raw html

inc/config.php

@@ -39,6 +39,8 @@
 	
 	// How long should the cookies last (in seconds)
 	define('COOKIE_EXPIRE',	15778463, true); //6 months
+	// How long should moderators should remain logged in (0=browser session) (in seconds)
+	define('MOD_EXPIRE', 15778463, true);
 	// Make this something long and random for security
 	define('SALT',			'wefaw98YHEWUFuo', true);
 	define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true);
@@ -47,7 +49,7 @@
 	define('LURKTIME',		30, true);
 	
 	// How many seconds between each post
-	define('FLOOD_TIME',	4, true);
+	define('FLOOD_TIME',	10, true);
 	// How many seconds between each post with exactly the same content and same IP
 	define('FLOOD_TIME_IP_SAME',	120, true);
 	// Same as above but different IP address
@@ -108,8 +110,8 @@
 	define('REPLY_LIMIT',	250, true);
 	
 	// For resizing, max values
-	define('THUMB_WIDTH',	250, true);
-	define('THUMB_HEIGHT',	250, true);
+	define('THUMB_WIDTH',	225, true);
+	define('THUMB_HEIGHT',	225, true);
 	
 	// Store image hash in the database for r9k-like boards implementation soon
 	// Function name for hashing
@@ -118,7 +120,7 @@
 	
 	define('BLOCK_TOR',		true, true);
 	// Typically spambots try to post a lot of links. Refuse a post with X standalone links?
-	define('MAX_LINKS',		15, true);
+	define('MAX_LINKS',		20, true);
 	
 	// Maximum image upload size in bytes
 	define('MAX_FILESIZE',	10*1024*1024, true); // 10MB
@@ -236,6 +238,8 @@
 	define('MOD_POSTINLOCKED', MOD_MOD, true);
 	// Post bypass unoriginal content check
 	define('MOD_POSTUNORIGINAL', MOD_MOD, true);
+	// Raw HTML posting
+	define('MOD_RAWHTML', MOD_MOD, true);
 	
 	/* Administration */
 	// Display the contents of instant-config.php

post.php

@@ -99,9 +99,9 @@
 			$post['thread'] = round($_POST['thread']);
 		} else $OP = true;
 		
-		if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) ||
-		    (!$OP && $_POST['post'] == BUTTON_REPLY)))
-			error(ERROR_BOT);
+		//if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) ||
+		//    (!$OP && $_POST['post'] == BUTTON_REPLY)))
+		//	error(ERROR_BOT);
 		
 		// Check the referrer
 		if($OP) {
@@ -151,7 +151,7 @@
 		$post['email'] = utf8tohtml($_POST['email']);
 		$post['body'] = $_POST['body'];
 		$post['password'] = $_POST['password'];
-		$post['filename'] = $_FILES['file']['name'];
+		$post['filename'] = get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name'];
 		$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']);
 		$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
 		
@@ -167,9 +167,11 @@
 			
 			$post['sticky'] = $OP && isset($_POST['sticky']);
 			$post['locked'] = $OP && isset($_POST['lock']);
+			$post['raw'] = isset($_POST['raw']);
 			
 			if($post['sticky'] && $mod['type'] < MOD_STICKY) error(ERROR_NOACCESS);
 			if($post['locked'] && $mod['type'] < MOD_LOCK) error(ERROR_NOACCESS);
+			if($post['raw'] && $mod['type'] < MOD_RAWHTML) error(ERROR_NOACCESS);
 		}
 		
 		// Check if thread is locked
@@ -208,7 +210,7 @@
 		
 		if($post['has_file']) {
 			$post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1));
-			$post['file_id'] = rand(0, 1000000000);
+			$post['file_id'] = time() . rand(100, 999);
 			$post['file'] = $board['dir'] . DIR_IMG . $post['file_id'] . '.' . $post['extension'];
 			$post['thumb'] = $board['dir'] . DIR_THUMB . $post['file_id'] . '.png';
 			$post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false;
@@ -216,7 +218,7 @@
 		}
 		
 		// Check string lengths
-		if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));			
+		if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name'));			
 		if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
 		if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
 		if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
@@ -227,7 +229,9 @@
 			$post['trip'] .= ' <a class="nametag">## ' . $post['mod_tag'] . '</a>';
 		
 		$post['body_nomarkup'] = $post['body'];
-		markup($post['body']);
+		
+		if(!($mod && $post['raw']))
+			markup($post['body']);
 		
 		// Check for a flood
 		if(checkFlood($post)) {
@@ -415,14 +419,10 @@
 			unlink($post['zip']);
 		}
 		
-		if(numPosts($OP?$id:$post['thread']) > REPLY_LIMIT) {
-			deletePost($OP?$id:$post['thread']);
-		} else {
-			buildThread(($OP?$id:$post['thread']));
+		buildThread(($OP?$id:$post['thread']));
 		
-			if(!$OP && $post['email'] != 'sage') {
-				bumpThread($post['thread']);
-			}
+		if(!$OP && strtolower($post['email']) != 'sage' && (REPLY_LIMIT == 0 || numPosts($post['thread']) < REPLY_LIMIT)) {
+			bumpThread($post['thread']);
 		}
 		
 		if($OP)
@@ -431,7 +431,6 @@
 		buildIndex();
 		sql_close();
 		
-	
 		$root = $post['mod'] ? ROOT . FILE_MOD . '?/' : ROOT;
 		
 		if(ALWAYS_NOKO || $noko) {

templates/index.html

@@ -21,7 +21,7 @@
 					Name
 				</th>
 				<td>
-					<input type="text" name="name" size="25" maxlength="25" autocomplete="off" />
+					<input type="text" name="name" size="25" maxlength="50" autocomplete="off" />
 				</td>
 			</tr>
 			<tr>
@@ -71,6 +71,10 @@
 						<label for="lock">Lock</label><br/>
 						<input title="Lock" type="checkbox" name="lock" id="lock">
 					</div>
+					<div>
+						<label for="raw">Raw HTML</label><br/>
+						<input title="Raw HTML" type="checkbox" name="raw" id="raw">
+					</div>
 				</td>
 			</tr>
 			}

templates/thread.html

@@ -22,7 +22,7 @@
 					Name
 				</th>
 				<td>
-					<input type="text" name="name" size="25" maxlength="25" autocomplete="off" />
+					<input type="text" name="name" size="25" maxlength="50" autocomplete="off" />
 				</td>
 			</tr>
 			<tr>
@@ -58,6 +58,19 @@
 					<input type="file" name="file"/>
 				</td>
 			</tr>
+			{mod?
+			<tr>
+				<th>
+					Flags
+				</th>
+				<td>
+					<div>
+						<label for="raw">Raw HTML</label><br/>
+						<input title="Raw HTML" type="checkbox" name="raw" id="raw">
+					</div>
+				</td>
+			</tr>
+			}
 			<tr>
 				<th>
 					Password