complain check email and record ip

2026-04-14 12:30:49 +08:00 · 2022-10-13 00:48:02 +08:00
parent 4ffcacc131
commit 749afd6c5a
3 changed files with 47 additions and 4 deletions
--- a/database/migrations/2022_10_13_002653_add_ip_to_complains_table.php
+++ b/database/migrations/2022_10_13_002653_add_ip_to_complains_table.php
@@ -0,0 +1,38 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('complains', function (Blueprint $table) {
+            $table->string('ip')->nullable(true);
+        });
+        Schema::table('complain_replies', function (Blueprint $table) {
+            $table->string('ip')->nullable(true);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('complains', function (Blueprint $table) {
+            $table->dropColumn('ip');
+        });
+        Schema::table('complain_replies', function (Blueprint $table) {
+            $table->dropColumn('ip');
+        });
+    }
+};
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
 defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.29');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-10-12');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-10-13');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
--- a/public/complains.php
+++ b/public/complains.php
@@ -18,7 +18,11 @@ if($_SERVER['REQUEST_METHOD'] === 'POST'){
            $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
            $body = filter_input(INPUT_POST, 'body', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            if(empty($email) || empty($body)) stderr($lang_functions['std_error'], $lang_complains['text_new_failure']);
-            sql_query(sprintf('INSERT INTO complains (uuid, email, body, added) VALUES (UUID(), %s, %s, NOW())', sqlesc($email), sqlesc($body))) or sqlerr(__FILE__, __LINE__);
+            $user = \App\Models\User::query()->where('email', $email)->first();
+            if (!$user) {
+                stderr($lang_functions['std_error'], $lang_complains['text_new_failure']);
+            }
+            sql_query(sprintf('INSERT INTO complains (uuid, email, body, added, ip) VALUES (UUID(), %s, %s, NOW(), %s)', sqlesc($email), sqlesc($body), sqlesc(getip()))) or sqlerr(__FILE__, __LINE__);
            $Cache->delete_value('COMPLAINTS_COUNT_CACHE');
            nexus_redirect(sprintf('complains.php?action=view&id=%s', get_single_value('complains', 'uuid', 'WHERE id = ' . mysql_insert_id())));
            break;
@@ -27,7 +31,7 @@ if($_SERVER['REQUEST_METHOD'] === 'POST'){
            $body = filter_input(INPUT_POST, 'body', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            $complain = \App\Models\Complain::query()->findOrFail($id);
            if(empty($id) || empty($body)) stderr($lang_functions['std_error'], $lang_complains['text_new_failure']);
-            sql_query(sprintf('INSERT INTO complain_replies (complain, userid, added, body) VALUES (%u, %u, NOW(), %s)', $id, $uid, sqlesc($body))) or sqlerr(__FILE__, __LINE__);
+            sql_query(sprintf('INSERT INTO complain_replies (complain, userid, added, body, ip) VALUES (%u, %u, NOW(), %s, %s)', $id, $uid, sqlesc($body), sqlesc(getip()))) or sqlerr(__FILE__, __LINE__);
            if ($uid > 0) {
                try {
                    $toolRep = new \App\Repositories\ToolRepository();
@@ -111,6 +115,7 @@ if($_SERVER['REQUEST_METHOD'] === 'POST'){
                    printf(' [<a href="user-ban-log.php?q=%s" class="faqlink" target="_blank">%s</a>]', urlencode($user->username), $lang_complains['text_view_band_log']);
                }
            }
+            printf('<br />IP: ' . htmlspecialchars($complain['ip']));
            echo '<hr />', format_comment($complain['body']);
            end_frame();
            // REPLIES
@@ -118,7 +123,7 @@ if($_SERVER['REQUEST_METHOD'] === 'POST'){
            $res = sql_query(sprintf('SELECT * FROM `complain_replies` WHERE complain = %u ORDER BY id DESC', $complain['id'])) or sqlerr(__FILE__, __LINE__);
            if(mysql_num_rows($res)){
                while($row = mysql_fetch_assoc($res)){
-                    printf('<b>%s @ %s</b>: ', $row['userid'] ? get_plain_username($row['userid']) : $lang_complains['text_complainer'], gettime($row['added']));
+                    printf('<b>%s @ %s (%s): </b>', $row['userid'] ? get_plain_username($row['userid']) : $lang_complains['text_complainer'], gettime($row['added']), htmlspecialchars($row['ip']));
                    echo format_comment($row['body']) . '<hr />';
                }
            }else{