leftypol
/
leftypol
4
5
Fork 3
Code Issues 57 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Merge pull request #212 from towards-a-new-leftypol/op_creation_time 

Op creation time
pull/40/head
towards-a-new-leftypol 3 years ago
committed by GitHub
parent
048674e136 cdf2bd429f
commit
a7bf3fee78
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 1900 additions and 1857 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3270
      inc/config.php
  2. 486
      inc/filters.php
  3. 3
      inc/instance-config.php

3270
inc/config.php
View File

File diff suppressed because it is too large

486
inc/filters.php
View File

@ -9,245 +9,271 @@ defined('TINYBOARD') or exit;
require_once 'inc/anti-bot.php'; require_once 'inc/anti-bot.php';
class Filter { class Filter {
public $flood_check; public $flood_check;
private $condition; private $condition;
private $post; private $post;
public function __construct(array $arr) { public function __construct(array $arr) {
foreach ($arr as $key => $value) foreach ($arr as $key => $value)
$this->$key = $value; $this->$key = $value;
} }
public function match($condition, $match) { public function match($condition, $match) {
$condition = strtolower($condition); print_err("Filter condition: " . $condition);
$condition = strtolower($condition);
$post = &$this->post;
$post = &$this->post;
switch($condition) {
case 'custom': switch($condition) {
if (!is_callable($match)) case 'custom':
error('Custom condition for filter is not callable!'); if (!is_callable($match))
return $match($post); error('Custom condition for filter is not callable!');
case 'flood-match': return $match($post);
if (!is_array($match)) case 'flood-match':
error('Filter condition "flood-match" must be an array.'); if (!is_array($match))
error('Filter condition "flood-match" must be an array.');
// Filter out "flood" table entries which do not match this filter.
// Filter out "flood" table entries which do not match this filter.
$flood_check_matched = array();
$flood_check_matched = array();
foreach ($this->flood_check as $flood_post) {
foreach ($match as $flood_match_arg) { foreach ($this->flood_check as $flood_post) {
switch ($flood_match_arg) { foreach ($match as $flood_match_arg) {
case 'ip': switch ($flood_match_arg) {
if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR']) case 'ip':
continue 3; if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR'])
break; continue 3;
case 'body': break;
if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup'])) case 'body':
continue 3; if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup']))
break; continue 3;
case 'file': break;
if (!isset($post['filehash'])) case 'file':
return false; if (!isset($post['filehash']))
if ($flood_post['filehash'] != $post['filehash']) return false;
continue 3; if ($flood_post['filehash'] != $post['filehash'])
break; continue 3;
case 'board': break;
if ($flood_post['board'] != $post['board']) case 'board':
continue 3; if ($flood_post['board'] != $post['board'])
break; continue 3;
case 'isreply': break;
if ($flood_post['isreply'] == $post['op']) case 'isreply':
continue 3; if ($flood_post['isreply'] == $post['op'])
break; continue 3;
default: break;
error('Invalid filter flood condition: ' . $flood_match_arg); default:
} error('Invalid filter flood condition: ' . $flood_match_arg);
} }
$flood_check_matched[] = $flood_post; }
} $flood_check_matched[] = $flood_post;
}
$this->flood_check = $flood_check_matched;
// is there any reason for this assignment?
return !empty($this->flood_check); $this->flood_check = $flood_check_matched;
case 'flood-time':
foreach ($this->flood_check as $flood_post) { return !empty($this->flood_check);
if (time() - $flood_post['time'] <= $match) { case 'flood-time-any':
return true; foreach ($this->flood_check as $flood_post) {
} if (time() - $flood_post['time'] <= $match) {
} print_err("rejecting post with flood id: " . $flood_post['id']);
return false; return true;
case 'flood-count': }
$count = 0; }
foreach ($this->flood_check as $flood_post) { return false;
if (time() - $flood_post['time'] <= $this->condition['flood-time']) { case 'flood-time':
++$count; foreach ($this->flood_check as $flood_post) {
} if (time() - $flood_post['time'] <= $match) {
} return true;
return $count >= $match; }
case 'name': }
return preg_match($match, $post['name']); return false;
case 'trip': case 'flood-count':
return $match === $post['trip']; $count = 0;
case 'email': foreach ($this->flood_check as $flood_post) {
return preg_match($match, $post['email']); if (time() - $flood_post['time'] <= $this->condition['flood-time']) {
case 'subject': ++$count;
return preg_match($match, $post['subject']); }
case 'body': }
return preg_match($match, $post['body_nomarkup']); return $count >= $match;
case 'filehash': case 'name':
return $match === $post['filehash']; return preg_match($match, $post['name']);
case 'filename': case 'trip':
if (!$post['files']) return $match === $post['trip'];
return false; case 'email':
return preg_match($match, $post['email']);
foreach ($post['files'] as $file) { case 'subject':
if (preg_match($match, $file['filename'])) { return preg_match($match, $post['subject']);
return true; case 'body':
} return preg_match($match, $post['body_nomarkup']);
} case 'filehash':
return false; return $match === $post['filehash'];
case 'extension': case 'filename':
if (!$post['files']) if (!$post['files'])
return false; return false;
foreach ($post['files'] as $file) { foreach ($post['files'] as $file) {
if (preg_match($match, $file['extension'])) { if (preg_match($match, $file['filename'])) {
return true; return true;
} }
} }
return false; return false;
case 'ip': case 'extension':
return preg_match($match, $_SERVER['REMOTE_ADDR']); if (!$post['files'])
case 'op': return false;
return $post['op'] == $match;
case 'has_file': foreach ($post['files'] as $file) {
return $post['has_file'] == $match; if (preg_match($match, $file['extension'])) {
case 'board': return true;
return $post['board'] == $match; }
case 'password': }
return $post['password'] == $match; return false;
default: case 'ip':
error('Unknown filter condition: ' . $condition); return preg_match($match, $_SERVER['REMOTE_ADDR']);
} case 'op':
} return $post['op'] == $match;
case 'has_file':
public function action() { return $post['has_file'] == $match;
global $board; case 'board':
return $post['board'] == $match;
$this->add_note = isset($this->add_note) ? $this->add_note : false; case 'password':
if ($this->add_note) { return $post['password'] == $match;
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); default:
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); error('Unknown filter condition: ' . $condition);
$query->bindValue(':mod', -1); }
$query->bindValue(':time', time()); }
$query->bindValue(':body', "Autoban message: ".$this->post['body']);
$query->execute() or error(db_error($query)); public function action() {
} global $board;
if (isset ($this->action)) switch($this->action) {
case 'reject': $this->add_note = isset($this->add_note) ? $this->add_note : false;
error(isset($this->message) ? $this->message : 'Posting blocked by filter.'); if ($this->add_note) {
case 'ban': $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
if (!isset($this->reason)) $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
error('The ban action requires a reason.'); $query->bindValue(':mod', -1);
$query->bindValue(':time', time());
$this->expires = isset($this->expires) ? $this->expires : false; $query->bindValue(':body', "Autoban message: ".$this->post['body']);
$this->reject = isset($this->reject) ? $this->reject : true; $query->execute() or error(db_error($query));
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false; }
if (isset ($this->action)) switch($this->action) {
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1); case 'reject':
error(isset($this->message) ? $this->message : 'Posting blocked by filter.');
if ($this->reject) { case 'ban':
if (isset($this->message)) if (!isset($this->reason))
error($message); error('The ban action requires a reason.');
checkBan($board['uri']); $this->expires = isset($this->expires) ? $this->expires : false;
exit; $this->reject = isset($this->reject) ? $this->reject : true;
} $this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
break; Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
default:
error('Unknown filter action: ' . $this->action); if ($this->reject) {
} if (isset($this->message))
} error($message);
public function check(array $post) { checkBan($board['uri']);
$this->post = $post; exit;
foreach ($this->condition as $condition => $value) { }
if ($condition[0] == '!') {
$NOT = true; break;
$condition = substr($condition, 1); default:
} else $NOT = false; error('Unknown filter action: ' . $this->action);
}
if ($this->match($condition, $value) == $NOT) }
return false;
} public function check(array $post) {
return true; $this->post = $post;
} foreach ($this->condition as $condition => $value) {
if ($condition[0] == '!') {
$NOT = true;
$condition = substr($condition, 1);
} else {
$NOT = false;
}
if ($this->match($condition, $value) == $NOT)
return false;
}
return true;
}
} }
function purge_flood_table() { function purge_flood_table() {
global $config; global $config;
// Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not // Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not
// aware of flood filters in other board configurations. You can solve this problem by settings the // aware of flood filters in other board configurations. You can solve this problem by settings the
// config variable $config['flood_cache'] (seconds). // config variable $config['flood_cache'] (seconds).
if (isset($config['flood_cache'])) { if (isset($config['flood_cache'])) {
$max_time = &$config['flood_cache']; $max_time = &$config['flood_cache'];
} else { } else {
$max_time = 0; $max_time = 0;
foreach ($config['filters'] as $filter) { foreach ($config['filters'] as $filter) {
if (isset($filter['condition']['flood-time'])) if (isset($filter['condition']['flood-time']))
$max_time = max($max_time, $filter['condition']['flood-time']); $max_time = max($max_time, $filter['condition']['flood-time']);
} }
} }
$time = time() - $max_time; $time = time() - $max_time;
query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error()); query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error());
} }
function do_filters(array $post) { function do_filters(array $post) {
global $config; global $config;
print_err("do_filters begin"); print_err("do_filters begin");
if (!isset($config['filters']) || empty($config['filters'])) if (!isset($config['filters']) || empty($config['filters']))
return; return;
foreach ($config['filters'] as $filter) { // look at the flood table regardless of IP
if (isset($filter['condition']['flood-match'])) { $noip = false;
$has_flood = true;
break; foreach ($config['filters'] as $filter) {
} if (isset($filter['condition']['flood-match']) && (!isset($filter['noip']) || $filter['noip'] == false)) {
} $has_flood = true;
break;
if (isset($has_flood)) { } else if ($filter['noip'] == true) {
if ($post['has_file']) { print_err("filters noip is true");
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash"); $noip = true;
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $find_time = time() - $filter['find-time'];
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); }
$query->bindValue(':filehash', $post['filehash']); }
} else {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash"); if ($noip) {
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); print_err("SELECT * FROM flood WHERE time > " . strval($find_time));
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); $query = prepare("SELECT * FROM ``flood`` WHERE `time` > $find_time");
} $query->execute() or error(db_error($query));
$query->execute() or error(db_error($query)); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC);
$flood_check = $query->fetchAll(PDO::FETCH_ASSOC); } else if (isset($has_flood)) {
} else { if ($post['has_file']) {
$flood_check = false; $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");
} $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
foreach ($config['filters'] as $filter_array) { $query->bindValue(':filehash', $post['filehash']);
$filter = new Filter($filter_array); } else {
$filter->flood_check = $flood_check; $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash");
if ($filter->check($post)) $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$filter->action(); $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
} }
$query->execute() or error(db_error($query));
purge_flood_table(); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC);
} else {
$flood_check = false;
}
foreach ($config['filters'] as $filter_array) {
print_err("creating new filter, running check");
$filter = new Filter($filter_array);
$filter->flood_check = $flood_check;
if ($filter->check($post)) {
$filter->action();
}
}
purge_flood_table();
} }

3
inc/instance-config.php
View File

@ -82,6 +82,9 @@ $config['db']['password'] = '';
$config['cookies']['mod'] = 'mod'; $config['cookies']['mod'] = 'mod';
$config['cookies']['salt'] = 'MGYwNjhlNjU5Y2QxNWU3YjQ3MzQ1Yj'; $config['cookies']['salt'] = 'MGYwNjhlNjU5Y2QxNWU3YjQ3MzQ1Yj';
$config['flood_cache'] = 60 * 15; // 15 minutes. The oldest a post can be in the flood table
$config['flood_time_any'] = 40; // time between thread creation
$config['flood_time'] = 30; $config['flood_time'] = 30;
$config['flood_time_ip'] = 60; $config['flood_time_ip'] = 60;
$config['flood_time_same'] = 60; $config['flood_time_same'] = 60;

Write Preview
Loading…
Cancel
Save