mdaniels5757 / waca

config.inc.php

Indentation +52 added lines, -52 removed lines

@@ -183,56 +183,56 @@
 // Initialise the site configuration object
 global $siteConfiguration;
 $siteConfiguration->setBaseUrl($baseurl)
-    ->setFilePath(__DIR__)
-    ->setDebuggingTraceEnabled($enableErrorTrace)
-    ->setDebuggingCssBreakpointsEnabled($enableCssBreakpoints)
-    ->setForceIdentification($forceIdentification)
-    ->setIdentificationCacheExpiry($identificationCacheExpiry)
-    ->setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
-    ->setEnforceOAuth($enforceOAuth)
-    ->setEmailConfirmationEnabled($enableEmailConfirm == 1)
-    ->setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
-    ->setMiserModeLimit($requestLimitShowOnly)
-    ->setSquidList($squidIpList)
-    ->setUseStrictTransportSecurity($strictTransportSecurityExpiry)
-    ->setUserAgent($toolUserAgent)
-    ->setCurlDisableVerifyPeer($curlDisableSSLVerifyPeer)
-    ->setUseOAuthSignup($useOauthSignup)
-    ->setOAuthConsumerToken($oauthConsumerToken)
-    ->setOAuthLegacyConsumerTokens($oauthLegacyTokens)
-    ->setOAuthConsumerSecret($oauthSecretToken)
-    ->setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
-    ->setDataClearInterval($dataclear_interval)
-    ->setXffTrustedHostsFile($xff_trusted_hosts_file)
-    ->setIrcNotificationsEnabled($ircBotNotificationsEnabled == 1)
-    ->setIrcNotificationsInstance($whichami)
-    ->setTitleBlacklistEnabled($enableTitleblacklist == 1)
-    ->setTorExitPaths(array_merge(gethostbynamel('en.wikipedia.org'), gethostbynamel('accounts.wmflabs.org')))
-    ->setCreationBotUsername($creationBotUsername)
-    ->setCreationBotPassword($creationBotPassword)
-    ->setCurlCookieJar($curlCookieJar)
-    ->setYubicoApiId($yubicoApiId)
-    ->setYubicoApiKey($yubicoApiKey)
-    ->setTotpEncryptionKey($totpEncryptionKey)
-    ->setRegistrationAllowed($allowRegistration)
-    ->setCspReportUri($cspReportUri)
-    ->setResourceCacheEpoch($resourceCacheEpoch)
-    ->setLocationProviderApiKey($locationProviderApiKey)
-    ->setCommonEmailDomains($commonEmailDomains)
-    ->setBanMaxIpRange($banMaxIpRange)
-    ->setBanMaxIpBlockRange($banMaxIpBlockRange)
-    ->setJobQueueBatchSize($jobQueueBatchSize)
-    ->setAmqpConfiguration($amqpConfiguration)
-    ->setEmailSender($emailSender)
-    ->setIdentificationNoticeboardPage($identificationNoticeboardPage)
-    ->setIdentificationNoticeboardWebserviceEndpoint($identificationNoticeboardApi)
-    ->setAcceptClientHints($acceptClientHints)
-    ->setOffline(['offline' => $dontUseDb == 1, 'reason' => $dontUseDbReason, 'culprit' => $dontUseDbCulprit])
-    ->setDatabaseConfig([
-        'datasource' => 'mysql:host=' . $toolserver_host . ';dbname=' . $toolserver_database,
-        'username' => $toolserver_username,
-        'password' => $toolserver_password,
-    ])
-    ->setCookiePath($cookiepath)
-    ->setCookieSessionName($sessionname)
+	->setFilePath(__DIR__)
+	->setDebuggingTraceEnabled($enableErrorTrace)
+	->setDebuggingCssBreakpointsEnabled($enableCssBreakpoints)
+	->setForceIdentification($forceIdentification)
+	->setIdentificationCacheExpiry($identificationCacheExpiry)
+	->setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
+	->setEnforceOAuth($enforceOAuth)
+	->setEmailConfirmationEnabled($enableEmailConfirm == 1)
+	->setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
+	->setMiserModeLimit($requestLimitShowOnly)
+	->setSquidList($squidIpList)
+	->setUseStrictTransportSecurity($strictTransportSecurityExpiry)
+	->setUserAgent($toolUserAgent)
+	->setCurlDisableVerifyPeer($curlDisableSSLVerifyPeer)
+	->setUseOAuthSignup($useOauthSignup)
+	->setOAuthConsumerToken($oauthConsumerToken)
+	->setOAuthLegacyConsumerTokens($oauthLegacyTokens)
+	->setOAuthConsumerSecret($oauthSecretToken)
+	->setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
+	->setDataClearInterval($dataclear_interval)
+	->setXffTrustedHostsFile($xff_trusted_hosts_file)
+	->setIrcNotificationsEnabled($ircBotNotificationsEnabled == 1)
+	->setIrcNotificationsInstance($whichami)
+	->setTitleBlacklistEnabled($enableTitleblacklist == 1)
+	->setTorExitPaths(array_merge(gethostbynamel('en.wikipedia.org'), gethostbynamel('accounts.wmflabs.org')))
+	->setCreationBotUsername($creationBotUsername)
+	->setCreationBotPassword($creationBotPassword)
+	->setCurlCookieJar($curlCookieJar)
+	->setYubicoApiId($yubicoApiId)
+	->setYubicoApiKey($yubicoApiKey)
+	->setTotpEncryptionKey($totpEncryptionKey)
+	->setRegistrationAllowed($allowRegistration)
+	->setCspReportUri($cspReportUri)
+	->setResourceCacheEpoch($resourceCacheEpoch)
+	->setLocationProviderApiKey($locationProviderApiKey)
+	->setCommonEmailDomains($commonEmailDomains)
+	->setBanMaxIpRange($banMaxIpRange)
+	->setBanMaxIpBlockRange($banMaxIpBlockRange)
+	->setJobQueueBatchSize($jobQueueBatchSize)
+	->setAmqpConfiguration($amqpConfiguration)
+	->setEmailSender($emailSender)
+	->setIdentificationNoticeboardPage($identificationNoticeboardPage)
+	->setIdentificationNoticeboardWebserviceEndpoint($identificationNoticeboardApi)
+	->setAcceptClientHints($acceptClientHints)
+	->setOffline(['offline' => $dontUseDb == 1, 'reason' => $dontUseDbReason, 'culprit' => $dontUseDbCulprit])
+	->setDatabaseConfig([
+		'datasource' => 'mysql:host=' . $toolserver_host . ';dbname=' . $toolserver_database,
+		'username' => $toolserver_username,
+		'password' => $toolserver_password,
+	])
+	->setCookiePath($cookiepath)
+	->setCookieSessionName($sessionname)
 ;

includes/Pages/PageBan.php

Indentation +657 added lines, -657 removed lines

@@ -26,663 +26,663 @@
 
 class PageBan extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main(): void
-    {
-        $this->assignCSRFToken();
-        $this->setHtmlTitle('Bans');
-
-        $database = $this->getDatabase();
-        $currentDomain = Domain::getCurrent($database);
-        $bans = Ban::getActiveBans($database, $currentDomain->getId());
-
-        $this->setupBanList($bans);
-
-        $this->assign('isFiltered', false);
-        $this->setTemplate('bans/main.tpl');
-    }
-
-    protected function show(): void
-    {
-        $this->assignCSRFToken();
-        $this->setHtmlTitle('Bans');
-
-        $rawIdList = WebRequest::getString('id');
-        if ($rawIdList === null) {
-            $this->redirect('bans');
-
-            return;
-        }
-
-        $idList = explode(',', $rawIdList);
-
-        $database = $this->getDatabase();
-        $currentDomain = Domain::getCurrent($database);
-        $bans = Ban::getByIdList($idList, $database, $currentDomain->getId());
-
-        $this->setupBanList($bans);
-        $this->assign('isFiltered', true);
-        $this->setTemplate('bans/main.tpl');
-    }
-
-    /**
-     * Entry point for the ban set action
-     * @throws SmartyException
-     * @throws Exception
-     */
-    protected function set(): void
-    {
-        $this->setHtmlTitle('Bans');
-
-        // dual-mode action
-        if (WebRequest::wasPosted()) {
-            try {
-                $this->handlePostMethodForSetBan();
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect("bans", "set");
-            }
-        }
-        else {
-            $this->handleGetMethodForSetBan();
-
-            $user = User::getCurrent($this->getDatabase());
-            $banType = WebRequest::getString('type');
-            $banRequest = WebRequest::getInt('request');
-
-            // if the parameters are null, skip loading a request.
-            if ($banType !== null && $banRequest !== null && $banRequest !== 0) {
-                $this->preloadFormForRequest($banRequest, $banType, $user);
-            }
-        }
-    }
-
-    protected function replace(): void
-    {
-        $this->setHtmlTitle('Bans');
-
-        $database = $this->getDatabase();
-        $domain = Domain::getCurrent($database);
-
-        // dual-mode action
-        if (WebRequest::wasPosted()) {
-            try {
-                $originalBanId = WebRequest::postInt('replaceBanId');
-                $originalBanUpdateVersion = WebRequest::postInt('replaceBanUpdateVersion');
-
-                $originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
-
-                if ($originalBan === false) {
-                    throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-                }
-
-                // Discard original ban; we're replacing it.
-                $originalBan->setUpdateVersion($originalBanUpdateVersion);
-                $originalBan->setActive(false);
-                $originalBan->save();
-
-                Logger::banReplaced($database, $originalBan);
-
-                // Proceed as normal to save the new ban.
-                $this->handlePostMethodForSetBan();
-            }
-            catch (ApplicationLogicException $ex) {
-                $database->rollback();
-                SessionAlert::error($ex->getMessage());
-                $this->redirect("bans", "set");
-            }
-        }
-        else {
-            $this->handleGetMethodForSetBan();
-
-            $user = User::getCurrent($database);
-            $originalBanId = WebRequest::getString('id');
-
-            $originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
-
-            if ($originalBan === false) {
-                throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-            }
-
-            if ($originalBan->getName() !== null) {
-                if (!$this->barrierTest('name', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banName', $originalBan->getName());
-            }
-
-            if ($originalBan->getEmail() !== null) {
-                if (!$this->barrierTest('email', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banEmail', $originalBan->getEmail());
-            }
-
-            if ($originalBan->getUseragent() !== null) {
-                if (!$this->barrierTest('useragent', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banUseragent', $originalBan->getUseragent());
-            }
-
-            if ($originalBan->getIp() !== null) {
-                if (!$this->barrierTest('ip', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banIP', $originalBan->getIp() . '/' . $originalBan->getIpMask());
-            }
-
-            $banIsGlobal = $originalBan->getDomain() === null;
-            if ($banIsGlobal) {
-                if (!$this->barrierTest('global', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-            }
-
-            if (!$this->barrierTest($originalBan->getVisibility(), $user, 'BanVisibility')) {
-                SessionAlert::error("You are not allowed to set this type of ban.");
-                $this->redirect("bans", "set");
-                return;
-            }
-
-            $this->assign('banGlobal', $banIsGlobal);
-            $this->assign('banVisibility', $originalBan->getVisibility());
-
-            if ($originalBan->getDuration() !== null) {
-                $this->assign('banDuration', date('c', $originalBan->getDuration()));
-            }
-
-            $this->assign('banReason', $originalBan->getReason());
-            $this->assign('banAction', $originalBan->getAction());
-            $this->assign('banQueue', $originalBan->getTargetQueue());
-
-            $this->assign('replaceBanId', $originalBan->getId());
-            $this->assign('replaceBanUpdateVersion', $originalBan->getUpdateVersion());
-        }
-    }
-
-    /**
-     * Entry point for the ban remove action
-     *
-     * @throws AccessDeniedException
-     * @throws ApplicationLogicException
-     * @throws SmartyException
-     */
-    protected function remove(): void
-    {
-        $this->setHtmlTitle('Bans');
-
-        $ban = $this->getBanForUnban();
-
-        $banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
-        if (!$banHelper->canUnban($ban)) {
-            // triggered when a user tries to unban a ban they can't see the entirety of.
-            // there's no UI way to get to this, so a raw exception is fine.
-            throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
-        }
-
-        // dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $unbanReason = WebRequest::postString('unbanreason');
-
-            if ($unbanReason === null || trim($unbanReason) === "") {
-                SessionAlert::error('No unban reason specified');
-                $this->redirect("bans", "remove", array('id' => $ban->getId()));
-            }
-
-            // set optimistic locking from delete form page load
-            $updateVersion = WebRequest::postInt('updateversion');
-            $ban->setUpdateVersion($updateVersion);
-
-            $database = $this->getDatabase();
-            $ban->setActive(false);
-            $ban->save();
-
-            Logger::unbanned($database, $ban, $unbanReason);
-
-            SessionAlert::quick('Disabled ban.');
-            $this->getNotificationHelper()->unbanned($ban, $unbanReason);
-
-            $this->redirect('bans');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('ban', $ban);
-            $this->setTemplate('bans/unban.tpl');
-        }
-    }
-
-    /**
-     * Retrieves the requested ban duration from the WebRequest
-     *
-     * @throws ApplicationLogicException
-     */
-    private function getBanDuration(): ?int
-    {
-        $duration = WebRequest::postString('duration');
-        if ($duration === "other") {
-            $duration = strtotime(WebRequest::postString('otherduration'));
-
-            if (!$duration) {
-                throw new ApplicationLogicException('Invalid ban time');
-            }
-            elseif (time() > $duration) {
-                throw new ApplicationLogicException('Ban time has already expired!');
-            }
-
-            return $duration;
-        }
-        elseif ($duration === "-1") {
-            return null;
-        }
-        else {
-            return WebRequest::postInt('duration') + time();
-        }
-    }
-
-    /**
-     * Handles the POST method on the set action
-     *
-     * @throws ApplicationLogicException
-     * @throws Exception
-     */
-    private function handlePostMethodForSetBan()
-    {
-        $this->validateCSRFToken();
-        $database = $this->getDatabase();
-        $user = User::getCurrent($database);
-        $currentDomain = Domain::getCurrent($database);
-
-        // Checks whether there is a reason entered for ban.
-        $reason = WebRequest::postString('banreason');
-        if ($reason === null || trim($reason) === "") {
-            throw new ApplicationLogicException('You must specify a ban reason');
-        }
-
-        // ban targets
-        list($targetName, $targetIp, $targetEmail, $targetUseragent) = $this->getRawBanTargets($user);
-
-        $visibility = $this->getBanVisibility();
-
-        // Validate ban duration
-        $duration = $this->getBanDuration();
-
-        $action = WebRequest::postString('banAction') ?? Ban::ACTION_NONE;
-
-        $global = WebRequest::postBoolean('banGlobal');
-        if (!$this->barrierTest('global', $user, 'BanType')) {
-            $global = false;
-        }
-
-        if ($action === Ban::ACTION_DEFER && $global) {
-            throw new ApplicationLogicException("Cannot set a global ban in defer-to-queue mode.");
-        }
-
-        // handle CIDR ranges
-        $targetMask = null;
-        if ($targetIp !== null) {
-            list($targetIp, $targetMask) = $this->splitCidrRange($targetIp);
-            $this->validateIpBan($targetIp, $targetMask, $user, $action);
-        }
-
-        $banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
-
-        $bansByTarget = $banHelper->getBansByTarget(
-            $targetName,
-            $targetEmail,
-            $targetIp,
-            $targetMask,
-            $targetUseragent,
-            $currentDomain->getId());
-
-        if (count($bansByTarget) > 0) {
-            throw new ApplicationLogicException('This target is already banned!');
-        }
-
-        $ban = new Ban();
-        $ban->setDatabase($database);
-        $ban->setActive(true);
-
-        $ban->setName($targetName);
-        $ban->setIp($targetIp, $targetMask);
-        $ban->setEmail($targetEmail);
-        $ban->setUseragent($targetUseragent);
-
-        $ban->setUser($user->getId());
-        $ban->setReason($reason);
-        $ban->setDuration($duration);
-        $ban->setVisibility($visibility);
-
-        $ban->setDomain($global ? null : $currentDomain->getId());
-
-        $ban->setAction($action);
-        if ($ban->getAction() === Ban::ACTION_DEFER) {
-            //FIXME: domains
-            $queue = RequestQueue::getByApiName($database, WebRequest::postString('banActionTarget'), 1);
-            if ($queue === false) {
-                throw new ApplicationLogicException("Unknown target queue");
-            }
-
-            if (!$queue->isEnabled()) {
-                throw new ApplicationLogicException("Target queue is not enabled");
-            }
-
-            $ban->setTargetQueue($queue->getId());
-        }
-
-        $ban->save();
-
-        Logger::banned($database, $ban, $reason);
-
-        $this->getNotificationHelper()->banned($ban);
-        SessionAlert::quick('Ban has been set.');
-
-        $this->redirect('bans');
-    }
-
-    /**
-     * Handles the GET method on the set action
-     * @throws Exception
-     */
-    private function handleGetMethodForSetBan()
-    {
-        $this->setTemplate('bans/banform.tpl');
-        $this->assignCSRFToken();
-
-        $this->assign('maxIpRange', $this->getSiteConfiguration()->getBanMaxIpRange());
-        $this->assign('maxIpBlockRange', $this->getSiteConfiguration()->getBanMaxIpBlockRange());
-
-        $this->assign('banVisibility', 'user');
-        $this->assign('banGlobal', false);
-        $this->assign('banQueue', false);
-        $this->assign('banAction', Ban::ACTION_BLOCK);
-        $this->assign('banDuration', '');
-        $this->assign('banReason', '');
-
-        $this->assign('banEmail', '');
-        $this->assign('banIP', '');
-        $this->assign('banName', '');
-        $this->assign('banUseragent', '');
-
-        $this->assign('replaceBanId', null);
-
-
-
-        $database = $this->getDatabase();
-
-        $user = User::getCurrent($database);
-        $this->setupSecurity($user);
-
-        $queues = RequestQueue::getEnabledQueues($database);
-
-        $this->assign('requestQueues', $queues);
-    }
-
-    /**
-     * Finds the Ban object referenced in the WebRequest if it is valid
-     *
-     * @return Ban
-     * @throws ApplicationLogicException
-     */
-    private function getBanForUnban(): Ban
-    {
-        $banId = WebRequest::getInt('id');
-        if ($banId === null || $banId === 0) {
-            throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
-        }
-
-        $database = $this->getDatabase();
-        $this->setupSecurity(User::getCurrent($database));
-        $currentDomain = Domain::getCurrent($database);
-        $ban = Ban::getActiveId($banId, $database, $currentDomain->getId());
-
-        if ($ban === false) {
-            throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-        }
-
-        return $ban;
-    }
-
-    /**
-     * Sets up Smarty variables for access control
-     */
-    private function setupSecurity(User $user): void
-    {
-        $this->assign('canSeeIpBan', $this->barrierTest('ip', $user, 'BanType'));
-        $this->assign('canSeeNameBan', $this->barrierTest('name', $user, 'BanType'));
-        $this->assign('canSeeEmailBan', $this->barrierTest('email', $user, 'BanType'));
-        $this->assign('canSeeUseragentBan', $this->barrierTest('useragent', $user, 'BanType'));
-
-        $this->assign('canGlobalBan', $this->barrierTest('global', $user, 'BanType'));
-
-        $this->assign('canSeeUserVisibility', $this->barrierTest('user', $user, 'BanVisibility'));
-        $this->assign('canSeeAdminVisibility', $this->barrierTest('admin', $user, 'BanVisibility'));
-        $this->assign('canSeeCheckuserVisibility', $this->barrierTest('checkuser', $user, 'BanVisibility'));
-    }
-
-    /**
-     * Validates that the provided IP is acceptable for a ban of this type
-     *
-     * @param string $targetIp   IP address
-     * @param int    $targetMask CIDR prefix length
-     * @param User   $user       User performing the ban
-     * @param string $action     Ban action to take
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateIpBan(string $targetIp, int $targetMask, User $user, string $action): void
-    {
-        // validate this is an IP
-        if (!filter_var($targetIp, FILTER_VALIDATE_IP)) {
-            throw new ApplicationLogicException("Not a valid IP address");
-        }
-
-        $canLargeIpBan = $this->barrierTest('ip-largerange', $user, 'BanType');
-        $maxIpBlockRange = $this->getSiteConfiguration()->getBanMaxIpBlockRange();
-        $maxIpRange = $this->getSiteConfiguration()->getBanMaxIpRange();
-
-        // validate CIDR ranges
-        if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
-            if ($targetMask < 0 || $targetMask > 128) {
-                throw new ApplicationLogicException("CIDR mask out of range for IPv6");
-            }
-
-            // prevent setting the ban if:
-            //  * the user isn't allowed to set large bans, AND
-            //  * the ban is a drop or a block (preventing human review of the request), AND
-            //  * the mask is too wide-reaching
-            if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[6]) {
-                throw new ApplicationLogicException("The requested IP range for this ban is too wide for the block/drop action.");
-            }
-
-            if (!$canLargeIpBan && $targetMask < $maxIpRange[6]) {
-                throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
-            }
-        }
-
-        if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
-            if ($targetMask < 0 || $targetMask > 32) {
-                throw new ApplicationLogicException("CIDR mask out of range for IPv4");
-            }
-
-            if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[4]) {
-                throw new ApplicationLogicException("The IP range for this ban is too wide for the block/drop action.");
-            }
-
-            if (!$canLargeIpBan && $targetMask < $maxIpRange[4]) {
-                throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
-            }
-        }
-
-        $squidIpList = $this->getSiteConfiguration()->getSquidList();
-        if (in_array($targetIp, $squidIpList)) {
-            throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
-        }
-    }
-
-    /**
-     * Configures a ban list template for display
-     *
-     * @param Ban[] $bans
-     */
-    private function setupBanList(array $bans): void
-    {
-        $userIds = array_map(fn(Ban $entry) => $entry->getUser(), $bans);
-        $userList = UserSearchHelper::get($this->getDatabase())->inIds($userIds)->fetchMap('username');
-
-        $domainIds = array_filter(array_unique(array_map(fn(Ban $entry) => $entry->getDomain(), $bans)));
-        $domains = [];
-        foreach ($domainIds as $d) {
-            if ($d === null) {
-                continue;
-            }
-            $domains[$d] = Domain::getById($d, $this->getDatabase());
-        }
-
-        $this->assign('domains', $domains);
-
-        $user = User::getCurrent($this->getDatabase());
-        $this->assign('canSet', $this->barrierTest('set', $user));
-        $this->assign('canRemove', $this->barrierTest('remove', $user));
-
-        $this->setupSecurity($user);
-
-        $this->assign('usernames', $userList);
-        $this->assign('activebans', $bans);
-
-        $banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
-        $this->assign('banHelper', $banHelper);
-    }
-
-    /**
-     * Converts a plain IP or CIDR mask into an IP and a CIDR suffix
-     *
-     * @param string $targetIp IP or CIDR range
-     *
-     * @return array
-     */
-    private function splitCidrRange(string $targetIp): array
-    {
-        if (strpos($targetIp, '/') !== false) {
-            $ipParts = explode('/', $targetIp, 2);
-            $targetIp = $ipParts[0];
-            $targetMask = (int)$ipParts[1];
-        }
-        else {
-            // Default the CIDR range based on the IP type
-            $targetMask = filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ? 128 : 32;
-        }
-
-        return array($targetIp, $targetMask);
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main(): void
+	{
+		$this->assignCSRFToken();
+		$this->setHtmlTitle('Bans');
+
+		$database = $this->getDatabase();
+		$currentDomain = Domain::getCurrent($database);
+		$bans = Ban::getActiveBans($database, $currentDomain->getId());
+
+		$this->setupBanList($bans);
+
+		$this->assign('isFiltered', false);
+		$this->setTemplate('bans/main.tpl');
+	}
+
+	protected function show(): void
+	{
+		$this->assignCSRFToken();
+		$this->setHtmlTitle('Bans');
+
+		$rawIdList = WebRequest::getString('id');
+		if ($rawIdList === null) {
+			$this->redirect('bans');
+
+			return;
+		}
+
+		$idList = explode(',', $rawIdList);
+
+		$database = $this->getDatabase();
+		$currentDomain = Domain::getCurrent($database);
+		$bans = Ban::getByIdList($idList, $database, $currentDomain->getId());
+
+		$this->setupBanList($bans);
+		$this->assign('isFiltered', true);
+		$this->setTemplate('bans/main.tpl');
+	}
+
+	/**
+	 * Entry point for the ban set action
+	 * @throws SmartyException
+	 * @throws Exception
+	 */
+	protected function set(): void
+	{
+		$this->setHtmlTitle('Bans');
+
+		// dual-mode action
+		if (WebRequest::wasPosted()) {
+			try {
+				$this->handlePostMethodForSetBan();
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect("bans", "set");
+			}
+		}
+		else {
+			$this->handleGetMethodForSetBan();
+
+			$user = User::getCurrent($this->getDatabase());
+			$banType = WebRequest::getString('type');
+			$banRequest = WebRequest::getInt('request');
+
+			// if the parameters are null, skip loading a request.
+			if ($banType !== null && $banRequest !== null && $banRequest !== 0) {
+				$this->preloadFormForRequest($banRequest, $banType, $user);
+			}
+		}
+	}
+
+	protected function replace(): void
+	{
+		$this->setHtmlTitle('Bans');
+
+		$database = $this->getDatabase();
+		$domain = Domain::getCurrent($database);
+
+		// dual-mode action
+		if (WebRequest::wasPosted()) {
+			try {
+				$originalBanId = WebRequest::postInt('replaceBanId');
+				$originalBanUpdateVersion = WebRequest::postInt('replaceBanUpdateVersion');
+
+				$originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
+
+				if ($originalBan === false) {
+					throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+				}
+
+				// Discard original ban; we're replacing it.
+				$originalBan->setUpdateVersion($originalBanUpdateVersion);
+				$originalBan->setActive(false);
+				$originalBan->save();
+
+				Logger::banReplaced($database, $originalBan);
+
+				// Proceed as normal to save the new ban.
+				$this->handlePostMethodForSetBan();
+			}
+			catch (ApplicationLogicException $ex) {
+				$database->rollback();
+				SessionAlert::error($ex->getMessage());
+				$this->redirect("bans", "set");
+			}
+		}
+		else {
+			$this->handleGetMethodForSetBan();
+
+			$user = User::getCurrent($database);
+			$originalBanId = WebRequest::getString('id');
+
+			$originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
+
+			if ($originalBan === false) {
+				throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+			}
+
+			if ($originalBan->getName() !== null) {
+				if (!$this->barrierTest('name', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banName', $originalBan->getName());
+			}
+
+			if ($originalBan->getEmail() !== null) {
+				if (!$this->barrierTest('email', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banEmail', $originalBan->getEmail());
+			}
+
+			if ($originalBan->getUseragent() !== null) {
+				if (!$this->barrierTest('useragent', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banUseragent', $originalBan->getUseragent());
+			}
+
+			if ($originalBan->getIp() !== null) {
+				if (!$this->barrierTest('ip', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banIP', $originalBan->getIp() . '/' . $originalBan->getIpMask());
+			}
+
+			$banIsGlobal = $originalBan->getDomain() === null;
+			if ($banIsGlobal) {
+				if (!$this->barrierTest('global', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+			}
+
+			if (!$this->barrierTest($originalBan->getVisibility(), $user, 'BanVisibility')) {
+				SessionAlert::error("You are not allowed to set this type of ban.");
+				$this->redirect("bans", "set");
+				return;
+			}
+
+			$this->assign('banGlobal', $banIsGlobal);
+			$this->assign('banVisibility', $originalBan->getVisibility());
+
+			if ($originalBan->getDuration() !== null) {
+				$this->assign('banDuration', date('c', $originalBan->getDuration()));
+			}
+
+			$this->assign('banReason', $originalBan->getReason());
+			$this->assign('banAction', $originalBan->getAction());
+			$this->assign('banQueue', $originalBan->getTargetQueue());
+
+			$this->assign('replaceBanId', $originalBan->getId());
+			$this->assign('replaceBanUpdateVersion', $originalBan->getUpdateVersion());
+		}
+	}
+
+	/**
+	 * Entry point for the ban remove action
+	 *
+	 * @throws AccessDeniedException
+	 * @throws ApplicationLogicException
+	 * @throws SmartyException
+	 */
+	protected function remove(): void
+	{
+		$this->setHtmlTitle('Bans');
+
+		$ban = $this->getBanForUnban();
+
+		$banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
+		if (!$banHelper->canUnban($ban)) {
+			// triggered when a user tries to unban a ban they can't see the entirety of.
+			// there's no UI way to get to this, so a raw exception is fine.
+			throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
+		}
+
+		// dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$unbanReason = WebRequest::postString('unbanreason');
+
+			if ($unbanReason === null || trim($unbanReason) === "") {
+				SessionAlert::error('No unban reason specified');
+				$this->redirect("bans", "remove", array('id' => $ban->getId()));
+			}
+
+			// set optimistic locking from delete form page load
+			$updateVersion = WebRequest::postInt('updateversion');
+			$ban->setUpdateVersion($updateVersion);
+
+			$database = $this->getDatabase();
+			$ban->setActive(false);
+			$ban->save();
+
+			Logger::unbanned($database, $ban, $unbanReason);
+
+			SessionAlert::quick('Disabled ban.');
+			$this->getNotificationHelper()->unbanned($ban, $unbanReason);
+
+			$this->redirect('bans');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('ban', $ban);
+			$this->setTemplate('bans/unban.tpl');
+		}
+	}
+
+	/**
+	 * Retrieves the requested ban duration from the WebRequest
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanDuration(): ?int
+	{
+		$duration = WebRequest::postString('duration');
+		if ($duration === "other") {
+			$duration = strtotime(WebRequest::postString('otherduration'));
+
+			if (!$duration) {
+				throw new ApplicationLogicException('Invalid ban time');
+			}
+			elseif (time() > $duration) {
+				throw new ApplicationLogicException('Ban time has already expired!');
+			}
+
+			return $duration;
+		}
+		elseif ($duration === "-1") {
+			return null;
+		}
+		else {
+			return WebRequest::postInt('duration') + time();
+		}
+	}
+
+	/**
+	 * Handles the POST method on the set action
+	 *
+	 * @throws ApplicationLogicException
+	 * @throws Exception
+	 */
+	private function handlePostMethodForSetBan()
+	{
+		$this->validateCSRFToken();
+		$database = $this->getDatabase();
+		$user = User::getCurrent($database);
+		$currentDomain = Domain::getCurrent($database);
+
+		// Checks whether there is a reason entered for ban.
+		$reason = WebRequest::postString('banreason');
+		if ($reason === null || trim($reason) === "") {
+			throw new ApplicationLogicException('You must specify a ban reason');
+		}
+
+		// ban targets
+		list($targetName, $targetIp, $targetEmail, $targetUseragent) = $this->getRawBanTargets($user);
+
+		$visibility = $this->getBanVisibility();
+
+		// Validate ban duration
+		$duration = $this->getBanDuration();
+
+		$action = WebRequest::postString('banAction') ?? Ban::ACTION_NONE;
+
+		$global = WebRequest::postBoolean('banGlobal');
+		if (!$this->barrierTest('global', $user, 'BanType')) {
+			$global = false;
+		}
+
+		if ($action === Ban::ACTION_DEFER && $global) {
+			throw new ApplicationLogicException("Cannot set a global ban in defer-to-queue mode.");
+		}
+
+		// handle CIDR ranges
+		$targetMask = null;
+		if ($targetIp !== null) {
+			list($targetIp, $targetMask) = $this->splitCidrRange($targetIp);
+			$this->validateIpBan($targetIp, $targetMask, $user, $action);
+		}
+
+		$banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
+
+		$bansByTarget = $banHelper->getBansByTarget(
+			$targetName,
+			$targetEmail,
+			$targetIp,
+			$targetMask,
+			$targetUseragent,
+			$currentDomain->getId());
+
+		if (count($bansByTarget) > 0) {
+			throw new ApplicationLogicException('This target is already banned!');
+		}
+
+		$ban = new Ban();
+		$ban->setDatabase($database);
+		$ban->setActive(true);
+
+		$ban->setName($targetName);
+		$ban->setIp($targetIp, $targetMask);
+		$ban->setEmail($targetEmail);
+		$ban->setUseragent($targetUseragent);
+
+		$ban->setUser($user->getId());
+		$ban->setReason($reason);
+		$ban->setDuration($duration);
+		$ban->setVisibility($visibility);
+
+		$ban->setDomain($global ? null : $currentDomain->getId());
+
+		$ban->setAction($action);
+		if ($ban->getAction() === Ban::ACTION_DEFER) {
+			//FIXME: domains
+			$queue = RequestQueue::getByApiName($database, WebRequest::postString('banActionTarget'), 1);
+			if ($queue === false) {
+				throw new ApplicationLogicException("Unknown target queue");
+			}
+
+			if (!$queue->isEnabled()) {
+				throw new ApplicationLogicException("Target queue is not enabled");
+			}
+
+			$ban->setTargetQueue($queue->getId());
+		}
+
+		$ban->save();
+
+		Logger::banned($database, $ban, $reason);
+
+		$this->getNotificationHelper()->banned($ban);
+		SessionAlert::quick('Ban has been set.');
+
+		$this->redirect('bans');
+	}
+
+	/**
+	 * Handles the GET method on the set action
+	 * @throws Exception
+	 */
+	private function handleGetMethodForSetBan()
+	{
+		$this->setTemplate('bans/banform.tpl');
+		$this->assignCSRFToken();
+
+		$this->assign('maxIpRange', $this->getSiteConfiguration()->getBanMaxIpRange());
+		$this->assign('maxIpBlockRange', $this->getSiteConfiguration()->getBanMaxIpBlockRange());
+
+		$this->assign('banVisibility', 'user');
+		$this->assign('banGlobal', false);
+		$this->assign('banQueue', false);
+		$this->assign('banAction', Ban::ACTION_BLOCK);
+		$this->assign('banDuration', '');
+		$this->assign('banReason', '');
+
+		$this->assign('banEmail', '');
+		$this->assign('banIP', '');
+		$this->assign('banName', '');
+		$this->assign('banUseragent', '');
+
+		$this->assign('replaceBanId', null);
+
+
+
+		$database = $this->getDatabase();
+
+		$user = User::getCurrent($database);
+		$this->setupSecurity($user);
+
+		$queues = RequestQueue::getEnabledQueues($database);
+
+		$this->assign('requestQueues', $queues);
+	}
+
+	/**
+	 * Finds the Ban object referenced in the WebRequest if it is valid
+	 *
+	 * @return Ban
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanForUnban(): Ban
+	{
+		$banId = WebRequest::getInt('id');
+		if ($banId === null || $banId === 0) {
+			throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
+		}
+
+		$database = $this->getDatabase();
+		$this->setupSecurity(User::getCurrent($database));
+		$currentDomain = Domain::getCurrent($database);
+		$ban = Ban::getActiveId($banId, $database, $currentDomain->getId());
+
+		if ($ban === false) {
+			throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+		}
+
+		return $ban;
+	}
+
+	/**
+	 * Sets up Smarty variables for access control
+	 */
+	private function setupSecurity(User $user): void
+	{
+		$this->assign('canSeeIpBan', $this->barrierTest('ip', $user, 'BanType'));
+		$this->assign('canSeeNameBan', $this->barrierTest('name', $user, 'BanType'));
+		$this->assign('canSeeEmailBan', $this->barrierTest('email', $user, 'BanType'));
+		$this->assign('canSeeUseragentBan', $this->barrierTest('useragent', $user, 'BanType'));
+
+		$this->assign('canGlobalBan', $this->barrierTest('global', $user, 'BanType'));
+
+		$this->assign('canSeeUserVisibility', $this->barrierTest('user', $user, 'BanVisibility'));
+		$this->assign('canSeeAdminVisibility', $this->barrierTest('admin', $user, 'BanVisibility'));
+		$this->assign('canSeeCheckuserVisibility', $this->barrierTest('checkuser', $user, 'BanVisibility'));
+	}
+
+	/**
+	 * Validates that the provided IP is acceptable for a ban of this type
+	 *
+	 * @param string $targetIp   IP address
+	 * @param int    $targetMask CIDR prefix length
+	 * @param User   $user       User performing the ban
+	 * @param string $action     Ban action to take
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateIpBan(string $targetIp, int $targetMask, User $user, string $action): void
+	{
+		// validate this is an IP
+		if (!filter_var($targetIp, FILTER_VALIDATE_IP)) {
+			throw new ApplicationLogicException("Not a valid IP address");
+		}
+
+		$canLargeIpBan = $this->barrierTest('ip-largerange', $user, 'BanType');
+		$maxIpBlockRange = $this->getSiteConfiguration()->getBanMaxIpBlockRange();
+		$maxIpRange = $this->getSiteConfiguration()->getBanMaxIpRange();
+
+		// validate CIDR ranges
+		if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+			if ($targetMask < 0 || $targetMask > 128) {
+				throw new ApplicationLogicException("CIDR mask out of range for IPv6");
+			}
+
+			// prevent setting the ban if:
+			//  * the user isn't allowed to set large bans, AND
+			//  * the ban is a drop or a block (preventing human review of the request), AND
+			//  * the mask is too wide-reaching
+			if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[6]) {
+				throw new ApplicationLogicException("The requested IP range for this ban is too wide for the block/drop action.");
+			}
+
+			if (!$canLargeIpBan && $targetMask < $maxIpRange[6]) {
+				throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
+			}
+		}
+
+		if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+			if ($targetMask < 0 || $targetMask > 32) {
+				throw new ApplicationLogicException("CIDR mask out of range for IPv4");
+			}
+
+			if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[4]) {
+				throw new ApplicationLogicException("The IP range for this ban is too wide for the block/drop action.");
+			}
+
+			if (!$canLargeIpBan && $targetMask < $maxIpRange[4]) {
+				throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
+			}
+		}
+
+		$squidIpList = $this->getSiteConfiguration()->getSquidList();
+		if (in_array($targetIp, $squidIpList)) {
+			throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
+		}
+	}
+
+	/**
+	 * Configures a ban list template for display
+	 *
+	 * @param Ban[] $bans
+	 */
+	private function setupBanList(array $bans): void
+	{
+		$userIds = array_map(fn(Ban $entry) => $entry->getUser(), $bans);
+		$userList = UserSearchHelper::get($this->getDatabase())->inIds($userIds)->fetchMap('username');
+
+		$domainIds = array_filter(array_unique(array_map(fn(Ban $entry) => $entry->getDomain(), $bans)));
+		$domains = [];
+		foreach ($domainIds as $d) {
+			if ($d === null) {
+				continue;
+			}
+			$domains[$d] = Domain::getById($d, $this->getDatabase());
+		}
+
+		$this->assign('domains', $domains);
+
+		$user = User::getCurrent($this->getDatabase());
+		$this->assign('canSet', $this->barrierTest('set', $user));
+		$this->assign('canRemove', $this->barrierTest('remove', $user));
+
+		$this->setupSecurity($user);
+
+		$this->assign('usernames', $userList);
+		$this->assign('activebans', $bans);
+
+		$banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
+		$this->assign('banHelper', $banHelper);
+	}
+
+	/**
+	 * Converts a plain IP or CIDR mask into an IP and a CIDR suffix
+	 *
+	 * @param string $targetIp IP or CIDR range
+	 *
+	 * @return array
+	 */
+	private function splitCidrRange(string $targetIp): array
+	{
+		if (strpos($targetIp, '/') !== false) {
+			$ipParts = explode('/', $targetIp, 2);
+			$targetIp = $ipParts[0];
+			$targetMask = (int)$ipParts[1];
+		}
+		else {
+			// Default the CIDR range based on the IP type
+			$targetMask = filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ? 128 : 32;
+		}
+
+		return array($targetIp, $targetMask);
 }
 
-    /**
-     * Returns the validated ban visibility from WebRequest
-     *
-     * @throws ApplicationLogicException
-     */
-    private function getBanVisibility(): string
-    {
-        $visibility = WebRequest::postString('banVisibility');
-        if ($visibility !== 'user' && $visibility !== 'admin' && $visibility !== 'checkuser') {
-            throw new ApplicationLogicException('Invalid ban visibility');
-        }
-
-        return $visibility;
-    }
-
-    /**
-     * Returns array of [username, ip, email, ua] as ban targets from WebRequest,
-     * filtered for whether the user is allowed to set bans including those types.
-     *
-     * @return string[]
-     * @throws ApplicationLogicException
-     */
-    private function getRawBanTargets(User $user): array
-    {
-        $targetName = WebRequest::postString('banName');
-        $targetIp = WebRequest::postString('banIP');
-        $targetEmail = WebRequest::postString('banEmail');
-        $targetUseragent = WebRequest::postString('banUseragent');
-
-        // check the user is allowed to use provided targets
-        if (!$this->barrierTest('name', $user, 'BanType')) {
-            $targetName = null;
-        }
-        if (!$this->barrierTest('ip', $user, 'BanType')) {
-            $targetIp = null;
-        }
-        if (!$this->barrierTest('email', $user, 'BanType')) {
-            $targetEmail = null;
-        }
-        if (!$this->barrierTest('useragent', $user, 'BanType')) {
-            $targetUseragent = null;
-        }
-
-        // Checks whether there is a target entered to ban.
-        if ($targetName === null && $targetIp === null && $targetEmail === null && $targetUseragent === null) {
-            throw new ApplicationLogicException('You must specify a target to be banned');
-        }
-
-        return array($targetName, $targetIp, $targetEmail, $targetUseragent);
-    }
-
-    private function preloadFormForRequest(int $banRequest, string $banType, User $user): void
-    {
-        $database = $this->getDatabase();
-
-        // Attempt to resolve the correct target
-        /** @var Request|false $request */
-        $request = Request::getById($banRequest, $database);
-        if ($request === false) {
-            $this->assign('bantarget', '');
-
-            return;
-        }
-
-        switch ($banType) {
-            case 'EMail':
-                if ($this->barrierTest('email', $user, 'BanType')) {
-                    $this->assign('banEmail', $request->getEmail());
-                }
-                break;
-            case 'IP':
-                if ($this->barrierTest('ip', $user, 'BanType')) {
-                    $trustedIp = $this->getXffTrustProvider()->getTrustedClientIp(
-                        $request->getIp(),
-                        $request->getForwardedIp());
-
-                    $this->assign('banIP', $trustedIp);
-                }
-                break;
-            case 'Name':
-                if ($this->barrierTest('name', $user, 'BanType')) {
-                    $this->assign('banName', $request->getName());
-                }
-                break;
-            case 'UA':
-                if ($this->barrierTest('useragent', $user, 'BanType')) {
-                    $this->assign('banUseragent', $request->getEmail());
-                }
-                break;
-        }
-    }
+	/**
+	 * Returns the validated ban visibility from WebRequest
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanVisibility(): string
+	{
+		$visibility = WebRequest::postString('banVisibility');
+		if ($visibility !== 'user' && $visibility !== 'admin' && $visibility !== 'checkuser') {
+			throw new ApplicationLogicException('Invalid ban visibility');
+		}
+
+		return $visibility;
+	}
+
+	/**
+	 * Returns array of [username, ip, email, ua] as ban targets from WebRequest,
+	 * filtered for whether the user is allowed to set bans including those types.
+	 *
+	 * @return string[]
+	 * @throws ApplicationLogicException
+	 */
+	private function getRawBanTargets(User $user): array
+	{
+		$targetName = WebRequest::postString('banName');
+		$targetIp = WebRequest::postString('banIP');
+		$targetEmail = WebRequest::postString('banEmail');
+		$targetUseragent = WebRequest::postString('banUseragent');
+
+		// check the user is allowed to use provided targets
+		if (!$this->barrierTest('name', $user, 'BanType')) {
+			$targetName = null;
+		}
+		if (!$this->barrierTest('ip', $user, 'BanType')) {
+			$targetIp = null;
+		}
+		if (!$this->barrierTest('email', $user, 'BanType')) {
+			$targetEmail = null;
+		}
+		if (!$this->barrierTest('useragent', $user, 'BanType')) {
+			$targetUseragent = null;
+		}
+
+		// Checks whether there is a target entered to ban.
+		if ($targetName === null && $targetIp === null && $targetEmail === null && $targetUseragent === null) {
+			throw new ApplicationLogicException('You must specify a target to be banned');
+		}
+
+		return array($targetName, $targetIp, $targetEmail, $targetUseragent);
+	}
+
+	private function preloadFormForRequest(int $banRequest, string $banType, User $user): void
+	{
+		$database = $this->getDatabase();
+
+		// Attempt to resolve the correct target
+		/** @var Request|false $request */
+		$request = Request::getById($banRequest, $database);
+		if ($request === false) {
+			$this->assign('bantarget', '');
+
+			return;
+		}
+
+		switch ($banType) {
+			case 'EMail':
+				if ($this->barrierTest('email', $user, 'BanType')) {
+					$this->assign('banEmail', $request->getEmail());
+				}
+				break;
+			case 'IP':
+				if ($this->barrierTest('ip', $user, 'BanType')) {
+					$trustedIp = $this->getXffTrustProvider()->getTrustedClientIp(
+						$request->getIp(),
+						$request->getForwardedIp());
+
+					$this->assign('banIP', $trustedIp);
+				}
+				break;
+			case 'Name':
+				if ($this->barrierTest('name', $user, 'BanType')) {
+					$this->assign('banName', $request->getName());
+				}
+				break;
+			case 'UA':
+				if ($this->barrierTest('useragent', $user, 'BanType')) {
+					$this->assign('banUseragent', $request->getEmail());
+				}
+				break;
+		}
+	}
 }

Braces +7 added lines, -14 removed lines

@@ -85,8 +85,7 @@ 
                 SessionAlert::error($ex->getMessage());
                 $this->redirect("bans", "set");
             }
-        }
-        else {
+        } else {
             $this->handleGetMethodForSetBan();
 
             $user = User::getCurrent($this->getDatabase());
@@ -134,8 +133,7 @@ 
                 SessionAlert::error($ex->getMessage());
                 $this->redirect("bans", "set");
             }
-        }
-        else {
+        } else {
             $this->handleGetMethodForSetBan();
 
             $user = User::getCurrent($database);
@@ -262,8 +260,7 @@ 
             $this->getNotificationHelper()->unbanned($ban, $unbanReason);
 
             $this->redirect('bans');
-        }
-        else {
+        } else {
             $this->assignCSRFToken();
             $this->assign('ban', $ban);
             $this->setTemplate('bans/unban.tpl');
@@ -283,17 +280,14 @@ 
 
             if (!$duration) {
                 throw new ApplicationLogicException('Invalid ban time');
-            }
-            elseif (time() > $duration) {
+            } elseif (time() > $duration) {
                 throw new ApplicationLogicException('Ban time has already expired!');
             }
 
             return $duration;
-        }
-        elseif ($duration === "-1") {
+        } elseif ($duration === "-1") {
             return null;
-        }
-        else {
+        } else {
             return WebRequest::postInt('duration') + time();
         }
     }
@@ -585,8 +579,7 @@ 
             $ipParts = explode('/', $targetIp, 2);
             $targetIp = $ipParts[0];
             $targetMask = (int)$ipParts[1];
-        }
-        else {
+        } else {
             // Default the CIDR range based on the IP type
             $targetMask = filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ? 128 : 32;
         }

includes/ConsoleStart.php

Indentation +55 added lines, -55 removed lines

@@ -15,70 +15,70 @@
 
 class ConsoleStart extends ApplicationBase
 {
-    /**
-     * @var ConsoleTaskBase
-     */
-    private $consoleTask;
+	/**
+	 * @var ConsoleTaskBase
+	 */
+	private $consoleTask;
 
-    /**
-     * ConsoleStart constructor.
-     *
-     * @param SiteConfiguration $configuration
-     * @param ConsoleTaskBase   $consoleTask
-     */
-    public function __construct(SiteConfiguration $configuration, ConsoleTaskBase $consoleTask)
-    {
-        parent::__construct($configuration);
-        $this->consoleTask = $consoleTask;
-    }
+	/**
+	 * ConsoleStart constructor.
+	 *
+	 * @param SiteConfiguration $configuration
+	 * @param ConsoleTaskBase   $consoleTask
+	 */
+	public function __construct(SiteConfiguration $configuration, ConsoleTaskBase $consoleTask)
+	{
+		parent::__construct($configuration);
+		$this->consoleTask = $consoleTask;
+	}
 
-    protected function setupEnvironment()
-    {
-        // initialise super-global providers
-        WebRequest::setGlobalStateProvider(new FakeGlobalStateProvider());
+	protected function setupEnvironment()
+	{
+		// initialise super-global providers
+		WebRequest::setGlobalStateProvider(new FakeGlobalStateProvider());
 
-        if (WebRequest::method() !== null) {
-            throw new EnvironmentException('This is a console task, which cannot be executed via the web.');
-        }
+		if (WebRequest::method() !== null) {
+			throw new EnvironmentException('This is a console task, which cannot be executed via the web.');
+		}
 
-        if (Offline::isOffline($this->getConfiguration())) {
-            throw new EnvironmentException('The tool is currently disabled.');
-        }
+		if (Offline::isOffline($this->getConfiguration())) {
+			throw new EnvironmentException('The tool is currently disabled.');
+		}
 
-        return parent::setupEnvironment();
-    }
+		return parent::setupEnvironment();
+	}
 
-    protected function cleanupEnvironment()
-    {
-    }
+	protected function cleanupEnvironment()
+	{
+	}
 
-    /**
-     * Main application logic
-     */
-    protected function main()
-    {
-        $database = PdoDatabase::getDatabaseConnection($this->getConfiguration());
+	/**
+	 * Main application logic
+	 */
+	protected function main()
+	{
+		$database = PdoDatabase::getDatabaseConnection($this->getConfiguration());
 
-        $this->setupHelpers($this->consoleTask, $this->getConfiguration(), $database);
+		$this->setupHelpers($this->consoleTask, $this->getConfiguration(), $database);
 
-        // initialise a database transaction
-        if (!$database->beginTransaction()) {
-            throw new Exception('Failed to start transaction on primary database.');
-        }
+		// initialise a database transaction
+		if (!$database->beginTransaction()) {
+			throw new Exception('Failed to start transaction on primary database.');
+		}
 
-        try {
-            // run the task
-            $this->consoleTask->execute();
+		try {
+			// run the task
+			$this->consoleTask->execute();
 
-            if ($database->hasActiveTransaction()) {
-                $database->commit();
-            }
-        }
-        finally {
-            // Catch any hanging on transactions
-            if ($database->hasActiveTransaction()) {
-                $database->rollBack();
-            }
-        }
-    }
+			if ($database->hasActiveTransaction()) {
+				$database->commit();
+			}
+		}
+		finally {
+			// Catch any hanging on transactions
+			if ($database->hasActiveTransaction()) {
+				$database->rollBack();
+			}
+		}
+	}
 }
\ No newline at end of file

smarty-plugins/modifier.nlimplode.php

Indentation +5 added lines, -5 removed lines

@@ -15,9 +15,9 @@
  */
 function smarty_modifier_nlimplode($list, $conjunction = 'or')
 {
-    $last = array_pop($list);
-    if ($list) {
-        return implode(', ', $list) . ', ' . $conjunction . ' ' . $last;
-    }
-    return $last;
+	$last = array_pop($list);
+	if ($list) {
+		return implode(', ', $list) . ', ' . $conjunction . ' ' . $last;
+	}
+	return $last;
 }
\ No newline at end of file

includes/Pages/PagePublicPrivacy.php

Indentation +5 added lines, -5 removed lines

@@ -14,10 +14,10 @@
 
 class PagePublicPrivacy extends PublicInterfacePageBase
 {
-    use PrivacyStatement;
+	use PrivacyStatement;
 
-    protected function templatePath()
-    {
-        return 'markdown/public.tpl';
-    }
+	protected function templatePath()
+	{
+		return 'markdown/public.tpl';
+	}
 }

includes/Pages/PagePrivacy.php

Indentation +5 added lines, -5 removed lines

@@ -14,10 +14,10 @@
 
 class PagePrivacy extends InternalPageBase
 {
-    use PrivacyStatement;
+	use PrivacyStatement;
 
-    protected function templatePath()
-    {
-        return 'markdown/private.tpl';
-    }
+	protected function templatePath()
+	{
+		return 'markdown/private.tpl';
+	}
 }

includes/Helpers/MarkdownRenderingHelper.php

Indentation +37 added lines, -37 removed lines

@@ -18,47 +18,47 @@
 
 class MarkdownRenderingHelper
 {
-    private $config = [
-        'html_input'         => 'escape',
-        'allow_unsafe_links' => false,
-        'max_nesting_level'  => 10,
-        'table'              => [
-            'wrap'                 => [
-                'enabled'    => true,
-                'tag'        => 'div',
-                'attributes' => ['class' => 'markdown-table'],
-            ],
-            'alignment_attributes' => [
-                'left'   => ['class' => 'text-left'],
-                'center' => ['class' => 'text-center'],
-                'right'  => ['class' => 'text-right'],
-            ],
-        ],
-    ];
+	private $config = [
+		'html_input'         => 'escape',
+		'allow_unsafe_links' => false,
+		'max_nesting_level'  => 10,
+		'table'              => [
+			'wrap'                 => [
+				'enabled'    => true,
+				'tag'        => 'div',
+				'attributes' => ['class' => 'markdown-table'],
+			],
+			'alignment_attributes' => [
+				'left'   => ['class' => 'text-left'],
+				'center' => ['class' => 'text-center'],
+				'right'  => ['class' => 'text-right'],
+			],
+		],
+	];
 
-    private $blockRenderer;
-    private $inlineRenderer;
+	private $blockRenderer;
+	private $inlineRenderer;
 
-    public function __construct()
-    {
-        $blockEnvironment = new Environment($this->config);
-        $blockEnvironment->addExtension(new CommonMarkCoreExtension());
-        $blockEnvironment->addExtension(new AttributesExtension());
-        $blockEnvironment->addExtension(new TableExtension());
-        $this->blockRenderer = new MarkdownConverter($blockEnvironment);
+	public function __construct()
+	{
+		$blockEnvironment = new Environment($this->config);
+		$blockEnvironment->addExtension(new CommonMarkCoreExtension());
+		$blockEnvironment->addExtension(new AttributesExtension());
+		$blockEnvironment->addExtension(new TableExtension());
+		$this->blockRenderer = new MarkdownConverter($blockEnvironment);
 
-        $inlineEnvironment = new Environment($this->config);
-        $inlineEnvironment->addExtension(new AttributesExtension());
-        $inlineEnvironment->addExtension(new InlinesOnlyExtension());
-        $this->inlineRenderer = new MarkdownConverter($inlineEnvironment);
-    }
+		$inlineEnvironment = new Environment($this->config);
+		$inlineEnvironment->addExtension(new AttributesExtension());
+		$inlineEnvironment->addExtension(new InlinesOnlyExtension());
+		$this->inlineRenderer = new MarkdownConverter($inlineEnvironment);
+	}
 
-    public function doRender(string $content): string {
-        return $this->blockRenderer->convert($content)->getContent();
-    }
+	public function doRender(string $content): string {
+		return $this->blockRenderer->convert($content)->getContent();
+	}
 
-    public function doRenderInline(string $content): string {
-        return $this->inlineRenderer->convert($content)->getContent();
-    }
+	public function doRenderInline(string $content): string {
+		return $this->inlineRenderer->convert($content)->getContent();
+	}
 
 }
\ No newline at end of file

includes/Fragments/PrivacyStatement.php

Indentation +21 added lines, -21 removed lines

@@ -13,31 +13,31 @@
 
 trait PrivacyStatement
 {
-    protected abstract function assign($name, $value);
-    protected abstract function templatePath();
-    protected abstract function setTemplate($name);
-    protected abstract function skipAlerts();
-    protected abstract function getSiteConfiguration();
+	protected abstract function assign($name, $value);
+	protected abstract function templatePath();
+	protected abstract function setTemplate($name);
+	protected abstract function skipAlerts();
+	protected abstract function getSiteConfiguration();
 
-    protected function main()
-    {
-        $path = $this->getSiteConfiguration()->getPrivacyStatementPath();
+	protected function main()
+	{
+		$path = $this->getSiteConfiguration()->getPrivacyStatementPath();
 
-        if ($path == null || !file_exists($path)) {
-            if (!headers_sent()) {
-                header('HTTP/1.1 404 Not Found');
-            }
+		if ($path == null || !file_exists($path)) {
+			if (!headers_sent()) {
+				header('HTTP/1.1 404 Not Found');
+			}
 
-            $this->skipAlerts();
-            $this->setTemplate('404.tpl');
-            return;
-        }
+			$this->skipAlerts();
+			$this->setTemplate('404.tpl');
+			return;
+		}
 
-        $markdown = file_get_contents($path);
+		$markdown = file_get_contents($path);
 
-        $renderer = new MarkdownRenderingHelper();
-        $this->assign('content', $renderer->doRender($markdown));
+		$renderer = new MarkdownRenderingHelper();
+		$this->assign('content', $renderer->doRender($markdown));
 
-        $this->setTemplate($this->templatePath());
-    }
+		$this->setTemplate($this->templatePath());
+	}
 }
\ No newline at end of file

includes/Helpers/IrcNotificationHelper.php

Braces +3 added lines, -6 removed lines

@@ -111,8 +111,7 @@ 
             if ($amqpSiteConfig['tls']) {
                 $amqpConnectionConfig->setIsSecure(true);
                 $amqpConnectionConfig->setSslVerify(true);
-            }
-            else {
+            } else {
                 $amqpConnectionConfig->setIsSecure(false);
             }
 
@@ -268,8 +267,7 @@ 
     {
         if ($ban->getDuration() === null) {
             $duration = "indefinitely";
-        }
-        else {
+        } else {
             $duration = "until " . date("F j, Y, g:i a", $ban->getDuration());
         }
 
@@ -277,8 +275,7 @@ 
 
         if ($ban->getVisibility() == 'user') {
             $this->send("Ban {$ban->getId()} set by {$username} for '{$ban->getReason()}' {$duration}");
-        }
-        else {
+        } else {
             $this->send("Ban {$ban->getId()} set by {$username} {$duration}");
         }
     }

Indentation +493 added lines, -493 removed lines

@@ -32,500 +32,500 @@
  */
 class IrcNotificationHelper
 {
-    /** @var bool $notificationsEnabled */
-    private $notificationsEnabled;
-    /** @var User $currentUser */
-    private $currentUser;
-    /** @var string $instanceName */
-    private $instanceName;
-    /** @var string */
-    private $baseUrl;
-    /** @var SiteConfiguration */
-    private $siteConfiguration;
-    /** @var PdoDatabase */
-    private $primaryDatabase;
-
-    /**
-     * IrcNotificationHelper constructor.
-     *
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $primaryDatabase
-     */
-    public function __construct(
-        SiteConfiguration $siteConfiguration,
-        PdoDatabase $primaryDatabase
-    ) {
-        $this->siteConfiguration = $siteConfiguration;
-        $this->primaryDatabase = $primaryDatabase;
-
-        $this->notificationsEnabled = $siteConfiguration->getIrcNotificationsEnabled();
-        $this->instanceName = $siteConfiguration->getIrcNotificationsInstance();
-        $this->baseUrl = $siteConfiguration->getBaseUrl();
-
-        $this->currentUser = User::getCurrent($primaryDatabase);
-    }
-
-    /**
-     * Send a notification
-     *
-     * This method does some *basic* filtering for IRC safety, and then delivers the message to an AMQP queue manager.
-     * It is the responsibility of the queue manager and consumer to handle message delivery to IRC, message routing to
-     * the correct channel, and message expiry.
-     *
-     * It's also arguably the responsibility of the consumer to ensure the message is *safe* for delivery to IRC.
-     *
-     * As of Feb 2022, the message consumer is stwalkerster's IRC bot Helpmebot.
-     *
-     * @param string $message The text to send
-     */
-    protected function send($message)
-    {
-        $instanceName = $this->instanceName;
-
-        if (!$this->notificationsEnabled) {
-            return;
-        }
-
-        $blacklist = array("DCC", "CCTP", "PRIVMSG");
-        $message = str_replace($blacklist, "(IRC Blacklist)", $message); // Lets stop DCC etc
-
-        $msg = $message;
-        if ($instanceName !== null && mb_strlen($instanceName) > 0) {
-            $msg = IrcColourCode::RESET . IrcColourCode::BOLD . "[$instanceName]" . IrcColourCode::RESET . ": $message";
-        }
-
-        // FIXME: domains!
-        /** @var Domain $domain */
-        $domain = Domain::getById(1, $this->primaryDatabase);
-
-        try {
-            $amqpSiteConfig = $this->siteConfiguration->getAmqpConfiguration();
-
-            $amqpConnectionConfig = new AMQPConnectionConfig();
-            $amqpConnectionConfig->setHost($amqpSiteConfig['host']);
-            $amqpConnectionConfig->setPort($amqpSiteConfig['port']);
-            $amqpConnectionConfig->setUser($amqpSiteConfig['user']);
-            $amqpConnectionConfig->setPassword($amqpSiteConfig['password']);
-            $amqpConnectionConfig->setVhost($amqpSiteConfig['vhost']);
-
-            if ($amqpSiteConfig['tls']) {
-                $amqpConnectionConfig->setIsSecure(true);
-                $amqpConnectionConfig->setSslVerify(true);
-            }
-            else {
-                $amqpConnectionConfig->setIsSecure(false);
-            }
-
-            $connection = AMQPConnectionFactory::create($amqpConnectionConfig);
-            $channel = $connection->channel();
-
-            $msg = new AMQPMessage(substr($msg, 0, 512));
-            $msg->set('user_id', $amqpSiteConfig['user']);
-            $msg->set('app_id', $this->siteConfiguration->getUserAgent());
-            $msg->set('content_type', 'text/plain');
+	/** @var bool $notificationsEnabled */
+	private $notificationsEnabled;
+	/** @var User $currentUser */
+	private $currentUser;
+	/** @var string $instanceName */
+	private $instanceName;
+	/** @var string */
+	private $baseUrl;
+	/** @var SiteConfiguration */
+	private $siteConfiguration;
+	/** @var PdoDatabase */
+	private $primaryDatabase;
+
+	/**
+	 * IrcNotificationHelper constructor.
+	 *
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $primaryDatabase
+	 */
+	public function __construct(
+		SiteConfiguration $siteConfiguration,
+		PdoDatabase $primaryDatabase
+	) {
+		$this->siteConfiguration = $siteConfiguration;
+		$this->primaryDatabase = $primaryDatabase;
+
+		$this->notificationsEnabled = $siteConfiguration->getIrcNotificationsEnabled();
+		$this->instanceName = $siteConfiguration->getIrcNotificationsInstance();
+		$this->baseUrl = $siteConfiguration->getBaseUrl();
+
+		$this->currentUser = User::getCurrent($primaryDatabase);
+	}
+
+	/**
+	 * Send a notification
+	 *
+	 * This method does some *basic* filtering for IRC safety, and then delivers the message to an AMQP queue manager.
+	 * It is the responsibility of the queue manager and consumer to handle message delivery to IRC, message routing to
+	 * the correct channel, and message expiry.
+	 *
+	 * It's also arguably the responsibility of the consumer to ensure the message is *safe* for delivery to IRC.
+	 *
+	 * As of Feb 2022, the message consumer is stwalkerster's IRC bot Helpmebot.
+	 *
+	 * @param string $message The text to send
+	 */
+	protected function send($message)
+	{
+		$instanceName = $this->instanceName;
+
+		if (!$this->notificationsEnabled) {
+			return;
+		}
+
+		$blacklist = array("DCC", "CCTP", "PRIVMSG");
+		$message = str_replace($blacklist, "(IRC Blacklist)", $message); // Lets stop DCC etc
+
+		$msg = $message;
+		if ($instanceName !== null && mb_strlen($instanceName) > 0) {
+			$msg = IrcColourCode::RESET . IrcColourCode::BOLD . "[$instanceName]" . IrcColourCode::RESET . ": $message";
+		}
+
+		// FIXME: domains!
+		/** @var Domain $domain */
+		$domain = Domain::getById(1, $this->primaryDatabase);
+
+		try {
+			$amqpSiteConfig = $this->siteConfiguration->getAmqpConfiguration();
+
+			$amqpConnectionConfig = new AMQPConnectionConfig();
+			$amqpConnectionConfig->setHost($amqpSiteConfig['host']);
+			$amqpConnectionConfig->setPort($amqpSiteConfig['port']);
+			$amqpConnectionConfig->setUser($amqpSiteConfig['user']);
+			$amqpConnectionConfig->setPassword($amqpSiteConfig['password']);
+			$amqpConnectionConfig->setVhost($amqpSiteConfig['vhost']);
+
+			if ($amqpSiteConfig['tls']) {
+				$amqpConnectionConfig->setIsSecure(true);
+				$amqpConnectionConfig->setSslVerify(true);
+			}
+			else {
+				$amqpConnectionConfig->setIsSecure(false);
+			}
+
+			$connection = AMQPConnectionFactory::create($amqpConnectionConfig);
+			$channel = $connection->channel();
+
+			$msg = new AMQPMessage(substr($msg, 0, 512));
+			$msg->set('user_id', $amqpSiteConfig['user']);
+			$msg->set('app_id', $this->siteConfiguration->getUserAgent());
+			$msg->set('content_type', 'text/plain');
             
-            $channel->basic_publish($msg, $amqpSiteConfig['exchange'], $domain->getNotificationTarget());
-            $channel->close();
-        }
-        catch (Exception $ex) {
-            // OK, so we failed to send the notification - that db might be down?
-            // This is non-critical, so silently fail.
-            ExceptionHandler::logExceptionToDisk($ex, $this->siteConfiguration);
-
-            // Disable notifications for remainder of request.
-            $this->notificationsEnabled = false;
-        }
-    }
-
-    #region user management
-
-    /**
-     * send a new user notification
-     *
-     * @param User $user
-     */
-    public function userNew(User $user)
-    {
-        $this->send("New user: {$user->getUsername()}");
-    }
-
-    /**
-     * send an approved notification
-     *
-     * @param User $user
-     */
-    public function userApproved(User $user)
-    {
-        $this->send("{$user->getUsername()} approved by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * send a deactivated notification
-     *
-     * @param User   $user
-     */
-    public function userDeactivated(User $user)
-    {
-        $this->send("{$user->getUsername()} deactivated by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * Send a preference change notification
-     *
-     * @param User $user
-     */
-    public function userPrefChange(User $user)
-    {
-        $this->send("{$user->getUsername()}'s preferences were changed by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * Send a user renamed notification
-     *
-     * @param User   $user
-     * @param string $old
-     */
-    public function userRenamed(User $user, $old)
-    {
-        $this->send($this->currentUser->getUsername() . " renamed $old to {$user->getUsername()}");
-    }
-
-    /**
-     * @param User   $user
-     * @param string $reason
-     */
-    public function userRolesEdited(User $user, $reason)
-    {
-        $currentUser = $this->currentUser->getUsername();
-        $this->send("Active roles for {$user->getUsername()} changed by " . $currentUser . " ($reason)");
-    }
-
-    #endregion
-
-    #region Site Notice
-
-    /**
-     * Summary of siteNoticeEdited
-     */
-    public function siteNoticeEdited()
-    {
-        $this->send("Site notice edited by " . $this->currentUser->getUsername());
-    }
-    #endregion
-
-    #region Welcome Templates
-    /**
-     * Summary of welcomeTemplateCreated
-     *
-     * @param WelcomeTemplate $template
-     */
-    public function welcomeTemplateCreated(WelcomeTemplate $template)
-    {
-        $this->send("Welcome template {$template->getId()} created by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * Summary of welcomeTemplateDeleted
-     *
-     * @param int $templateid
-     */
-    public function welcomeTemplateDeleted($templateid)
-    {
-        $this->send("Welcome template {$templateid} deleted by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * Summary of welcomeTemplateEdited
-     *
-     * @param WelcomeTemplate $template
-     */
-    public function welcomeTemplateEdited(WelcomeTemplate $template)
-    {
-        $this->send("Welcome template {$template->getId()} edited by " . $this->currentUser->getUsername());
-    }
-
-    #endregion
-
-    #region bans
-    /**
-     * Summary of banned
-     *
-     * @param Ban $ban
-     */
-    public function banned(Ban $ban)
-    {
-        if ($ban->getDuration() === null) {
-            $duration = "indefinitely";
-        }
-        else {
-            $duration = "until " . date("F j, Y, g:i a", $ban->getDuration());
-        }
-
-        $username = $this->currentUser->getUsername();
-
-        if ($ban->getVisibility() == 'user') {
-            $this->send("Ban {$ban->getId()} set by {$username} for '{$ban->getReason()}' {$duration}");
-        }
-        else {
-            $this->send("Ban {$ban->getId()} set by {$username} {$duration}");
-        }
-    }
-
-    /**
-     * Summary of unbanned
-     *
-     * @param Ban    $ban
-     * @param string $unbanReason
-     */
-    public function unbanned(Ban $ban, $unbanReason)
-    {
-        $this->send("Ban {$ban->getId()} unbanned by " . $this->currentUser
-                ->getUsername() . " (" . $unbanReason . ")");
-    }
-
-    #endregion
-
-    #region request management
-
-    /**
-     * Summary of requestReceived
-     *
-     * @param Request $request
-     */
-    public function requestReceived(Request $request)
-    {
-        $this->send(
-            IrcColourCode::DARK_GREY . "[["
-            . IrcColourCode::DARK_GREEN . "acc:"
-            . IrcColourCode::ORANGE . $request->getId()
-            . IrcColourCode::DARK_GREY . "]]"
-            . IrcColourCode::RED . " N "
-            . IrcColourCode::DARK_BLUE . $this->baseUrl . "/internal.php/viewRequest?id={$request->getId()} "
-            . IrcColourCode::DARK_RED . "* "
-            . IrcColourCode::DARK_GREEN . $request->getName()
-            . IrcColourCode::DARK_RED . " * "
-            . IrcColourCode::RESET
-        );
-    }
-
-    /**
-     * Summary of requestDeferred
-     *
-     * @param Request $request
-     */
-    public function requestDeferred(Request $request)
-    {
-        /** @var RequestQueue $queue */
-        $queue = RequestQueue::getById($request->getQueue(), $request->getDatabase());
-
-        $deferTo = $queue->getDisplayName();
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Request {$request->getId()} ({$request->getName()}) deferred to {$deferTo} by {$username}");
-    }
-
-    /**
-     *
-     * Summary of requestDeferredWithMail
-     *
-     * @param Request $request
-     */
-    public function requestDeferredWithMail(Request $request)
-    {
-        /** @var RequestQueue $queue */
-        $queue = RequestQueue::getById($request->getQueue(), $request->getDatabase());
-
-        $deferTo = $queue->getDisplayName();
-        $username = $this->currentUser->getUsername();
-        $id = $request->getId();
-        $name = $request->getName();
-
-        $this->send("Request {$id} ({$name}) deferred to {$deferTo} with an email by {$username}");
-    }
-
-    /**
-     * Summary of requestClosed
-     *
-     * @param Request $request
-     * @param string  $closetype
-     */
-    public function requestClosed(Request $request, $closetype)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Request {$request->getId()} ({$request->getName()}) closed ($closetype) by {$username}");
-    }
-
-    /**
-     * Summary of requestClosed
-     *
-     * @param Request $request
-     * @param string  $closetype
-     */
-    public function requestCloseQueued(Request $request, $closetype)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Request {$request->getId()} ({$request->getName()}) queued for creation ($closetype) by {$username}");
-    }
-
-    /**
-     * Summary of requestClosed
-     *
-     * @param Request $request
-     * @param User    $triggerUser
-     */
-    public function requestCreationFailed(Request $request, User $triggerUser)
-    {
-        $this->send("Request {$request->getId()} ({$request->getName()}) failed auto-creation for {$triggerUser->getUsername()}, and was sent to the hospital queue.");
-    }
-
-    /**
-     * @param Request $request
-     * @param User    $triggerUser
-     */
-    public function requestWelcomeFailed(Request $request, User $triggerUser)
-    {
-        $this->send("Request {$request->getId()} ({$request->getName()}) failed welcome for {$triggerUser->getUsername()}.");
-    }
-
-    /**
-     * Summary of sentMail
-     *
-     * @param Request $request
-     */
-    public function sentMail(Request $request)
-    {
-        $this->send($this->currentUser->getUsername()
-            . " sent an email related to Request {$request->getId()} ({$request->getName()})");
-    }
-
-    #endregion
-
-    #region reservations
-
-    /**
-     * Summary of requestReserved
-     *
-     * @param Request $request
-     */
-    public function requestReserved(Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Request {$request->getId()} ({$request->getName()}) reserved by {$username}");
-    }
-
-    /**
-     * Summary of requestReserveBroken
-     *
-     * @param Request $request
-     */
-    public function requestReserveBroken(Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Reservation on request {$request->getId()} ({$request->getName()}) broken by {$username}");
-    }
-
-    /**
-     * Summary of requestUnreserved
-     *
-     * @param Request $request
-     */
-    public function requestUnreserved(Request $request)
-    {
-        $this->send("Request {$request->getId()} ({$request->getName()}) is no longer being handled.");
-    }
-
-    /**
-     * Summary of requestReservationSent
-     *
-     * @param Request $request
-     * @param User    $target
-     */
-    public function requestReservationSent(Request $request, User $target)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send(
-            "Reservation of request {$request->getId()} ({$request->getName()}) sent to {$target->getUsername()} by "
-            . $username);
-    }
-
-    #endregion
-
-    #region comments
-
-    /**
-     * Summary of commentCreated
-     *
-     * @param Comment $comment
-     * @param Request $request
-     */
-    public function commentCreated(Comment $comment, Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-        switch ($comment->getVisibility()) {
-            case 'admin':
-                $visibility = " with visibility 'admin'";
-                break;
-            case 'checkuser':
-                $visibility = " with visibility 'checkuser'";
-                break;
-            default:
-                $visibility = "";
-                break;
-        }
-
-        $this->send("{$username} posted a comment on request {$request->getId()} ({$request->getName()}){$visibility}");
-    }
-
-    /**
-     * Summary of commentEdited
-     *
-     * @param Comment $comment
-     * @param Request $request
-     */
-    public function commentEdited(Comment $comment, Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send(<<<TAG
+			$channel->basic_publish($msg, $amqpSiteConfig['exchange'], $domain->getNotificationTarget());
+			$channel->close();
+		}
+		catch (Exception $ex) {
+			// OK, so we failed to send the notification - that db might be down?
+			// This is non-critical, so silently fail.
+			ExceptionHandler::logExceptionToDisk($ex, $this->siteConfiguration);
+
+			// Disable notifications for remainder of request.
+			$this->notificationsEnabled = false;
+		}
+	}
+
+	#region user management
+
+	/**
+	 * send a new user notification
+	 *
+	 * @param User $user
+	 */
+	public function userNew(User $user)
+	{
+		$this->send("New user: {$user->getUsername()}");
+	}
+
+	/**
+	 * send an approved notification
+	 *
+	 * @param User $user
+	 */
+	public function userApproved(User $user)
+	{
+		$this->send("{$user->getUsername()} approved by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * send a deactivated notification
+	 *
+	 * @param User   $user
+	 */
+	public function userDeactivated(User $user)
+	{
+		$this->send("{$user->getUsername()} deactivated by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * Send a preference change notification
+	 *
+	 * @param User $user
+	 */
+	public function userPrefChange(User $user)
+	{
+		$this->send("{$user->getUsername()}'s preferences were changed by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * Send a user renamed notification
+	 *
+	 * @param User   $user
+	 * @param string $old
+	 */
+	public function userRenamed(User $user, $old)
+	{
+		$this->send($this->currentUser->getUsername() . " renamed $old to {$user->getUsername()}");
+	}
+
+	/**
+	 * @param User   $user
+	 * @param string $reason
+	 */
+	public function userRolesEdited(User $user, $reason)
+	{
+		$currentUser = $this->currentUser->getUsername();
+		$this->send("Active roles for {$user->getUsername()} changed by " . $currentUser . " ($reason)");
+	}
+
+	#endregion
+
+	#region Site Notice
+
+	/**
+	 * Summary of siteNoticeEdited
+	 */
+	public function siteNoticeEdited()
+	{
+		$this->send("Site notice edited by " . $this->currentUser->getUsername());
+	}
+	#endregion
+
+	#region Welcome Templates
+	/**
+	 * Summary of welcomeTemplateCreated
+	 *
+	 * @param WelcomeTemplate $template
+	 */
+	public function welcomeTemplateCreated(WelcomeTemplate $template)
+	{
+		$this->send("Welcome template {$template->getId()} created by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * Summary of welcomeTemplateDeleted
+	 *
+	 * @param int $templateid
+	 */
+	public function welcomeTemplateDeleted($templateid)
+	{
+		$this->send("Welcome template {$templateid} deleted by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * Summary of welcomeTemplateEdited
+	 *
+	 * @param WelcomeTemplate $template
+	 */
+	public function welcomeTemplateEdited(WelcomeTemplate $template)
+	{
+		$this->send("Welcome template {$template->getId()} edited by " . $this->currentUser->getUsername());
+	}
+
+	#endregion
+
+	#region bans
+	/**
+	 * Summary of banned
+	 *
+	 * @param Ban $ban
+	 */
+	public function banned(Ban $ban)
+	{
+		if ($ban->getDuration() === null) {
+			$duration = "indefinitely";
+		}
+		else {
+			$duration = "until " . date("F j, Y, g:i a", $ban->getDuration());
+		}
+
+		$username = $this->currentUser->getUsername();
+
+		if ($ban->getVisibility() == 'user') {
+			$this->send("Ban {$ban->getId()} set by {$username} for '{$ban->getReason()}' {$duration}");
+		}
+		else {
+			$this->send("Ban {$ban->getId()} set by {$username} {$duration}");
+		}
+	}
+
+	/**
+	 * Summary of unbanned
+	 *
+	 * @param Ban    $ban
+	 * @param string $unbanReason
+	 */
+	public function unbanned(Ban $ban, $unbanReason)
+	{
+		$this->send("Ban {$ban->getId()} unbanned by " . $this->currentUser
+				->getUsername() . " (" . $unbanReason . ")");
+	}
+
+	#endregion
+
+	#region request management
+
+	/**
+	 * Summary of requestReceived
+	 *
+	 * @param Request $request
+	 */
+	public function requestReceived(Request $request)
+	{
+		$this->send(
+			IrcColourCode::DARK_GREY . "[["
+			. IrcColourCode::DARK_GREEN . "acc:"
+			. IrcColourCode::ORANGE . $request->getId()
+			. IrcColourCode::DARK_GREY . "]]"
+			. IrcColourCode::RED . " N "
+			. IrcColourCode::DARK_BLUE . $this->baseUrl . "/internal.php/viewRequest?id={$request->getId()} "
+			. IrcColourCode::DARK_RED . "* "
+			. IrcColourCode::DARK_GREEN . $request->getName()
+			. IrcColourCode::DARK_RED . " * "
+			. IrcColourCode::RESET
+		);
+	}
+
+	/**
+	 * Summary of requestDeferred
+	 *
+	 * @param Request $request
+	 */
+	public function requestDeferred(Request $request)
+	{
+		/** @var RequestQueue $queue */
+		$queue = RequestQueue::getById($request->getQueue(), $request->getDatabase());
+
+		$deferTo = $queue->getDisplayName();
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Request {$request->getId()} ({$request->getName()}) deferred to {$deferTo} by {$username}");
+	}
+
+	/**
+	 *
+	 * Summary of requestDeferredWithMail
+	 *
+	 * @param Request $request
+	 */
+	public function requestDeferredWithMail(Request $request)
+	{
+		/** @var RequestQueue $queue */
+		$queue = RequestQueue::getById($request->getQueue(), $request->getDatabase());
+
+		$deferTo = $queue->getDisplayName();
+		$username = $this->currentUser->getUsername();
+		$id = $request->getId();
+		$name = $request->getName();
+
+		$this->send("Request {$id} ({$name}) deferred to {$deferTo} with an email by {$username}");
+	}
+
+	/**
+	 * Summary of requestClosed
+	 *
+	 * @param Request $request
+	 * @param string  $closetype
+	 */
+	public function requestClosed(Request $request, $closetype)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Request {$request->getId()} ({$request->getName()}) closed ($closetype) by {$username}");
+	}
+
+	/**
+	 * Summary of requestClosed
+	 *
+	 * @param Request $request
+	 * @param string  $closetype
+	 */
+	public function requestCloseQueued(Request $request, $closetype)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Request {$request->getId()} ({$request->getName()}) queued for creation ($closetype) by {$username}");
+	}
+
+	/**
+	 * Summary of requestClosed
+	 *
+	 * @param Request $request
+	 * @param User    $triggerUser
+	 */
+	public function requestCreationFailed(Request $request, User $triggerUser)
+	{
+		$this->send("Request {$request->getId()} ({$request->getName()}) failed auto-creation for {$triggerUser->getUsername()}, and was sent to the hospital queue.");
+	}
+
+	/**
+	 * @param Request $request
+	 * @param User    $triggerUser
+	 */
+	public function requestWelcomeFailed(Request $request, User $triggerUser)
+	{
+		$this->send("Request {$request->getId()} ({$request->getName()}) failed welcome for {$triggerUser->getUsername()}.");
+	}
+
+	/**
+	 * Summary of sentMail
+	 *
+	 * @param Request $request
+	 */
+	public function sentMail(Request $request)
+	{
+		$this->send($this->currentUser->getUsername()
+			. " sent an email related to Request {$request->getId()} ({$request->getName()})");
+	}
+
+	#endregion
+
+	#region reservations
+
+	/**
+	 * Summary of requestReserved
+	 *
+	 * @param Request $request
+	 */
+	public function requestReserved(Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Request {$request->getId()} ({$request->getName()}) reserved by {$username}");
+	}
+
+	/**
+	 * Summary of requestReserveBroken
+	 *
+	 * @param Request $request
+	 */
+	public function requestReserveBroken(Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Reservation on request {$request->getId()} ({$request->getName()}) broken by {$username}");
+	}
+
+	/**
+	 * Summary of requestUnreserved
+	 *
+	 * @param Request $request
+	 */
+	public function requestUnreserved(Request $request)
+	{
+		$this->send("Request {$request->getId()} ({$request->getName()}) is no longer being handled.");
+	}
+
+	/**
+	 * Summary of requestReservationSent
+	 *
+	 * @param Request $request
+	 * @param User    $target
+	 */
+	public function requestReservationSent(Request $request, User $target)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send(
+			"Reservation of request {$request->getId()} ({$request->getName()}) sent to {$target->getUsername()} by "
+			. $username);
+	}
+
+	#endregion
+
+	#region comments
+
+	/**
+	 * Summary of commentCreated
+	 *
+	 * @param Comment $comment
+	 * @param Request $request
+	 */
+	public function commentCreated(Comment $comment, Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+		switch ($comment->getVisibility()) {
+			case 'admin':
+				$visibility = " with visibility 'admin'";
+				break;
+			case 'checkuser':
+				$visibility = " with visibility 'checkuser'";
+				break;
+			default:
+				$visibility = "";
+				break;
+		}
+
+		$this->send("{$username} posted a comment on request {$request->getId()} ({$request->getName()}){$visibility}");
+	}
+
+	/**
+	 * Summary of commentEdited
+	 *
+	 * @param Comment $comment
+	 * @param Request $request
+	 */
+	public function commentEdited(Comment $comment, Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send(<<<TAG
 Comment {$comment->getId()} on request {$request->getId()} ({$request->getName()}) edited by {$username}
 TAG
-        );
-    }
-
-    public function alertFlaggedComments(int $count)
-    {
-        $this->send("There are ${count} flagged comments on closed requests currently awaiting redaction.");
-    }
-
-    #endregion
-
-    #region email management (close reasons)
-
-    /**
-     * Summary of emailCreated
-     *
-     * @param EmailTemplate $template
-     */
-    public function emailCreated(EmailTemplate $template)
-    {
-        $username = $this->currentUser->getUsername();
-        $this->send("Email {$template->getId()} ({$template->getName()}) created by " . $username);
-    }
-
-    /**
-     * Summary of emailEdited
-     *
-     * @param EmailTemplate $template
-     */
-    public function emailEdited(EmailTemplate $template)
-    {
-        $username = $this->currentUser->getUsername();
-        $this->send("Email {$template->getId()} ({$template->getName()}) edited by " . $username);
-    }
-    #endregion
+		);
+	}
+
+	public function alertFlaggedComments(int $count)
+	{
+		$this->send("There are ${count} flagged comments on closed requests currently awaiting redaction.");
+	}
+
+	#endregion
+
+	#region email management (close reasons)
+
+	/**
+	 * Summary of emailCreated
+	 *
+	 * @param EmailTemplate $template
+	 */
+	public function emailCreated(EmailTemplate $template)
+	{
+		$username = $this->currentUser->getUsername();
+		$this->send("Email {$template->getId()} ({$template->getName()}) created by " . $username);
+	}
+
+	/**
+	 * Summary of emailEdited
+	 *
+	 * @param EmailTemplate $template
+	 */
+	public function emailEdited(EmailTemplate $template)
+	{
+		$username = $this->currentUser->getUsername();
+		$this->send("Email {$template->getId()} ({$template->getName()}) edited by " . $username);
+	}
+	#endregion
 }