leftypol
/
leftypol
4
5
Fork 2
Code Issues 51 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

code cleanup

pull/40/head
Michael Save 12 years ago
parent
da52307c67
commit
51675e7a9b
14 changed files with 578 additions and 578 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 66
      inc/anti-bot.php
  2. 24
      inc/cache.php
  3. 8
      inc/config.php
  4. 20
      inc/database.php
  5. 114
      inc/display.php
  6. 12
      inc/events.php
  7. 38
      inc/filters.php
  8. 466
      inc/functions.php
  9. 58
      inc/image.php
  10. 34
      inc/mod.php
  11. 18
      inc/remote.php
  12. 14
      inc/template.php
  13. 76
      install.php
  14. 208
      post.php

66
inc/anti-bot.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -16,9 +16,9 @@ class AntiBot {
public static function randomString($length, $uppercase = false, $special_chars = false) {
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
if($uppercase)
if ($uppercase)
$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
if($special_chars)
if ($special_chars)
$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:"<>?=-` ';
$chars = str_split($chars);
@ -26,15 +26,15 @@ class AntiBot {
$ch = array();
// fill up $ch until we reach $length
while(count($ch) < $length) {
while (count($ch) < $length) {
$n = $length - count($ch);
$keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);
if($n == 1) {
if ($n == 1) {
$ch[] = $chars[$keys];
break;
}
shuffle($keys);
foreach($keys as $key)
foreach ($keys as $key)
$ch[] = $chars[$key];
}
@ -46,8 +46,8 @@ class AntiBot {
public static function make_confusing($string) {
$chars = str_split($string);
foreach($chars as &$c) {
if(rand(0, 2) != 0)
foreach ($chars as &$c) {
if (rand(0, 2) != 0)
continue;
$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
}
@ -58,7 +58,7 @@ class AntiBot {
public function __construct(array $salt = array()) {
global $config;
if(!empty($salt)) {
if (!empty($salt)) {
// create a salted hash of the "extra salt"
$this->salt = implode(':', $salt);
} else {
@ -70,21 +70,21 @@ class AntiBot {
$input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
$hidden_input_names_x = 0;
for($x = 0; $x < $input_count ; $x++) {
if($hidden_input_names_x === false || rand(0, 2) == 0) {
for ($x = 0; $x < $input_count ; $x++) {
if ($hidden_input_names_x === false || rand(0, 2) == 0) {
// Use an obscure name
$name = $this->randomString(rand(10, 40));
} else {
// Use a pre-defined confusing name
$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
if($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
$hidden_input_names_x = false;
}
if(rand(0, 2) == 0) {
if (rand(0, 2) == 0) {
// Value must be null
$this->inputs[$name] = '';
} elseif(rand(0, 4) == 0) {
} elseif (rand(0, 4) == 0) {
// Numeric value
$this->inputs[$name] = (string)rand(0, 100);
} else {
@ -111,11 +111,11 @@ class AntiBot {
$html = '';
if($count === false) {
if ($count === false) {
$count = rand(1, count($this->inputs) / 15);
}
if($count === true) {
if ($count === true) {
// all elements
$inputs = array_slice($this->inputs, $this->index);
} else {
@ -123,11 +123,11 @@ class AntiBot {
}
$this->index += count($inputs);
foreach($inputs as $name => $value) {
foreach ($inputs as $name => $value) {
$element = false;
while(!$element) {
while (!$element) {
$element = $elements[array_rand($elements)];
if(strpos($element, 'textarea') !== false && $value == '') {
if (strpos($element, 'textarea') !== false && $value == '') {
// There have been some issues with mobile web browsers and empty <textarea>'s.
$element = false;
}
@ -135,12 +135,12 @@ class AntiBot {
$element = str_replace('%name%', utf8tohtml($name), $element);
if(rand(0, 2) == 0)
if (rand(0, 2) == 0)
$value = $this->make_confusing($value);
else
$value = utf8tohtml($value);
if(strpos($element, 'textarea') === false)
if (strpos($element, 'textarea') === false)
$value = str_replace('"', '&quot;', $value);
$element = str_replace('%value%', $value, $element);
@ -161,7 +161,7 @@ class AntiBot {
$hash = '';
// Iterate through each input
foreach($inputs as $name => $value) {
foreach ($inputs as $name => $value) {
$hash .= $name . '=' . $value;
}
// Add a salt to the hash
@ -179,13 +179,13 @@ function _create_antibot($board, $thread) {
query('DELETE FROM `antispam` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
if($thread)
if ($thread)
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread');
else
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL');
$query->bindValue(':board', $board);
if($thread)
if ($thread)
$query->bindValue(':thread', $thread);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error($query));
@ -196,7 +196,7 @@ function _create_antibot($board, $thread) {
$query->bindValue(':hash', $antibot->hash());
$query->execute() or error(db_error($query));
if($query->rowCount() == 0) {
if ($query->rowCount() == 0) {
// there was no database entry for this hash. most likely expired.
return true;
}
@ -207,12 +207,12 @@ function _create_antibot($board, $thread) {
function checkSpam(array $extra_salt = array()) {
global $config, $pdo;
if(!isset($_POST['hash']))
if (!isset($_POST['hash']))
return true;
$hash = $_POST['hash'];
if(!empty($extra_salt)) {
if (!empty($extra_salt)) {
// create a salted hash of the "extra salt"
$extra_salt = implode(':', $extra_salt);
} else {
@ -222,8 +222,8 @@ function checkSpam(array $extra_salt = array()) {
// Reconsturct the $inputs array
$inputs = array();
foreach($_POST as $name => $value) {
if(in_array($name, $config['spam']['valid_inputs']))
foreach ($_POST as $name => $value) {
if (in_array($name, $config['spam']['valid_inputs']))
continue;
$inputs[$name] = $value;
@ -235,7 +235,7 @@ function checkSpam(array $extra_salt = array()) {
$_hash = '';
// Iterate through each input
foreach($inputs as $name => $value) {
foreach ($inputs as $name => $value) {
$_hash .= $name . '=' . $value;
}
@ -245,13 +245,13 @@ function checkSpam(array $extra_salt = array()) {
// Use SHA1 for the hash
$_hash = sha1($_hash . $extra_salt);
if($hash != $_hash)
if ($hash != $_hash)
return true;
$query = prepare('UPDATE `antispam` SET `passed` = `passed` + 1 WHERE `hash` = CRC32(:hash)');
$query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query));
if($query->rowCount() == 0) {
if ($query->rowCount() == 0) {
// there was no database entry for this hash. most likely expired.
return true;
}
@ -261,7 +261,7 @@ function checkSpam(array $extra_salt = array()) {
$query->execute() or error(db_error($query));
$passed = $query->fetchColumn(0);
if($passed > $config['spam']['hidden_inputs_max_pass'])
if ($passed > $config['spam']['hidden_inputs_max_pass'])
return true;
return false;

24
inc/cache.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -14,7 +14,7 @@ class Cache {
public static function init() {
global $config;
switch($config['cache']['enabled']) {
switch ($config['cache']['enabled']) {
case 'memcached':
self::$cache = new Memcached();
self::$cache->addServers($config['cache']['memcached']);
@ -30,9 +30,9 @@ class Cache {
$key = $config['cache']['prefix'] . $key;
$data = false;
switch($config['cache']['enabled']) {
switch ($config['cache']['enabled']) {
case 'memcached':
if(!self::$cache)
if (!self::$cache)
self::init();
$data = self::$cache->get($key);
break;
@ -48,7 +48,7 @@ class Cache {
}
// debug
if($data && $config['debug']) {
if ($data && $config['debug']) {
$debug['cached'][] = $key;
}
@ -59,12 +59,12 @@ class Cache {
$key = $config['cache']['prefix'] . $key;
if(!$expires)
if (!$expires)
$expires = $config['cache']['timeout'];
switch($config['cache']['enabled']) {
switch ($config['cache']['enabled']) {
case 'memcached':
if(!self::$cache)
if (!self::$cache)
self::init();
self::$cache->set($key, $value, $expires);
break;
@ -84,9 +84,9 @@ class Cache {
$key = $config['cache']['prefix'] . $key;
switch($config['cache']['enabled']) {
switch ($config['cache']['enabled']) {
case 'memcached':
if(!self::$cache)
if (!self::$cache)
self::init();
self::$cache->delete($key);
break;
@ -104,9 +104,9 @@ class Cache {
public static function flush() {
global $config;
switch($config['cache']['enabled']) {
switch ($config['cache']['enabled']) {
case 'memcached':
if(!self::$cache)
if (!self::$cache)
self::init();
return self::$cache->flush();
case 'apc':

8
inc/config.php
View File

@ -156,11 +156,11 @@
// $octets = explode('.', $ip);
//
// // days since last activity
// if($octets[1] > 14)
// if ($octets[1] > 14)
// return false;
//
// // "threat score" (http://www.projecthoneypot.org/threat_info.php)
// if($octets[2] < 5)
// if ($octets[2] < 5)
// return false;
//
// return true;
@ -696,7 +696,7 @@
// The root directory, including the trailing slash, for Tinyboard.
// examples: '/', 'http://boards.chan.org/', '/chan/'
if(isset($_SERVER['REQUEST_URI']))
if (isset($_SERVER['REQUEST_URI']))
$config['root'] = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/');
else
$config['root'] = '/'; // CLI mode
@ -855,7 +855,7 @@
$config['mod']['snippet_length'] = 75;
// Probably best not to change these:
if(!defined('JANITOR')) {
if (!defined('JANITOR')) {
define('JANITOR', 0, true);
define('MOD', 1, true);
define('ADMIN', 2, true);

20
inc/database.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -21,13 +21,13 @@ class PreparedQueryDebug {
public function __call($function, $args) {
global $config, $debug;
if($config['debug'] && $function == 'execute') {
if ($config['debug'] && $function == 'execute') {
$start = microtime(true);
}
$return = call_user_func_array(array($this->query, $function), $args);
if($config['debug'] && $function == 'execute') {
if ($config['debug'] && $function == 'execute') {
$time = round((microtime(true) - $start) * 1000, 2) . 'ms';
$debug['sql'][] = Array(
@ -43,15 +43,15 @@ class PreparedQueryDebug {
function sql_open() {
global $pdo, $config;
if($pdo) return true;
if ($pdo) return true;
$dsn = $config['db']['type'] . ':host=' . $config['db']['server'] . ';dbname=' . $config['db']['database'];
if(!empty($config['db']['dsn']))
if (!empty($config['db']['dsn']))
$dsn .= ';' . $config['db']['dsn'];
try {
$options = Array(PDO::ATTR_TIMEOUT => $config['db']['timeout']);
$options = Array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
if($config['db']['persistent'])
if ($config['db']['persistent'])
$options[PDO::ATTR_PERSISTENT] = true;
return $pdo = new PDO($dsn, $config['db']['user'], $config['db']['password'], $options);
} catch(PDOException $e) {
@ -71,7 +71,7 @@ function prepare($query) {
sql_open();
if($config['debug'])
if ($config['debug'])
return new PreparedQueryDebug($query);
return $pdo->prepare($query);
}
@ -81,10 +81,10 @@ function query($query) {
sql_open();
if($config['debug']) {
if ($config['debug']) {
$start = microtime(true);
$query = $pdo->query($query);
if(!$query)
if (!$query)
return false;
$time = round((microtime(true) - $start) * 1000, 2) . 'ms';
$debug['sql'][] = Array(
@ -100,7 +100,7 @@ function query($query) {
function db_error($PDOStatement=null) {
global $pdo;
if(isset($PDOStatement)) {
if (isset($PDOStatement)) {
$err = $PDOStatement->errorInfo();
return $err[2];
} else {

114
inc/display.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -23,11 +23,11 @@ function doBoardListPart($list, $root) {
global $config;
$body = '';
foreach($list as $board) {
if(is_array($board))
foreach ($list as $board) {
if (is_array($board))
$body .= ' [' . doBoardListPart($board, $root) . '] ';
else {
if(($key = array_search($board, $list)) && gettype($key) == 'string') {
if (($key = array_search($board, $list)) && gettype($key) == 'string') {
$body .= ' <a href="' . $board . '">' . $key . '</a> /';
} else {
$body .= ' <a href="' . $root . $board . '/' . $config['file_index'] . '">' . $board . '</a> /';
@ -42,10 +42,10 @@ function doBoardListPart($list, $root) {
function createBoardlist($mod=false) {
global $config;
if(!isset($config['boards'])) return Array('top'=>'','bottom'=>'');
if (!isset($config['boards'])) return Array('top'=>'','bottom'=>'');
$body = doBoardListPart($config['boards'], $mod?'?/':$config['root']);
if(!preg_match('/\] $/', $body))
if (!preg_match('/\] $/', $body))
$body = '[' . $body . ']';
$body = trim($body);
@ -59,12 +59,12 @@ function createBoardlist($mod=false) {
function error($message, $priority = true) {
global $board, $mod, $config;
if($config['syslog'] && $priority !== false) {
if ($config['syslog'] && $priority !== false) {
// Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant.
_syslog($priority !== true ? $priority : LOG_NOTICE, $message);
}
if(defined('STDIN')) {
if (defined('STDIN')) {
// Running from CLI
die('Error: ' . $message . "\n");
}
@ -103,7 +103,7 @@ function loginForm($error=false, $username=false, $redirect=false) {
function pm_snippet($body, $len=null) {
global $config;
if(!isset($len))
if (!isset($len))
$len = &$config['mod']['snippet_length'];
// Replace line breaks with some whitespace
@ -127,16 +127,16 @@ function pm_snippet($body, $len=null) {
function capcode($cap) {
global $config;
if(!$cap)
if (!$cap)
return false;
$capcode = Array();
if(isset($config['custom_capcode'][$cap])) {
if(is_array($config['custom_capcode'][$cap])) {
if (isset($config['custom_capcode'][$cap])) {
if (is_array($config['custom_capcode'][$cap])) {
$capcode['cap'] = sprintf($config['custom_capcode'][$cap][0], $cap);
if(isset($config['custom_capcode'][$cap][1]))
if (isset($config['custom_capcode'][$cap][1]))
$capcode['name'] = $config['custom_capcode'][$cap][1];
if(isset($config['custom_capcode'][$cap][2]))
if (isset($config['custom_capcode'][$cap][2]))
$capcode['trip'] = $config['custom_capcode'][$cap][2];
} else {
$capcode['cap'] = sprintf($config['custom_capcode'][$cap], $cap);
@ -151,38 +151,38 @@ function capcode($cap) {
function truncate($body, $url, $max_lines = false, $max_chars = false) {
global $config;
if($max_lines === false)
if ($max_lines === false)
$max_lines = $config['body_truncate'];
if($max_chars === false)
if ($max_chars === false)
$max_chars = $config['body_truncate_char'];
$original_body = $body;
$lines = substr_count($body, '<br/>');
// Limit line count
if($lines > $max_lines) {
if(preg_match('/(((.*?)<br\/>){' . $max_lines . '})/', $body, $m))
if ($lines > $max_lines) {
if (preg_match('/(((.*?)<br\/>){' . $max_lines . '})/', $body, $m))
$body = $m[0];
}
$body = substr($body, 0, $max_chars);
if($body != $original_body) {
if ($body != $original_body) {
// Remove any corrupt tags at the end
$body = preg_replace('/<([\w]+)?([^>]*)?$/', '', $body);
// Open tags
if(preg_match_all('/<([\w]+)[^>]*>/', $body, $open_tags)) {
if (preg_match_all('/<([\w]+)[^>]*>/', $body, $open_tags)) {
$tags = Array();
for($x=0;$x<count($open_tags[0]);$x++) {
if(!preg_match('/\/(\s+)?>$/', $open_tags[0][$x]))
for ($x=0;$x<count($open_tags[0]);$x++) {
if (!preg_match('/\/(\s+)?>$/', $open_tags[0][$x]))
$tags[] = $open_tags[1][$x];
}
// List successfully closed tags
if(preg_match_all('/(<\/([\w]+))>/', $body, $closed_tags)) {
for($x=0;$x<count($closed_tags[0]);$x++) {
if (preg_match_all('/(<\/([\w]+))>/', $body, $closed_tags)) {
for ($x=0;$x<count($closed_tags[0]);$x++) {
unset($tags[array_search($closed_tags[2][$x], $tags)]);
}
}
@ -191,7 +191,7 @@ function truncate($body, $url, $max_lines = false, $max_chars = false) {
$body = preg_replace('/&[^;]+$/', '', $body);
// Close any open tags
foreach($tags as &$tag) {
foreach ($tags as &$tag) {
$body .= "</{$tag}>";
}
} else {
@ -207,8 +207,8 @@ function truncate($body, $url, $max_lines = false, $max_chars = false) {
function confirmLink($text, $title, $confirm, $href) {
global $config, $mod;
if($config['mod']['server-side_confirm'])
return '<a onclick="if(confirm(\'' . htmlentities(addslashes($confirm)) . '\')) document.location=\'?/' . htmlentities(addslashes($href)) . '\';return false;" title="' . htmlentities($title) . '" href="?/confirm/' . $href . '">' . $text . '</a>';
if ($config['mod']['server-side_confirm'])
return '<a onclick="if (confirm(\'' . htmlentities(addslashes($confirm)) . '\')) document.location=\'?/' . htmlentities(addslashes($href)) . '\';return false;" title="' . htmlentities($title) . '" href="?/confirm/' . $href . '">' . $text . '</a>';
else
return '<a onclick="return confirm(\'' . htmlentities(addslashes($confirm)) . '\')" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
}
@ -216,7 +216,7 @@ function confirmLink($text, $title, $confirm, $href) {
class Post {
public function __construct($id, $thread, $subject, $email, $name, $trip, $capcode, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $embed, $root=null, $mod=false) {
global $config;
if(!isset($root))
if (!isset($root))
$root = &$config['root'];
$this->id = $id;
@ -241,7 +241,7 @@ class Post {
$this->root = $root;
$this->mod = $mod;
if($this->mod)
if ($this->mod)
// Fix internal links
// Very complicated regex
$this->body = preg_replace(
@ -259,38 +259,38 @@ class Post {
global $board, $config;
$built = '';
if($this->mod) {
if ($this->mod) {
// Mod controls (on posts)
// Delete
if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id);
// Delete all posts by IP
if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by this IP address?', $board['uri'] . '/deletebyip/' . $this->id);
// Delete all posts by IP (global)
if(hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_deletebyip_global'], 'Delete all posts by IP across all boards', 'Are you sure you want to delete all posts by this IP address, across all boards?', $board['uri'] . '/deletebyip/' . $this->id . '/global');
// Ban
if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Delete file (keep post)
if(!empty($this->file) && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
if (!empty($this->file) && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . $config['mod']['link_deletefile'] . '</a>';
// Edit post
if(hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if(!empty($built))
if (!empty($built))
$built = '<span class="controls">' . $built . '</span>';
}
return $built;
@ -306,7 +306,7 @@ class Post {
class Thread {
public function __construct($id, $subject, $email, $name, $trip, $capcode, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $bumplocked, $embed, $root=null, $mod=false, $hr=true) {
global $config;
if(!isset($root))
if (!isset($root))
$root = &$config['root'];
$this->id = $id;
@ -337,7 +337,7 @@ class Thread {
$this->mod = $mod;
$this->hr = $hr;
if($this->mod)
if ($this->mod)
// Fix internal links
// Very complicated regex
$this->body = preg_replace(
@ -358,60 +358,60 @@ class Thread {
global $board, $config;
$built = '';
if($this->mod) {
if ($this->mod) {
// Mod controls (on posts)
// Delete
if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id);
// Delete all posts by IP
if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by this IP address?', $board['uri'] . '/deletebyip/' . $this->id);
// Delete all posts by IP (global)
if(hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod))
$built .= ' ' . confirmLink($config['mod']['link_deletebyip_global'], 'Delete all posts by IP across all boards', 'Are you sure you want to delete all posts by this IP address, across all boards?', $board['uri'] . '/deletebyip/' . $this->id . '/global');
// Ban
if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
$built .= ' <a title="Ban" href="?/' . $board['uri'] . '/ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
$built .= ' <a title="Ban & Delete" href="?/' . $board['uri'] . '/ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Delete file (keep post)
if(!empty($this->file) && $this->file != 'deleted' && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
if (!empty($this->file) && $this->file != 'deleted' && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
$built .= ' <a title="Remove file" href="?/' . $board['uri'] . '/deletefile/' . $this->id . '">' . $config['mod']['link_deletefile'] . '</a>';
// Sticky
if(hasPermission($config['mod']['sticky'], $board['uri'], $this->mod))
if($this->sticky)
if (hasPermission($config['mod']['sticky'], $board['uri'], $this->mod))
if ($this->sticky)
$built .= ' <a title="Make thread not sticky" href="?/' . $board['uri'] . '/unsticky/' . $this->id . '">' . $config['mod']['link_desticky'] . '</a>';
else
$built .= ' <a title="Make thread sticky" href="?/' . $board['uri'] . '/sticky/' . $this->id . '">' . $config['mod']['link_sticky'] . '</a>';
if(hasPermission($config['mod']['bumplock'], $board['uri'], $this->mod))
if($this->bumplocked)
if (hasPermission($config['mod']['bumplock'], $board['uri'], $this->mod))
if ($this->bumplocked)
$built .= ' <a title="Allow thread to be bumped" href="?/' . $board['uri'] . '/bumpunlock/' . $this->id . '">' . $config['mod']['link_bumpunlock'] . '</a>';
else
$built .= ' <a title="Prevent thread from being bumped" href="?/' . $board['uri'] . '/bumplock/' . $this->id . '">' . $config['mod']['link_bumplock'] . '</a>';
// Lock
if(hasPermission($config['mod']['lock'], $board['uri'], $this->mod))
if($this->locked)
if (hasPermission($config['mod']['lock'], $board['uri'], $this->mod))
if ($this->locked)
$built .= ' <a title="Unlock thread" href="?/' . $board['uri'] . '/unlock/' . $this->id . '">' . $config['mod']['link_unlock'] . '</a>';
else
$built .= ' <a title="Lock thread" href="?/' . $board['uri'] . '/lock/' . $this->id . '">' . $config['mod']['link_lock'] . '</a>';
if(hasPermission($config['mod']['move'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['move'], $board['uri'], $this->mod))
$built .= ' <a title="Move thread to another board" href="?/' . $board['uri'] . '/move/' . $this->id . '">' . $config['mod']['link_move'] . '</a>';
// Edit post
if(hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if(!empty($built))
if (!empty($built))
$built = '<span class="controls op">' . $built . '</span>';
}
return $built;
@ -426,7 +426,7 @@ class Thread {
$built = Element('post_thread.html', Array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index));
if(!$this->mod && $index && $config['cache']['enabled']) {
if (!$this->mod && $index && $config['cache']['enabled']) {
cache::set($this->cache_key($index), $built);
}

12
inc/events.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -18,13 +18,13 @@ function event() {
$args = array_splice($args, 1);
if(!isset($events[$event]))
if (!isset($events[$event]))
return false;
foreach($events[$event] as $callback) {
if(!is_callable($callback))
foreach ($events[$event] as $callback) {
if (!is_callable($callback))
error('Event handler for ' . $event . ' is not callable!');
if($error = call_user_func_array($callback, $args))
if ($error = call_user_func_array($callback, $args))
return $error;
}
@ -34,7 +34,7 @@ function event() {
function event_handler($event, $callback) {
global $events;
if(!isset($events[$event]))
if (!isset($events[$event]))
$events[$event] = Array();
$events[$event][] = $callback;

38
inc/filters.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -13,7 +13,7 @@ class Filter {
private $condition;
public function __construct(array $arr) {
foreach($arr as $key => $value)
foreach ($arr as $key => $value)
$this->$key = $value;
}
@ -22,7 +22,7 @@ class Filter {
switch($condition) {
case 'custom':
if(!is_callable($match))
if (!is_callable($match))
error('Custom condition for filter is not callable!');
return $match($post);
case 'name':
@ -36,11 +36,11 @@ class Filter {
case 'body':
return preg_match($match, $post['body']);
case 'filename':
if(!$post['has_file'])
if (!$post['has_file'])
return false;
return preg_match($match, $post['filename']);
case 'extension':
if(!$post['has_file'])
if (!$post['has_file'])
return false;
return preg_match($match, $post['body']);
case 'ip':
@ -61,22 +61,22 @@ class Filter {
case 'reject':
error(isset($this->message) ? $this->message : 'Posting throttled by flood filter.');
case 'ban':
if(!isset($this->reason))
if (!isset($this->reason))
error('The ban action requires a reason.');
$reason = $this->reason;
if(isset($this->expires))
if (isset($this->expires))
$expires = time() + $this->expires;
else
$expires = 0; // Ban indefinitely
if(isset($this->reject))
if (isset($this->reject))
$reject = $this->reject;
else
$reject = true;
if(isset($this->all_boards))
if (isset($this->all_boards))
$all_boards = $this->all_boards;
else
$all_boards = false;
@ -86,26 +86,26 @@ class Filter {
$query->bindValue(':mod', -1);
$query->bindValue(':set', time());
if($expires)
if ($expires)
$query->bindValue(':expires', $expires);
else
$query->bindValue(':expires', null, PDO::PARAM_NULL);
if($reason)
if ($reason)
$query->bindValue(':reason', $reason);
else
$query->bindValue(':reason', null, PDO::PARAM_NULL);
if($all_boards)
if ($all_boards)
$query->bindValue(':board', null, PDO::PARAM_NULL);
else
$query->bindValue(':board', $board['uri']);
$query->execute() or error(db_error($query));
if($reject) {
if(isset($this->message))
if ($reject) {
if (isset($this->message))
error($message);
checkBan($board['uri']);
@ -119,8 +119,8 @@ class Filter {
}
public function check(array $post) {
foreach($this->condition as $condition => $value) {
if(!$this->match($post, $condition, $value))
foreach ($this->condition as $condition => $value) {
if (!$this->match($post, $condition, $value))
return false;
}
@ -132,12 +132,12 @@ class Filter {
function do_filters(array $post) {
global $config;
if(!isset($config['flood_filters']))
if (!isset($config['flood_filters']))
return;
foreach($config['flood_filters'] as $arr) {
foreach ($config['flood_filters'] as $arr) {
$filter = new Filter($arr);
if($filter->check($post))
if ($filter->check($post))
$filter->action();
}
}

466
inc/functions.php
View File

File diff suppressed because it is too large

58
inc/image.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -17,25 +17,25 @@ class Image {
$this->src = $src;
$this->format = $format;
if($config['thumb_method'] == 'imagick') {
if ($config['thumb_method'] == 'imagick') {
$classname = 'ImageImagick';
} elseif($config['thumb_method'] == 'convert') {
} elseif ($config['thumb_method'] == 'convert') {
$classname = 'ImageConvert';
} else {
$classname = 'Image' . strtoupper($this->format);
if(!class_exists($classname)) {
if (!class_exists($classname)) {
error('Unsupported file format: ' . $this->format);
}
}
$this->image = new $classname($this);
if(!$this->image->valid()) {
if (!$this->image->valid()) {
$this->delete();
error($config['error']['invalidimg']);
}
$this->size = (object)Array('width' => $this->image->_width(), 'height' => $this->image->_height());
if($this->size->width < 1 || $this->size->height < 1) {
if ($this->size->width < 1 || $this->size->height < 1) {
$this->delete();
error($config['error']['invalidimg']);
}
@ -44,13 +44,13 @@ class Image {
public function resize($extension, $max_width, $max_height) {
global $config;
if($config['thumb_method'] == 'imagick') {
if ($config['thumb_method'] == 'imagick') {
$classname = 'ImageImagick';
} elseif($config['thumb_method'] == 'convert') {
} elseif ($config['thumb_method'] == 'convert') {
$classname = 'ImageConvert';
} else {
$classname = 'Image' . strtoupper($extension);
if(!class_exists($classname)) {
if (!class_exists($classname)) {
error('Unsupported file format: ' . $extension);
}
}
@ -63,7 +63,7 @@ class Image {
$x_ratio = $max_width / $this->size->width;
$y_ratio = $max_height / $this->size->height;
if(($this->size->width <= $max_width) && ($this->size->height <= $max_height)) {
if (($this->size->width <= $max_width) && ($this->size->height <= $max_height)) {
$width = $this->size->width;
$height = $this->size->height;
} elseif (($x_ratio * $this->size->height) < $max_height) {
@ -110,29 +110,29 @@ class ImageBase extends ImageGD {
}
public function __construct($img) {
if(method_exists($this, 'init'))
if (method_exists($this, 'init'))
$this->init();
if($img !== false) {
if ($img !== false) {
$this->src = $img->src;
$this->from();
}
}
public function _width() {
if(method_exists($this, 'width'))
if (method_exists($this, 'width'))
return $this->width();
// use default GD functions
return imagesx($this->image);
}
public function _height() {
if(method_exists($this, 'height'))
if (method_exists($this, 'height'))
return $this->height();
// use default GD functions
return imagesy($this->image);
}
public function _destroy() {
if(method_exists($this, 'destroy'))
if (method_exists($this, 'destroy'))
return $this->destroy();
// use default GD functions
return imagedestroy($this->image);
@ -142,7 +142,7 @@ class ImageBase extends ImageGD {
$this->width = $width;
$this->height = $height;
if(method_exists($this, 'resize'))
if (method_exists($this, 'resize'))
$this->resize();
else
// use default GD functions
@ -164,7 +164,7 @@ class ImageImagick extends ImageBase {
}
}
public function to($src) {
if(preg_match('/\.gif$/i', $src))
if (preg_match('/\.gif$/i', $src))
$this->image->writeImages($src, true);
else
$this->image->writeImage($src);
@ -181,20 +181,20 @@ class ImageImagick extends ImageBase {
public function resize() {
global $config;
if(preg_match('/\.gif$/i', $this->src) && $config['thumb_ext'] == 'gif') {
if (preg_match('/\.gif$/i', $this->src) && $config['thumb_ext'] == 'gif') {
$this->image = new Imagick();
$this->image->setFormat('gif');
$keep_frames = Array();
for($i = 0; $i < $this->original->getNumberImages(); $i += floor($this->original->getNumberImages() / $config['thumb_keep_animation_frames']))
for ($i = 0; $i < $this->original->getNumberImages(); $i += floor($this->original->getNumberImages() / $config['thumb_keep_animation_frames']))
$keep_frames[] = $i;
$i = 0;
$delay = 0;
foreach($this->original as $frame) {
foreach ($this->original as $frame) {
$delay += $frame->getImageDelay();
if(in_array($i, $keep_frames)) {
if (in_array($i, $keep_frames)) {
// $frame->scaleImage($this->width, $this->height, false);
$frame->sampleImage($this->width, $this->height);
$frame->setImagePage($this->width, $this->height, 0, 0);
@ -223,7 +223,7 @@ class ImageConvert extends ImageBase {
}
public function from() {
$size = trim(shell_exec('identify -format "%w %h" ' . escapeshellarg($this->src . '[0]')));
if(preg_match('/^(\d+) (\d+)$/', $size, $m)) {
if (preg_match('/^(\d+) (\d+)$/', $size, $m)) {
$this->width = $m[1];
$this->height = $m[2];
@ -234,7 +234,7 @@ class ImageConvert extends ImageBase {
}
}
public function to($src) {
if(!$this->temp) {
if (!$this->temp) {
// $config['redraw_image']
shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src));
} else {
@ -255,7 +255,7 @@ class ImageConvert extends ImageBase {
public function resize() {
global $config;
if($this->temp) {
if ($this->temp) {
// remove old
$this->destroy();
}
@ -264,7 +264,7 @@ class ImageConvert extends ImageBase {
$quality = $config['thumb_quality'] * 10;
if(shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp))
if (shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp))
error('Failed to resize image!');
}
}
@ -288,10 +288,10 @@ class ImagePNG extends ImageBase {
class ImageGIF extends ImageBase {
public function from() {
$this->image = @imagecreatefromgif($this->src);
$this->image = @imagecreatefromgif ($this->src);
}
public function to($src) {
imagegif($this->image, $src);
imagegif ($this->image, $src);
}
public function resize() {
$this->GD_create();
@ -436,7 +436,7 @@ function imagebmp(&$img, $filename='') {
// is faster than chr()
$arrChr = array();
for($i=0; $i<256; $i++){
for ($i=0; $i<256; $i++){
$arrChr[$i] = chr($i);
}
@ -472,7 +472,7 @@ function imagebmp(&$img, $filename='') {
}
// see imagegif
if($filename == '') {
if ($filename == '') {
echo $result;
} else {
$file = fopen($filename, 'wb');

34
inc/mod.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -13,7 +13,7 @@ if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
function mkhash($username, $password, $salt = false) {
global $config;
if(!$salt) {
if (!$salt) {
// create some sort of salt for the hash
$salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15);
@ -23,7 +23,7 @@ function mkhash($username, $password, $salt = false) {
// generate hash (method is not important as long as it's strong)
$hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
if(isset($generated_salt))
if (isset($generated_salt))
return Array($hash, $salt);
else
return $hash;
@ -33,7 +33,7 @@ function login($username, $password, $makehash=true) {
global $mod;
// SHA1 password
if($makehash) {
if ($makehash) {
$password = sha1($password);
}
@ -42,7 +42,7 @@ function login($username, $password, $makehash=true) {
$query->bindValue(':password', $password);
$query->execute() or error(db_error($query));
if($user = $query->fetch()) {
if ($user = $query->fetch()) {
return $mod = Array(
'id' => $user['id'],
'type' => $user['type'],
@ -55,7 +55,7 @@ function login($username, $password, $makehash=true) {
function setCookies() {
global $mod, $config;
if(!$mod)
if (!$mod)
error('setCookies() was called for a non-moderator!');
setcookie($config['cookies']['mod'],
@ -79,7 +79,7 @@ function create_pm_header() {
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($pm = $query->fetch()) {
if ($pm = $query->fetch()) {
return Array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
}
@ -93,15 +93,15 @@ function modLog($action, $_board=null) {
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':text', $action);
if(isset($_board))
if (isset($_board))
$query->bindValue(':board', $_board);
elseif(isset($board))
elseif (isset($board))
$query->bindValue(':board', $board['uri']);
else
$query->bindValue(':board', null, PDO::PARAM_NULL);
$query->execute() or error(db_error($query));
if($config['syslog'])
if ($config['syslog'])
_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
}
@ -115,7 +115,7 @@ function ulBoards() {
// List of boards
$boards = listBoards();
foreach($boards as &$b) {
foreach ($boards as &$b) {
$body .= '<li>' .
'<a href="?/' .
sprintf($config['board_path'], $b['uri']) . $config['file_index'] .
@ -129,7 +129,7 @@ function ulBoards() {
'</li>';
}
if($mod['type'] >= $config['mod']['newboard']) {
if ($mod['type'] >= $config['mod']['newboard']) {
$body .= '<li style="margin-top:15px;"><a href="?/new"><strong>' . _('Create new board') . '</strong></a></li>';
}
return $body;
@ -140,7 +140,7 @@ function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $boar
$boards = listBoards();
$__boards = '<li><input type="radio" checked="checked" name="board" id="board_*" value=""/> <label style="display:inline" for="board_*"><em>' . _('all boards') . '</em></label></li>';
foreach($boards as &$_board) {
foreach ($boards as &$_board) {
$__boards .= '<li>' .
'<input type="radio" name="board" id="board_' . $_board['uri'] . '" value="' . $_board['uri'] . '">' .
'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
@ -247,7 +247,7 @@ function removeBan($id) {
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
//if($config['memcached']['enabled']) {
//if ($config['memcached']['enabled']) {
// Remove cached ban
// TODO
// $memcached->delete("ban_{$id}");
@ -257,10 +257,10 @@ function removeBan($id) {
// Validate session
if(isset($_COOKIE[$config['cookies']['mod']])) {
if (isset($_COOKIE[$config['cookies']['mod']])) {
// Should be username:hash:salt
$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
if(count($cookie) != 3) {
if (count($cookie) != 3) {
destroyCookies();
error($config['error']['malformed']);
}
@ -271,7 +271,7 @@ if(isset($_COOKIE[$config['cookies']['mod']])) {
$user = $query->fetch();
// validate password hash
if($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies
destroyCookies();
error($config['error']['malformed']);

18
inc/remote.php
View File

@ -4,38 +4,38 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
class Remote {
public function __construct($config) {
foreach($config as $name => $value) {
foreach ($config as $name => $value) {
$this->{$name} = $value;
}
$methods = Array();
if(!isset($this->auth['method']))
if (!isset($this->auth['method']))
error('Unspecified authentication method.');
// Connect
$this->connection = ssh2_connect($this->host, isset($this->port) ? $this->port : 22, $methods);
switch($this->auth['method']) {
switch ($this->auth['method']) {
case 'pubkey':
if(!isset($this->auth['public']))
if (!isset($this->auth['public']))
error('Public key filename not specified.');
if(!isset($this->auth['private']))
if (!isset($this->auth['private']))
error('Private key filename not specified.');
if(!ssh2_auth_pubkey_file($this->connection, $this->auth['username'], $this->auth['public'], $this->auth['private'], isset($this->auth['passphrase']) ? $this->auth['passphrase']: null))
if (!ssh2_auth_pubkey_file($this->connection, $this->auth['username'], $this->auth['public'], $this->auth['private'], isset($this->auth['passphrase']) ? $this->auth['passphrase']: null))
error('Public key authentication failed.');
break;
case 'plain':
if(!ssh2_auth_password($this->connection, $this->auth['username'], $this->auth['password']))
if (!ssh2_auth_password($this->connection, $this->auth['username'], $this->auth['password']))
error('Plain-text authentication failed.');
break;
default:
@ -47,7 +47,7 @@ class Remote {
public function write($data, $remote_path) {
global $config;
switch($this->type) {
switch ($this->type) {
case 'sftp':
$sftp = ssh2_sftp($this->connection);
file_write('ssh2.sftp://' . $sftp . $remote_path, $data, true);

14
inc/template.php
View File

@ -4,7 +4,7 @@
* Copyright (c) 2010-2012 Tinyboard Development Group
*/
if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
// You cannot request this file directly.
exit;
}
@ -36,15 +36,15 @@ function load_twig() {
function Element($templateFile, array $options) {
global $config, $debug, $twig;
if(!$twig)
if (!$twig)
load_twig();
if(function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod']))) {
if (function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod']))) {
$options['pm'] = create_pm_header();
}
if(isset($options['body']) && $config['debug']) {
if(isset($debug['start'])) {
if (isset($options['body']) && $config['debug']) {
if (isset($debug['start'])) {
$debug['time'] = '~' . round((microtime(true) - $debug['start']) * 1000, 2) . 'ms';
unset($debug['start']);
}
@ -57,10 +57,10 @@ function Element($templateFile, array $options) {
}
// Read the template file
if(@file_get_contents("{$config['dir']['template']}/${templateFile}")) {
if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) {
$body = $twig->render($templateFile, $options);
if($config['minify_html'] && preg_match('/\.html$/', $templateFile)) {
if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) {
$body = trim(preg_replace("/[\t\r\n]/", '', $body));
}

76
install.php
View File

@ -16,21 +16,21 @@ $page = Array(
// this breaks the dispaly of licenses if enabled
$config['minify_html'] = false;
if(file_exists($config['has_installed'])) {
if (file_exists($config['has_installed'])) {
// Check the version number
$version = trim(file_get_contents($config['has_installed']));
if(empty($version))
if (empty($version))
$version = 'v0.9.1';
$boards = listBoards();
switch($version) {
switch ($version) {
case 'v0.9':
case 'v0.9.1':
// Upgrade to v0.9.2-dev
foreach($boards as &$_board) {
foreach ($boards as &$_board) {
// Add `capcode` field after `trip`
query(sprintf("ALTER TABLE `posts_%s` ADD `capcode` VARCHAR( 50 ) NULL AFTER `trip`", $_board['uri'])) or error(db_error());
@ -51,7 +51,7 @@ if(file_exists($config['has_installed'])) {
$version = 'v0.9.2-dev-1';
// Upgrade to v0.9.2-dev-2
foreach($boards as &$_board) {
foreach ($boards as &$_board) {
// Increase field sizes
query(sprintf("ALTER TABLE `posts_%s` CHANGE `subject` `subject` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error());
query(sprintf("ALTER TABLE `posts_%s` CHANGE `name` `name` VARCHAR( 35 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error());
@ -59,7 +59,7 @@ if(file_exists($config['has_installed'])) {
case 'v0.9.2-dev-2':
// Upgrade to v0.9.2-dev-3 (v0.9.2)
foreach($boards as &$_board) {
foreach ($boards as &$_board) {
// Add `custom_fields` field
query(sprintf("ALTER TABLE `posts_%s` ADD `embed` TEXT NULL", $_board['uri'])) or error(db_error());
}
@ -76,7 +76,7 @@ if(file_exists($config['has_installed'])) {
query("ALTER TABLE `mods` ADD `boards` TEXT NOT NULL") or error(db_error());
query("UPDATE `mods` SET `boards` = '*'") or error(db_error());
case 'v0.9.3-dev-2':
foreach($boards as &$_board) {
foreach ($boards as &$_board) {
query(sprintf("ALTER TABLE `posts_%s` CHANGE `filehash` `filehash` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $_board['uri'])) or error(db_error());
}
case 'v0.9.3-dev-3':
@ -86,7 +86,7 @@ if(file_exists($config['has_installed'])) {
// add ban ID
query("ALTER TABLE `bans` ADD `id` INT NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY ( `id` ), ADD UNIQUE (`id`)");
case 'v0.9.3-dev-5':
foreach($boards as &$_board) {
foreach ($boards as &$_board) {
// Increase subject field size
query(sprintf("ALTER TABLE `posts_%s` CHANGE `subject` `subject` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error());
}
@ -95,23 +95,23 @@ if(file_exists($config['has_installed'])) {
$tables = Array(
'bans', 'boards', 'ip_notes', 'modlogs', 'mods', 'mutes', 'noticeboard', 'pms', 'reports', 'robot', 'theme_settings', 'news'
);
foreach($boards as &$board) {
foreach ($boards as &$board) {
$tables[] = "posts_{$board['uri']}";
}
foreach($tables as &$table) {
foreach ($tables as &$table) {
query("ALTER TABLE `{$table}` ENGINE = MYISAM DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci") or error(db_error());
}
case 'v0.9.3-dev-7':
foreach($boards as &$board) {
foreach ($boards as &$board) {
query(sprintf("ALTER TABLE `posts_%s` CHANGE `filename` `filename` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $board['uri'])) or error(db_error());
}
case 'v0.9.3-dev-8':
foreach($boards as &$board) {
foreach ($boards as &$board) {
query(sprintf("ALTER TABLE `posts_%s` ADD INDEX ( `thread` )", $board['uri'])) or error(db_error());
}
case 'v0.9.3-dev-9':
foreach($boards as &$board) {
foreach ($boards as &$board) {
query(sprintf("ALTER TABLE `posts_%s`ADD INDEX ( `time` )", $board['uri'])) or error(db_error());
query(sprintf("ALTER TABLE `posts_%s`ADD FULLTEXT (`body`)", $board['uri'])) or error(db_error());
}
@ -132,11 +132,11 @@ if(file_exists($config['has_installed'])) {
query("ALTER TABLE `news` ADD INDEX (`time`)") or error(db_error());
query("ALTER TABLE `theme_settings` ADD INDEX (`theme`)") or error(db_error());
case 'v0.9.4-dev-1':
foreach($boards as &$board) {
foreach ($boards as &$board) {
query(sprintf("ALTER TABLE `posts_%s` ADD `sage` INT( 1 ) NOT NULL AFTER `locked`", $board['uri'])) or error(db_error());
}
case 'v0.9.4-dev-2':
if(!isset($_GET['confirm'])) {
if (!isset($_GET['confirm'])) {
$page['title'] = 'License Change';
$page['body'] = '<p style="text-align:center">You are upgrading to a version which uses an amended license. The licenses included with Tinyboard distributions prior to this version (v0.9.4-dev-2) are still valid for those versions, but no longer apply to this and newer versions.</p>' .
'<textarea style="width:700px;height:370px;margin:auto;display:block;background:white;color:black" disabled>' . htmlentities(file_get_contents('LICENSE.md')) . '</textarea>
@ -151,14 +151,14 @@ if(file_exists($config['has_installed'])) {
case 'v0.9.4-dev-3':
case 'v0.9.4-dev-4':
case 'v0.9.4':
foreach($boards as &$board) {
foreach ($boards as &$board) {
query(sprintf("ALTER TABLE `posts_%s`
CHANGE `subject` `subject` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL ,
CHANGE `email` `email` VARCHAR( 30 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL ,
CHANGE `name` `name` VARCHAR( 35 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL", $board['uri'])) or error(db_error());
}
case 'v0.9.5-dev-1':
foreach($boards as &$board) {
foreach ($boards as &$board) {
query(sprintf("ALTER TABLE `posts_%s` ADD `body_nomarkup` TEXT NULL AFTER `body`", $board['uri'])) or error(db_error());
}
query("CREATE TABLE IF NOT EXISTS `cites` ( `board` varchar(8) NOT NULL, `post` int(11) NOT NULL, `target_board` varchar(8) NOT NULL, `target` int(11) NOT NULL, KEY `target` (`target_board`,`target`), KEY `post` (`board`,`post`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error());
@ -192,7 +192,7 @@ if(file_exists($config['has_installed'])) {
query("ALTER TABLE `bans` CHANGE `board` `board` VARCHAR( 120 ) NULL DEFAULT NULL") or error(db_error());
query("ALTER TABLE `reports` CHANGE `board` `board` VARCHAR( 120 ) NULL DEFAULT NULL") or error(db_error());
query("ALTER TABLE `modlogs` CHANGE `board` `board` VARCHAR( 120 ) NULL DEFAULT NULL") or error(db_error());
foreach($boards as $board) {
foreach ($boards as $board) {
$query = prepare("UPDATE `bans` SET `board` = :newboard WHERE `board` = :oldboard");
$query->bindValue(':newboard', $board['uri']);
$query->bindValue(':oldboard', $board['id']);
@ -228,7 +228,7 @@ if(file_exists($config['has_installed'])) {
die(Element('page.html', $page));
}
if($step == 0) {
if ($step == 0) {
// Agreeement
$page['body'] = '
<textarea style="width:700px;height:370px;margin:auto;display:block;background:white;color:black" disabled>' . htmlentities(file_get_contents('LICENSE.md')) . '</textarea>
@ -237,7 +237,7 @@ if($step == 0) {
</p>';
echo Element('page.html', $page);
} elseif($step == 1) {
} elseif ($step == 1) {
$page['title'] = 'Pre-installation test';
$page['body'] = '<table class="test">';
@ -250,7 +250,7 @@ if($step == 0) {
function row($item, $result) {
global $page, $config, $__is_error;
if(!$result)
if (!$result)
$__is_error = true;
$page['body'] .= '<tr><th>' . $item . '</th><td><img style="width:16px;height:16px" src="' . $config['dir']['static'] . ($result ? 'ok.png' : 'error.png') . '" /></td></tr>';
}
@ -271,7 +271,7 @@ if($step == 0) {
$drivers = PDO::getAvailableDrivers();
rheader('PDO drivers <em>(currently installed drivers)</em>');
foreach($drivers as &$driver) {
foreach ($drivers as &$driver) {
row($driver, true);
}
@ -287,7 +287,7 @@ if($step == 0) {
</p>';
echo Element('page.html', $page);
} elseif($step == 2) {
} elseif ($step == 2) {
// Basic config
$page['title'] = 'Configuration';
@ -304,9 +304,9 @@ if($step == 0) {
$drivers = PDO::getAvailableDrivers();
foreach($drivers as &$driver) {
foreach ($drivers as &$driver) {
$driver_txt = $driver;
switch($driver) {
switch ($driver) {
case 'cubrid':
$driver_txt = 'Cubrid';
break;
@ -449,7 +449,7 @@ if($step == 0) {
echo Element('page.html', $page);
} elseif($step == 3) {
} elseif ($step == 3) {
$instance_config =
'<?php
@ -464,15 +464,15 @@ if($step == 0) {
';
function create_config_from_array(&$instance_config, &$array, $prefix = '') {
foreach($array as $name => $value) {
if(is_array($value)) {
foreach ($array as $name => $value) {
if (is_array($value)) {
$instance_config .= "\n";
create_config_from_array($instance_config, $value, $prefix . '[\'' . addslashes($name) . '\']');
$instance_config .= "\n";
} else {
$instance_config .= ' $config' . $prefix . '[\'' . addslashes($name) . '\'] = ';
if(is_numeric($value))
if (is_numeric($value))
$instance_config .= $value;
else
$instance_config .= "'" . addslashes($value) . "'";
@ -486,7 +486,7 @@ if($step == 0) {
$instance_config .= "\n";
if(@file_put_contents('inc/instance-config.php', $instance_config)) {
if (@file_put_contents('inc/instance-config.php', $instance_config)) {
header('Location: ?step=4', true, $config['redirect_http']);
} else {
$page['title'] = 'Manual installation required';
@ -500,7 +500,7 @@ if($step == 0) {
';
echo Element('page.html', $page);
}
} elseif($step == 4) {
} elseif ($step == 4) {
// SQL installation
buildJavascript();
@ -516,13 +516,13 @@ if($step == 0) {
$queries[] = Element('posts.sql', Array('board' => 'b'));
$sql_errors = '';
foreach($queries as &$query) {
if(!query($query))
foreach ($queries as &$query) {
if (!query($query))
$sql_errors .= '<li>' . db_error() . '</li>';
}
$boards = listBoards();
foreach($boards as &$_board) {
foreach ($boards as &$_board) {
setupBoard($_board);
buildIndex();
}
@ -530,22 +530,22 @@ if($step == 0) {
$page['title'] = 'Installation complete';
$page['body'] = '<p style="text-align:center">Thank you for using Tinyboard. Please remember to report any bugs you discover. <a href="http://tinyboard.org/docs/?p=Config">How do I edit the config files?</a></p>';
if(!empty($sql_errors)) {
if (!empty($sql_errors)) {
$page['body'] .= '<div class="ban"><h2>SQL errors</h2><p>SQL errors were encountered when trying to install the database. This may be the result of using a database which is already occupied with a Tinyboard installation; if so, you can probably ignore this.</p><p>The errors encountered were:</p><ul>' . $sql_errors . '</ul><p><a href="?step=5">Ignore errors and complete installation.</a></p></div>';
} else {
file_write($config['has_installed'], VERSION);
if(!file_unlink(__FILE__)) {
if (!file_unlink(__FILE__)) {
$page['body'] .= '<div class="ban"><h2>Delete install.php!</h2><p>I couldn\'t remove <strong>install.php</strong>. You will have to remove it manually.</p></div>';
}
}
echo Element('page.html', $page);
} elseif($step == 5) {
} elseif ($step == 5) {
$page['title'] = 'Installation complete';
$page['body'] = '<p style="text-align:center">Thank you for using Tinyboard. Please remember to report any bugs you discover.</p>';
file_write($config['has_installed'], VERSION);
if(!file_unlink(__FILE__)) {
if (!file_unlink(__FILE__)) {
$page['body'] .= '<div class="ban"><h2>Delete install.php!</h2><p>I couldn\'t remove <strong>install.php</strong>. You will have to remove it manually.</p></div>';
}

208
post.php
View File

@ -17,20 +17,20 @@ if (get_magic_quotes_gpc()) {
$_POST = strip_array($_POST);
}
if(isset($_POST['delete'])) {
if (isset($_POST['delete'])) {
// Delete
if(!isset($_POST['board'], $_POST['password']))
if (!isset($_POST['board'], $_POST['password']))
error($config['error']['bot']);
$password = &$_POST['password'];
if($password == '')
if ($password == '')
error($config['error']['invalidpassword']);
$delete = array();
foreach($_POST as $post => $value) {
if(preg_match('/^delete_(\d+)$/', $post, $m)) {
foreach ($_POST as $post => $value) {
if (preg_match('/^delete_(\d+)$/', $post, $m)) {
$delete[] = (int)$m[1];
}
}
@ -38,29 +38,29 @@ if(isset($_POST['delete'])) {
checkDNSBL();
// Check if board exists
if(!openBoard($_POST['board']))
if (!openBoard($_POST['board']))
error($config['error']['noboard']);
// Check if banned
checkBan($board['uri']);
if(empty($delete))
if (empty($delete))
error($config['error']['nodelete']);
foreach($delete as &$id) {
foreach ($delete as &$id) {
$query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($post = $query->fetch()) {
if($password != '' && $post['password'] != $password)
if ($post = $query->fetch()) {
if ($password != '' && $post['password'] != $password)
error($config['error']['invalidpassword']);
if($post['time'] >= time() - $config['delete_time']) {
if ($post['time'] >= time() - $config['delete_time']) {
error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time'])));
}
if(isset($_POST['file'])) {
if (isset($_POST['file'])) {
// Delete just the file
deleteFile($id);
} else {
@ -81,13 +81,13 @@ if(isset($_POST['delete'])) {
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
} elseif(isset($_POST['report'])) {
if(!isset($_POST['board'], $_POST['password'], $_POST['reason']))
} elseif (isset($_POST['report'])) {
if (!isset($_POST['board'], $_POST['password'], $_POST['reason']))
error($config['error']['bot']);
$report = array();
foreach($_POST as $post => $value) {
if(preg_match('/^delete_(\d+)$/', $post, $m)) {
foreach ($_POST as $post => $value) {
if (preg_match('/^delete_(\d+)$/', $post, $m)) {
$report[] = (int)$m[1];
}
}
@ -95,30 +95,30 @@ if(isset($_POST['delete'])) {
checkDNSBL();
// Check if board exists
if(!openBoard($_POST['board']))
if (!openBoard($_POST['board']))
error($config['error']['noboard']);
// Check if banned
checkBan($board['uri']);
if(empty($report))
if (empty($report))
error($config['error']['noreport']);
if(count($report) > $config['report_limit'])
if (count($report) > $config['report_limit'])
error($config['error']['toomanyreports']);
$reason = &$_POST['reason'];
markup($reason);
foreach($report as &$id) {
foreach ($report as &$id) {
$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$post = $query->fetch();
if($post) {
if($config['syslog'])
if ($post) {
if ($config['syslog'])
_syslog(LOG_INFO, 'Reported post: ' .
'/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $id) . ($post['thread'] ? '#' . $id : '') .
' for "' . $reason . '"'
@ -137,65 +137,65 @@ if(isset($_POST['delete'])) {
$root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
} elseif(isset($_POST['post'])) {
} elseif (isset($_POST['post'])) {
if(!isset($_POST['subject'], $_POST['body'], $_POST['board']))
if (!isset($_POST['subject'], $_POST['body'], $_POST['board']))
error($config['error']['bot']);
if(!isset($_POST['name']))
if (!isset($_POST['name']))
$_POST['name'] = $config['anonymous'];
if(!isset($_POST['email']))
if (!isset($_POST['email']))
$_POST['email'] = '';
if(!isset($_POST['password']))
if (!isset($_POST['password']))
$_POST['password'] = '';
$post = array('board' => $_POST['board']);
if(isset($_POST['thread'])) {
if (isset($_POST['thread'])) {
$post['op'] = false;
$post['thread'] = round($_POST['thread']);
} elseif($config['quick_reply'] && isset($_POST['quick-reply'])) {
} elseif ($config['quick_reply'] && isset($_POST['quick-reply'])) {
$post['op'] = false;
$post['thread'] = round($_POST['quick-reply']);
} else
$post['op'] = true;
if(!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
(!$post['op'] && $_POST['post'] == $config['button_reply'])))
error($config['error']['bot']);
// Check the referrer
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
if (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
error($config['error']['referer']);
checkDNSBL();
// Check if board exists
if(!openBoard($post['board']))
if (!openBoard($post['board']))
error($config['error']['noboard']);
// Check if banned
checkBan($board['uri']);
// Check for CAPTCHA right after opening the board so the "return" link is in there
if($config['recaptcha']) {
if(!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field']))
if ($config['recaptcha']) {
if (!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field']))
error($config['error']['bot']);
// Check what reCAPTCHA has to say...
$resp = recaptcha_check_answer($config['recaptcha_private'],
$_SERVER['REMOTE_ADDR'],
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field']);
if(!$resp->is_valid) {
if (!$resp->is_valid) {
error($config['error']['captcha']);
}
}
if($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
require 'inc/mod.php';
if(!$mod) {
if (!$mod) {
// Liar. You're not a mod.
error($config['error']['notamod']);
}
@ -204,28 +204,28 @@ if(isset($_POST['delete'])) {
$post['locked'] = $post['op'] && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri']))
if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri']))
error($config['error']['noaccess']);
if($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri']))
if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri']))
error($config['error']['noaccess']);
if($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri']))
if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri']))
error($config['error']['noaccess']);
}
if(!$post['mod'] && checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null)))
if (!$post['mod'] && checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null)))
error($config['error']['spam']);
if($config['robot_enable'] && $config['robot_mute']) {
if ($config['robot_enable'] && $config['robot_mute']) {
checkMute();
}
//Check if thread exists
if(!$post['op']) {
if (!$post['op']) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $post['thread'], PDO::PARAM_INT);
$query->execute() or error(db_error());
if(!$thread = $query->fetch()) {
if (!$thread = $query->fetch()) {
// Non-existant
error($config['error']['nonexistant']);
}
@ -233,12 +233,12 @@ if(isset($_POST['delete'])) {
// Check for an embed field
if($config['enable_embedding'] && isset($_POST['embed']) && !empty($_POST['embed'])) {
if ($config['enable_embedding'] && isset($_POST['embed']) && !empty($_POST['embed'])) {
// yep; validate it
$value = $_POST['embed'];
foreach($config['embedding'] as &$embed) {
if($html = preg_replace($embed[0], $embed[1], $value)) {
if($html == $value) {
foreach ($config['embedding'] as &$embed) {
if ($html = preg_replace($embed[0], $embed[1], $value)) {
if ($html == $value) {
// Nope.
continue;
}
@ -254,25 +254,25 @@ if(isset($_POST['delete'])) {
break;
}
}
if(!isset($post['embed'])) {
if (!isset($post['embed'])) {
error($config['error']['invalid_embed']);
}
}
if(!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) {
if($config['field_disable_name'])
if (!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) {
if ($config['field_disable_name'])
$_POST['name'] = $config['anonymous']; // "forced anonymous"
if($config['field_disable_email'])
if ($config['field_disable_email'])
$_POST['email'] = '';
if($config['field_disable_password'])
if ($config['field_disable_password'])
$_POST['password'] = '';
}
// Check for a file
if($post['op'] && !isset($post['no_longer_require_an_image_for_op'])) {
if(!isset($_FILES['file']['tmp_name']) || $_FILES['file']['tmp_name'] == '' && $config['force_image_op'])
if ($post['op'] && !isset($post['no_longer_require_an_image_for_op'])) {
if (!isset($_FILES['file']['tmp_name']) || $_FILES['file']['tmp_name'] == '' && $config['force_image_op'])
error($config['error']['noimage']);
}
@ -283,26 +283,26 @@ if(isset($_POST['delete'])) {
$post['password'] = $_POST['password'];
$post['has_file'] = !isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && $_FILES['file']['tmp_name'] != ''));
if($post['has_file'])
if ($post['has_file'])
$post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']);
if(!($post['has_file'] || isset($post['embed'])) || (($post['op'] && $config['force_body_op']) || (!$post['op'] && $config['force_body']))) {
if (!($post['has_file'] || isset($post['embed'])) || (($post['op'] && $config['force_body_op']) || (!$post['op'] && $config['force_body']))) {
$stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']);
if($stripped_whitespace == '') {
if ($stripped_whitespace == '') {
error($config['error']['tooshort_body']);
}
}
// Check if thread is locked
// but allow mods to post
if(!$post['op'] && !hasPermission($config['mod']['postinlocked'], $board['uri'])) {
if($thread['locked'])
if (!$post['op'] && !hasPermission($config['mod']['postinlocked'], $board['uri'])) {
if ($thread['locked'])
error($config['error']['locked']);
}
if($post['has_file']) {
if ($post['has_file']) {
$size = $_FILES['file']['size'];
if($size > $config['max_filesize'])
if ($size > $config['max_filesize'])
error(sprintf3($config['error']['filesize'], array(
'sz' => number_format($size),
'filesz' => number_format($size),
@ -310,8 +310,8 @@ if(isset($_POST['delete'])) {
)));
}
if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) {
if ($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
if (($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) {
$post['capcode'] = utf8tohtml($match[3]);
$post['name'] = $match[2] != '' ? $match[2] : $config['anonymous'];
}
@ -323,14 +323,14 @@ if(isset($_POST['delete'])) {
$post['name'] = $trip[0];
$post['trip'] = isset($trip[1]) ? $trip[1] : '';
if(strtolower($post['email']) == 'noko') {
if (strtolower($post['email']) == 'noko') {
$noko = true;
$post['email'] = '';
} else $noko = false;
if($post['has_file']) {
if ($post['has_file']) {
$post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1));
if(isset($config['filename_func']))
if (isset($config['filename_func']))
$post['file_id'] = $config['filename_func']($post);
else
$post['file_id'] = time() . substr(microtime(), 2, 3);
@ -340,26 +340,26 @@ if(isset($_POST['delete'])) {
}
// Check string lengths
if(mb_strlen($post['name']) > 35)
if (mb_strlen($post['name']) > 35)
error(sprintf($config['error']['toolong'], 'name'));
if(mb_strlen($post['email']) > 40)
if (mb_strlen($post['email']) > 40)
error(sprintf($config['error']['toolong'], 'email'));
if(mb_strlen($post['subject']) > 100)
if (mb_strlen($post['subject']) > 100)
error(sprintf($config['error']['toolong'], 'subject'));
if(!$mod && mb_strlen($post['body']) > $config['max_body'])
if (!$mod && mb_strlen($post['body']) > $config['max_body'])
error($config['error']['toolong_body']);
if(mb_strlen($post['password']) > 20)
if (mb_strlen($post['password']) > 20)
error(sprintf($config['error']['toolong'], 'password'));
wordfilters($post['body']);
$post['body_nomarkup'] = $post['body'];
if(!($mod && isset($post['raw']) && $post['raw']))
if (!($mod && isset($post['raw']) && $post['raw']))
$post['tracked_cites'] = markup($post['body'], true);
// Check for a flood
if(!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {
if (!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {
error($config['error']['flood']);
}
@ -367,8 +367,8 @@ if(isset($_POST['delete'])) {
do_filters($post);
if($post['has_file']) {
if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
if ($post['has_file']) {
if (!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
error($config['error']['unknownext']);
$is_an_image = !in_array($post['extension'], $config['allowed_ext_files']);
@ -378,23 +378,23 @@ if(isset($_POST['delete'])) {
$upload = $_FILES['file']['tmp_name'];
if(!is_readable($upload))
if (!is_readable($upload))
error($config['error']['nomove']);
$post['filehash'] = $config['file_hash']($upload);
$post['filesize'] = filesize($upload);
if($is_an_image) {
if ($is_an_image) {
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($upload, null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
}
require_once 'inc/image.php';
if($config['thumb_method'] == 'imagick') {
if ($config['thumb_method'] == 'imagick') {
// This is tricky, because Imagick won't let us find
// an image's dimensions without loading it all into
// memory first, unlike GD which provides the
@ -405,8 +405,8 @@ if(isset($_POST['delete'])) {
// PHP's memory limit.
// first try GD's getimagesize()
if($size = @getimagesize($upload)) {
if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
if ($size = @getimagesize($upload)) {
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
error($config['error']['maxsize']);
}
@ -416,10 +416,10 @@ if(isset($_POST['delete'])) {
}
} else {
// find dimensions of an image using GD
if(!$size = @getimagesize($upload)) {
if (!$size = @getimagesize($upload)) {
error($config['error']['invalidimg']);
}
if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
error($config['error']['maxsize']);
}
}
@ -427,7 +427,7 @@ if(isset($_POST['delete'])) {
// create image object
$image = new Image($upload, $post['extension']);
if($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
if ($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
$image->delete();
error($config['error']['maxsize']);
}
@ -435,13 +435,13 @@ if(isset($_POST['delete'])) {
$post['width'] = $image->size->width;
$post['height'] = $image->size->height;
if($config['spoiler_images'] && isset($_POST['spoiler'])) {
if ($config['spoiler_images'] && isset($_POST['spoiler'])) {
$post['thumb'] = 'spoiler';
$size = @getimagesize($config['spoiler_image']);
$post['thumbwidth'] = $size[0];
$post['thumbheight'] = $size[1];
} elseif($config['minimum_copy_resize'] &&
} elseif ($config['minimum_copy_resize'] &&
$image->size->width <= $config['thumb_width'] &&
$image->size->height <= $config['thumb_height'] &&
$post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
@ -466,10 +466,10 @@ if(isset($_POST['delete'])) {
$thumb->_destroy();
}
if($config['redraw_image']) {
if ($config['redraw_image']) {
$image->to($post['file']);
} else {
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file']))
if (!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file']))
error($config['error']['nomove']);
}
$image->destroy();
@ -485,7 +485,7 @@ if(isset($_POST['delete'])) {
}
}
if($post['has_file'] && $config['image_reject_repost'] && $p = getPostByHash($post['filehash'])) {
if ($post['has_file'] && $config['image_reject_repost'] && $p = getPostByHash($post['filehash'])) {
undoImage($post);
error(sprintf($config['error']['fileexists'],
$post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'] .
@ -498,9 +498,9 @@ if(isset($_POST['delete'])) {
));
}
if(!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
if (!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
undoImage($post);
if($config['robot_mute']) {
if ($config['robot_mute']) {
error(sprintf($config['error']['muted'], mute()));
} else {
error($config['error']['unoriginal']);
@ -508,15 +508,15 @@ if(isset($_POST['delete'])) {
}
// Remove board directories before inserting them into the database.
if($post['has_file']) {
if ($post['has_file']) {
$post['file_path'] = $post['file'];
$post['file'] = substr_replace($post['file'], '', 0, mb_strlen($board['dir'] . $config['dir']['img']));
if($is_an_image && $post['thumb'] != 'spoiler')
if ($is_an_image && $post['thumb'] != 'spoiler')
$post['thumb'] = substr_replace($post['thumb'], '', 0, mb_strlen($board['dir'] . $config['dir']['thumb']));
}
$post = (object)$post;
if($error = event('post', $post)) {
if ($error = event('post', $post)) {
undoImage((array)$post);
error($error);
}
@ -524,8 +524,8 @@ if(isset($_POST['delete'])) {
$id = post($post);
if(isset($post['tracked_cites'])) {
foreach($post['tracked_cites'] as $cite) {
if (isset($post['tracked_cites'])) {
foreach ($post['tracked_cites'] as $cite) {
$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
$query->bindValue(':board', $board['uri']);
$query->bindValue(':post', $id, PDO::PARAM_INT);
@ -537,20 +537,20 @@ if(isset($_POST['delete'])) {
buildThread($post['op'] ? $id : $post['thread']);
if(!$post['op'] && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) {
if (!$post['op'] && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) {
bumpThread($post['thread']);
}
if($post['op'])
if ($post['op'])
clean();
event('post-after', $post);
buildIndex();
if(isset($_SERVER['HTTP_REFERER'])) {
if (isset($_SERVER['HTTP_REFERER'])) {
// Tell Javascript that we posted successfully
if(isset($_COOKIE[$config['cookies']['js']]))
if (isset($_COOKIE[$config['cookies']['js']]))
$js = json_decode($_COOKIE[$config['cookies']['js']]);
else
$js = (object) array();
@ -562,7 +562,7 @@ if(isset($_POST['delete'])) {
$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
if($config['always_noko'] || $noko) {
if ($config['always_noko'] || $noko) {
$redirect = $root . $board['dir'] . $config['dir']['res'] .
sprintf($config['file_page'], $post['op'] ? $id:$post['thread']) . (!$post['op'] ? '#' . $id : '');
} else {
@ -570,14 +570,14 @@ if(isset($_POST['delete'])) {
}
if($config['syslog'])
if ($config['syslog'])
_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] .
sprintf($config['file_page'], $post['op'] ? $id : $post['thread']) . (!$$post['op'] ? '#' . $id : ''));
rebuildThemes('post');
header('Location: ' . $redirect, true, $config['redirect_http']);
} else {
if(!file_exists($config['has_installed'])) {
if (!file_exists($config['has_installed'])) {
header('Location: install.php', true, $config['redirect_http']);
} else {
// They opened post.php in their browser manually.

Write Preview
Loading…
Cancel
Save