From 4de3a3eca453b23e936e20eb68935b45dc70411b Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Fri, 5 Nov 2010 09:46:20 -0700 Subject: [PATCH] post.php => Unix line endings --- post.php | 631 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 316 insertions(+), 315 deletions(-) diff --git a/post.php b/post.php index c3cf8cce..d44c7589 100644 --- a/post.php +++ b/post.php @@ -1,318 +1,319 @@ - '/b/', - 'name' => 'Beta', - 'title' => 'In devleopment.'); - - $body = ''; - - // Fix for magic quotes - if (get_magic_quotes_gpc()) { - function strip_array(&$var) { - return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); - } - - $_SESSION = strip_array($_SESSION); - $_GET = strip_array($_GET); - $_POST = strip_array($_POST); - } - - if(isset($_POST['post'])) { - if( !isset($_POST['name']) || - !isset($_POST['email']) || - !isset($_POST['subject']) || - !isset($_POST['body']) || - !isset($_POST['password']) - ) error(ERROR_BOT); - - $post = Array(); - - if(isset($_POST['thread'])) { - $OP = false; - $post['thread'] = round($_POST['thread']); - } else $OP = true; - - if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) || - (!$OP && $_POST['post'] == BUTTON_REPLY))) - error(ERROR_BOT); - - // Check the referrer - if($OP) { - if(!isset($_SERVER['HTTP_REFERER']) || !preg_match(URL_MATCH, $_SERVER['HTTP_REFERER'])) error(ERROR_BOT); - } - - - - // TODO: Since we're now using static HTML files, we can't give them cookies on their first page view - // Find another anti-spam method. - - /* - // Check if he has a valid cookie. - if(!$user['valid']) error(ERROR_BOT); - - // Check how long he has been here. - if(time()-$user['appeared'] MAX_FILESIZE) + '/b/', + 'name' => 'Beta', + 'title' => 'In devleopment.'); + + $body = ''; + + // Fix for magic quotes + if (get_magic_quotes_gpc()) { + function strip_array(&$var) { + return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); + } + + $_SESSION = strip_array($_SESSION); + $_GET = strip_array($_GET); + $_POST = strip_array($_POST); + } + + if(isset($_POST['post'])) { + if( !isset($_POST['name']) || + !isset($_POST['email']) || + !isset($_POST['subject']) || + !isset($_POST['body']) || + !isset($_POST['password']) + ) error(ERROR_BOT); + + $post = Array(); + + if(isset($_POST['thread'])) { + $OP = false; + $post['thread'] = round($_POST['thread']); + } else $OP = true; + + if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) || + (!$OP && $_POST['post'] == BUTTON_REPLY))) + error(ERROR_BOT); + + // Check the referrer + if($OP) { + if(!isset($_SERVER['HTTP_REFERER']) || !preg_match(URL_MATCH, $_SERVER['HTTP_REFERER'])) error(ERROR_BOT); + } + + + + // TODO: Since we're now using static HTML files, we can't give them cookies on their first page view + // Find another anti-spam method. + + /* + // Check if he has a valid cookie. + if(!$user['valid']) error(ERROR_BOT); + + // Check how long he has been here. + if(time()-$user['appeared'] MAX_FILESIZE) error(sprintf3(ERR_FILESIZE, array( 'sz'=>commaize($size), 'filesz'=>commaize($size), - 'maxsz'=>commaize(MAX_FILESIZE)))); - } - - $trip = generate_tripcode($post['name']); - $post['name'] = $trip[0]; - $post['trip'] = (isset($trip[1])?$trip[1]:''); - - if($post['email'] == 'noko') { - $noko = true; - $post['email'] = ''; - } else $noko = false; - - if($post['has_file']) { - $post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); - $post['file_id'] = rand(0, 1000000000); - $post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; - $post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; - $post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; - if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); - } - - // Check string lengths - if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); - if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); - if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); - if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); - if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); - if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); - - markup($post['body']); - - if($post['has_file']) { - // Just trim the filename if it's too long - if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; - // Move the uploaded file - if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); - - if($post['zip']) { - // Validate ZIP file - if(is_resource($zip = zip_open($post['zip']))) - // TODO: Check if it's not empty and has at least one (valid) image - zip_close($zip); - else - error(ERR_INVALIDZIP); - - $post['file'] = ZIP_IMAGE; - $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); - } - - $size = @getimagesize($post['file']); - $post['width'] = $size[0]; - $post['height'] = $size[1]; - - // Check if the image is valid - if($post['width'] < 1 || $post['height'] < 1) { - unlink($post['file']); - error(ERR_INVALIDIMG); - } - - if($post['width'] > MAX_WIDTH || $post['height'] > MAX_HEIGHT) { - unlink($post['file']); - error(ERR_MAXSIZE); - } - - $post['filehash'] = md5_file($post['file']); - $post['filesize'] = filesize($post['file']); - - $image = createimage($post['extension'], $post['file']); - - if(REDRAW_IMAGE && !$post['zip']) { - switch($post['extension']) { - case 'jpg': - case 'jpeg': - imagejpeg($image, $post['file'], JPEG_QUALITY); - break; - case 'png': - imagepng($image, $post['file'], 7); - break; - case 'gif': - if(REDRAW_GIF) - imagegif($image, $post['file']); - break; - case 'bmp': - imagebmp($image, $post['file']); - break; - default: - error('Unknwon file extension.'); - } - } - - // Create a thumbnail - $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); - - $post['thumbwidth'] = $thumb['width']; - $post['thumbheight'] = $thumb['height']; - } - - // Remove DIR_* before inserting them into the database. - $post['file'] = substr_replace($post['file'], '', 0, strlen(DIR_IMG)); - $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen(DIR_THUMB)); - - // Todo: Validate some more, remove messy code, allow more specific configuration - - // MySQLify - sql_open(); - mysql_safe_array($post); - - $id = post($post, $OP); - - if($post['zip']) { - // Open ZIP - $zip = zip_open($post['zip']); - // Read files - while($entry = zip_read($zip)) { - $filename = basename(zip_entry_name($entry)); - $extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); - - if(in_array($extension, $allowed_ext)) { - if (zip_entry_open($zip, $entry, 'r')) { - // Fake post - $dump_post = Array( - 'subject' => $post['subject'], - 'email' => $post['email'], - 'name' => $post['name'], - 'trip' => $post['trip'], - 'body' => '', - 'thread' => $id, - 'password' => '', - 'has_file' => true, - 'file_id' => rand(0, 1000000000), - 'filename' => $filename - ); - - $dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; - $dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; - - // Extract the image from the ZIP - $fp = fopen($dump_post['file'], 'w+'); - fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); - fclose($fp); - - $size = @getimagesize($dump_post['file']); - $dump_post['width'] = $size[0]; - $dump_post['height'] = $size[1]; - - // Check if the image is valid - if($dump_post['width'] < 1 || $dump_post['height'] < 1) { - unlink($dump_post['file']); - } else { - if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { - unlink($dump_post['file']); - error(ERR_MAXSIZE); - } else { - $dump_post['filehash'] = md5_file($dump_post['file']); - $dump_post['filesize'] = filesize($dump_post['file']); - - $image = createimage($extension, $dump_post['file']); - - $success = true; - if(REDRAW_IMAGE) { - switch($extension) { - case 'jpg': - case 'jpeg': - imagejpeg($image, $dump_post['file'], JPEG_QUALITY); - break; - case 'png': - imagepng($image, $dump_post['file'], 7); - break; - case 'gif': - if(REDRAW_GIF) - imagegif($image, $dump_post['file']); - break; - case 'bmp': - imagebmp($image, $dump_post['file']); - break; - default: - $success = false; - } - } - - - // Create a thumbnail - $thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); - - $dump_post['thumbwidth'] = $thumb['width']; - $dump_post['thumbheight'] = $thumb['height']; - - // Remove DIR_* before inserting them into the database. - $dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen(DIR_IMG)); - $dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen(DIR_THUMB)); - - // Create the post - post($dump_post, false); - } - } - - // Close the ZIP - zip_entry_close($entry); - } - } - } - zip_close($zip); - unlink($post['zip']); - } - - buildThread(($OP?$id:$post['thread'])); - - if(!$OP) { - mysql_query( - sprintf("UPDATE `posts` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL", - time(), - $post['thread'] - ), $sql) or error(mysql_error($sql)); - } - - buildIndex(); - sql_close(); - - if(ALWAYS_NOKO || $noko) { - header('Location: ' . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, 302); - } else { - header('Location: ' . ROOT . FILE_INDEX, true, 302); - } - - exit; - } else { - if(!file_exists(FILE_INDEX)) { - buildIndex(); - } - - header('Location: ' . ROOT . FILE_INDEX, true, 302); - } -?> + 'maxsz'=>commaize(MAX_FILESIZE)))); + } + + $trip = generate_tripcode($post['name']); + $post['name'] = $trip[0]; + $post['trip'] = (isset($trip[1])?$trip[1]:''); + + if($post['email'] == 'noko') { + $noko = true; + $post['email'] = ''; + } else $noko = false; + + if($post['has_file']) { + $post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); + $post['file_id'] = rand(0, 1000000000); + $post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; + $post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; + $post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; + if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); + } + + // Check string lengths + if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); + if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); + if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); + if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); + if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); + if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); + + markup($post['body']); + + if($post['has_file']) { + // Just trim the filename if it's too long + if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; + // Move the uploaded file + if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); + + if($post['zip']) { + // Validate ZIP file + if(is_resource($zip = zip_open($post['zip']))) + // TODO: Check if it's not empty and has at least one (valid) image + zip_close($zip); + else + error(ERR_INVALIDZIP); + + $post['file'] = ZIP_IMAGE; + $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); + } + + $size = @getimagesize($post['file']); + $post['width'] = $size[0]; + $post['height'] = $size[1]; + + // Check if the image is valid + if($post['width'] < 1 || $post['height'] < 1) { + unlink($post['file']); + error(ERR_INVALIDIMG); + } + + if($post['width'] > MAX_WIDTH || $post['height'] > MAX_HEIGHT) { + unlink($post['file']); + error(ERR_MAXSIZE); + } + + $post['filehash'] = md5_file($post['file']); + $post['filesize'] = filesize($post['file']); + + $image = createimage($post['extension'], $post['file']); + + if(REDRAW_IMAGE && !$post['zip']) { + switch($post['extension']) { + case 'jpg': + case 'jpeg': + imagejpeg($image, $post['file'], JPEG_QUALITY); + break; + case 'png': + imagepng($image, $post['file'], 7); + break; + case 'gif': + if(REDRAW_GIF) + imagegif($image, $post['file']); + break; + case 'bmp': + imagebmp($image, $post['file']); + break; + default: + error('Unknwon file extension.'); + } + } + + // Create a thumbnail + $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); + + $post['thumbwidth'] = $thumb['width']; + $post['thumbheight'] = $thumb['height']; + } + + // Remove DIR_* before inserting them into the database. + $post['file'] = substr_replace($post['file'], '', 0, strlen(DIR_IMG)); + $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen(DIR_THUMB)); + + // Todo: Validate some more, remove messy code, allow more specific configuration + + // MySQLify + sql_open(); + mysql_safe_array($post); + + $id = post($post, $OP); + + if($post['zip']) { + // Open ZIP + $zip = zip_open($post['zip']); + // Read files + while($entry = zip_read($zip)) { + $filename = basename(zip_entry_name($entry)); + $extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); + + if(in_array($extension, $allowed_ext)) { + if (zip_entry_open($zip, $entry, 'r')) { + // Fake post + $dump_post = Array( + 'subject' => $post['subject'], + 'email' => $post['email'], + 'name' => $post['name'], + 'trip' => $post['trip'], + 'body' => '', + 'thread' => $id, + 'password' => '', + 'has_file' => true, + 'file_id' => rand(0, 1000000000), + 'filename' => $filename + ); + + $dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; + $dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; + + // Extract the image from the ZIP + $fp = fopen($dump_post['file'], 'w+'); + fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); + fclose($fp); + + $size = @getimagesize($dump_post['file']); + $dump_post['width'] = $size[0]; + $dump_post['height'] = $size[1]; + + // Check if the image is valid + if($dump_post['width'] < 1 || $dump_post['height'] < 1) { + unlink($dump_post['file']); + } else { + if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { + unlink($dump_post['file']); + error(ERR_MAXSIZE); + } else { + $dump_post['filehash'] = md5_file($dump_post['file']); + $dump_post['filesize'] = filesize($dump_post['file']); + + $image = createimage($extension, $dump_post['file']); + + $success = true; + if(REDRAW_IMAGE) { + switch($extension) { + case 'jpg': + case 'jpeg': + imagejpeg($image, $dump_post['file'], JPEG_QUALITY); + break; + case 'png': + imagepng($image, $dump_post['file'], 7); + break; + case 'gif': + if(REDRAW_GIF) + imagegif($image, $dump_post['file']); + break; + case 'bmp': + imagebmp($image, $dump_post['file']); + break; + default: + $success = false; + } + } + + + // Create a thumbnail + $thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); + + $dump_post['thumbwidth'] = $thumb['width']; + $dump_post['thumbheight'] = $thumb['height']; + + // Remove DIR_* before inserting them into the database. + $dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen(DIR_IMG)); + $dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen(DIR_THUMB)); + + // Create the post + post($dump_post, false); + } + } + + // Close the ZIP + zip_entry_close($entry); + } + } + } + zip_close($zip); + unlink($post['zip']); + } + + buildThread(($OP?$id:$post['thread'])); + + if(!$OP) { + mysql_query( + sprintf("UPDATE `posts` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL", + time(), + $post['thread'] + ), $sql) or error(mysql_error($sql)); + } + + buildIndex(); + sql_close(); + + if(ALWAYS_NOKO || $noko) { + header('Location: ' . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, 302); + } else { + header('Location: ' . ROOT . FILE_INDEX, true, 302); + } + + exit; + } else { + if(!file_exists(FILE_INDEX)) { + buildIndex(); + } + + header('Location: ' . ROOT . FILE_INDEX, true, 302); + } +?> +