Add IP expunge requests

design/privateheader.php

@@ -502,14 +502,14 @@ if (check_perms('admin_reports')) {
 }
 
 if (check_perms('users_mod')) {
-  $NumEmailDeleteRequests = G::$Cache->get_value('num_email_delete_requests');
-  if ($NumEmailDeleteRequests === false) {
-    G::$DB->query("SELECT COUNT(*) FROM email_delete_requests");
-    list($NumEmailDeleteRequests) = G::$DB->next_record();
-    G::$Cache->cache_value('num_email_delete_requests', $NumEmailDeleteRequests);
+  $NumDeleteRequests = G::$Cache->get_value('num_deletion_requests');
+  if ($NumDeleteRequests === false) {
+    G::$DB->query("SELECT COUNT(*) FROM deletion_requests");
+    list($NumDeleteRequests) = G::$DB->next_record();
+    G::$Cache->cache_value('num_deletion_requests', $NumDeleteRequests);
   }
-  if ($NumEmailDeleteRequests > 0) {
-    $ModBar[] = '<a href="tools.php?action=delete_email">' . $NumEmailDeleteRequests . " Email deletion request(s)</a>";
+  if ($NumDeleteRequests > 0) {
+    $ModBar[] = '<a href="tools.php?action=expunge_requests">' . $NumDeleteRequests . " Expunge request".($NumDeleteRequests > 1 ? 's' : '')."</a>";
   }
 }
 

gazelle.sql

@@ -325,12 +325,13 @@ CREATE TABLE `email_blacklist` (
   PRIMARY KEY (`ID`)
 ) ENGINE=InnoDB CHARSET=utf8;
 
-CREATE TABLE `email_delete_requests` (
+CREATE TABLE `deletion_requests` (
   `UserID` int(10) unsigned NOT NULL,
-  `Email` varchar(255) NOT NULL,
+  `Value` varchar(255) NOT NULL,
+  `Type` varchar(255) NOT NULL,
   `Reason` text,
   `Time` datetime,
-  PRIMARY KEY (`UserID`,`Email`)
+  PRIMARY KEY (`UserID`,`Value`)
 ) ENGINE=InnoDB CHARSET=utf8;
 
 CREATE TABLE `featured_albums` (

sections/delete/delete_email.php

@@ -8,12 +8,12 @@ if (!apcu_exists('DBKEY')) {
   error(403);
 }
 
-View::show_header('Email Deletion Request');
+View::show_header('Email Expunge Request');
 
 ?>
 
 <div class="header">
-  <h2>Email deletion request</h2>
+  <h2>Email Expunge Request</h2>
 </div>
 <form class="create_form box pad" name="emaildelete" action="delete.php" method="post">
   <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
@@ -24,7 +24,7 @@ View::show_header('Email Deletion Request');
   <table cellspacing="1" cellpadding="3" border="0" class="layout" width="100%">
     <tr>
       <td class="label">Email:</td>
-      <td><input type="text" size="30" value="<?=DBCrypt::decrypt(urldecode($_GET['emails'][0]))?>" disabled /></td>
+      <td><input type="text" size="30" value="<?=DBCrypt::decrypt($_GET['emails'][0])?>" disabled /></td>
     </tr>
     <tr>
       <td class="label">Reason (Optional):</td>

sections/delete/delete_ip.php

@@ -0,0 +1,42 @@
+<?
+
+if (!isset($_GET['ips']) || !is_array($_GET['ips'])) {
+  error("Stop that.");
+}
+
+if (!apcu_exists('DBKEY')) {
+  error(403);
+}
+
+View::show_header('IP Address Expunge Request');
+
+?>
+
+<div class="header">
+  <h2>IP Address Expunge Request</h2>
+</div>
+<form class="create_form box pad" name="ipdelete" action="delete.php" method="post">
+  <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
+  <? foreach($_GET['ips'] as $ip) { ?>
+  <input type="hidden" name="ips[]" value="<?=$ip?>" />
+  <? } ?>
+  <input type="hidden" name="action" value="takeip" />
+  <table cellspacing="1" cellpadding="3" border="0" class="layout" width="100%">
+    <tr>
+      <td class="label">IP:</td>
+      <td><input type="text" size="30" value="<?=DBCrypt::decrypt($_GET['ips'][0])?>" disabled /></td>
+    </tr>
+    <tr>
+      <td class="label">Reason (Optional):</td>
+      <td>
+        <textarea name="reason" rows="10"></textarea>
+      </td>
+    </tr>
+    <tr>
+      <td></td>
+      <td><input type="submit" value="Submit" /></td>
+    </tr>
+  </table>
+</form>
+
+<? View::show_footer(); ?>

sections/delete/index.php

@@ -2,7 +2,7 @@
 
 enforce_login();
 
-if($_REQUEST['action']) {
+if ($_REQUEST['action']) {
   switch($_REQUEST['action']) {
     case 'email':
       include('delete_email.php');
@@ -11,10 +11,16 @@ if($_REQUEST['action']) {
       include('take_delete_email.php');
       break;
     case 'ip':
+      include('delete_ip.php');
+      break;
+    case 'takeip':
+      include('take_delete_ip.php');
       break;
     default:
       header('Location: index.php');
   }
+} else {
+  header('Location: index.php');
 }
 
 ?>

sections/delete/take_delete_email.php

@@ -51,12 +51,12 @@ forEach ($EncEmails as $EncEmail) {
 //Okay I think everything checks out.
 
 $DB->query("
-  INSERT INTO email_delete_requests
-    (UserID, Email, Reason, Time)
+  INSERT INTO deletion_requests
+    (UserID, Type, Value, Reason, Time)
   VALUES
-    ('$UserID', '".db_string($EncEmails[0])."', '".db_string($Reason)."', '".sqltime()."')");
+    ('$UserID', 'Email', '".db_string($EncEmails[0])."', '".db_string($Reason)."', '".sqltime()."')");
 
-$Cache->delete_value('num_email_delete_requests');
+$Cache->delete_value('num_deletion_requests');
 
 View::show_header('Email Deletion Request');
 ?>

sections/delete/take_delete_ip.php

@@ -0,0 +1,72 @@
+<?
+
+enforce_login();
+authorize();
+
+if (!isset($_POST['ips']) || !is_array($_POST['ips'])) {
+  error("Stop that.");
+}
+
+if (!apcu_exists('DBKEY')) {
+  error(403);
+}
+
+$EncIPs = $_POST['ips'];
+
+$Reason = $_POST['reason'] ?? '';
+
+forEach ($EncIPs as $EncIP) {
+  $DB->query("
+    SELECT UserID
+    FROM users_history_ips
+    WHERE IP = '".db_string($EncIP)."'");
+
+  if (!$DB->has_results()) {
+    error('IP not found');
+  }
+
+  list($UserID) = $DB->next_record();
+
+  if (!check_perms('users_mod') && ($UserID != $LoggedUser['ID'])) {
+    error(403);
+  }
+
+  $DB->query("
+    SELECT IP
+    FROM users_main
+    WHERE ID = '$UserID'");
+
+  if (!$DB->has_results()) {
+    error(404);
+  }
+
+  list($Curr) = $DB->next_record();
+  $Curr = DBCrypt::decrypt($Curr);
+
+  if ($Curr == DBCrypt::decrypt($EncIP)) {
+    error("You can't delete your current IP.");
+  }
+}
+
+//Okay I think everything checks out.
+
+$DB->query("
+  INSERT INTO deletion_requests
+    (UserID, Type, Value, Reason, Time)
+  VALUES
+    ('$UserID', 'IP', '".db_string($EncIPs[0])."', '".db_string($Reason)."', '".sqltime()."')");
+
+$Cache->delete_value('num_deletion_requests');
+
+View::show_header('IP Address Deletion Request');
+?>
+
+<div class="thin">
+  <h2 id="general">IP Address Deletion Request</h2>
+  <div class="box pad" style="padding: 10px 10px 10px 20px;">
+    <p>Your request has been sent. Please wait for it to be acknowledged.</p>
+    <p>After it's accepted or denied by staff, you will receive a PM response.</p>
+    <p><a href="/index.php">Return</a></p>
+  </div>
+</div>
+<? View::show_footer(); ?>

sections/tools/index.php

@@ -81,8 +81,8 @@ switch ($_REQUEST['action']) {
     include(SERVER_ROOT.'/sections/tools/managers/enable_requests.php');
     break;
 
-  case 'delete_email':
-    include(SERVER_ROOT.'/sections/tools/managers/email_delete_requests.php');
+  case 'expunge_requests':
+    include(SERVER_ROOT.'/sections/tools/managers/expunge_requests.php');
     break;
 
   case 'ajax_take_enable_request':

sections/tools/managers/email_delete_requests.php

@@ -1,104 +0,0 @@
-<?
-
-if (!check_perms('users_mod')) {
-  error(403);
-}
-
-$QueryID = $DB->query("
-  SELECT SQL_CALC_FOUND_ROWS *
-  FROM email_delete_requests");
-
-$DB->query("SELECT FOUND_ROWS()");
-list($NumResults) = $DB->next_record();
-$DB->set_query_id($QueryID);
-
-$Requests = $DB->to_array();
-
-if (isset($_GET['deny']) && isset($_GET['email'])) {
-  authorize();
-
-  $Deny = ($_GET['deny'] == "true");
-  $Email = db_string($_GET['email']);
-
-  $DB->query("
-    DELETE FROM email_delete_requests
-    WHERE Email = '$Email'");
-
-  $DB->query("
-    SELECT UserID
-    FROM users_history_emails
-    WHERE Email = '$Email'");
-  if ($DB->has_results()) {
-    list($UserID) = $DB->next_record();
-    if ($UserID != $_GET['userid']) {
-      $Err = "The UserID is incorrect?";
-    }
-  } else {
-    $Err = "That email doesn't exist.";
-  }
-
-  if (empty($Err)) {
-    if (!$Deny) {
-      $DB->query("
-        SELECT Email
-        FROM users_history_emails
-        WHERE UserID = '$UserID'");
-      $ToDelete = [];
-      while (list($EncEmail) = $DB->next_record()) {
-        if (DBCrypt::decrypt($Email) == DBCrypt::decrypt($EncEmail)) {
-          $ToDelete[] = $EncEmail;
-        }
-      }
-      forEach ($ToDelete as $DelEmail) {
-        $DB->query("
-          DELETE FROM users_history_emails
-          WHERE UserID = $UserID
-            AND Email = '$DelEmail'");
-      }
-      $Succ = "Email deleted.";
-      Misc::send_pm($UserID, 0, "Email Deletion Request Accepted.", "Your email deletion request has been accepted. What email? I don't know! We don't have it anymore!");
-    } else {
-      $Succ = "Request denied.";
-      Misc::send_pm($UserID, 0, "Email Deletion Request Denied.", "Your email deletion request has been denied.\n\nIf you wish to discuss this matter further, please create a staff PM, or join #oppaitime-help on IRC to speak with a staff member.");
-    }
-  }
-
-  $Cache->delete_value('num_email_delete_requests');
-}
-
-View::show_header("Email Deletion Requests");
-
-?>
-
-<div class="header">
-  <h2>Email Deletion Requests</h2>
-</div>
-
-<? if (isset($Err)) { ?>
-<span>Error: <?=$Err?></span>
-<? } elseif (isset($Succ)) { ?>
-<span>Success: <?=$Succ?></span>
-<? } ?>
-
-<div class="thin">
-  <table width="100%">
-    <tr class="colhead">
-      <td>User</td>
-      <td>Email</td>
-      <td>Reason</td>
-      <td>Accept</td>
-      <td>Deny</td>
-    </tr>
-<? foreach ($Requests as $Request) { ?>
-    <tr>
-      <td><?=Users::format_username($Request['UserID'])?></td>
-      <td><?=DBCrypt::decrypt($Request['Email'])?></td>
-      <td><?=display_str($Request['Reason'])?></td>
-      <td><a href="tools.php?action=delete_email&auth=<?=$LoggedUser['AuthKey']?>&email=<?=urlencode($Request['Email'])?>&userid=<?=$Request['UserID']?>&deny=false" class="brackets">Accept</a></td>
-      <td><a href="tools.php?action=delete_email&auth=<?=$LoggedUser['AuthKey']?>&email=<?=urlencode($Request['Email'])?>&userid=<?=$Request['UserID']?>&deny=true" class="brackets">Deny</a></td>
-    </tr>
-<? } ?>
-  </table>
-</div>
-
-<? View::show_footer(); ?>

sections/tools/managers/expunge_requests.php

@@ -0,0 +1,107 @@
+<?
+
+if (!check_perms('users_mod')) {
+  error(403);
+}
+
+$QueryID = $DB->query("
+  SELECT SQL_CALC_FOUND_ROWS *
+  FROM deletion_requests");
+
+$DB->query("SELECT FOUND_ROWS()");
+list($NumResults) = $DB->next_record();
+$DB->set_query_id($QueryID);
+
+$Requests = $DB->to_array();
+
+if (isset($_GET['deny']) && isset($_GET['type']) && isset($_GET['value'])) {
+  authorize();
+
+  $Deny = ($_GET['deny'] == 'true');
+  $Type = $_GET['type'] == 'email' ? 'Email' : ($_GET['type'] == 'ip' ? 'IP' : '');
+  $Value = db_string($_GET['value']);
+
+  $DB->query("
+    DELETE FROM deletion_requests
+    WHERE Value = '$Value'");
+
+  $DB->query("
+    SELECT UserID
+    FROM users_history_".strtolower($Type)."s
+    WHERE $Type = '$Value'");
+  if ($DB->has_results()) {
+    list($UserID) = $DB->next_record();
+    if ($UserID != $_GET['userid']) {
+      $Err = "The specified UserID is incorrect.";
+    }
+  } else {
+    $Err = "That $Type doesn't exist.";
+  }
+
+  if (empty($Err)) {
+    if (!$Deny) {
+      $DB->query("
+        SELECT $Type
+        FROM users_history_".strtolower($Type)."s
+        WHERE UserID = '$UserID'");
+      $ToDelete = [];
+      while (list($EncValue) = $DB->next_record()) {
+        if (DBCrypt::decrypt($Value) == DBCrypt::decrypt($EncValue)) {
+          $ToDelete[] = $EncValue;
+        }
+      }
+      forEach ($ToDelete as $DelValue) {
+        $DB->query("
+          DELETE FROM users_history_".strtolower($Type)."s
+          WHERE UserID = $UserID
+            AND $Type = '$DelValue'");
+      }
+      $Succ = "$Type deleted.";
+      Misc::send_pm($UserID, 0, "$Type Deletion Request Accepted.", "Your deletion request has been accepted. What $Type? I don't know! We don't have it anymore!");
+    } else {
+      $Succ = "Request denied.";
+      Misc::send_pm($UserID, 0, "$Type Deletion Request Denied.", "Your deletion request has been denied.\n\nIf you wish to discuss this matter further, please create a staff PM, or join ".BOT_HELP_CHAN." on IRC to speak with a staff member.");
+    }
+  }
+
+  $Cache->delete_value('num_deletion_requests');
+}
+
+View::show_header("Expunge Requests");
+
+?>
+
+<div class="header">
+  <h2>Expunge Requests</h2>
+</div>
+
+<? if (isset($Err)) { ?>
+<span>Error: <?=$Err?></span>
+<? } elseif (isset($Succ)) { ?>
+<span>Success: <?=$Succ?></span>
+<? } ?>
+
+<div class="thin">
+  <table width="100%">
+    <tr class="colhead">
+      <td>User</td>
+      <td>Type</td>
+      <td>Value</td>
+      <td>Reason</td>
+      <td>Accept</td>
+      <td>Deny</td>
+    </tr>
+<? foreach ($Requests as $Request) { ?>
+    <tr>
+      <td><?=Users::format_username($Request['UserID'])?></td>
+      <td><?=$Request['Type']?></td>
+      <td><?=DBCrypt::decrypt($Request['Value'])?></td>
+      <td><?=display_str($Request['Reason'])?></td>
+      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=false" class="brackets">Accept</a></td>
+      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=true" class="brackets">Deny</a></td>
+    </tr>
+<? } ?>
+  </table>
+</div>
+
+<? View::show_footer(); ?>

sections/user/user.php

@@ -224,6 +224,7 @@ if (check_perms('users_edit_profiles', $Class) || $LoggedUser['ID'] == $UserID)
 if ($LoggedUser['ID'] == $UserID) {
 ?>
     <a href="userhistory.php?action=useremail&userid=<?=$UserID?>" class="brackets">Email History</a>
+    <a href="userhistory.php?action=userip&userid=<?=$UserID?>" class="brackets">IP History</a>
 <?
 }
 if (check_perms('users_view_invites', $Class)) {

sections/userhistory/email_history_userview.php

@@ -15,11 +15,11 @@ if (!apcu_exists('DBKEY')) {
 }
 
 $DB->query("
-  SELECT DISTINCT h.email
-  FROM users_history_emails AS h
-  WHERE h.UserID = '$UserID'");
+  SELECT DISTINCT Email
+  FROM users_history_emails
+  WHERE UserID = '$UserID'");
 
-$EncEmails = $DB->collect("email");
+$EncEmails = $DB->collect("Email");
 $Emails = [];
 
 foreach ($EncEmails as $Enc) {
@@ -30,14 +30,14 @@ foreach ($EncEmails as $Enc) {
 }
 
 $DB->query("
-  SELECT email
+  SELECT Email
   FROM users_main
   WHERE ID = '$UserID'");
 
 list($Curr) = $DB->next_record();
 $Curr = DBCrypt::decrypt($Curr);
 
-if ($Self) {
+if (!$Self) {
   $DB->query("SELECT Username FROM users_main WHERE ID = '$UserID'");
   list($Username) = $DB->next_record();
 
@@ -58,7 +58,7 @@ if ($Self) {
 <table width="100%">
   <tr class="colhead">
     <td>Email</td>
-    <td>Delete</td>
+    <td>Expunge</td>
   </tr>
 <? foreach ($Emails as $Email => $Encs) { ?>
   <tr class="row">

sections/userhistory/index.php

@@ -37,6 +37,9 @@ if ($_GET['action']) {
     case 'useremail':
       include('email_history_userview.php');
       break;
+    case 'userip':
+      include('ip_history_userview.php');
+      break;
     case 'passkeys':
       //Load passkey history page
       include('passkey_history.php');

sections/userhistory/ip_history_userview.php

@@ -0,0 +1,74 @@
+<?
+$UserID = $_GET['userid'];
+if (!is_number($UserID)) {
+  error(404);
+}
+
+$Self = ($UserID == $LoggedUser['ID']);
+
+if (!check_perms('users_mod') && !$Self) {
+  error(403);
+}
+
+if (!apcu_exists('DBKEY')) {
+  error('The site is currently running with partial database access. Please wait for staff to fully decrypt it');
+}
+
+$DB->query("
+  SELECT IP
+  FROM users_history_ips
+  WHERE UserID = '$UserID'");
+
+$EncIPs = $DB->collect("IP");
+$IPs = [];
+
+foreach ($EncIPs as $Enc) {
+  if (!isset($IPs[DBCrypt::decrypt($Enc)])) {
+    $IPs[DBCrypt::decrypt($Enc)] = [];
+  }
+  $IPs[DBCrypt::decrypt($Enc)][] = $Enc;
+}
+
+$DB->query("
+  SELECT IP
+  FROM users_main
+  WHERE ID = '$UserID'");
+
+list($Curr) = $DB->next_record();
+$Curr = DBCrypt::decrypt($Curr);
+
+if (!$Self) {
+  $DB->query("SELECT Username FROM users_main WHERE ID = '$UserID'");
+  list($Username) = $DB->next_record();
+
+  View::show_header("IP history for $Username");
+} else {
+  View::show_header("Your IP history");
+}
+
+?>
+
+<div class="header">
+<? if ($Self) { ?>
+  <h2>Your IP history</h2>
+<? } else { ?>
+  <h2>IP history for <a href="user.php?id=<?=$UserID?>"><?=$Username?></a></h2>
+<? } ?>
+</div>
+<table width="100%">
+  <tr class="colhead">
+    <td>IP</td>
+    <td>Expunge</td>
+  </tr>
+<? foreach ($IPs as $IP => $Encs) { ?>
+  <tr class="row">
+    <td><?=display_str($IP)?></td>
+    <td>
+    <? if ($IP != $Curr) { ?>
+      <a href="delete.php?action=ip&ips[]=<?=implode('&ips[]=', array_map('urlencode', $Encs))?>" class="brackets">X</a>
+    <? } ?>
+    </td>
+  </tr>
+<? } ?>
+</table>
+<? View::show_footer(); ?>