Paul Merrill
14 years ago
1 changed files with 316 additions and 315 deletions
@ -1,318 +1,319 @@ |
|||||
<?php |
<?php |
||||
require 'inc/functions.php'; |
require 'inc/functions.php'; |
||||
require 'inc/display.php'; |
require 'inc/display.php'; |
||||
require 'inc/template.php'; |
require 'inc/template.php'; |
||||
if (file_exists('inc/instance-config.php')) { |
if (file_exists('inc/instance-config.php')) { |
||||
require 'inc/instance-config.php'; |
require 'inc/instance-config.php'; |
||||
} |
} |
||||
require 'inc/config.php'; |
require 'inc/config.php'; |
||||
require 'inc/user.php'; |
require 'inc/user.php'; |
||||
|
|
||||
$board = Array( |
$board = Array( |
||||
'url' => '/b/', |
'url' => '/b/', |
||||
'name' => 'Beta', |
'name' => 'Beta', |
||||
'title' => 'In devleopment.'); |
'title' => 'In devleopment.'); |
||||
|
|
||||
$body = ''; |
$body = ''; |
||||
|
|
||||
// Fix for magic quotes |
// Fix for magic quotes |
||||
if (get_magic_quotes_gpc()) { |
if (get_magic_quotes_gpc()) { |
||||
function strip_array(&$var) { |
function strip_array(&$var) { |
||||
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); |
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); |
||||
} |
} |
||||
|
|
||||
$_SESSION = strip_array($_SESSION); |
$_SESSION = strip_array($_SESSION); |
||||
$_GET = strip_array($_GET); |
$_GET = strip_array($_GET); |
||||
$_POST = strip_array($_POST); |
$_POST = strip_array($_POST); |
||||
} |
} |
||||
|
|
||||
if(isset($_POST['post'])) { |
if(isset($_POST['post'])) { |
||||
if( !isset($_POST['name']) || |
if( !isset($_POST['name']) || |
||||
!isset($_POST['email']) || |
!isset($_POST['email']) || |
||||
!isset($_POST['subject']) || |
!isset($_POST['subject']) || |
||||
!isset($_POST['body']) || |
!isset($_POST['body']) || |
||||
!isset($_POST['password']) |
!isset($_POST['password']) |
||||
) error(ERROR_BOT); |
) error(ERROR_BOT); |
||||
|
|
||||
$post = Array(); |
$post = Array(); |
||||
|
|
||||
if(isset($_POST['thread'])) { |
if(isset($_POST['thread'])) { |
||||
$OP = false; |
$OP = false; |
||||
$post['thread'] = round($_POST['thread']); |
$post['thread'] = round($_POST['thread']); |
||||
} else $OP = true; |
} else $OP = true; |
||||
|
|
||||
if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) || |
if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) || |
||||
(!$OP && $_POST['post'] == BUTTON_REPLY))) |
(!$OP && $_POST['post'] == BUTTON_REPLY))) |
||||
error(ERROR_BOT); |
error(ERROR_BOT); |
||||
|
|
||||
// Check the referrer |
// Check the referrer |
||||
if($OP) { |
if($OP) { |
||||
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match(URL_MATCH, $_SERVER['HTTP_REFERER'])) error(ERROR_BOT); |
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match(URL_MATCH, $_SERVER['HTTP_REFERER'])) error(ERROR_BOT); |
||||
} |
} |
||||
|
|
||||
|
|
||||
|
|
||||
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view |
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view |
||||
// Find another anti-spam method. |
// Find another anti-spam method. |
||||
|
|
||||
/* |
/* |
||||
// Check if he has a valid cookie. |
// Check if he has a valid cookie. |
||||
if(!$user['valid']) error(ERROR_BOT); |
if(!$user['valid']) error(ERROR_BOT); |
||||
|
|
||||
// Check how long he has been here. |
// Check how long he has been here. |
||||
if(time()-$user['appeared']<LURKTIME) error(ERROR_LURK); |
if(time()-$user['appeared']<LURKTIME) error(ERROR_LURK); |
||||
*/ |
*/ |
||||
|
|
||||
// Check for a file |
// Check for a file |
||||
if($OP) { |
if($OP) { |
||||
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name'])) |
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name'])) |
||||
error(ERROR_NOIMAGE); |
error(ERROR_NOIMAGE); |
||||
} |
} |
||||
|
|
||||
$post['name'] = (!empty($_POST['name'])?$_POST['name']:'Anonymous'); |
$post['name'] = (!empty($_POST['name'])?$_POST['name']:'Anonymous'); |
||||
$post['subject'] = $_POST['subject']; |
$post['subject'] = $_POST['subject']; |
||||
$post['email'] = utf8tohtml($_POST['email']); |
$post['email'] = utf8tohtml($_POST['email']); |
||||
$post['body'] = $_POST['body']; |
$post['body'] = $_POST['body']; |
||||
$post['password'] = $_POST['password']; |
$post['password'] = $_POST['password']; |
||||
$post['filename'] = $_FILES['file']['name']; |
$post['filename'] = $_FILES['file']['name']; |
||||
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); |
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); |
||||
|
|
||||
if($post['has_file']) { |
if($post['has_file']) { |
||||
$size = $_FILES['file']['size']; |
$size = $_FILES['file']['size']; |
||||
if($size > MAX_FILESIZE) |
if($size > MAX_FILESIZE) |
||||
error(sprintf3(ERR_FILESIZE, array( |
error(sprintf3(ERR_FILESIZE, array( |
||||
'sz'=>commaize($size), |
'sz'=>commaize($size), |
||||
'filesz'=>commaize($size), |
'filesz'=>commaize($size), |
||||
'maxsz'=>commaize(MAX_FILESIZE)))); |
'maxsz'=>commaize(MAX_FILESIZE)))); |
||||
} |
} |
||||
|
|
||||
$trip = generate_tripcode($post['name']); |
$trip = generate_tripcode($post['name']); |
||||
$post['name'] = $trip[0]; |
$post['name'] = $trip[0]; |
||||
$post['trip'] = (isset($trip[1])?$trip[1]:''); |
$post['trip'] = (isset($trip[1])?$trip[1]:''); |
||||
|
|
||||
if($post['email'] == 'noko') { |
if($post['email'] == 'noko') { |
||||
$noko = true; |
$noko = true; |
||||
$post['email'] = ''; |
$post['email'] = ''; |
||||
} else $noko = false; |
} else $noko = false; |
||||
|
|
||||
if($post['has_file']) { |
if($post['has_file']) { |
||||
$post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); |
$post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); |
||||
$post['file_id'] = rand(0, 1000000000); |
$post['file_id'] = rand(0, 1000000000); |
||||
$post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; |
$post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; |
||||
$post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; |
$post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; |
||||
$post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; |
$post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; |
||||
if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); |
if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); |
||||
} |
} |
||||
|
|
||||
// Check string lengths |
// Check string lengths |
||||
if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); |
if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); |
||||
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); |
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); |
||||
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); |
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); |
||||
if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); |
if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); |
||||
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); |
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); |
||||
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); |
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); |
||||
|
|
||||
markup($post['body']); |
markup($post['body']); |
||||
|
|
||||
if($post['has_file']) { |
if($post['has_file']) { |
||||
// Just trim the filename if it's too long |
// Just trim the filename if it's too long |
||||
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; |
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; |
||||
// Move the uploaded file |
// Move the uploaded file |
||||
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); |
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); |
||||
|
|
||||
if($post['zip']) { |
if($post['zip']) { |
||||
// Validate ZIP file |
// Validate ZIP file |
||||
if(is_resource($zip = zip_open($post['zip']))) |
if(is_resource($zip = zip_open($post['zip']))) |
||||
// TODO: Check if it's not empty and has at least one (valid) image |
// TODO: Check if it's not empty and has at least one (valid) image |
||||
zip_close($zip); |
zip_close($zip); |
||||
else |
else |
||||
error(ERR_INVALIDZIP); |
error(ERR_INVALIDZIP); |
||||
|
|
||||
$post['file'] = ZIP_IMAGE; |
$post['file'] = ZIP_IMAGE; |
||||
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); |
$post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); |
||||
} |
} |
||||
|
|
||||
$size = @getimagesize($post['file']); |
$size = @getimagesize($post['file']); |
||||
$post['width'] = $size[0]; |
$post['width'] = $size[0]; |
||||
$post['height'] = $size[1]; |
$post['height'] = $size[1]; |
||||
|
|
||||
// Check if the image is valid |
// Check if the image is valid |
||||
if($post['width'] < 1 || $post['height'] < 1) { |
if($post['width'] < 1 || $post['height'] < 1) { |
||||
unlink($post['file']); |
unlink($post['file']); |
||||
error(ERR_INVALIDIMG); |
error(ERR_INVALIDIMG); |
||||
} |
} |
||||
|
|
||||
if($post['width'] > MAX_WIDTH || $post['height'] > MAX_HEIGHT) { |
if($post['width'] > MAX_WIDTH || $post['height'] > MAX_HEIGHT) { |
||||
unlink($post['file']); |
unlink($post['file']); |
||||
error(ERR_MAXSIZE); |
error(ERR_MAXSIZE); |
||||
} |
} |
||||
|
|
||||
$post['filehash'] = md5_file($post['file']); |
$post['filehash'] = md5_file($post['file']); |
||||
$post['filesize'] = filesize($post['file']); |
$post['filesize'] = filesize($post['file']); |
||||
|
|
||||
$image = createimage($post['extension'], $post['file']); |
$image = createimage($post['extension'], $post['file']); |
||||
|
|
||||
if(REDRAW_IMAGE && !$post['zip']) { |
if(REDRAW_IMAGE && !$post['zip']) { |
||||
switch($post['extension']) { |
switch($post['extension']) { |
||||
case 'jpg': |
case 'jpg': |
||||
case 'jpeg': |
case 'jpeg': |
||||
imagejpeg($image, $post['file'], JPEG_QUALITY); |
imagejpeg($image, $post['file'], JPEG_QUALITY); |
||||
break; |
break; |
||||
case 'png': |
case 'png': |
||||
imagepng($image, $post['file'], 7); |
imagepng($image, $post['file'], 7); |
||||
break; |
break; |
||||
case 'gif': |
case 'gif': |
||||
if(REDRAW_GIF) |
if(REDRAW_GIF) |
||||
imagegif($image, $post['file']); |
imagegif($image, $post['file']); |
||||
break; |
break; |
||||
case 'bmp': |
case 'bmp': |
||||
imagebmp($image, $post['file']); |
imagebmp($image, $post['file']); |
||||
break; |
break; |
||||
default: |
default: |
||||
error('Unknwon file extension.'); |
error('Unknwon file extension.'); |
||||
} |
} |
||||
} |
} |
||||
|
|
||||
// Create a thumbnail |
// Create a thumbnail |
||||
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); |
$thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); |
||||
|
|
||||
$post['thumbwidth'] = $thumb['width']; |
$post['thumbwidth'] = $thumb['width']; |
||||
$post['thumbheight'] = $thumb['height']; |
$post['thumbheight'] = $thumb['height']; |
||||
} |
} |
||||
|
|
||||
// Remove DIR_* before inserting them into the database. |
// Remove DIR_* before inserting them into the database. |
||||
$post['file'] = substr_replace($post['file'], '', 0, strlen(DIR_IMG)); |
$post['file'] = substr_replace($post['file'], '', 0, strlen(DIR_IMG)); |
||||
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen(DIR_THUMB)); |
$post['thumb'] = substr_replace($post['thumb'], '', 0, strlen(DIR_THUMB)); |
||||
|
|
||||
// Todo: Validate some more, remove messy code, allow more specific configuration |
// Todo: Validate some more, remove messy code, allow more specific configuration |
||||
|
|
||||
// MySQLify |
// MySQLify |
||||
sql_open(); |
sql_open(); |
||||
mysql_safe_array($post); |
mysql_safe_array($post); |
||||
|
|
||||
$id = post($post, $OP); |
$id = post($post, $OP); |
||||
|
|
||||
if($post['zip']) { |
if($post['zip']) { |
||||
// Open ZIP |
// Open ZIP |
||||
$zip = zip_open($post['zip']); |
$zip = zip_open($post['zip']); |
||||
// Read files |
// Read files |
||||
while($entry = zip_read($zip)) { |
while($entry = zip_read($zip)) { |
||||
$filename = basename(zip_entry_name($entry)); |
$filename = basename(zip_entry_name($entry)); |
||||
$extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); |
$extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); |
||||
|
|
||||
if(in_array($extension, $allowed_ext)) { |
if(in_array($extension, $allowed_ext)) { |
||||
if (zip_entry_open($zip, $entry, 'r')) { |
if (zip_entry_open($zip, $entry, 'r')) { |
||||
// Fake post |
// Fake post |
||||
$dump_post = Array( |
$dump_post = Array( |
||||
'subject' => $post['subject'], |
'subject' => $post['subject'], |
||||
'email' => $post['email'], |
'email' => $post['email'], |
||||
'name' => $post['name'], |
'name' => $post['name'], |
||||
'trip' => $post['trip'], |
'trip' => $post['trip'], |
||||
'body' => '', |
'body' => '', |
||||
'thread' => $id, |
'thread' => $id, |
||||
'password' => '', |
'password' => '', |
||||
'has_file' => true, |
'has_file' => true, |
||||
'file_id' => rand(0, 1000000000), |
'file_id' => rand(0, 1000000000), |
||||
'filename' => $filename |
'filename' => $filename |
||||
); |
); |
||||
|
|
||||
$dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; |
$dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; |
||||
$dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; |
$dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; |
||||
|
|
||||
// Extract the image from the ZIP |
// Extract the image from the ZIP |
||||
$fp = fopen($dump_post['file'], 'w+'); |
$fp = fopen($dump_post['file'], 'w+'); |
||||
fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); |
fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); |
||||
fclose($fp); |
fclose($fp); |
||||
|
|
||||
$size = @getimagesize($dump_post['file']); |
$size = @getimagesize($dump_post['file']); |
||||
$dump_post['width'] = $size[0]; |
$dump_post['width'] = $size[0]; |
||||
$dump_post['height'] = $size[1]; |
$dump_post['height'] = $size[1]; |
||||
|
|
||||
// Check if the image is valid |
// Check if the image is valid |
||||
if($dump_post['width'] < 1 || $dump_post['height'] < 1) { |
if($dump_post['width'] < 1 || $dump_post['height'] < 1) { |
||||
unlink($dump_post['file']); |
unlink($dump_post['file']); |
||||
} else { |
} else { |
||||
if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { |
if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { |
||||
unlink($dump_post['file']); |
unlink($dump_post['file']); |
||||
error(ERR_MAXSIZE); |
error(ERR_MAXSIZE); |
||||
} else { |
} else { |
||||
$dump_post['filehash'] = md5_file($dump_post['file']); |
$dump_post['filehash'] = md5_file($dump_post['file']); |
||||
$dump_post['filesize'] = filesize($dump_post['file']); |
$dump_post['filesize'] = filesize($dump_post['file']); |
||||
|
|
||||
$image = createimage($extension, $dump_post['file']); |
$image = createimage($extension, $dump_post['file']); |
||||
|
|
||||
$success = true; |
$success = true; |
||||
if(REDRAW_IMAGE) { |
if(REDRAW_IMAGE) { |
||||
switch($extension) { |
switch($extension) { |
||||
case 'jpg': |
case 'jpg': |
||||
case 'jpeg': |
case 'jpeg': |
||||
imagejpeg($image, $dump_post['file'], JPEG_QUALITY); |
imagejpeg($image, $dump_post['file'], JPEG_QUALITY); |
||||
break; |
break; |
||||
case 'png': |
case 'png': |
||||
imagepng($image, $dump_post['file'], 7); |
imagepng($image, $dump_post['file'], 7); |
||||
break; |
break; |
||||
case 'gif': |
case 'gif': |
||||
if(REDRAW_GIF) |
if(REDRAW_GIF) |
||||
imagegif($image, $dump_post['file']); |
imagegif($image, $dump_post['file']); |
||||
break; |
break; |
||||
case 'bmp': |
case 'bmp': |
||||
imagebmp($image, $dump_post['file']); |
imagebmp($image, $dump_post['file']); |
||||
break; |
break; |
||||
default: |
default: |
||||
$success = false; |
$success = false; |
||||
} |
} |
||||
} |
} |
||||
|
|
||||
|
|
||||
// Create a thumbnail |
// Create a thumbnail |
||||
$thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); |
$thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); |
||||
|
|
||||
$dump_post['thumbwidth'] = $thumb['width']; |
$dump_post['thumbwidth'] = $thumb['width']; |
||||
$dump_post['thumbheight'] = $thumb['height']; |
$dump_post['thumbheight'] = $thumb['height']; |
||||
|
|
||||
// Remove DIR_* before inserting them into the database. |
// Remove DIR_* before inserting them into the database. |
||||
$dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen(DIR_IMG)); |
$dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen(DIR_IMG)); |
||||
$dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen(DIR_THUMB)); |
$dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen(DIR_THUMB)); |
||||
|
|
||||
// Create the post |
// Create the post |
||||
post($dump_post, false); |
post($dump_post, false); |
||||
} |
} |
||||
} |
} |
||||
|
|
||||
// Close the ZIP |
// Close the ZIP |
||||
zip_entry_close($entry); |
zip_entry_close($entry); |
||||
} |
} |
||||
} |
} |
||||
} |
} |
||||
zip_close($zip); |
zip_close($zip); |
||||
unlink($post['zip']); |
unlink($post['zip']); |
||||
} |
} |
||||
|
|
||||
buildThread(($OP?$id:$post['thread'])); |
buildThread(($OP?$id:$post['thread'])); |
||||
|
|
||||
if(!$OP) { |
if(!$OP) { |
||||
mysql_query( |
mysql_query( |
||||
sprintf("UPDATE `posts` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL", |
sprintf("UPDATE `posts` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL", |
||||
time(), |
time(), |
||||
$post['thread'] |
$post['thread'] |
||||
), $sql) or error(mysql_error($sql)); |
), $sql) or error(mysql_error($sql)); |
||||
} |
} |
||||
|
|
||||
buildIndex(); |
buildIndex(); |
||||
sql_close(); |
sql_close(); |
||||
|
|
||||
if(ALWAYS_NOKO || $noko) { |
if(ALWAYS_NOKO || $noko) { |
||||
header('Location: ' . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, 302); |
header('Location: ' . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, 302); |
||||
} else { |
} else { |
||||
header('Location: ' . ROOT . FILE_INDEX, true, 302); |
header('Location: ' . ROOT . FILE_INDEX, true, 302); |
||||
} |
} |
||||
|
|
||||
exit; |
exit; |
||||
} else { |
} else { |
||||
if(!file_exists(FILE_INDEX)) { |
if(!file_exists(FILE_INDEX)) { |
||||
buildIndex(); |
buildIndex(); |
||||
} |
} |
||||
|
|
||||
header('Location: ' . ROOT . FILE_INDEX, true, 302); |
header('Location: ' . ROOT . FILE_INDEX, true, 302); |
||||
} |
} |
||||
?> |
?> |
||||
|
|
||||
|
Loading…
Reference in new issue