Browse Source

Changed config to an array

pull/40/head
Savetheinternet 13 years ago
parent
commit
3737439338
  1. 368
      inc/config.php
  2. 14
      inc/database.php
  3. 122
      inc/display.php
  4. 137
      inc/functions.php
  5. 41
      inc/instance-config.php
  6. 2
      inc/template.php
  7. 12
      inc/user.php
  8. 156
      mod.php
  9. 265
      post.php

368
inc/config.php

@ -9,317 +9,325 @@
*
*/
$config = Array(
'db' => Array(),
'cookies' => Array(),
'error' => Array(),
'dir' => Array(),
'mod' => Array()
);
// Database stuff
// SQL driver ("mysql", "pgsql", "sqlite", "dblib", etc)
// http://www.php.net/manual/en/pdo.drivers.php
define('DB_TYPE', 'mysql', true);
$config['db']['type'] = 'mysql';
// Hostname or IP address
define('DB_SERVER', 'localhost', true);
$config['db']['server'] = 'localhost';
// Login
define('DB_USER', '', true);
define('DB_PASSWORD', '', true);
// TinyBoard database
define('DB_DATABASE', '', true);
$config['db']['user'] = '';
$config['db']['password'] = '';
// Tinyboard database
$config['db']['database'] = '';
// Anything more to add to the DSN string (eg. port=xxx;foo=bar)
define('DB_DSN', '', true);
$config['db']['dsn'] = '';
// The name of the session cookie (PHP's $_SESSION)
define('SESS_COOKIE', 'imgboard', true);
$config['cookies']['session']= 'imgboard';
// Used to safely determine when the user was first seen, to prevent floods.
// time()
define('TIME_COOKIE', 'arrived', true);
// HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification.
define('HASH_COOKIE', 'hash', true);
// Used to safely determine when the user was first seen, to prevent floods. Contains a UNIX timestamp.
$config['cookies']['time'] = 'arrived';
// Contains an MD5 hash of $config['cookies']['time'] for verification.
$config['cookies']['hash'] = 'hash';
// Used for moderation login
define('MOD_COOKIE', 'mod', true);
// Where to set the 'path' parameter to ROOT when creating cookies. Recommended.
define('JAIL_COOKIES', true, true);
$config['cookies']['mod'] = 'mod';
// Where to set the 'path' parameter to $config['root'] when creating cookies. Recommended.
$config['cookies']['jail'] = true;
// How long should the cookies last (in seconds)
define('COOKIE_EXPIRE', 15778463, true); //6 months
// How long should moderators should remain logged in (0=browser session) (in seconds)
define('MOD_EXPIRE', 15778463, true);
$config['cookies']['expire']= 15778463; //6 months
// Make this something long and random for security
define('SALT', 'wefaw98YHEWUFuo', true);
define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true);
$config['cookies']['salt'] = 'wefaw98YHEWUFuo';
// How long should moderators should remain logged in (0=browser session) (in seconds)
$config['mod']['expire'] = 15778463; //6 months
// Used to salt secure tripcodes (##trip)
$config['secure_trip_salt'] = '@#$&^@#)$(*&@!_$(&329-8347';
// How many seconds before you can post, after the first visit
define('LURKTIME', 30, true);
$config['lurktime'] = 30;
// How many seconds between each post
define('FLOOD_TIME', 10, true);
$config['flood_time'] = 10;
// How many seconds between each post with exactly the same content and same IP
define('FLOOD_TIME_IP_SAME', 120, true);
$config['flood_time_ip'] = 120;
// Same as above but different IP address
define('FLOOD_TIME_SAME', 30, true);
$config['flood_time_same'] = 30;
// Do you need a body for your non-OP posts?
define('FORCE_BODY', true, true);
$config['force_body'] = true;
// Max body length
define('MAX_BODY', 1800, true);
$config['max_body'] = 1800;
define('THREADS_PER_PAGE', 10, true);
define('MAX_PAGES', 10, true);
define('THREADS_PREVIEW', 5, true);
$config['threads_per_page'] = 10;
$config['max_pages'] = 10;
$config['threads_preview'] = 5;
// For development purposes. Turns 'display_errors' on. Not recommended for production.
define('VERBOSE_ERRORS', true, true);
$config['verbose_errors'] = true;
// Error messages
define('ERROR_LURK', 'Lurk some more before posting.', true);
define('ERROR_BOT', 'You look like a bot.', true);
define('ERROR_TOOLONG', 'The %s field was too long.', true);
define('ERROR_TOOLONGBODY', 'The body was too long.', true);
define('ERROR_TOOSHORTBODY', 'The body was too short or empty.', true);
define('ERROR_NOIMAGE', 'You must upload an image.', true);
define('ERROR_NOMOVE', 'The server failed to handle your upload.', true);
define('ERROR_FILEEXT', 'Unsupported image format.', true);
define('ERROR_NOBOARD', 'Invalid board!', true);
define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true);
define('ERROR_LOCKED', 'Thread locked. You may not reply at this time.', true);
define('ERROR_NOPOST', 'You didn\'t make a post.', true);
define('ERROR_FLOOD', 'Flood detected; Post discared.', true);
define('ERROR_UNORIGINAL', 'Unoriginal content!', true);
define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true);
define('ERROR_YOUAREMUTED', 'You are muted! Expires in %d seconds.', true);
define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true);
define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true);
define('ERROR_NODELETE', 'You didn\'t select anything to delete.', true);
define('ERROR_INVALIDPASSWORD', 'Wrong password…', true);
define('ERR_INVALIDIMG','Invalid image.', true);
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
define('ERR_MAXSIZE', 'The file was too big.', true);
define('ERR_INVALIDZIP', 'Invalid archive!', true);
$config['error']['lurk'] = 'Lurk some more before posting.';
$config['error']['bot'] = 'You look like a bot.';
$config['error']['toolong'] = 'The %s field was too long.';
$config['error']['toolong_body'] = 'The body was too long.';
$config['error']['tooshort_body'] = 'The body was too short or empty.';
$config['error']['noimage'] = 'You must upload an image.';
$config['error']['nomove'] = 'The server failed to handle your upload.';
$config['error']['fileext'] = 'Unsupported image format.';
$config['error']['noboard'] = 'Invalid board!';
$config['error']['nonexistant'] = 'Thread specified does not exist.';
$config['error']['locked'] = 'Thread locked. You may not reply at this time.';
$config['error']['nopost'] = 'You didn\'t make a post.';
$config['error']['flood'] = 'Flood detected; Post discared.';
$config['error']['unoriginal'] = 'Unoriginal content!';
$config['error']['muted'] = 'Unoriginal content! You have been muted for %d seconds.';
$config['error']['youaremuted'] = 'You are muted! Expires in %d seconds.';
$config['error']['tor'] = 'Hmm… That looks like a Tor exit node.';
$config['error']['toomanylinks'] = 'Too many links; flood detected.';
$config['error']['nodelete'] = 'You didn\'t select anything to delete.';
$config['error']['invalidpassword'] = 'Wrong password…';
$config['error']['invalidimg'] = 'Invalid image.';
$config['error']['filesize'] = 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes';
$config['error']['maxsize'] = 'The file was too big.';
$config['error']['invalidzip'] = 'Invalid archive!';
// Moderator errors
define('ERROR_INVALID', 'Invalid username and/or password.', true);
define('ERROR_NOTAMOD', 'You are not a mod…', true);
define('ERROR_INVALIDAFTER', 'Invalid username and/or password. Your user may have been deleted or changed.', true);
define('ERROR_MALFORMED','Invalid/malformed cookies.', true);
define('ERROR_MISSEDAFIELD', 'Your browser didn\'t submit an input when it should have.', true);
define('ERROR_REQUIRED', 'The %s field is required.', true);
define('ERROR_INVALIDFIELD', 'The %s field was invalid.', true);
define('ERROR_BOARDEXISTS', 'There is already a %s board.', true);
define('ERROR_NOACCESS', 'You don\'t have permission to do that.', true);
define('ERROR_INVALIDPOST', 'That post doesn\'t exist…', true);
define('ERROR_404', 'Page not found.', true);
$config['error']['invalid'] = 'Invalid username and/or password.';
$config['error']['notamod'] = 'You are not a mod…';
$config['error']['invalidafter'] = 'Invalid username and/or password. Your user may have been deleted or changed.';
$config['error']['malformed'] = 'Invalid/malformed cookies.';
$config['error']['missedafield'] = 'Your browser didn\'t submit an input when it should have.';
$config['error']['required'] = 'The %s field is required.';
$config['error']['invalidfield'] = 'The %s field was invalid.';
$config['error']['boardexists'] = 'There is already a %s board.';
$config['error']['noaccess'] = 'You don\'t have permission to do that.';
$config['error']['invalidpost'] = 'That post doesn\'t exist…';
$config['error']['404'] = 'Page not found.';
// Reply limit (deletes thread when this is reached)
define('REPLY_LIMIT', 250, true);
$config['reply_limit'] = 250;
// For resizing, max values
define('THUMB_WIDTH', 225, true);
define('THUMB_HEIGHT', 225, true);
$config['thumb_width'] = 255;
$config['thumb_height'] = 255;
// Store image hash in the database for r9k-like boards implementation soon
// Function name for hashing
// sha1_file, md5_file, etc.
define('FILE_HASH', 'sha1_file', true);
$config['file_hash'] = 'sha1_file';
define('BLOCK_TOR', true, true);
$config['block_tor'] = true;
// Typically spambots try to post a lot of links. Refuse a post with X standalone links?
define('MAX_LINKS', 20, true);
$config['max_links'] = 20;
// Maximum image upload size in bytes
define('MAX_FILESIZE', 10*1024*1024, true); // 10MB
$config['max_filesize'] = 10*1024*1024; // 10MB
// Maximum image dimensions
define('MAX_WIDTH', 10000, true);
define('MAX_HEIGHT', MAX_WIDTH, true);
/* When you upload a ZIP as a file, all the images inside the archive
* get dumped into the thread as replies.
* Extremely beta and not recommended yet.
*/
define('ALLOW_ZIP', false, true);
$config['max_width'] = 1000;
$config['max_height'] = $config['max_width']; // 1:1
/**
Redraw the image using GD functions to strip any excess data (commonly ZIP archives)
WARNING: Very beta. Currently strips animated GIFs too :(
WARNING: Currently strips animated GIFs too :(
**/
define('REDRAW_IMAGE', false, true);
$config['redraw_image'] = false;
// Redrawing configuration
define('JPEG_QUALITY', 100, true);
define('REDRAW_GIF', false, true);
$config['jpeg_quality'] = 100;
// Temporary fix for the animation-stripping bug
$config['redraw_gifs'] = false;
// Display the aspect ratio in a post's file info
define('SHOW_RATIO', true, true);
define('DIR_IMG', 'src/', true);
define('DIR_THUMB', 'thumb/', true);
define('DIR_RES', 'res/', true);
define('DIR_STATIC', 'static/', true);
// Where to store the .html templates. This folder and templates must exist or fatal errors will be thrown.
define('DIR_TEMPLATE', getcwd() . '/templates', true);
$config['show_ratio'] = true;
// The root directory, including the trailing slash, for Tinyboard.
// examples: '/', 'http://boards.chan.org/', '/chan/'
define('ROOT', '/', true);
$config['root'] = '/';
$config['dir']['img'] = 'src/';
$config['dir']['thumb'] = 'thumb/';
$config['dir']['res'] = 'res/';
// For load balancing, having a seperate server (and domain/subdomain) for serving static content is possible.
// This can either be a directory or a URL (eg. http://static.example.org/)
$config['dir']['static'] = $config['root'] . 'static/';
// Where to store the .html templates. This folder and templates must exist or fatal errors will be thrown.
$config['dir']['template'] = getcwd() . '/templates';
// Static images
// These can be URLs OR base64 (data URI scheme)
define('IMAGE_STICKY', ROOT . DIR_STATIC . 'sticky.gif', true);
define('IMAGE_LOCKED', ROOT . DIR_STATIC . 'locked.gif', true);
define('DELETED_IMAGE', ROOT . DIR_STATIC . 'deleted.png', true);
define('ZIP_IMAGE', ROOT . DIR_STATIC . 'zip.png', true);
$config['image_sticky'] = $config['dir']['static'] . 'sticky.gif';
$config['image_locked'] = $config['dir']['static'] . 'locked.gif';
$config['image_deleted'] = $config['dir']['static'] . 'deleted.png';
$config['image_zip'] = $config['dir']['static'] . 'zip.png';
// If for some reason the folders and static HTML index files aren't in the current working direcotry,
// enter the directory path here. Otherwise, keep it false.
define('ROOT_FILE', false, true);
$config['root_file'] = false;
define('POST_URL', ROOT . 'post.php', true);
define('FILE_INDEX', 'index.html', true);
define('FILE_PAGE', '%d.html', true);
define('FILE_MOD', 'mod.php', true);
$config['file_index'] = 'index.html';
$config['file_page'] = '%d.html';
$config['file_mod'] = 'mod.php';
// Multi-board (%s is board abbreviation)
define('BOARD_PATH', '%s/', true);
$config['board_path'] = '%s/';
// The HTTP status code to use when redirecting.
// Should be 3xx (redirection). http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
// "302" is recommended.
define('REDIRECT_HTTP', 302, true);
$config['redirect_http'] = 302;
// TODO: Put this in per-board instance-config instead
// Robot stuff
// Strip repeating characters when making hashes
define('ROBOT_ENABLE', true, true);
define('ROBOT_BOARD', 'r9k', true);
define('ROBOT_STRIP_REPEATING', true, true);
$config['robot_enable'] = false;
$config['robot_strip_repeating'] = true;
// Enable mutes
define('ROBOT_MUTE', true, true);
define('ROBOT_MUTE_HOUR', 50, true); // How many mutes X hours ago to include in the algorithm
define('ROBOT_MUTE_MULTIPLIER', 2, true);
define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true);
// Tinyboard uses ROBOT9000's original 2^x implementation
$config['robot_mute'] = true;
// How many mutes x hours ago to include in the algorithm
$config['robot_mute_hour'] = 50;
// If you want to alter the algorithm a bit. Default value is 2. n^x
$config['robot_mute_multiplier'] = 2;
$config['robot_mute_descritpion'] = 'You have been muted for unoriginal content.';
/*
Mod stuff
*/
// Whether or not to lock moderator sessions to the IP address that was logged in with.
define('MOD_LOCK_IP', true, true);
$config['mod']['lock_ip'] = true;
// The page that is first shown when a moderator logs in. Defaults to the dashboard.
define('MOD_DEFAULT', '/', true);
// Don't even display MySQL password to administrators (in the configuration page)
define('MOD_NEVER_REAL_PASSWORD', true, true);
$config['mod']['default'] = '/';
// Don't even display MySQL password to administrators (in the configuration page).
$config['mod']['never_reveal_password'] = true;
// Do a DNS lookup on IP addresses to get their hostname on the IP summary page
define('MOD_DNS_LOOKUP', true, true);
$config['mod']['dns_lookup'] = true;
// Show ban form on the IP summary page
define('MOD_IP_BANFORM', true, true);
$config['mod']['ip_banform'] = true;
// How many recent posts, per board, to show in the IP summary page
define('MOD_IP_RECENTPOSTS', 5, true);
$config['mod']['ip_recentposts'] = 5;
// Probably best not to change these:
define('MOD_JANITOR', 0, true);
define('MOD_MOD', 1, true);
define('MOD_ADMIN', 2, true);
define('JANITOR', 0, true);
define('MOD', 1, true);
define('ADMIN', 2, true);
// Permissions
// What level of administration you need to:
/* Post Controls */
// View IP addresses
define('MOD_SHOW_IP', MOD_MOD, true);
$config['mod']['show_ip'] = MOD;
// Delete a post
define('MOD_DELETE', MOD_JANITOR, true);
$config['mod']['delete'] = JANITOR;
// Ban a user for a post
define('MOD_BAN', MOD_MOD, true);
$config['mod']['ban'] = MOD;
// Ban and delete (one click; instant)
define('MOD_BANDELETE', MOD_BAN, true);
$config['mod']['bandelete'] = MOD;
// Delete file (and keep post)
define('MOD_DELETEFILE', MOD_JANITOR, true);
$config['mod']['deletefile'] = JANITOR;
// Delete all posts by IP
define('MOD_DELETEBYIP', MOD_BAN, true);
$config['mod']['deletebyip'] = MOD;
// Sticky a thread
define('MOD_STICKY', MOD_MOD, true);
$config['mod']['sticky'] = MOD;
// Lock a thread
define('MOD_LOCK', MOD_MOD, true);
$config['mod']['lock'] = MOD;
// Post in a locked thread
define('MOD_POSTINLOCKED', MOD_MOD, true);
$config['mod']['postinlocked'] = MOD;
// Post bypass unoriginal content check
define('MOD_POSTUNORIGINAL', MOD_MOD, true);
$config['mod']['postunoriginal'] = MOD;
// Raw HTML posting
define('MOD_RAWHTML', MOD_MOD, true);
$config['mod']['rawhtml'] = MOD;
/* Administration */
// Display the contents of instant-config.php
define('MOD_SHOW_CONFIG', MOD_ADMIN, true);
// Display the contents of instance-config.php
$config['mod']['show_config'] = ADMIN;
// View list of bans
define('MOD_VIEW_BANLIST', MOD_MOD, true);
$config['mod']['view_banlist'] = MOD;
// View the username of the mod who made a ban
define('MOD_VIEW_BANSTAFF', MOD_MOD, true);
// If the moderator doesn't fit the MOD_VIEW_BANSTAFF (previous) permission,
$config['mod']['view_banstaff'] = MOD;
// If the moderator doesn't fit the $config['mod']['view_banstaff''] (previous) permission,
// show him just a "?" instead. Otherwise, it will be "Mod" or "Admin"
define('MOD_VIEW_BANQUESTIONMARK', false, true);
$config['mod']['view_banquestionmark'] = false;
// Show expired bans in the ban list (they are kept in cache until the culprit returns)
define('MOD_VIEW_BANEXPIRED', true, true);
$config['mod']['view_banexpired'] = true;
// Create a new board
define('MOD_NEWBOARD', MOD_ADMIN, true);
$config['mod']['newboard'] = ADMIN;
// Mod links (full HTML)
// Correspond to above permission directives
define('MOD_LINK_DELETE', '[D]', true);
define('MOD_LINK_BAN', '[B]', true);
define('MOD_LINK_BANDELETE', '[B&amp;D]', true);
define('MOD_LINK_DELETEFILE', '[F]', true);
define('MOD_LINK_DELETEBYIP', '[D+]', true);
define('MOD_LINK_STICKY', '[Sticky]', true);
define('MOD_LINK_DESTICKY', '[-Sticky]', true);
define('MOD_LINK_LOCK', '[Lock]', true);
define('MOD_LINK_UNLOCK', '[-Lock]', true);
$config['mod']['link_delete'] = '[D]';
$config['mod']['link_ban'] = '[B]';
$config['mod']['link_bandelete'] = '[B&amp;D]';
$config['mod']['link_deletefile'] = '[F]';
$config['mod']['link_deletebyip'] = '[D+]';
$config['mod']['link_sticky'] = '[Sticky]';
$config['mod']['link_desticky'] = '[-Sticky]';
$config['mod']['link_lock'] = '[Lock]';
$config['mod']['link_unlock'] = '[-Lock]';
// A small file in the main directory indicating that the script has been ran and the board(s) have been generated.
// This keeps the script from querying the database and causing strain when not needed.
define('HAS_INSTALLED', '.installed', true);
$config['has_installed'] = '.installed';
// Name of the boards. Typically '/%s/' (/b/, /mu/, etc)
// BOARD_ABBREVIATION - BOARD_TITLE
define('BOARD_ABBREVIATION', '/%s/', true);
// Name of the boards. Usually '/%s/' (/b/, /mu/, etc)
// $config['board_abbreviation'] - BOARD_TITLE
$config['board_abbreviation'] = '/%s/';
// Automatically convert things like "..." to Unicode characters ("…")
define('AUTO_UNICODE', true, true);
$config['auto_unicode'] = true;
// Use some Wiki-like syntax (''em'', '''strong''', ==Heading==, etc)
define('WIKI_MARKUP', true, true);
$config['wiki_markup'] = true;
// Whether to turn URLs into functional links
define('MARKUP_URLS', true, true);
$config['markup_urls'] = true;
// Complex regular expression to catch URLs
define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(\/([\w\-~\.#\/?=&;:+%]+)?)?' . '/', true);
$config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(\/([\w\-~\.#\/?=&;:+%]+)?)?' . '/';
// Allowed file extensions
$allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png', true);
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');
define('BUTTON_NEWTOPIC', 'New Topic', true);
define('BUTTON_REPLY', 'New Reply', true);
// The names on the post buttons. (On most imageboards, these are both "Post".)
$config['button_newtopic'] = 'New Topic';
$config['button_reply'] = 'New Reply';
// The string passed to date() for post times
// http://php.net/manual/en/function.date.php
define('POST_DATE', 'm/d/y (D) H:i:s', true);
$config['post_date'] = 'm/d/y (D) H:i:s';
define('ALWAYS_NOKO', false, true);
// Always act as if they had typed "noko" in the email field no mattter what
$config['always_noko'] = false;
define('URL_MATCH', '/^' .
(preg_match(URL_REGEX, ROOT) ? '' :
$config['url_match'] = '/^' .
(preg_match($config['url_regex'], $config['root']) ? '' :
(@$_SERVER['HTTPS']?'https':'http') .
':\/\/'.$_SERVER['HTTP_HOST']) .
preg_quote(ROOT, '/') .
preg_quote($config['root'], '/') .
'(' .
str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
'|' .
str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) .
preg_quote(FILE_INDEX, '/') .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
preg_quote($config['file_index'], '/') .
'|' .
str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) .
str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
'|' .
preg_quote(FILE_MOD, '/') .
preg_quote($config['file_mod'], '/') .
'\?\/.+' .
')$/i', true);
')$/i';
if(ROOT_FILE) {
chdir(ROOT_FILE);
if($config['root_file']) {
chdir($config['root_file']);
}
if(VERBOSE_ERRORS) {
if($config['verbose_errors']) {
error_reporting(E_ALL);
ini_set('display_errors', 1);
}
?>

14
inc/database.php

@ -1,20 +1,20 @@
<?php
function sql_open() {
global $pdo;
global $pdo, $config;
if($pdo) return true;
$dsn = DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE;
if((bool)DB_DSN) // empty() doesn't work on constants
$dsn .= ';' . DB_DSN;
$dsn = $config['db']['type'] . ':host=' . $config['db']['server'] . ';dbname=' . $config['db']['database'];
if(!empty($config['db']['dsn']))
$dsn .= ';' . $config['db']['dsn'];
try {
return $pdo = new PDO($dsn, DB_USER, DB_PASSWORD);
return $pdo = new PDO($dsn, $config['db']['user'], $config['db']['password']);
} catch(PDOException $e) {
$message = $e->getMessage();
// Remove any sensitive information
$message = str_replace(DB_USER, '<em>hidden</em>', $message);
$message = str_replace(DB_PASSWORD, '<em>hidden</em>', $message);
$message = str_replace($config['db']['user'], '<em>hidden</em>', $message);
$message = str_replace($config['db']['password'], '<em>hidden</em>', $message);
// Print error
error('Database error: ' . $message);

122
inc/display.php

@ -20,30 +20,32 @@
}
function error($message) {
global $board, $mod;
global $board, $mod, $config;
if(function_exists('sql_close')) sql_close();
die(Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'Error',
'subtitle'=>'An error has occured.',
'body'=>"<center>" .
"<h2>$message</h2>" .
(isset($board) ?
"<p><a href=\"" . ROOT .
($mod ? FILE_MOD . '?/' : '') .
$board['dir'] . FILE_INDEX . "\">Go back</a>.</p>" : '').
"<p><a href=\"" . $config['root'] .
($mod ? $config['file_mod'] . '?/' : '') .
$board['dir'] . $config['file_index'] . "\">Go back</a>.</p>" : '').
"</center>"
)));
}
function loginForm($error=false, $username=false) {
global $config;
if(function_exists('sql_close')) sql_close();
die(Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'Login',
'body'=>Element('login.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'error'=>$error,
'username'=>$username
)
@ -52,7 +54,10 @@
}
class Post {
public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT, $mod=false) {
public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=null, $mod=false) {
global $config;
if(!isset($root)) $root = $config['root'];
$this->id = $id;
$this->thread = $thread;
$this->subject = utf8tohtml($subject);
@ -77,13 +82,13 @@
// Fix internal links
// Very complicated regex
$this->body = preg_replace(
'/<a(([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*href="' . preg_quote(ROOT, '/') . '(' . sprintf(preg_quote(BOARD_PATH, '/'), '\w+') . ')/',
'/<a(([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/',
'<a href="?/$3',
$this->body
);
}
public function postControls() {
global $board;
global $board, $config;
$built = '';
if($this->mod) {
@ -91,24 +96,24 @@
$built .= '<span class="controls">';
// Delete
if($this->mod['type'] >= MOD_DELETE)
$built .= ' <a title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . MOD_LINK_DELETE . '</a>';
if($this->mod['type'] >= $config['mod']['delete'])
$built .= ' <a title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . $config['mod']['link_delete'] . '</a>';
// Delete all posts by IP
if($this->mod['type'] >= MOD_DELETEBYIP)
$built .= ' <a title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . MOD_LINK_DELETEBYIP . '</a>';
if($this->mod['type'] >= $config['mod']['deletebyip'])
$built .= ' <a title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . $config['mod']['link_deletebyip'] . '</a>';
// Ban
if($this->mod['type'] >= MOD_BAN)
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . MOD_LINK_BAN . '</a>';
if($this->mod['type'] >= $config['mod']['ban'])
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if($this->mod['type'] >= MOD_BANDELETE)
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . MOD_LINK_BANDELETE . '</a>';
if($this->mod['type'] >= $config['mod']['bandelete'])
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Delete file (keep post)
if(!empty($this->file) && $this->mod['type'] >= MOD_DELETEFILE)
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . MOD_LINK_DELETEFILE . '</a>';
if(!empty($this->file) && $this->mod['type'] >= $config['mod']['deletefile'])
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . $config['mod']['link_deletefile'] . '</a>';
$built .= '</span>';
}
@ -116,7 +121,7 @@
}
public function build($index=false) {
global $board;
global $board, $config;
$built = '<div class="post reply"' . (!$index?' id="reply_' . $this->id . '"':'') . '>' .
'<p class="intro"' . (!$index?' id="' . $this->id . '"':'') . '>' .
@ -135,7 +140,7 @@
. (!empty($this->trip) ? ' <span class="trip">'.$this->trip.'</span>':'');
// IP Address
if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) {
if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) {
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
}
@ -144,7 +149,7 @@
$built .= '</a>';
// Date/time
$built .= ' ' . date(POST_DATE, $this->time);
$built .= ' ' . date($config['post_date'], $this->time);
// End delete
$built .= '</label>';
@ -152,20 +157,20 @@
$built .= ' <a class="post_no"' .
// JavaScript highlight
($index?'':' onclick="highlightReply(' . $this->id . ');"') .
' href="' . $this->root . $board['dir'] . DIR_RES . $this->thread . '.html' . '#' . $this->id . '">No.</a>' .
' href="' . $this->root . $board['dir'] . $config['dir']['res'] . $this->thread . '.html' . '#' . $this->id . '">No.</a>' .
// JavaScript cite
'<a class="post_no"' . ($index?'':' onclick="citeReply(' . $this->id . ');"') . ' href="' . ($index?$this->root . $board['dir'] . DIR_RES . $this->thread . '.html' . '#q' . $this->id:'javascript:void(0);') . '">'.$this->id.'</a>' .
'<a class="post_no"' . ($index?'':' onclick="citeReply(' . $this->id . ');"') . ' href="' . ($index?$this->root . $board['dir'] . $config['dir']['res'] . $this->thread . '.html' . '#q' . $this->id:'javascript:void(0);') . '">'.$this->id.'</a>' .
'</p>';
// File info
if(!empty($this->file) && $this->file != 'deleted') {
$built .= '<p class="fileinfo">File: <a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
$built .= '<p class="fileinfo">File: <a href="' . $config['root'] . $board['dir'] . $config['dir']['img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize
format_bytes($this->filesize) . ', ' .
// File dimensions
$this->filex . 'x' . $this->filey;
// Aspect Ratio
if(SHOW_RATIO) {
if($config['show_ratio']) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}
@ -173,9 +178,9 @@
$built .= ', ' . $this->filename . ')</span></p>' .
// Thumbnail
'<a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file.'"><img src="' . ROOT . $board['dir'] . DIR_THUMB . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" /></a>';
'<a href="' . $config['root'] . $board['dir'] . $config['dir']['img'] . $this->file.'"><img src="' . $config['root'] . $board['dir'] . $config['dir']['thumb'] . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" /></a>';
} elseif($this->file == 'deleted') {
$built .= '<img src="' . DELETED_IMAGE . '" />';
$built .= '<img src="' . $config['image_deleted'] . '" />';
}
$built .= $this->postControls();
@ -189,7 +194,10 @@
class Thread {
public $omitted = 0;
public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $root=ROOT, $mod=false) {
public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $root=null, $mod=false) {
global $config;
if(!isset($root)) $root = $config['root'];
$this->id = $id;
$this->subject = utf8tohtml($subject);
$this->email = $email;
@ -217,7 +225,7 @@
// Fix internal links
// Very complicated regex
$this->body = preg_replace(
'/<a(([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*href="' . preg_quote(ROOT, '/') . '(' . sprintf(preg_quote(BOARD_PATH, '/'), '\w+') . ')/',
'/<a(([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/',
'<a href="?/$3',
$this->body
);
@ -226,7 +234,7 @@
$this->posts[] = $post;
}
public function postControls() {
global $board;
global $board, $config;
$built = '';
if($this->mod) {
@ -234,34 +242,34 @@
$built .= '<span class="controls op">';
// Delete
if($this->mod['type'] >= MOD_DELETE)
$built .= ' <a title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . MOD_LINK_DELETE . '</a>';
if($this->mod['type'] >= $config['mod']['delete'])
$built .= ' <a title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . $config['mod']['link_delete'] . '</a>';
// Delete all posts by IP
if($this->mod['type'] >= MOD_DELETEBYIP)
$built .= ' <a title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . MOD_LINK_DELETEBYIP . '</a>';
if($this->mod['type'] >= $config['mod']['deletebyip'])
$built .= ' <a title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . $config['mod']['link_deletebyip'] . '</a>';
// Ban
if($this->mod['type'] >= MOD_BAN)
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . MOD_LINK_BAN . '</a>';
if($this->mod['type'] >= $config['mod']['ban'])
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if($this->mod['type'] >= MOD_BANDELETE)
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . MOD_LINK_BANDELETE . '</a>';
if($this->mod['type'] >= $config['mod']['bandelete'])
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Stickies
if($this->mod['type'] >= MOD_STICKY)
if($this->mod['type'] >= $config['mod']['sticky'])
if($this->sticky)
$built .= ' <a title="Make thread not sticky" href="?/' . $board['uri'] . '/unsticky/' . $this->id . '">' . MOD_LINK_DESTICKY . '</a>';
$built .= ' <a title="Make thread not sticky" href="?/' . $board['uri'] . '/unsticky/' . $this->id . '">' . $config['mod']['link_desticky'] . '</a>';
else
$built .= ' <a title="Make thread sticky" href="?/' . $board['uri'] . '/sticky/' . $this->id . '">' . MOD_LINK_STICKY . '</a>';
$built .= ' <a title="Make thread sticky" href="?/' . $board['uri'] . '/sticky/' . $this->id . '">' . $config['mod']['link_sticky'] . '</a>';
// Lock
if($this->mod['type'] >= MOD_LOCK)
if($this->mod['type'] >= $config['mod']['lock'])
if($this->locked)
$built .= ' <a title="Lock thread" href="?/' . $board['uri'] . '/unlock/' . $this->id . '">' . MOD_LINK_UNLOCK . '</a>';
$built .= ' <a title="Lock thread" href="?/' . $board['uri'] . '/unlock/' . $this->id . '">' . $config['mod']['link_unlock'] . '</a>';
else
$built .= ' <a title="Unlock thread" href="?/' . $board['uri'] . '/lock/' . $this->id . '">' . MOD_LINK_LOCK . '</a>';
$built .= ' <a title="Unlock thread" href="?/' . $board['uri'] . '/lock/' . $this->id . '">' . $config['mod']['link_lock'] . '</a>';
$built .= '</span>';
@ -270,22 +278,22 @@
}
public function build($index=false) {
global $board;
global $board, $config;
$built = '<p class="fileinfo">File: <a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
$built = '<p class="fileinfo">File: <a href="' . $config['root'] . $board['dir'] . $config['dir']['img'] . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize
format_bytes($this->filesize) . ', ' .
// File dimensions
$this->filex . 'x' . $this->filey;
// Aspect Ratio
if(SHOW_RATIO) {
if($config['show_ratio']) {
$fraction = fraction($this->filex, $this->filey, ':');
$built .= ', ' . $fraction;
}
// Filename
$built .= ', ' . $this->filename . ')</span></p>' .
// Thumbnail
'<a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file.'"><img src="' . ROOT . $board['dir'] . DIR_THUMB . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" /></a>';
'<a href="' . $config['root'] . $board['dir'] . $config['dir']['img'] . $this->file.'"><img src="' . $config['root'] . $board['dir'] . $config['dir']['thumb'] . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" /></a>';
$built .= '<div class="post op"><p class="intro"' . (!$index?' id="' . $this->id . '"':'') . '>';
@ -304,7 +312,7 @@
. (!empty($this->trip) ? ' <span class="trip">'.$this->trip.'</span>':'');
// IP Address
if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) {
if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) {
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
}
@ -313,7 +321,7 @@
$built .= '</a>';
// Date/time
$built .= ' ' . date(POST_DATE, $this->time);
$built .= ' ' . date($config['post_date'], $this->time);
// End delete
$built .= '</label>';
@ -321,15 +329,15 @@
$built .= ' <a class="post_no"' .
// JavaScript highlight
($index?'':' onclick="highlightReply(' . $this->id . ');"') .
' href="' . $this->root . $board['dir'] . DIR_RES . $this->id . '.html' . '#' . $this->id . '">No.</a>' .
' href="' . $this->root . $board['dir'] . $config['dir']['res'] . $this->id . '.html' . '#' . $this->id . '">No.</a>' .
// JavaScript cite
'<a class="post_no"' . ($index?'':' onclick="citeReply(' . $this->id . ');"') . ' href="' . ($index?$this->root . $board['dir'] . DIR_RES . $this->id . '.html' . '#q' . $this->id:'javascript:void(0);') . '">'.$this->id.'</a>' .
'<a class="post_no"' . ($index?'':' onclick="citeReply(' . $this->id . ');"') . ' href="' . ($index?$this->root . $board['dir'] . $config['dir']['res'] . $this->id . '.html' . '#q' . $this->id:'javascript:void(0);') . '">'.$this->id.'</a>' .
// Sticky
($this->sticky ? '<img class="icon" title="Sticky" src="' . IMAGE_STICKY . '" />' : '') .
($this->sticky ? '<img class="icon" title="Sticky" src="' . $config['image_sticky'] . '" />' : '') .
// Locked
($this->locked ? '<img class="icon" title="Locked" src="' . IMAGE_LOCKED . '" />' : '') .
($this->locked ? '<img class="icon" title="Locked" src="' . $config['image_locked'] . '" />' : '') .
// [Reply]
($index ? '<a href="' . $this->root . $board['dir'] . DIR_RES . $this->id . '.html">[Reply]</a>' : '') .
($index ? '<a href="' . $this->root . $board['dir'] . $config['dir']['res'] . $this->id . '.html">[Reply]</a>' : '') .
// Mod controls
$this->postControls() .

137
inc/functions.php

@ -9,7 +9,7 @@
}
function setupBoard($array) {
global $board;
global $board, $config;
$board = Array(
'id' => $array['id'],
@ -17,13 +17,13 @@
'name' => $array['title'],
'title' => $array['subtitle']);
$board['dir'] = sprintf(BOARD_PATH, $board['uri']);
$board['url'] = sprintf(BOARD_ABBREVIATION, $board['uri']);
$board['dir'] = sprintf($config['board_path'], $board['uri']);
$board['url'] = sprintf($config['board_abbreviation'], $board['uri']);
if(!file_exists($board['dir'])) mkdir($board['dir'], 0777);
if(!file_exists($board['dir'] . DIR_IMG)) @mkdir($board['dir'] . DIR_IMG, 0777) or error("Couldn't create " . DIR_IMG . ". Check permissions.", true);
if(!file_exists($board['dir'] . DIR_THUMB)) @mkdir($board['dir'] . DIR_THUMB, 0777) or error("Couldn't create " . DIR_THUMB . ". Check permissions.", true);
if(!file_exists($board['dir'] . DIR_RES)) @mkdir($board['dir'] . DIR_RES, 0777) or error("Couldn't create " . DIR_RES . ". Check permissions.", true);
if(!file_exists($board['dir'] . $config['dir']['img'])) @mkdir($board['dir'] . $config['dir']['img'], 0777) or error("Couldn't create " . $config['dir']['img'] . ". Check permissions.", true);
if(!file_exists($board['dir'] . $config['dir']['thumb'])) @mkdir($board['dir'] . $config['dir']['thumb'], 0777) or error("Couldn't create " . $config['dir']['thumb'] . ". Check permissions.", true);
if(!file_exists($board['dir'] . $config['dir']['res'])) @mkdir($board['dir'] . $config['dir']['res'], 0777) or error("Couldn't create " . $config['dir']['res'] . ". Check permissions.", true);
}
function openBoard($uri) {
@ -46,14 +46,14 @@
}
function checkFlood($post) {
global $board;
global $board, $config;
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri']));
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':body', $post['body'], PDO::PARAM_INT);
$query->bindValue(':floodtime', time()-FLOOD_TIME, PDO::PARAM_INT);
$query->bindValue(':floodsameiptime', time()-FLOOD_TIME_IP_SAME, PDO::PARAM_INT);
$query->bindValue(':floodsametime', time()-FLOOD_TIME_SAME, PDO::PARAM_INT);
$query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT);
$query->bindValue(':floodsameiptime', time()-$config['flood_time_ip'], PDO::PARAM_INT);
$query->bindValue(':floodsametime', time()-$config['flood_time_same'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
return (bool)$query->fetch();
@ -81,6 +81,8 @@
}
function checkBan() {
global $config;
if(!isset($_SERVER['REMOTE_ADDR'])) {
// Server misconfiguration
return;
@ -157,7 +159,7 @@
// Show banned page and exit
die(Element('page.html', Array(
'index' => ROOT,
'index' => $config['root'],
'title' => 'Banned',
'subtitle' => 'You are banned!',
'body' => $body
@ -264,14 +266,14 @@
// Remove file from post
function deleteFile($id, $remove_entirely_if_already=true) {
global $board;
global $board, $config;
$query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NOT NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
error(ERROR_INVALIDPOST);
error($config['error']['invalidpost']);
}
$post = $query->fetch();
@ -282,10 +284,10 @@
$query->bindValue(':file', null, PDO::PARAM_NULL);
} else {
// Delete thumbnail
@unlink($board['dir'] . DIR_THUMB . $post['thumb']);
@unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']);
// Delete file
@unlink($board['dir'] . DIR_IMG . $post['file']);
@unlink($board['dir'] . $config['dir']['img'] . $post['file']);
// Set file to 'deleted'
$query->bindValue(':file', 'deleted', PDO::PARAM_INT);
@ -300,7 +302,7 @@
// Delete a post (reply or thread)
function deletePost($id, $error_if_doesnt_exist=true) {
global $board;
global $board, $config;
// Select post and replies (if thread) in one query
$query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
@ -309,7 +311,7 @@
if($query->rowCount() < 1) {
if($error_if_doesnt_exist)
error(ERROR_INVALIDPOST);
error($config['error']['invalidpost']);
else return false;
}
@ -317,18 +319,18 @@
while($post = $query->fetch()) {
if(!$post['thread']) {
// Delete thread HTML page
@unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id']));
@unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id']));
} elseif($query->rowCount() == 1) {
// Rebuild thread
$rebuild = $post['thread'];
}
if($post['thumb']) {
// Delete thumbnail
@unlink($board['dir'] . DIR_THUMB . $post['thumb']);
@unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']);
}
if($post['file']) {
// Delete file
@unlink($board['dir'] . DIR_IMG . $post['file']);
@unlink($board['dir'] . $config['dir']['img'] . $post['file']);
}
}
@ -344,8 +346,8 @@
}
function clean() {
global $board;
$offset = round(MAX_PAGES*THREADS_PER_PAGE);
global $board, $config;
$offset = round($config['max_pages']*$config['threads_per_page']);
// I too wish there was an easier way of doing this...
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri']));
@ -358,74 +360,75 @@
}
function index($page, $mod=false) {
global $board;
global $board, $config;
$body = '';
$offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE);
$offset = round($page*$config['threads_per_page']-$config['threads_per_page']);
sql_open();
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT ?,?", $board['uri']));
$query->bindValue(1, $offset, PDO::PARAM_INT);
$query->bindValue(2, THREADS_PER_PAGE, PDO::PARAM_INT);
$query->bindValue(2, $config['threads_per_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowcount() < 1 && $page > 1) return false;
while($th = $query->fetch()) {
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod);
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : $config['root'], $mod);
$posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `id` DESC LIMIT ?", $board['uri']));
$posts->bindValue(1, $th['id']);
$posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT);
$posts->bindValue(2, $config['threads_preview'], PDO::PARAM_INT);
$posts->execute() or error(db_error($posts));
if($posts->rowCount() == THREADS_PREVIEW) {
if($posts->rowCount() == $config['threads_preview']) {
$count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = ?", $board['uri']));
$count->bindValue(1, $th['id']);
$count->execute() or error(db_error($count));
$count = $count->fetch();
$omitted = $count['num'] - THREADS_PREVIEW;
$omitted = $count['num'] - $config['threads_preview'];
$thread->omitted = $omitted;
unset($count);
unset($omitted);
}
while($po = $posts->fetch()) {
$thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT, $mod));
$thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : $config['root'], $mod));
}
$thread->posts = array_reverse($thread->posts);
$body .= $thread->build(true);
}
return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT);
return Array('button'=>$config['button_newtopic'], 'board'=>$board, 'body'=>$body, 'post_url' => $config['post_url'], 'index' => $config['root']);
}
function getPages($mod=false) {
global $board;
global $board, $config;
// Count threads
$query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
$count = current($query->fetch());
$count = floor((THREADS_PER_PAGE + $count - 1) / THREADS_PER_PAGE);
$count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']);
$pages = Array();
for($x=0;$x<$count && $x<MAX_PAGES;$x++) {
$pages[] = Array('num' => $x+1, 'link' => $x==0 ? ($mod ? '?/' : ROOT) . $board['dir'] . FILE_INDEX : ($mod ? '?/' : ROOT) . $board['dir'] . sprintf(FILE_PAGE, $x+1));
for($x=0;$x<$count && $x<$config['max_pages'];$x++) {
$pages[] = Array('num' => $x+1, 'link' => $x==0 ? ($mod ? '?/' : $config['root']) . $board['dir'] . $config['file_index'] : ($mod ? '?/' : $config['root']) . $board['dir'] . sprintf($config['file_page'], $x+1));
}
return $pages;
}
function makerobot($body) {
global $config;
$body = strtolower($body);
// Leave only letters
$body = preg_replace('/[^a-z]/i', '', $body);
// Remove repeating characters
if(ROBOT_STRIP_REPEATING)
if($config['robot_strip_repeating'])
$body = preg_replace('/(.)\\1+/', '$1', $body);
return sha1($body);
@ -468,6 +471,7 @@
}
function muteTime() {
global $config;
// Find number of mutes in the past X hours
$query = prepare("SELECT COUNT(*) as `count` FROM `mutes` WHERE `time` >= :time AND `ip` = :ip");
$query->bindValue(':time', time()-(ROBOT_MUTE_HOUR*3600), PDO::PARAM_INT);
@ -476,7 +480,7 @@
$result = $query->fetch();
if($result['count'] == 0) return 0;
return pow(ROBOT_MUTE_MULTIPLIER, $result['count']);
return pow($config['robot_mute_multiplier'], $result['count']);
}
function mute() {
@ -504,7 +508,7 @@
if($mute['time'] + $mutetime > time()) {
// Not expired yet
error(sprintf(ERROR_YOUAREMUTED, $mute['time'] + $mutetime - time()));
error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
} else {
// Already expired
return;
@ -513,14 +517,14 @@
}
function buildIndex() {
global $board;
global $board, $config;
sql_open();
$pages = getPages();
$page = 1;
while($page <= MAX_PAGES && $content = index($page)) {
$filename = $board['dir'] . ($page==1 ? FILE_INDEX : sprintf(FILE_PAGE, $page));
while($page <= $config['max_pages'] && $content = index($page)) {
$filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page));
if(file_exists($filename)) $md5 = md5_file($filename);
$content['pages'] = $pages;
@ -531,9 +535,9 @@
}
$page++;
}
if($page < MAX_PAGES) {
for(;$page<=MAX_PAGES;$page++) {
$filename = $page==1 ? FILE_INDEX : sprintf(FILE_PAGE, $page);
if($page < $config['max_pages']) {
for(;$page<=$config['max_pages'];$page++) {
$filename = $page==1 ? $config['file_index'] : sprintf($config['file_page'], $page);
@unlink($filename);
}
}
@ -566,17 +570,17 @@
}
function markup(&$body) {
global $board;
global $board, $config;
$body = utf8tohtml($body, true);
if(MARKUP_URLS) {
$body = preg_replace(URL_REGEX, "<a href=\"$0\">$0</a>", $body, -1, $num_links);
if($num_links > MAX_LINKS)
error(ERROR_TOOMANYLINKS);
if($config['markup_urls']) {
$body = preg_replace($config['url_regex'], "<a href=\"$0\">$0</a>", $body, -1, $num_links);
if($num_links > $config['max_links'])
error($config['error']['toomanylinks']);
}
if(AUTO_UNICODE) {
if($config['auto_unicode']) {
$body = str_replace('...', '…', $body);
$body = str_replace('<--', '', $body);
@ -603,7 +607,7 @@
$query->execute() or error(db_error($query));
if($post = $query->fetch()) {
$replacement = '<a onclick="highlightReply(\''.$cite.'\');" href="' . ROOT . $board['dir'] . DIR_RES . ($post['thread']?$post['thread']:$post['id']) . '.html#' . $cite . '">&gt;&gt;' . $cite . '</a>';
$replacement = '<a onclick="highlightReply(\''.$cite.'\');" href="' . $config['root'] . $board['dir'] . $config['dir']['res'] . ($post['thread']?$post['thread']:$post['id']) . '.html#' . $cite . '">&gt;&gt;' . $cite . '</a>';
} else {
$replacement = "&gt;&gt;{$cite}";
}
@ -630,7 +634,7 @@
$body = preg_replace("/(^|\n)([\s]+)?(&gt;)([^\n]+)?($|\n)/m", '$1$2<span class="quote">$3$4</span>$5', $body);
if(WIKI_MARKUP) {
if($config['wiki_markup']) {
$body = preg_replace("/(^|\n)==(.+?)==\n?/m", "<h2>$2</h2>", $body);
$body = preg_replace("/'''(.+?)'''/m", "<strong>$1</strong>", $body);
$body = preg_replace("/''(.+?)''/m", "<em>$1</em>", $body);
@ -679,7 +683,7 @@
}
function buildThread($id, $return=false, $mod=false) {
global $board;
global $board, $config;
$id = round($id);
$query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky`,`locked` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri']));
@ -688,33 +692,34 @@
while($post = $query->fetch()) {
if(!isset($thread)) {
$thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $mod ? '?/' : ROOT, $mod);
$thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $mod ? '?/' : $config['root'], $mod);
} else {
$thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod));
$thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : $config['root'], $mod));
}
}
// Check if any posts were found
if(!isset($thread)) error(ERROR_NONEXISTANT);
if(!isset($thread)) error($config['error']['nonexistant']);
$body = Element('thread.html', Array(
'button'=>BUTTON_REPLY,
'button'=>$config['button_reply'],
'board'=>$board,
'body'=>$thread->build(),
'post_url' => POST_URL,
'index' => ROOT,
'post_url' => $config['post_url'],
'index' => $config['root'],
'id' => $id,
'mod' => $mod,
'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX)
'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['uri'] . '/' . $config['file_index'])
));
if($return)
return $body;
else
@file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file.");
@file_put_contents($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $id), $body) or error("Couldn't write to file.");
}
function generate_tripcode ( $name, $length = 10 ) {
global $config;
$name = stripslashes ( $name );
$t = explode('#', $name);
$nameo = $t[0];
@ -730,7 +735,7 @@
$salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' );
if ( isset ( $t[2] ) ) {
// secure
$trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) );
$trip = '!!' . substr ( crypt ( $trip, $config['secure_trip_salt'] ), ( -1 * $length ) );
} else {
// insecure
$trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) );
@ -865,25 +870,25 @@
case 'jpeg':
if(!$image = @imagecreatefromjpeg($source_pic)) {
unlink($source_pic);
error(ERR_INVALIDIMG);
error($config['error']['invalidimg']);
}
break;
case 'png':
if(!$image = @imagecreatefrompng($source_pic)) {
unlink($source_pic);
error(ERR_INVALIDIMG);
error($config['error']['invalidimg']);
}
break;
case 'gif':
if(!$image = @imagecreatefromgif($source_pic)) {
unlink($source_pic);
error(ERR_INVALIDIMG);
error($config['error']['invalidimg']);
}
break;
case 'bmp':
if(!$image = @imagecreatefrombmp($source_pic)) {
unlink($source_pic);
error(ERR_INVALIDIMG);
error($config['error']['invalidimg']);
}
break;
default:

41
inc/instance-config.php

@ -11,14 +11,41 @@
// Database stuff
define('DB_TYPE', 'mysql');
define('DB_SERVER', 'localhost');
define('DB_USER', '');
define('DB_PASSWORD', '');
define('DB_DATABASE', '');
$config['db']['type'] = 'mysql';
$config['db']['server'] = 'localhost';
$config['db']['user'] = '';
$config['db']['password'] = '';
$config['db']['database'] = '';
define('ROOT', '/');
$config['root'] = '/';
// define('FOO', 'bar');
// The following looks ugly. I will find a better place to put this code soon.
$config['post_url'] = $config['root'] . 'post.php';
$config['url_match'] = '/^' .
(preg_match($config['url_regex'], $config['root']) ? '' :
(@$_SERVER['HTTPS']?'https':'http') .
':\/\/'.$_SERVER['HTTP_HOST']) .
preg_quote($config['root'], '/') .
'(' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
'|' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
preg_quote($config['file_index'], '/') .
'|' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
'|' .
preg_quote($config['file_mod'], '/') .
'\?\/.+' .
')$/i';
$config['dir']['static'] = $config['root'] . 'static/';
$config['image_sticky'] = $config['dir']['static'] . 'sticky.gif';
$config['image_locked'] = $config['dir']['static'] . 'locked.gif';
$config['image_deleted'] = $config['dir']['static'] . 'deleted.png';
$config['image_zip'] = $config['dir']['static'] . 'zip.png';
?>

2
inc/template.php

@ -8,7 +8,7 @@
// Standard configuration
//
// Folder where the template files are kept
$templateDir = DIR_TEMPLATE;
$templateDir = $config['dir']['template'];
//
// Enable global things like %gentime, etc.
$templateGlobals = true;

12
inc/user.php

@ -3,10 +3,10 @@
$mod = false;
// Set the session name.
session_name(SESS_COOKIE);
session_name($config['cookies']['session']);
// Set session parameters
session_set_cookie_params(0, JAIL_COOKIES?ROOT:'/');
session_set_cookie_params(0, $config['cookies']['jail']?$config['root']:'/');
// Start the session
session_start();
@ -14,13 +14,13 @@
// Session creation time
if(!isset($_SESSION['created'])) $_SESSION['created'] = time();
if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) {
if(!isset($_COOKIE[$config['cookies']['hash']]) || !isset($_COOKIE[$config['cookies']['time']]) || $_COOKIE[$config['cookies']['hash']] != md5($_COOKIE[$config['cookies']['time']] . $config['cookies']['salt'])) {
$time = time();
setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
setcookie(HASH_COOKIE, md5($time.SALT), $time+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
setcookie($config['cookies']['time'], $time, time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true);
setcookie($config['cookies']['hash'], md5($time . $config['cookies']['salt']), $time+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true);
$user = Array('valid' => false, 'appeared' => $time);
} else {
$user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]);
$user = Array('valid' => true, 'appeared' => $_COOKIE[$config['cookies']['time']]);
}
?>

156
mod.php

@ -1,10 +1,10 @@
<?php
require 'inc/functions.php';
require 'inc/display.php';
require 'inc/config.php';
if (file_exists('inc/instance-config.php')) {
require 'inc/instance-config.php';
}
require 'inc/config.php';
require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php';
@ -37,11 +37,11 @@
!isset($_POST['password']) ||
empty($_POST['username']) ||
empty($_POST['password'])
) loginForm(ERROR_INVALID, $_POST['username']);
) loginForm($config['error']['invalid'], $_POST['username']);
if(!login($_POST['username'], $_POST['password']))
loginForm(ERROR_INVALID, $_POST['username']);
loginForm($config['error']['invalid'], $_POST['username']);
modLog("Logged in.");
@ -50,7 +50,7 @@
setCookies();
// Redirect
header('Location: ?' . MOD_DEFAULT, true, REDIRECT_HTTP);
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
// Close connection
sql_close();
@ -63,12 +63,12 @@
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
$regex = Array(
'board' => str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/')),
'page' => str_replace('%d', '(\d+)', preg_quote(FILE_PAGE, '/')),
'img' => preg_quote(DIR_IMG, '/'),
'thumb' => preg_quote(DIR_THUMB, '/'),
'res' => preg_quote(DIR_RES, '/'),
'index' => preg_quote(FILE_INDEX, '/')
'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
'img' => preg_quote($config['dir']['img'], '/'),
'thumb' => preg_quote($config['dir']['thumb'], '/'),
'res' => preg_quote($config['dir']['res'], '/'),
'index' => preg_quote($config['file_index'], '/')
);
if(preg_match('/^\/?$/', $query)) {
@ -81,10 +81,10 @@
// Boards
$fieldset['Boards'] .= ulBoards();
if($mod['type'] >= MOD_VIEW_BANLIST) {
if($mod['type'] >= $config['mod']['view_banlist']) {
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>';
}
if($mod['type'] >= MOD_SHOW_CONFIG) {
if($mod['type'] >= $config['mod']['show_config']) {
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>';
}
@ -97,16 +97,16 @@
}
echo Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'Dashboard',
'body'=>$body
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
)
);
} elseif(preg_match('/^\/bans$/', $query)) {
if($mod['type'] < MOD_VIEW_BANLIST) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']);
if(MOD_VIEW_BANEXPIRED) {
if($config['mod']['view_banexpired']) {
$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -126,7 +126,7 @@
while($ban = $query->fetch()) {
$body .=
'<tr' .
(MOD_VIEW_BANEXPIRED && $ban['expires'] != 0 && $ban['expires'] < time() ?
($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
' style="text-decoration:line-through"'
:'') .
'>' .
@ -145,26 +145,26 @@
'<td>' . $ban['reason'] . '</td>' .
// Set
'<td style="white-space: nowrap">' . date(POST_DATE, $ban['set']) . '</td>' .
'<td style="white-space: nowrap">' . date($config['post_date'], $ban['set']) . '</td>' .
// Expires
'<td style="white-space: nowrap">' .
($ban['expires'] == 0 ?
'<em>Never</em>'
:
date(POST_DATE, $ban['expires'])
date($config['post_date'], $ban['expires'])
) .
'</td>' .
// Staff
'<td>' .
($mod['type'] < MOD_VIEW_BANSTAFF ?
(MOD_VIEW_BANQUESTIONMARK ?
($mod['type'] < $config['mod']['view_banstaff'] ?
($config['mod']['view_banquestionmark'] ?
'?'
:
($ban['type'] == MOD_JANITOR ? 'Janitor' :
($ban['type'] == MOD_MOD ? 'Mod' :
($ban['type'] == MOD_ADMIN ? 'Admin' :
($ban['type'] == JANITOR ? 'Janitor' :
($ban['type'] == MOD ? 'Mod' :
($ban['type'] == ADMIN ? 'Admin' :
'?')))
)
:
@ -181,14 +181,14 @@
}
echo Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'Ban list',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/config$/', $query)) {
if($mod['type'] < MOD_SHOW_CONFIG) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']);
// Show instance-config.php
@ -240,14 +240,14 @@
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>';
echo Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'Configuration',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/new$/', $query)) {
if($mod['type'] < MOD_NEWBOARD) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']);
// New board
$body = '';
@ -257,7 +257,7 @@
if( !isset($_POST['uri']) ||
!isset($_POST['title']) ||
!isset($_POST['subtitle'])
) error(ERROR_MISSEDAFIELD);
) error($config['error']['missedafield']);
$b = Array(
'uri' => $_POST['uri'],
@ -267,24 +267,24 @@
// Check required fields
if(empty($b['uri']))
error(sprintf(ERROR_REQUIRED, 'URI'));
error(sprintf($config['error']['required'], 'URI'));
if(empty($b['title']))
error(sprintf(ERROR_REQUIRED, 'title'));
error(sprintf($config['error']['required'], 'title'));
// Check string lengths
if(strlen($b['uri']) > 8)
error(sprintf(ERROR_TOOLONG, 'URI'));
error(sprintf($config['error']['toolong'], 'URI'));
if(strlen($b['title']) > 20)
error(sprintf(ERROR_TOOLONG, 'title'));
error(sprintf($config['error']['toolong'], 'title'));
if(strlen($b['subtitle']) > 40)
error(sprintf(ERROR_TOOLONG, 'subtitle'));
error(sprintf($config['error']['toolong'], 'subtitle'));
if(!preg_match('/^\w+$/', $b['uri']))
error(sprintf(ERROR_INVALIDFIELD, 'URI'));
error(sprintf($config['error']['invalidfield'], 'URI'));
if(openBoard($b['uri'])) {
unset($board);
error(sprintf(ERROR_BOARDEXISTS, sprintf(BOARD_ABBREVIATION, $b['uri'])));
error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
}
$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
@ -315,7 +315,7 @@
// TODO: Statistics, etc, in the dashboard.
echo Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'New board',
'body'=>$body,
'mod'=>true
@ -328,10 +328,10 @@
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], $mod)) {
error(ERROR_404);
if(!$page = index(empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2], $mod)) {
error($config['error']['404']);
}
$page['pages'] = getPages(true);
$page['mod'] = true;
@ -344,20 +344,20 @@
$thread = $matches[2];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
$page = buildThread($thread, true, $mod);
echo $page;
} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_DELETEFILE) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']);
// Delete file from post
$boardName = $matches[1];
$post = $matches[2];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
// Delete post
deleteFile($post);
@ -371,18 +371,18 @@
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
// Delete post
$boardName = $matches[1];
$post = $matches[2];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
// Delete post
deletePost($post);
@ -395,18 +395,18 @@
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_STICKY) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']);
// Add/remove sticky
$boardName = $matches[1];
$post = $matches[3];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
@ -429,18 +429,18 @@
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_LOCK) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']);
// Lock/Unlock
$boardName = $matches[1];
$post = $matches[3];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
@ -463,9 +463,9 @@
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) {
// Delete all posts by an IP
@ -473,14 +473,14 @@
$post = $matches[2];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if(!$post = $query->fetch())
error(ERROR_INVALIDPOST);
error($config['error']['invalidpost']);
$ip = $post['ip'];
@ -492,16 +492,16 @@
$query->execute() or error(db_error($query));
if($query->rowCount() < 1)
error(ERROR_INVALIDPOST);
error($config['error']['invalidpost']);
while($post = $query->fetch()) {
deletePost($post['id'], false);
}
if(isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/ban$/', $query)) {
// Ban page
@ -509,11 +509,11 @@
if( !isset($_POST['ip']) ||
!isset($_POST['reason']) ||
!isset($_POST['length'])
) error(ERROR_MISSEDAFIELD);
) error($config['error']['missedafield']);
// Check required fields
if(empty($_POST['ip']))
error(sprintf(ERROR_REQUIRED, 'IP address'));
error(sprintf($config['error']['required'], 'IP address'));
$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)");
@ -569,19 +569,19 @@
$query->execute() or error(db_error($query));
// Delete too
if($mod['type'] >= MOD_DELETE && isset($_POST['delete']) && isset($_POST['board'])) {
if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) {
openBoard($_POST['board']);
deletePost(round($_POST['delete']));
}
// Redirect
if(isset($_POST['continue']))
header('Location: ' . $_POST['continue'], true, REDIRECT_HTTP);
header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
}
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
// Ban by post
$boardName = $matches[1];
@ -589,14 +589,14 @@
$post = $matches[3];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
error(ERROR_INVALIDPOST);
error($config['error']['invalidpost']);
}
$post = $query->fetch();
@ -604,7 +604,7 @@
$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false);
echo Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'New ban',
'body'=>$body,
'mod'=>true
@ -614,7 +614,7 @@
// View information on an IP address
$ip = $matches[1];
$host = MOD_DNS_LOOKUP ? gethostbyaddr($ip) : false;
$host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false;
$body = '';
$boards = listBoards();
@ -624,26 +624,26 @@
$temp = '';
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
$query->bindValue(':ip', $ip);
$query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT);
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($post = $query->fetch()) {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod);
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : $config['root'], $mod);
$temp .= $po->build();
}
if(!empty($temp))
$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' .
sprintf(BOARD_PATH, $_board['uri']) . FILE_INDEX .
sprintf($config['board_path'], $_board['uri']) . $config['file_index'] .
'">' .
sprintf(BOARD_ABBREVIATION, $_board['uri']) . ' - ' . $_board['title'] .
sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
'</a></legend>' . $temp . '</fieldset>';
}
if(MOD_IP_BANFORM)
if($config['mod']['ip_banform'])
$body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false);
echo Element('page.html', Array(
'index'=>ROOT,
'index'=>$config['root'],
'title'=>'IP: ' . $ip,
'subtitle' => $host,
'body'=>$body,
@ -651,7 +651,7 @@
)
);
} else {
error(ERROR_404);
error($config['error']['404']);
}
}

265
post.php

@ -1,10 +1,10 @@
<?php
require 'inc/functions.php';
require 'inc/display.php';
require 'inc/config.php';
if (file_exists('inc/instance-config.php')) {
require 'inc/instance-config.php';
}
require 'inc/config.php';
require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php';
@ -26,12 +26,12 @@
if( !isset($_POST['board']) ||
!isset($_POST['password'])
)
error(ERROR_BOT);
error($config['error']['bot']);
$password = $_POST['password'];
if(empty($password))
error(ERROR_INVALIDPASSWORD);
error($config['error']['invalidpassword']);
$delete = Array();
foreach($_POST as $post => $value) {
@ -45,15 +45,15 @@
// Check if banned
checkBan();
if(BLOCK_TOR && isTor())
error(ERROR_TOR);
if($config['block_tor'] && isTor())
error($config['error']['tor']);
// Check if board exists
if(!openBoard($_POST['board']))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
if(empty($delete))
error(ERROR_NODELETE);
error($config['error']['nodelete']);
foreach($delete as &$id) {
$query = prepare(sprintf("SELECT `password` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
@ -62,7 +62,7 @@
if($post = $query->fetch()) {
if(!empty($password) && $post['password'] != $password)
error(ERROR_INVALIDPASSWORD);
error($config['error']['invalidpassword']);
if(isset($_POST['file'])) {
// Delete just the file
@ -79,9 +79,9 @@
sql_close();
$is_mod = isset($_POST['mod']) && $_POST['mod'];
$root = $is_mod ? ROOT . FILE_MOD . '?/' : ROOT;
$root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
} elseif(isset($_POST['post'])) {
if( !isset($_POST['name']) ||
@ -90,7 +90,7 @@
!isset($_POST['body']) ||
!isset($_POST['board']) ||
!isset($_POST['password'])
) error(ERROR_BOT);
) error($config['error']['bot']);
$post = Array('board' => $_POST['board']);
@ -99,13 +99,13 @@
$post['thread'] = round($_POST['thread']);
} else $OP = true;
//if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) ||
// (!$OP && $_POST['post'] == BUTTON_REPLY)))
// error(ERROR_BOT);
if(!(($OP && $_POST['post'] == $config['button_newtopic']) ||
(!$OP && $_POST['post'] == $config['button_reply'])))
error($config['error']['bot']);
// Check the referrer
if($OP) {
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match(URL_MATCH, $_SERVER['HTTP_REFERER'])) error(ERROR_BOT);
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['url_match'], $_SERVER['HTTP_REFERER'])) error($config['error']['bot']);
}
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
@ -113,7 +113,7 @@
/*
// Check if he has a valid cookie.
if(!$user['valid']) error(ERROR_BOT);
if(!$user['valid']) error($config['error']['bot']);
// Check how long he has been here.
if(time()-$user['appeared']<LURKTIME) error(ERROR_LURK);
@ -125,25 +125,25 @@
// Check if banned
checkBan();
if(BLOCK_TOR && isTor())
error(ERROR_TOR);
if($config['block_tor'] && isTor())
error($config['error']['tor']);
// Check if board exists
if(!openBoard($post['board']))
error(ERROR_NOBOARD);
error($config['error']['noboard']);
if(ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && ROBOT_MUTE) {
checkMute();
}
//if(ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && ROBOT_MUTE) {
// checkMute();
//}
//Check if thread exists
if(!$OP && !threadExists($post['thread']))
error(ERROR_NONEXISTANT);
error($config['error']['nonexistant']);
// Check for a file
if($OP) {
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name']))
error(ERROR_NOIMAGE);
error($config['error']['noimage']);
}
$post['name'] = (!empty($_POST['name'])?$_POST['name']:'Anonymous');
@ -155,43 +155,43 @@
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']);
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
if(empty($post['body']) && FORCE_BODY)
error(ERROR_TOOSHORTBODY);
if(empty($post['body']) && $config['force_body'])
error($config['error']['tooshortbody']);
if($post['mod']) {
require 'inc/mod.php';
if(!$mod) {
// Liar. You're not a mod.
error(ERROR_NOTAMOD);
error($config['error']['notamod']);
}
$post['sticky'] = $OP && isset($_POST['sticky']);
$post['locked'] = $OP && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if($post['sticky'] && $mod['type'] < MOD_STICKY) error(ERROR_NOACCESS);
if($post['locked'] && $mod['type'] < MOD_LOCK) error(ERROR_NOACCESS);
if($post['raw'] && $mod['type'] < MOD_RAWHTML) error(ERROR_NOACCESS);
if($post['sticky'] && $mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']);
if($post['locked'] && $mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']);
if($post['raw'] && $mod['type'] < $config['mod']['rawhtml']) error($config['error']['noaccess']);
}
// Check if thread is locked
// but allow mods to post
if(!$OP && (!$mod || $mod['type'] < MOD_POSTINLOCKED)) {
if(!$OP && (!$mod || $mod['type'] < $config['mod']['postinlocked'])) {
if(threadLocked($post['thread']))
error(ERROR_LOCKED);
error($config['error']['locked']);
}
if($post['has_file']) {
$size = $_FILES['file']['size'];
if($size > MAX_FILESIZE)
error(sprintf3(ERR_FILESIZE, array(
if($size > $config['max_filesize'])
error(sprintf3($config['error']['filesize'], array(
'sz'=>commaize($size),
'filesz'=>commaize($size),
'maxsz'=>commaize(MAX_FILESIZE))));
'maxsz'=>commaize($config['max_filesize']))));
}
if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) {
if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) {
$post['mod_tag'] = $match[3];
$post['name'] = !empty($match[2])?$match[2]:'Anonymous';
}
@ -211,19 +211,17 @@
if($post['has_file']) {
$post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1));
$post['file_id'] = time() . rand(100, 999);
$post['file'] = $board['dir'] . DIR_IMG . $post['file_id'] . '.' . $post['extension'];
$post['thumb'] = $board['dir'] . DIR_THUMB . $post['file_id'] . '.png';
$post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false;
if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT);
$post['file'] = $board['dir'] . $config['dir']['img'] . $post['file_id'] . '.' . $post['extension'];
$post['thumb'] = $board['dir'] . $config['dir']['thumb'] . $post['file_id'] . '.png';
}
// Check string lengths
if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name'));
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
if(!$mod && strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY);
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));
if(strlen($post['name']) > 50) error(sprintf($config['error']['toolong'], 'name'));
if(strlen($post['email']) > 30) error(sprintf($config['error']['toolong'], 'email'));
if(strlen($post['subject']) > 40) error(sprintf($config['error']['toolong'], 'subject'));
if(!$mod && strlen($post['body']) > $config['max_body']) error($config['error']['toolongbody']);
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error($config['error']['tooshortbody']);
if(strlen($post['password']) > 20) error(sprintf($config['error']['toolong'], 'password'));
if($post['mod_tag'])
$post['trip'] .= ' <a class="nametag">## ' . $post['mod_tag'] . '</a>';
@ -235,26 +233,14 @@
// Check for a flood
if(checkFlood($post)) {
error(ERROR_FLOOD);
error($config['error']['flood']);
}
if($post['has_file']) {
// Just trim the filename if it's too long
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…';
// Move the uploaded file
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE);
if($post['zip']) {
// Validate ZIP file
if(is_resource($zip = zip_open($post['zip'])))
// TODO: Check if it's not empty and has at least one (valid) image
zip_close($zip);
else
error(ERR_INVALIDZIP);
$post['file'] = ZIP_IMAGE;
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1));
}
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
$size = @getimagesize($post['file']);
$post['width'] = $size[0];
@ -263,165 +249,48 @@
// Check if the image is valid
if($post['width'] < 1 || $post['height'] < 1) {
unlink($post['file']);
error(ERR_INVALIDIMG);
error($config['error']['invalidimg']);
}
if($post['width'] > MAX_WIDTH || $post['height'] > MAX_HEIGHT) {
if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) {
unlink($post['file']);
error(ERR_MAXSIZE);
error($config['error']['maxsize']);
}
$hash_function = FILE_HASH;
$post['filehash'] = $hash_function($post['file']);
$post['filehash'] = $config['file_hash']($post['file']);
$post['filesize'] = filesize($post['file']);
$image = createimage($post['extension'], $post['file']);
if(REDRAW_IMAGE && !$post['zip']) {
switch($post['extension']) {
case 'jpg':
case 'jpeg':
imagejpeg($image, $post['file'], JPEG_QUALITY);
break;
case 'png':
imagepng($image, $post['file'], 7);
break;
case 'gif':
if(REDRAW_GIF)
imagegif($image, $post['file']);
break;
case 'bmp':
imagebmp($image, $post['file']);
break;
default:
unlink($post['file']);
error('Unknwon file extension.');
}
}
// Create a thumbnail
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT);
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height']);
$post['thumbwidth'] = $thumb['width'];
$post['thumbheight'] = $thumb['height'];
}
if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body_nomarkup'])) {
/*
if(!($mod && $mod['type'] >= $config['mod']['postunoriginal']) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body_nomarkup'])) {
if(ROBOT_MUTE) {
error(sprintf(ERROR_MUTED, mute()));
error(sprintf($config['error']['muted'], mute()));
} else {
error(ERROR_UNORIGINAL);
error($config['error']['unoriginal']);
}
}
*/
// Remove DIR_* before inserting them into the database.
if($post['has_file']) {
$post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . DIR_IMG));
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB));
$post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . $config['dir']['img']));
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . $config['dir']['thumb']));
}
// Todo: Validate some more, remove messy code, allow more specific configuration
$id = post($post, $OP);
if($post['has_file'] && $post['zip']) {
// Open ZIP
$zip = zip_open($post['zip']);
// Read files
while($entry = zip_read($zip)) {
$filename = basename(zip_entry_name($entry));
$extension = strtolower(substr($filename, strrpos($filename, '.') + 1));
if(in_array($extension, $allowed_ext)) {
if (zip_entry_open($zip, $entry, 'r')) {
// Fake post
$dump_post = Array(
'subject' => $post['subject'],
'email' => $post['email'],
'name' => $post['name'],
'trip' => $post['trip'],
'body' => '',
'thread' => $id,
'password' => '',
'has_file' => true,
'file_id' => rand(0, 1000000000),
'filename' => $filename
);
$dump_post['file'] = $board['dir'] . DIR_IMG . $dump_post['file_id'] . '.' . $extension;
$dump_post['thumb'] = $board['dir'] . DIR_THUMB . $dump_post['file_id'] . '.png';
// Extract the image from the ZIP
$fp = fopen($dump_post['file'], 'w+');
fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry)));
fclose($fp);
$size = @getimagesize($dump_post['file']);
$dump_post['width'] = $size[0];
$dump_post['height'] = $size[1];
// Check if the image is valid
if($dump_post['width'] < 1 || $dump_post['height'] < 1) {
unlink($dump_post['file']);
} else {
if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) {
unlink($dump_post['file']);
error(ERR_MAXSIZE);
} else {
$dump_post['filehash'] = md5_file($dump_post['file']);
$dump_post['filesize'] = filesize($dump_post['file']);
$image = createimage($extension, $dump_post['file']);
$success = true;
if(REDRAW_IMAGE) {
switch($extension) {
case 'jpg':
case 'jpeg':
imagejpeg($image, $dump_post['file'], JPEG_QUALITY);
break;
case 'png':
imagepng($image, $dump_post['file'], 7);
break;
case 'gif':
if(REDRAW_GIF)
imagegif($image, $dump_post['file']);
break;
case 'bmp':
imagebmp($image, $dump_post['file']);
break;
default:
$success = false;
}
}
// Create a thumbnail
$thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT);
$dump_post['thumbwidth'] = $thumb['width'];
$dump_post['thumbheight'] = $thumb['height'];
// Remove DIR_* before inserting them into the database.
$dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen($board['dir'] . DIR_IMG));
$dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB));
// Create the post
post($dump_post, false);
}
}
// Close the ZIP
zip_entry_close($entry);
}
}
}
zip_close($zip);
unlink($post['zip']);
}
buildThread(($OP?$id:$post['thread']));
if(!$OP && strtolower($post['email']) != 'sage' && (REPLY_LIMIT == 0 || numPosts($post['thread']) < REPLY_LIMIT)) {
if(!$OP && strtolower($post['email']) != 'sage' && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) {
bumpThread($post['thread']);
}
@ -431,17 +300,17 @@
buildIndex();
sql_close();
$root = $post['mod'] ? ROOT . FILE_MOD . '?/' : ROOT;
$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
if(ALWAYS_NOKO || $noko) {
header('Location: ' . $root . $board['dir'] . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, REDIRECT_HTTP);
if($config['always_noko'] || $noko) {
header('Location: ' . $root . $board['dir'] . $config['dir']['res'] . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, $config['redirect_http']);
} else {
header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP);
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
}
exit;
} else {
if(!file_exists(HAS_INSTALLED)) {
if(!file_exists($config['has_installed'])) {
sql_open();
// Build all boards
@ -452,7 +321,7 @@
}
sql_close();
touch(HAS_INSTALLED, 0777);
touch($config['has_installed'], 0777);
die(Element('page.html', Array(
'index'=>ROOT,
@ -464,7 +333,7 @@
} else {
// They opened post.php in their browser manually.
// Possible TODO: Redirect back to homepage.
error(ERROR_NOPOST);
error($config['error']['nopost']);
}
}
?>

Loading…
Cancel
Save