    <textarea id="reply-comment" name="comment" rows="12" cols="54" style="width: 396px;"></textarea>
+    <textarea id="reply-comment" name="comment" rows="12" cols="54" style="width: 396px;" maxlength="2000"></textarea>
     <input id="reply-file" name="file" type="file">
     <input id="reply-submit" type="submit" value="Reply" style="float: right;">
     <input type="hidden" id="inReplyTo-box" name="inReplyTo" value="{{ .Board.InReplyTo }}">
@@ -20,4 +20,25 @@
     </div>
   </form>
 </div>
+
+<div id="report-box" class="popup-box" style="display: none; ">
+  <div id="report-header" style="text-align: center; display: inline-block; width: 370px; z-index: 0; cursor: move;"></div><div id="report-close" style="display: inline-block; float: right;"><a href="javascript:closeReport()">[X]</a></div>
+  <form id="report-post" action="/report" method="post">
+    <label for="comment">Reason:</label>
+    <textarea id="report-comment" name="comment" rows="12" cols="54" style="width: 396px;" maxlength="100"></textarea>
+    <input id="report-submit" type="submit" value="Report" style="float: right;">
+    <input type="hidden" id="report-inReplyTo-box" name="id" value="{{ .Board.InReplyTo }}">
+    <input type="hidden" id="sendTo" name="sendTo" value="{{ .Board.To }}">
+    <input type="hidden" id="boardName" name="boardName" value="{{ .Board.Name }}">
+    <input type="hidden" name="close" value="0">    
+    <input type="hidden" id="captchaCode" name="captchaCode" value="{{ .Board.CaptchaCode }}">
+    <div style="width: 202px; margin: 0 auto; padding-top: 12px;">
+      <label for="captcha">Captcha:</label><br>      
+      <input style="display: inline-block;"  type="text" id="captcha" name="captcha" autocomplete="off"><br>
+    </div>
+    <div style="width: 230px; margin: 0 auto;">
+      <img src="{{ .Board.Captcha }}">
+    </div>
+  </form>
+</div>
 {{ end }}
diff --git a/static/js/posts.js b/static/js/posts.js
index a6963de..805c1c1 100644
--- a/static/js/posts.js
+++ b/static/js/posts.js
@@ -149,6 +149,12 @@ function closeReply()
     document.getElementById("reply-comment").value = "";        
 }
 
+function closeReport()
+{
+    document.getElementById("report-box").style.display = "none";
+    document.getElementById("report-comment").value = "";        
+}
+
 
 function previous(actorName, page)
 {
@@ -192,6 +198,24 @@ function quote(actorName, opid, id)
 
     dragElement(header);            
 
+}
+
+function report(actorName, id)
+{
+    var box = document.getElementById("report-box");
+    var header = document.getElementById("report-header");
+    var comment = document.getElementById("report-comment");
+    var inReplyTo = document.getElementById("report-inReplyTo-box");      
+
+    var w = window.innerWidth / 2 - 200;
+    var h = document.getElementById(id + "-content").offsetTop - 448;
+
+    box.setAttribute("style", "display: block; position: absolute; width: 400px; height: 480px; z-index: 9; top: " + h + "px; left: " + w + "px; padding: 5px;");
+
+    header.innerText = "Report Post No. " + shortURL(actorName, id);
+    inReplyTo.value = id;
+
+    dragElement(header);            
 }  
 
 function dragElement(elmnt) {
diff --git a/static/main.html b/static/main.html
index 180e91f..fc3d5ed 100644
--- a/static/main.html
+++ b/static/main.html
@@ -27,7 +27,7 @@
           {{ end }}
       }
       
-      #reply-box {
+      .popup-box {
           {{ if .Board.Restricted }}
           border: 4px solid #d3caf0;
           background-color: #eff5ff;
diff --git a/static/posts.html b/static/posts.html
index 9e3e8ce..a7b18a9 100644
--- a/static/posts.html
+++ b/static/posts.html
@@ -60,7 +60,7 @@
       }                    
     </script>
     {{ end }}
-    <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/">No.</a> <a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="/report?id={{ .Id }}&board={{ $board.Name }}">[Report]</a>{{ end }}</span>
+    <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/">No.</a> <a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="javascript:report('{{ $board.Actor }}', '{{ .Id }}')">[Report]</a>{{ end }}</span>
     <p id="{{ .Id }}-content" style="white-space: pre-wrap; margin: 10px 30px 10px 30px;">{{.Content}}</p>
     {{ if .Replies }}
     {{ $replies := .Replies }}
@@ -124,7 +124,7 @@
             }                    
           </script>              
           {{ end }}
-          <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/post/{{ $opId }}#{{ .Id }}">No. </a><a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="/report?id={{ .Id }}&board={{ $board.Name }}">[Report]</a>{{ end }}</span>
+          <span style="color: #0f0c5d;"><b>{{ .Name }}</b></span><span style="color: #117743;"><b>{{ if .AttributedTo }} {{.AttributedTo }} {{ else }} Anonymous {{ end }}</b></span><span>{{ .Published }} <a id="{{ .Id }}-anchor" href="/{{ $board.Name }}/post/{{ $opId }}#{{ .Id }}">No. </a><a id="{{ .Id }}-link" title="{{ .Id }}" href="javascript:quote('{{ $board.Actor }}', '{{ $opId }}', '{{ .Id }}')">{{ .Id }}</a> {{ if ne .Type "Tombstone" }}<a href="javascript:report('{{ $board.Actor }}', '{{ .Id }}')">[Report]</a>{{ end }}</span>
           {{ $parentId := .Id }}
           {{ if .Replies.OrderedItems }}
           {{ range .Replies.OrderedItems }}
-- 
cgit v1.2.3