leftypol
/
leftypol
4
5
Fork 2
Code Issues 58 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

retab inc/filters.php

pull/40/head
towards-a-new-leftypol 3 years ago
parent
193eb0694e
commit
246c77d369
1 changed files with 234 additions and 234 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 468
      inc/filters.php

468
inc/filters.php
View File

@ -9,271 +9,271 @@ defined('TINYBOARD') or exit;
require_once 'inc/anti-bot.php'; require_once 'inc/anti-bot.php';
class Filter { class Filter {
public $flood_check; public $flood_check;
private $condition; private $condition;
private $post; private $post;
public function __construct(array $arr) { public function __construct(array $arr) {
foreach ($arr as $key => $value) foreach ($arr as $key => $value)
$this->$key = $value; $this->$key = $value;
} }
public function match($condition, $match) { public function match($condition, $match) {
print_err("Filter condition: " . $condition); print_err("Filter condition: " . $condition);
$condition = strtolower($condition); $condition = strtolower($condition);
$post = &$this->post; $post = &$this->post;
switch($condition) { switch($condition) {
case 'custom': case 'custom':
if (!is_callable($match)) if (!is_callable($match))
error('Custom condition for filter is not callable!'); error('Custom condition for filter is not callable!');
return $match($post); return $match($post);
case 'flood-match': case 'flood-match':
if (!is_array($match)) if (!is_array($match))
error('Filter condition "flood-match" must be an array.'); error('Filter condition "flood-match" must be an array.');
// Filter out "flood" table entries which do not match this filter. // Filter out "flood" table entries which do not match this filter.
$flood_check_matched = array(); $flood_check_matched = array();
foreach ($this->flood_check as $flood_post) { foreach ($this->flood_check as $flood_post) {
foreach ($match as $flood_match_arg) { foreach ($match as $flood_match_arg) {
switch ($flood_match_arg) { switch ($flood_match_arg) {
case 'ip': case 'ip':
if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR']) if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR'])
continue 3; continue 3;
break; break;
case 'body': case 'body':
if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup'])) if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup']))
continue 3; continue 3;
break; break;
case 'file': case 'file':
if (!isset($post['filehash'])) if (!isset($post['filehash']))
return false; return false;
if ($flood_post['filehash'] != $post['filehash']) if ($flood_post['filehash'] != $post['filehash'])
continue 3; continue 3;
break; break;
case 'board': case 'board':
if ($flood_post['board'] != $post['board']) if ($flood_post['board'] != $post['board'])
continue 3; continue 3;
break; break;
case 'isreply': case 'isreply':
if ($flood_post['isreply'] == $post['op']) if ($flood_post['isreply'] == $post['op'])
continue 3; continue 3;
break; break;
default: default:
error('Invalid filter flood condition: ' . $flood_match_arg); error('Invalid filter flood condition: ' . $flood_match_arg);
} }
} }
$flood_check_matched[] = $flood_post; $flood_check_matched[] = $flood_post;
} }
// is there any reason for this assignment? // is there any reason for this assignment?
$this->flood_check = $flood_check_matched; $this->flood_check = $flood_check_matched;
return !empty($this->flood_check); return !empty($this->flood_check);
case 'flood-time-any': case 'flood-time-any':
foreach ($this->flood_check as $flood_post) { foreach ($this->flood_check as $flood_post) {
if (time() - $flood_post['time'] <= $match) { if (time() - $flood_post['time'] <= $match) {
print_err("rejecting post with flood id: " . $flood_post['id']); print_err("rejecting post with flood id: " . $flood_post['id']);
return true; return true;
} }
} }
return false; return false;
case 'flood-time': case 'flood-time':
foreach ($this->flood_check as $flood_post) { foreach ($this->flood_check as $flood_post) {
if (time() - $flood_post['time'] <= $match) { if (time() - $flood_post['time'] <= $match) {
return true; return true;
} }
} }
return false; return false;
case 'flood-count': case 'flood-count':
$count = 0; $count = 0;
foreach ($this->flood_check as $flood_post) { foreach ($this->flood_check as $flood_post) {
if (time() - $flood_post['time'] <= $this->condition['flood-time']) { if (time() - $flood_post['time'] <= $this->condition['flood-time']) {
++$count; ++$count;
} }
} }
return $count >= $match; return $count >= $match;
case 'name': case 'name':
return preg_match($match, $post['name']); return preg_match($match, $post['name']);
case 'trip': case 'trip':
return $match === $post['trip']; return $match === $post['trip'];
case 'email': case 'email':
return preg_match($match, $post['email']); return preg_match($match, $post['email']);
case 'subject': case 'subject':
return preg_match($match, $post['subject']); return preg_match($match, $post['subject']);
case 'body': case 'body':
return preg_match($match, $post['body_nomarkup']); return preg_match($match, $post['body_nomarkup']);
case 'filehash': case 'filehash':
return $match === $post['filehash']; return $match === $post['filehash'];
case 'filename': case 'filename':
if (!$post['files']) if (!$post['files'])
return false; return false;
foreach ($post['files'] as $file) { foreach ($post['files'] as $file) {
if (preg_match($match, $file['filename'])) { if (preg_match($match, $file['filename'])) {
return true; return true;
} }
} }
return false; return false;
case 'extension': case 'extension':
if (!$post['files']) if (!$post['files'])
return false; return false;
foreach ($post['files'] as $file) { foreach ($post['files'] as $file) {
if (preg_match($match, $file['extension'])) { if (preg_match($match, $file['extension'])) {
return true; return true;
} }
} }
return false; return false;
case 'ip': case 'ip':
return preg_match($match, $_SERVER['REMOTE_ADDR']); return preg_match($match, $_SERVER['REMOTE_ADDR']);
case 'op': case 'op':
return $post['op'] == $match; return $post['op'] == $match;
case 'has_file': case 'has_file':
return $post['has_file'] == $match; return $post['has_file'] == $match;
case 'board': case 'board':
return $post['board'] == $match; return $post['board'] == $match;
case 'password': case 'password':
return $post['password'] == $match; return $post['password'] == $match;
default: default:
error('Unknown filter condition: ' . $condition); error('Unknown filter condition: ' . $condition);
} }
} }
public function action() { public function action() {
global $board; global $board;
$this->add_note = isset($this->add_note) ? $this->add_note : false; $this->add_note = isset($this->add_note) ? $this->add_note : false;
if ($this->add_note) { if ($this->add_note) {
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':mod', -1); $query->bindValue(':mod', -1);
$query->bindValue(':time', time()); $query->bindValue(':time', time());
$query->bindValue(':body', "Autoban message: ".$this->post['body']); $query->bindValue(':body', "Autoban message: ".$this->post['body']);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
} }
if (isset ($this->action)) switch($this->action) { if (isset ($this->action)) switch($this->action) {
case 'reject': case 'reject':
error(isset($this->message) ? $this->message : 'Posting blocked by filter.'); error(isset($this->message) ? $this->message : 'Posting blocked by filter.');
case 'ban': case 'ban':
if (!isset($this->reason)) if (!isset($this->reason))
error('The ban action requires a reason.'); error('The ban action requires a reason.');
$this->expires = isset($this->expires) ? $this->expires : false; $this->expires = isset($this->expires) ? $this->expires : false;
$this->reject = isset($this->reject) ? $this->reject : true; $this->reject = isset($this->reject) ? $this->reject : true;
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false; $this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1); Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
if ($this->reject) { if ($this->reject) {
if (isset($this->message)) if (isset($this->message))
error($message); error($message);
checkBan($board['uri']); checkBan($board['uri']);
exit; exit;
} }
break; break;
default: default:
error('Unknown filter action: ' . $this->action); error('Unknown filter action: ' . $this->action);
} }
} }
public function check(array $post) { public function check(array $post) {
$this->post = $post; $this->post = $post;
foreach ($this->condition as $condition => $value) { foreach ($this->condition as $condition => $value) {
if ($condition[0] == '!') { if ($condition[0] == '!') {
$NOT = true; $NOT = true;
$condition = substr($condition, 1); $condition = substr($condition, 1);
} else { } else {
$NOT = false; $NOT = false;
} }
if ($this->match($condition, $value) == $NOT) if ($this->match($condition, $value) == $NOT)
return false; return false;
} }
return true; return true;
} }
} }
function purge_flood_table() { function purge_flood_table() {
global $config; global $config;
// Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not // Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not
// aware of flood filters in other board configurations. You can solve this problem by settings the // aware of flood filters in other board configurations. You can solve this problem by settings the
// config variable $config['flood_cache'] (seconds). // config variable $config['flood_cache'] (seconds).
if (isset($config['flood_cache'])) { if (isset($config['flood_cache'])) {
$max_time = &$config['flood_cache']; $max_time = &$config['flood_cache'];
} else { } else {
$max_time = 0; $max_time = 0;
foreach ($config['filters'] as $filter) { foreach ($config['filters'] as $filter) {
if (isset($filter['condition']['flood-time'])) if (isset($filter['condition']['flood-time']))
$max_time = max($max_time, $filter['condition']['flood-time']); $max_time = max($max_time, $filter['condition']['flood-time']);
} }
} }
$time = time() - $max_time; $time = time() - $max_time;
query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error()); query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error());
} }
function do_filters(array $post) { function do_filters(array $post) {
global $config; global $config;
print_err("do_filters begin"); print_err("do_filters begin");
if (!isset($config['filters']) || empty($config['filters'])) if (!isset($config['filters']) || empty($config['filters']))
return; return;
// look at the flood table regardless of IP // look at the flood table regardless of IP
$noip = false; $noip = false;
foreach ($config['filters'] as $filter) { foreach ($config['filters'] as $filter) {
if (isset($filter['condition']['flood-match']) && (!isset($filter['noip']) || $filter['noip'] == false)) { if (isset($filter['condition']['flood-match']) && (!isset($filter['noip']) || $filter['noip'] == false)) {
$has_flood = true; $has_flood = true;
break; break;
} else if ($filter['noip'] == true) { } else if ($filter['noip'] == true) {
print_err("filters noip is true"); print_err("filters noip is true");
$noip = true; $noip = true;
$find_time = time() - $filter['find-time']; $find_time = time() - $filter['find-time'];
} }
} }
if ($noip) { if ($noip) {
print_err("SELECT * FROM flood WHERE time > " . strval($find_time)); print_err("SELECT * FROM flood WHERE time > " . strval($find_time));
$query = prepare("SELECT * FROM ``flood`` WHERE `time` > $find_time"); $query = prepare("SELECT * FROM ``flood`` WHERE `time` > $find_time");
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
$flood_check = $query->fetchAll(PDO::FETCH_ASSOC); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC);
} else if (isset($has_flood)) { } else if (isset($has_flood)) {
if ($post['has_file']) { if ($post['has_file']) {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash"); $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
$query->bindValue(':filehash', $post['filehash']); $query->bindValue(':filehash', $post['filehash']);
} else { } else {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash"); $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
} }
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
$flood_check = $query->fetchAll(PDO::FETCH_ASSOC); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC);
} else { } else {
$flood_check = false; $flood_check = false;
} }
foreach ($config['filters'] as $filter_array) { foreach ($config['filters'] as $filter_array) {
print_err("creating new filter, running check"); print_err("creating new filter, running check");
$filter = new Filter($filter_array); $filter = new Filter($filter_array);
$filter->flood_check = $flood_check; $filter->flood_check = $flood_check;
if ($filter->check($post)) { if ($filter->check($post)) {
$filter->action(); $filter->action();
} }
} }
purge_flood_table(); purge_flood_table();
} }

Write Preview
Loading…
Cancel
Save