diff --git a/inc/config.php b/inc/config.php index 746efb63..65346edd 100644 --- a/inc/config.php +++ b/inc/config.php @@ -41,7 +41,8 @@ define('COOKIE_EXPIRE', 15778463, true); //6 months // Make this something long and random for security define('SALT', 'wefaw98YHEWUFuo', true); - + define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true); + // How many seconds before you can post, after the first visit define('LURKTIME', 30, true); @@ -51,6 +52,8 @@ define('FLOOD_TIME_IP_SAME', 120, true); // Same as above but different IP address define('FLOOD_TIME_SAME', 30, true); + // Do you need a body for your non-OP posts? + define('FORCE_BODY', true, true); // Max body length define('MAX_BODY', 1800, true); @@ -77,6 +80,9 @@ define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERROR_FLOOD', 'Flood detected; Post discared.', true); define('ERROR_UNORIGINAL', 'Unoriginal content!', true); + define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true); + define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true); + define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); @@ -103,7 +109,11 @@ // Function name for hashing // sha1_file, md5_file, etc. define('FILE_HASH', 'sha1_file', true); - + + define('BLOCK_TOR', true, true); + // Typically spambots try to post a lot of links. Refuse a post with X standalone links? + define('MAX_LINKS', 7, true); + // Maximum image upload size in bytes define('MAX_FILESIZE', 10*1024*1024, true); // 10MB // Maximum image dimensions @@ -167,8 +177,13 @@ // Robot stuff // Strip repeating characters when making hashes define('ROBOT_ENABLE', true, true); + define('ROBOT_BOARD', 'r9k', true); define('ROBOT_STRIP_REPEATING', true, true); - + // Enable mutes + define('ROBOT_MUTE', true, true); + define('ROBOT_MUTE_MIN', 60, true); + define('ROBOT_MUTE_MAX', 120, true); + define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true); /* Mod stuff diff --git a/inc/functions.php b/inc/functions.php index 4f4a69bd..6193ab38 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -439,14 +439,43 @@ } } } + + function isDNSBL() { + $dns_black_lists = file('./dnsbl.txt', FILE_IGNORE_NEW_LINES); + + // Reverse the IP + $rev_ip = implode(array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])), '.'); + $response = array(); + foreach ($dns_black_lists as $dns_black_list) { + $response = (gethostbynamel($rev_ip . '.' . $dns_black_list)); + if(!empty($response)) + return true; + } + + return false; + } + + function isTor() { + return gethostbyname( + ReverseIPOctets($_SERVER['REMOTE_ADDR']) . '.' . $_SERVER['SERVER_PORT'] . '.' . ReverseIPOctets($_SERVER['SERVER_ADDR']) . '.ip-port.exitlist.torproject.org' + ) == '127.0.0.2'; + } + + function ReverseIPOctets($inputip) { + $ipoc = explode('.', $inputip); + return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0]; + } function markup(&$body) { global $board; $body = utf8tohtml($body, true); - if(MARKUP_URLS) - $body = preg_replace(URL_REGEX, "$0", $body); + if(MARKUP_URLS) { + $body = preg_replace(URL_REGEX, "$0", $body, -1, $num_links); + if($num_links > MAX_LINKS) + error(ERROR_TOOMANYLINKS); + } if(AUTO_UNICODE) { $body = str_replace('...', '…', $body); @@ -602,7 +631,7 @@ $salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' ); if ( isset ( $t[2] ) ) { // secure - $trip = '!!' . substr ( crypt ( $trip, '@#$%^&*()' ), ( -1 * $length ) ); + $trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) ); } else { // insecure $trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) ); diff --git a/mod.php b/mod.php index b4355fe4..80647471 100644 --- a/mod.php +++ b/mod.php @@ -464,7 +464,7 @@ openBoard($_board['uri']); $temp = ''; - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` LIMIT :limit", $_board['uri'])); + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); $query->bindValue(':ip', $ip); $query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT); $query->execute() or error(db_error($query)); diff --git a/post.php b/post.php index 40830f0f..b8724522 100644 --- a/post.php +++ b/post.php @@ -62,6 +62,9 @@ // Check if banned checkBan(); + if(BLOCK_TOR && isTor()) + error(ERROR_TOR); + // Check if board exists if(!openBoard($post['board'])) error(ERROR_NOBOARD); @@ -85,6 +88,9 @@ $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); $post['mod'] = isset($_POST['mod']) && $_POST['mod']; + if(empty($post['body']) && FORCE_BODY) + error(ERROR_TOOSHORTBODY); + if($post['mod']) { require 'inc/mod.php'; if(!$mod) { @@ -115,6 +121,15 @@ 'maxsz'=>commaize(MAX_FILESIZE)))); } + if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) { + if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) { + $post['mod_tag'] = $match[3]; + $post['name'] = !empty($match[2])?$match[2]:'Anonymous'; + } + } else { + $post['mod_tag'] = false; + } + $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; $post['trip'] = (isset($trip[1])?$trip[1]:''); @@ -134,21 +149,40 @@ } // Check string lengths - if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); + if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); + if($post['mod_tag']) + $post['trip'] .= ' ## ' . $post['mod_tag'] . ''; + + if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body'])) { + if(ROBOT_MUTE) { + $mutetime = ROBOT_MUTE_MIN+rand()%(ROBOT_MUTE_MAX-ROBOT_MUTE_MIN); + + $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)"); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':mod', -1, PDO::PARAM_INT); + $query->bindValue(':set', time(), PDO::PARAM_INT); + $query->bindValue(':expires', time()+$mutetime, PDO::PARAM_INT); + $query->bindValue(':reason', ROBOT_MUTE_DESCRIPTION); + $query->execute() or error(db_error($query)); + + error(sprintf(ERROR_MUTED, $mutetime)); + } else { + error(ERROR_UNORIGINAL); + } + } + markup($post['body']); // Check for a flood - if(checkFlood($post)) + if(checkFlood($post)) { error(ERROR_FLOOD); - - if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && checkRobot($post['body'])) - error(ERROR_UNORIGINAL); + } if($post['has_file']) { // Just trim the filename if it's too long @@ -206,6 +240,7 @@ imagebmp($image, $post['file']); break; default: + unlink($post['file']); error('Unknwon file extension.'); } } diff --git a/style.css b/style.css index 60c36d19..058de230 100644 --- a/style.css +++ b/style.css @@ -146,6 +146,10 @@ p.intro span.name { color: #117743; font-weight: bold; } +p.intro a.nametag { + color: #F00000; + margin-left: 0; +} p.intro a { margin-left: 8px; } diff --git a/templates/posts.sql b/templates/posts.sql index 4163f125..f8e1b6fb 100644 --- a/templates/posts.sql +++ b/templates/posts.sql @@ -4,7 +4,7 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` ( `subject` varchar(40) NOT NULL, `email` varchar(30) NOT NULL, `name` varchar(25) NOT NULL, - `trip` varchar(15) DEFAULT NULL, + `trip` varchar(45) DEFAULT NULL, `body` text NOT NULL, `time` int(11) NOT NULL, `bump` int(11) DEFAULT NULL, diff --git a/templates/thread.html b/templates/thread.html index 2fd03418..e1260ff5 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -71,6 +71,7 @@
{body} + [Return.]

Copyright © 2010 OmegaSDG

\ No newline at end of file